Merge from main trunk, conflicts resolved

2000-08-01 12:21:46 +00:00 · 2000-08-01 12:21:46 +00:00 · 1ba5b1b530
commit 1ba5b1b530
parent d786112124
51 changed files with 1725 additions and 427 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -11,3 +11,5 @@ maketest.log
 cctest
 cctest.c
 cctest.a
 libcrypto.so.*
 libssl.so.*
--- a/61
+++ b/61
@ -4,6 +4,67 @@
 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
  *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
     RSA_padding_check_SSLv23(), special padding was never detected
     and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
     version rollback attacks was not effective.
     In s23_clnt.c, don't use special rollback-attack detection padding
     (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
     client; similarly, in s23_srvr.c, don't do the rollback check if
     SSL 2.0 is the only protocol enabled in the server.
     [Bodo Moeller]
  *) Make it possible to get hexdumps of unprintable data with 'openssl
     asn1parse'.  By implication, the functions ASN1_parse_dump() and
     BIO_dump_indent() are added.
     [Richard Levitte]
  *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
     these print out strings and name structures based on various
     flags including RFC2253 support and proper handling of
     multibyte characters. Added options to the 'x509' utility 
     to allow the various flags to be set.
     [Steve Henson]
  *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
     Also change the functions X509_cmp_current_time() and
     X509_gmtime_adj() work with an ASN1_TIME structure,
     this will enable certificates using GeneralizedTime in validity
     dates to be checked.
     [Steve Henson]
  *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
     negative public key encodings) on by default,
     NO_NEG_PUBKEY_BUG can be set to disable it.
     [Steve Henson]
  *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
     content octets. An i2c_ASN1_OBJECT is unnecessary because
     the encoding can be trivially obtained from the structure.
     [Steve Henson]
  *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
     not read locks (CRYPTO_r_[un]lock).
     [Bodo Moeller]
  *) A first attempt at creating official support for shared
     libraries through configuration.  I've kept it so the
     default is static libraries only, and the OpenSSL programs
     are always statically linked for now, but there are
     preparations for dynamic linking in place.
     This has been tested on Linux and True64.
     [Richard Levitte]
  *) Randomness polling function for Win9x, as described in:
     Peter Gutmann, Software Generation of Practically Strong
     Random Numbers.
     [Ulf Möller]
  *) Fix so PRNG is seeded in req if using an already existing
     DSA key.
     [Steve Henson]
  *) New options to smime application. -inform and -outform
     allow alternative formats for the S/MIME message including
     PEM and DER. The -content option allows the content to be
--- a/59
+++ b/59
@ -32,6 +32,8 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 # [no-]threads  [don't] try to create a library that is suitable for
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
 # [no-]shared	[don't] try to create shared libraries instead of static
 #		ones when possible.
 # no-asm        do not use assembler
 # no-dso        do not compile in any native shared-library methods. This
 #               will ensure that all methods just return NULL.
@ -96,7 +98,7 @@ my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:as
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
-#config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme
+#config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag
 my %table=(
 #"b",		"${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
@ -250,9 +252,9 @@ my %table=(
 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared",
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o::",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
 "FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
 #### Alpha Linux with GNU C and Compaq C setups
@ -278,7 +280,7 @@ my %table=(
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
 "debug-linux-elf","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-elf-noefence","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
@ -299,7 +301,7 @@ my %table=(
 "ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
 # Linux on ARM
-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn",
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC",
 # UnixWare 2.0
 "unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
@ -399,6 +401,7 @@ my $prefix="";
 my $openssldir="";
 my $install_prefix="";
 my $no_threads=0;
 my $no_shared=1;
 my $threads=0;
 my $no_asm=0;
 my $no_dso=0;
@ -456,6 +459,10 @@ foreach (@ARGV)
 		{ $no_threads=1; }
 	elsif (/^threads$/)
 		{ $threads=1; }
 	elsif (/^no-shared$/)
 		{ $no_shared=1; }
 	elsif (/^shared$/)
 		{ $no_shared=0; }
 	elsif (/^no-symlinks$/)
 		{ $symlink=0; }
 	elsif (/^no-(.+)$/)
@ -574,8 +581,8 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
 print "IsWindows=$IsWindows\n";
 (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
- $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme)=
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
-	split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
+	split(/\s*:\s*/,$table{$target} . ":" x 21 , -1);
 $cflags="$flags$cflags" if ($flags ne "");
 # The DSO code currently always implements all functions so that no
@ -649,6 +656,19 @@ if ($threads)
 		$openssl_thread_defines .= $thread_defines;
 	}
 # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
 my $shared_mark1 = "";
 my $shared_mark2 = "";
 if ($shared_cflag ne "")
 	{
 	$cflags = "$shared_cflag $cflags";
 	if (!$no_shared)
 		{
 		$shared_mark1 = ".shlib-clean.";
 		$shared_mark2 = ".shlib.";
 		}
 	}
 #my ($bn1)=split(/\s+/,$bn_obj);
 #$bn1 = "" unless defined $bn1;
 #$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
@ -680,13 +700,20 @@ if ($rmd160_obj =~ /\.o$/)
 my $version = "unknown";
 my $major = "unknown";
 my $minor = "unknown";
 my $shlib_version_number = "unknown";
 my $shlib_version_history = "unknown";
 my $shlib_major = "unknown";
 my $shlib_minor = "unknown";
 open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
 while (<IN>)
 	{
 	$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
 	$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
 	$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
 	}
 close(IN);
 if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
 if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
 	{
@ -694,6 +721,12 @@ if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
 	$minor=$2;
 	}
 if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
 	{
 	$shlib_major=$1;
 	$shlib_minor=$2;
 	}
 open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
 open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
 print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
@ -712,6 +745,10 @@ while (<IN>)
 	s/^VERSION=.*/VERSION=$version/;
 	s/^MAJOR=.*/MAJOR=$major/;
 	s/^MINOR=.*/MINOR=$minor/;
 	s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
 	s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
 	s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
 	s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
 	s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
 	s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
 	s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
@ -733,6 +770,10 @@ while (<IN>)
 	s/^PROCESSOR=.*/PROCESSOR= $processor/;
 	s/^RANLIB=.*/RANLIB= $ranlib/;
 	s/^PERL=.*/PERL= $perl/;
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
 	s/^SHLIB_MARK1=.*/SHLIB_MARK1=$shared_mark1/;
 	s/^SHLIB_MARK2=.*/SHLIB_MARK2=$shared_mark2/;
 	s/^LIBS=.*/LIBS=libcrypto\.so\* libssl\.so\*/ if (!$no_shared);
 	print OUT $_."\n";
 	}
 close(IN);
@ -1041,5 +1082,7 @@ sub print_table_entry
 \$rmd160_obj   = $rmd160_obj
 \$rc5_obj      = $rc5_obj
 \$dso_scheme   = $dso_scheme
 \$shared_target= $shared_target
 \$shared_cflag = $shared_cflag
 EOF
 	}
--- a/INSTALL.W32
+++ b/INSTALL.W32
@ -180,6 +180,35 @@
 desired, GNU bc can be built with CygWin32 without change.
 Installation
 ------------
 There's currently no real installation procedure for Win32.  There are,
 however, some suggestions:
    - do nothing.  The include files are found in the inc32/ subdirectory,
      all binaries are found in out32dll/ or out32/ depending if you built
      dynamic or static libraries.
    - do as is written in INSTALL.Win32 that comes with modssl:
 	$ md c:\openssl 
 	$ md c:\openssl\bin
 	$ md c:\openssl\lib
 	$ md c:\openssl\include
 	$ md c:\openssl\include\openssl
 	$ copy /b inc32\*               c:\openssl\include\openssl
 	$ copy /b out32dll\ssleay32.lib c:\openssl\lib
 	$ copy /b out32dll\libeay32.lib c:\openssl\lib
 	$ copy /b out32dll\ssleay32.dll c:\openssl\bin
 	$ copy /b out32dll\libeay32.dll c:\openssl\bin
 	$ copy /b out32dll\openssl.exe  c:\openssl\bin
      Of course, you can choose another device than c:.  C: is used here
      because that's usually the first (and often only) harddisk device.
      Note: in the modssl INSTALL.Win32, p: is used rather than c:.
 Troubleshooting
 ---------------
--- a/Makefile.org
+++ b/Makefile.org
@ -5,8 +5,14 @@
 VERSION=
 MAJOR=
 MINOR=
 SHLIB_VERSION_NUMBER=
 SHLIB_VERSION_HISTORY=
 SHLIB_MAJOR=
 SHLIB_MINOR=
 PLATFORM=dist
 OPTIONS=
 SHLIB_TARGET=
 # INSTALL_PREFIX is for package builders so that they can configure
 # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
 # Normally it is left empty.
@ -142,7 +148,14 @@ RMD160_ASM_OBJ= asm/rm86-out.o
 #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
-DIRS=   crypto ssl rsaref apps test tools
+# To do special treatment, use "directory names" starting with a period.
 # When we're prepared to use shared libraries in the programs we link here
 # we might have SHLIB_MARK1 get the value ".shlib." and SHLIB_MARK2 be empty,
 # or have that configurable.
 SHLIB_MARK1=.shlib-clean.
 SHLIB_MARK2=.shlib.
 DIRS=   crypto ssl rsaref $(SHLIB_MARK1) apps test tools $(SHLIB_MARK2)
 SHLIBDIRS= crypto ssl
 # dirs in crypto to build
@ -165,7 +178,8 @@ TOP=    .
 ONEDIRS=out tmp
 EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
 WDIRS=  windows
-LIBS=   libcrypto.a libssl.a 
+LIBS=   libcrypto.a libssl.a
 SHARED_LIBS=libcrypto.so libssl.so
 GENERAL=        Makefile
 BASENAME=       openssl
@ -176,36 +190,110 @@ EXHEADER=       e_os.h e_os2.h
 HEADER=         e_os.h
 all: Makefile.ssl
-	@for i in $(DIRS) ;\
+	@need_shlib=true; \
 	for i in $(DIRS) ;\
 	do \
-	(cd $$i && echo "making all in $$i..." && \
+	if [ "$$i" = ".shlib-clean." ]; then \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+		if [ "$(SHLIB_TARGET)" != "" ]; then \
-	done
+			$(MAKE) clean-shared; \
-	-@# cd crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
+		fi; \
-	-@# cd perl; $(PERL) Makefile.PL; make
+	elif [ "$$i" = ".shlib." ]; then \
 		if [ "$(SHLIB_TARGET)" != "" ]; then \
 			$(MAKE) $(SHARED_LIBS); \
 		fi; \
 		need_shlib=false; \
 	else \
 		(cd $$i && echo "making all in $$i..." && \
 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
 	fi; \
 	done; \
 	if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
 		$(MAKE) $(SHARED_LIBS); \
 	fi
 sub_all:
-	@for i in $(DIRS) ;\
+	@need_shlib=true; \
 	for i in $(DIRS) ;\
 	do \
-	(cd $$i && echo "making all in $$i..." && \
+	if [ "$$i" = ".shlib-clean." ]; then \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+		if [ "$(SHLIB_TARGET)" != "" ]; then \
-	done;
+			$(MAKE) clean-shared; \
 		fi; \
 	elif [ "$$i" = ".shlib." ]; then \
 		if [ "$(SHLIB_TARGET)" != "" ]; then \
 			$(MAKE) $(SHARED_LIBS); \
 		fi; \
 		need_shlib=false; \
 	else \
 		(cd $$i && echo "making all in $$i..." && \
 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
 	fi; \
 	done; \
 	if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
 		$(MAKE) $(SHARED_LIBS); \
 	fi
 libcrypto.so: libcrypto.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
 		$(MAKE) SHLIBDIRS=crypto $(SHLIB_TARGET); \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
 libssl.so: libcrypto.so libssl.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
 		$(MAKE) SHLIBDIRS=ssl $(SHLIB_TARGET); \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
 clean-shared:
 	for i in ${SHLIBDIRS}; do \
 	rm -f lib$$i.so \
 		lib$$i.so.${SHLIB_MAJOR} \
 		lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	done
 linux-shared:
-	for i in ${SHLIBDIRS}; do \
+	libs=; for i in ${SHLIBDIRS}; do \
-	rm -f lib$$i.a lib$$i.so \
+	rm -f lib$$i.so \
-		lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
+		lib$$i.so.${SHLIB_MAJOR} \
-	${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
+		lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
-	( set -x; ${CC}  -shared -o lib$$i.so.${MAJOR}.${MINOR} \
+	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Wl,-S,-soname=lib$$i.so.${MAJOR} \
+		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \
 		-Wl,--whole-archive lib$$i.a \
-		-Wl,--no-whole-archive -lc ) || exit 1; \
+		-Wl,--no-whole-archive -lc $$libs ) || exit 1; \
-	rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
+	libs="$$libs -L. -l$$i"; \
 	( set -x; \
 		ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			lib$$i.so.${SHLIB_MAJOR}; \
 		ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so ); \
 	done;
 # This assumes that GNU utilities are *not* used
 true64-shared:
 	libs=; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
 		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 		-all lib$$i.a -none -lc $$libs ) || exit 1; \
 	libs="$$libs -L. -l$$i"; \
 	done;
 # This assumes that GNU utilities are *not* used
 solaris-shared:
 	libs=; for i in ${SHLIBDIRS}; do \
 	rm -f lib$$i.so \
 		lib$$i.so.${SHLIB_MAJOR} \
 		lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	( set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-h lib$$i.so.${SHLIB_MAJOR} \
 		-z allextract lib$$i.a $$libs ) || exit 1; \
 	libs="$$libs -L. -l$$i"; \
 	ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		lib$$i.so.${SHLIB_MAJOR}; \
 	ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so; \
 	done; \
 	@set -x; \
 	for i in ${SHLIBDIRS}; do \
 	ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
 	ln -s lib$$i.so.${MAJOR} lib$$i.so; \
 	done;
 Makefile.ssl: Makefile.org
@ -220,9 +308,11 @@ clean:
 	rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
 	@for i in $(DIRS) ;\
 	do \
-	(cd $$i && echo "making clean in $$i..." && \
+	if echo "$$i" | grep -v '^\.'; then \
-	$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
+		(cd $$i && echo "making clean in $$i..." && \
-	rm -f $(LIBS); \
+		$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
 		rm -f $(LIBS); \
 	fi; \
 	done;
 	rm -f *.a *.o speed.* *.map *.so .pure core
 	rm -f $(TARFILE)
@ -239,8 +329,10 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
 	@for i in $(DIRS) ;\
 	do \
-	(cd $$i && echo "making 'files' in $$i..." && \
+	if echo "$$i" | grep -v '^\.'; then \
-	$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
+		(cd $$i && echo "making 'files' in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
 	fi; \
 	done;
 links:
@ -248,16 +340,20 @@ links:
 	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
 	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
 	@for i in $(DIRS); do \
-	(cd $$i && echo "making links in $$i..." && \
+	if echo "$$i" | grep -v '^\.'; then \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+		(cd $$i && echo "making links in $$i..." && \
 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
 	fi; \
 	done;
 dclean:
 	rm -f *.bak
 	@for i in $(DIRS) ;\
 	do \
-	(cd $$i && echo "making dclean in $$i..." && \
+	if echo "$$i" | grep -v '^\.'; then \
-	$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
+		(cd $$i && echo "making dclean in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
 	fi; \
 	done;
 rehash: rehash.time
@ -278,22 +374,28 @@ report:
 depend:
 	@for i in $(DIRS) ;\
 	do \
-	(cd $$i && echo "making dependencies $$i..." && \
+	if echo "$$i" | grep -v '^\.'; then \
-	$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
+		(cd $$i && echo "making dependencies $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
 	fi; \
 	done;
 lint:
 	@for i in $(DIRS) ;\
 	do \
-	(cd $$i && echo "making lint $$i..." && \
+	if echo "$$i" | grep -v '^\.'; then \
-	$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
+		(cd $$i && echo "making lint $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
 	fi; \
 	done;
 tags:
 	@for i in $(DIRS) ;\
 	do \
-	(cd $$i && echo "making tags $$i..." && \
+	if echo "$$i" | grep -v '^\.'; then \
-	$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+		(cd $$i && echo "making tags $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
 	fi; \
 	done;
 errors:
@ -352,15 +454,19 @@ install: all install_docs
 	done;
 	@for i in $(DIRS) ;\
 	do \
-	(cd $$i; echo "installing $$i..."; \
+	if echo "$$i" | grep -v '^\.'; then \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
+		(cd $$i; echo "installing $$i..."; \
 		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
 	fi; \
 	done
 	@for i in $(LIBS) ;\
 	do \
-	(       echo installing $$i; \
+		if [ -f "$$i" ]; then \
-		cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+		(       echo installing $$i; \
-		$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-		chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 		fi \
 	done
 install_docs:
--- a/220
+++ b/220
@ -17,6 +17,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** BC-32
 $cc           = bcc32
@ -35,6 +37,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** BS2000-OSD
 $cc           = c89
@ -53,6 +57,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** CygWin32
 $cc           = gcc
@ -71,6 +77,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** FreeBSD
 $cc           = gcc
@ -89,6 +97,8 @@ $rc4_obj      = asm/rx86-out.o
 $rmd160_obj   = asm/rm86-out.o
 $rc5_obj      = asm/r586-out.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** FreeBSD-alpha
 $cc           = gcc
@ -107,6 +117,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** FreeBSD-elf
 $cc           = gcc
@ -125,6 +137,8 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** Mingw32
 $cc           = gcc
@ -143,6 +157,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** NetBSD-m68
 $cc           = gcc
@ -161,6 +177,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** NetBSD-sparc
 $cc           = gcc
@ -179,6 +197,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** NetBSD-x86
 $cc           = gcc
@ -197,6 +217,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** OpenBSD
 $cc           = gcc
@ -215,6 +237,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** OpenBSD-alpha
 $cc           = gcc
@ -233,6 +257,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** OpenBSD-mips
 $cc           = gcc
@ -251,6 +277,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** OpenBSD-x86
 $cc           = gcc
@ -269,6 +297,8 @@ $rc4_obj      = asm/rx86-out.o
 $rmd160_obj   = asm/rm86-out.o
 $rc5_obj      = asm/r586-out.o
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** ReliantUNIX
 $cc           = cc
@ -287,6 +317,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** SINIX
 $cc           = cc
@ -305,6 +337,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** SINIX-N
 $cc           = /usr/ucb/cc
@ -323,6 +357,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** VC-MSDOS
 $cc           = cl
@ -341,6 +377,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** VC-NT
 $cc           = cl
@ -359,6 +397,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** VC-W31-16
 $cc           = cl
@ -377,6 +417,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** VC-W31-32
 $cc           = cl
@ -395,6 +437,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** VC-WIN16
 $cc           = cl
@ -413,6 +457,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** VC-WIN32
 $cc           = cl
@ -431,6 +477,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** aix-cc
 $cc           = cc
@ -449,6 +497,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** aix-gcc
 $cc           = gcc
@ -467,6 +517,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** alpha-cc
 $cc           = cc
@ -485,6 +537,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** alpha-gcc
 $cc           = gcc
@ -503,6 +557,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** alpha164-cc
 $cc           = cc
@ -520,7 +576,9 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
+$dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** bsdi-elf-gcc
 $cc           = gcc
@ -539,6 +597,8 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** bsdi-gcc
 $cc           = gcc
@ -557,6 +617,8 @@ $rc4_obj      = asm/rx86bsdi.o
 $rmd160_obj   = asm/rm86bsdi.o
 $rc5_obj      = asm/r586bsdi.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** cc
 $cc           = cc
@ -575,6 +637,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** cray-t3e
 $cc           = cc
@ -593,6 +657,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** cray-t90-cc
 $cc           = cc
@ -611,6 +677,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** debug
 $cc           = gcc
@ -629,6 +697,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** debug-ben
 $cc           = gcc
@ -647,6 +717,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** debug-ben-debug
 $cc           = gcc
@ -665,6 +737,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** debug-ben-strict
 $cc           = gcc
@ -683,6 +757,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** debug-bodo
 $cc           = gcc
@ -701,6 +777,8 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** debug-levitte-linux-elf
 $cc           = gcc
@ -719,6 +797,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** debug-linux-elf
 $cc           = gcc
@ -737,6 +817,8 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** debug-linux-elf-noefence
 $cc           = gcc
@ -755,6 +837,8 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** debug-rse
 $cc           = cc
@ -773,6 +857,8 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** debug-solaris-sparcv8-cc
 $cc           = cc
@ -791,6 +877,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** debug-solaris-sparcv8-gcc
 $cc           = gcc
@ -809,6 +897,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** debug-solaris-sparcv9-cc
 $cc           = cc
@ -827,6 +917,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** debug-solaris-sparcv9-gcc
 $cc           = gcc
@ -845,6 +937,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** debug-steve
 $cc           = gcc
@ -863,6 +957,8 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** debug-ulf
 $cc           = gcc
@ -881,6 +977,8 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** dgux-R3-gcc
 $cc           = gcc
@ -899,6 +997,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** dgux-R4-gcc
 $cc           = gcc
@ -917,6 +1017,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** dgux-R4-x86-gcc
 $cc           = gcc
@ -935,6 +1037,8 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** dist
 $cc           = cc
@ -953,6 +1057,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** gcc
 $cc           = gcc
@ -971,6 +1077,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** hpux-brokencc
 $cc           = cc
@ -989,6 +1097,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 *** hpux-brokengcc
 $cc           = gcc
@ -1007,6 +1117,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 *** hpux-cc
 $cc           = cc
@ -1025,6 +1137,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 *** hpux-gcc
 $cc           = gcc
@ -1043,6 +1157,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 *** hpux-parisc-cc
 $cc           = cc
@ -1061,6 +1177,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 *** hpux-parisc-cc-o4
 $cc           = cc
@ -1079,6 +1197,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 *** hpux-parisc-gcc
 $cc           = gcc
@ -1097,6 +1217,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 *** hpux10-brokencc
 $cc           = cc
@ -1115,6 +1237,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 *** hpux10-brokengcc
 $cc           = gcc
@ -1133,6 +1257,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 *** hpux10-cc
 $cc           = cc
@ -1151,6 +1277,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 *** hpux10-gcc
 $cc           = gcc
@ -1169,6 +1297,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 *** hpux64-parisc-cc
 $cc           = cc
@ -1187,6 +1317,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dl
 $shared_target= 
 $shared_cflag = 
 *** irix-cc
 $cc           = cc
@ -1205,6 +1337,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** irix-gcc
 $cc           = gcc
@ -1223,6 +1357,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** irix-mips3-cc
 $cc           = cc
@ -1241,6 +1377,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** irix-mips3-gcc
 $cc           = gcc
@ -1259,6 +1397,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** irix64-mips4-cc
 $cc           = cc
@ -1277,6 +1417,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** irix64-mips4-gcc
 $cc           = gcc
@ -1295,6 +1437,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** linux-alpha+bwx-ccc
 $cc           = ccc
@ -1313,6 +1457,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** linux-alpha+bwx-gcc
 $cc           = gcc
@ -1331,6 +1477,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** linux-alpha-ccc
 $cc           = ccc
@ -1349,6 +1497,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** linux-alpha-gcc
 $cc           = gcc
@ -1367,6 +1517,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** linux-aout
 $cc           = gcc
@ -1385,6 +1537,8 @@ $rc4_obj      = asm/rx86-out.o
 $rmd160_obj   = asm/rm86-out.o
 $rc5_obj      = asm/r586-out.o
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** linux-elf
 $cc           = gcc
@ -1403,6 +1557,8 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** linux-elf-arm
 $cc           = gcc
@ -1421,6 +1577,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** linux-ia64
 $cc           = gcc
@ -1439,6 +1597,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** linux-m68k
 $cc           = gcc
@ -1457,6 +1617,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** linux-mips
 $cc           = gcc
@ -1475,6 +1637,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** linux-ppc
 $cc           = gcc
@ -1493,6 +1657,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** linux-sparcv7
 $cc           = gcc
@ -1511,6 +1677,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** linux-sparcv8
 $cc           = gcc
@ -1529,6 +1697,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** linux-sparcv9
 $cc           = gcc
@ -1547,6 +1717,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** ncr-scde
 $cc           = cc
@ -1565,6 +1737,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** nextstep
 $cc           = cc
@ -1583,6 +1757,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** nextstep3.3
 $cc           = cc
@ -1601,6 +1777,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** purify
 $cc           = purify gcc
@ -1619,6 +1797,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** rhapsody-ppc-cc
 $cc           = cc
@ -1637,6 +1817,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** sco5-cc
 $cc           = cc
@ -1655,6 +1837,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** sco5-gcc
 $cc           = gcc
@ -1673,6 +1857,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** solaris-sparc-sc3
 $cc           = cc
@ -1691,6 +1877,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** solaris-sparcv7-cc
 $cc           = cc
@ -1709,6 +1897,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** solaris-sparcv7-gcc
 $cc           = gcc
@ -1727,6 +1917,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** solaris-sparcv8-cc
 $cc           = cc
@ -1745,6 +1937,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** solaris-sparcv8-gcc
 $cc           = gcc
@ -1763,6 +1957,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** solaris-sparcv9-cc
 $cc           = cc
@ -1781,6 +1977,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** solaris-sparcv9-gcc
 $cc           = gcc
@ -1799,6 +1997,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** solaris-sparcv9-gcc27
 $cc           = gcc
@ -1817,6 +2017,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** solaris-x86-gcc
 $cc           = gcc
@ -1835,6 +2037,8 @@ $rc4_obj      = asm/rx86-sol.o
 $rmd160_obj   = asm/rm86-sol.o
 $rc5_obj      = asm/r586-sol.o
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** solaris64-sparcv9-cc
 $cc           = cc
@ -1853,6 +2057,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= 
 $shared_cflag = 
 *** sunos-gcc
 $cc           = gcc
@ -1871,6 +2077,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** ultrix-cc
 $cc           = cc
@ -1889,6 +2097,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** ultrix-gcc
 $cc           = gcc
@ -1907,6 +2117,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** unixware-2.0
 $cc           = cc
@ -1925,6 +2137,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** unixware-2.0-pentium
 $cc           = cc
@ -1943,6 +2157,8 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
 *** unixware-7
 $cc           = cc
@ -1961,3 +2177,5 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = 
 $shared_target= 
 $shared_cflag = 
--- a/apps/apps.c
+++ b/apps/apps.c
@ -655,3 +655,83 @@ end:
 	return(othercerts);
 	}
 typedef struct {
 	char *name;
 	unsigned long flag;
 	unsigned long mask;
 } NAME_EX_TBL;
 int set_name_ex(unsigned long *flags, const char *arg)
 {
 	char c;
 	const NAME_EX_TBL *ptbl, ex_tbl[] = {
 		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
 		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
 		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
 		{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
 		{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
 		{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
 		{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
 		{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
 		{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
 		{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
 		{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
 		{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
 		{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
 		{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
 		{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
 		{ "dn_rev", XN_FLAG_DN_REV, 0},
 		{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
 		{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
 		{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
 		{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
 		{ "space_eq", XN_FLAG_SPC_EQ, 0},
 		{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
 		{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
 		{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
 		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
 		{ NULL, 0, 0}
 	};
 	c = arg[0];
 	if(c == '-') {
 		c = 0;
 		arg++;
 	} else if (c == '+') {
 		c = 1;
 		arg++;
 	} else c = 1;
 	for(ptbl = ex_tbl; ptbl->name; ptbl++) {
 		if(!strcmp(arg, ptbl->name)) {
 			*flags &= ~ptbl->mask;
 			if(c) *flags |= ptbl->flag;
 			else *flags &= ~ptbl->flag;
 			return 1;
 		}
 	}
 	return 0;
 }
 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 {
 	char buf[256];
 	char mline = 0;
 	int indent = 0;
 	if(title) BIO_puts(out, title);
 	if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
 		mline = 1;
 		indent = 4;
 	}
 	if(lflags == XN_FLAG_COMPAT) {
 		X509_NAME_oneline(nm,buf,256);
 		BIO_puts(out,buf);
 		BIO_puts(out, "\n");
 	} else {
 		if(mline) BIO_puts(out, "\n");
 		X509_NAME_print_ex(out, nm, indent, lflags);
 		BIO_puts(out, "\n");
 	}
 }
--- a/apps/apps.h
+++ b/apps/apps.h
@ -145,7 +145,9 @@ void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 #ifdef HEADER_X509_H
 int dump_cert_text(BIO *out, X509 *x);
 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
 int set_name_ex(unsigned long *flags, const char *arg);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
 int add_oid_section(BIO *err, LHASH *conf);
 X509 *load_cert(BIO *err, char *file, int format);
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@ -88,7 +88,7 @@ int MAIN(int argc, char **argv)
 	unsigned int length=0;
 	long num,tmplen;
 	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
-	int informat,indent=0, noout = 0;
+	int informat,indent=0, noout = 0, dump = 0;
 	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
 	unsigned char *tmpbuf;
 	BUF_MEM *buf=NULL;
@ -149,6 +149,16 @@ int MAIN(int argc, char **argv)
 			length= atoi(*(++argv));
 			if (length == 0) goto bad;
 			}
 		else if (strcmp(*argv,"-dump") == 0)
 			{
 			dump= -1;
 			}
 		else if (strcmp(*argv,"-dlimit") == 0)
 			{
 			if (--argc < 1) goto bad;
 			dump= atoi(*(++argv));
 			if (dump <= 0) goto bad;
 			}
 		else if (strcmp(*argv,"-strparse") == 0)
 			{
 			if (--argc < 1) goto bad;
@ -176,6 +186,8 @@ bad:
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   length of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
 		BIO_printf(bio_err," -dump         dump unknown data in hex form\n");
 		BIO_printf(bio_err," -dlimit arg   dump the first arg bytes of unknown data in hex form\n");
 		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
@ -293,7 +305,8 @@ bad:
 		}
 	}
 	if (!noout &&
-	    !ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
+	    !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
 		    indent,dump))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
--- a/apps/passwd.c
+++ b/apps/passwd.c
@ -44,7 +44,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	char *passwd, BIO *out, int quiet, int table, int reverse,
 	size_t pw_maxlen, int usecrypt, int use1, int useapr1);
-/* -crypt        - standard Unix password algorithm (default, only choice)
+/* -crypt        - standard Unix password algorithm (default)
 * -1            - MD5-based password algorithm
 * -apr1         - MD5-based password algorithm, Apache variant
 * -salt string  - salt
--- a/apps/req.c
+++ b/apps/req.c
@ -587,6 +587,11 @@ bad:
 			BIO_printf(bio_err,"unable to load Private key\n");
 			goto end;
 			}
                if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
 			{
 			char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
 			app_RAND_load_file(randfile, bio_err, 0);
                	}
 		}
 	if (newreq && (pkey == NULL))
--- a/apps/smime.c
+++ b/apps/smime.c
@ -277,8 +277,11 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-signer file   signer certificate file\n");
 		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
 		BIO_printf (bio_err, "-in file       input file\n");
 		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
 		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
 		BIO_printf (bio_err, "-out file      output file\n");
 		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
 		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
 		BIO_printf (bio_err, "-to addr       to address\n");
 		BIO_printf (bio_err, "-from ad       from address\n");
 		BIO_printf (bio_err, "-subject s     subject\n");
--- a/apps/verify.c
+++ b/apps/verify.c
@ -186,7 +186,7 @@ int MAIN(int argc, char **argv)
 	ret=0;
 end:
 	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;
--- a/apps/x509.c
+++ b/apps/x509.c
@ -128,6 +128,7 @@ static char *x509_usage[]={
 " -extfile        - configuration file with X509V3 extensions to add\n",
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
 NULL
 };
@ -173,6 +174,7 @@ int MAIN(int argc, char **argv)
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
 	unsigned long nmflag = 0;
 	reqfile=0;
@ -316,6 +318,11 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
 		else if (strcmp(*argv,"-nameopt") == 0)
 			{
 			if (--argc < 1) goto bad;
 			if(!set_name_ex(&nmflag, *(++argv))) goto bad;
 			}
 		else if (strcmp(*argv,"-setalias") == 0)
 			{
 			if (--argc < 1) goto bad;
@ -524,9 +531,8 @@ bad:
 			}
 		else
 			BIO_printf(bio_err,"Signature ok\n");
-		
+
-		X509_NAME_oneline(req->req_info->subject,buf,256);
+		print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
 		BIO_printf(bio_err,"subject=%s\n",buf);
 		if ((x=X509_new()) == NULL) goto end;
 		ci=x->cert_info;
@ -600,15 +606,13 @@ bad:
 			{
 			if (issuer == i)
 				{
-				X509_NAME_oneline(X509_get_issuer_name(x),
+				print_name(STDout, "issuer= ",
-					buf,256);
+					X509_get_issuer_name(x), nmflag);
 				BIO_printf(STDout,"issuer= %s\n",buf);
 				}
 			else if (subject == i) 
 				{
-				X509_NAME_oneline(X509_get_subject_name(x),
+				print_name(STDout, "issuer= ",
-					buf,256);
+					X509_get_subject_name(x), nmflag);
 				BIO_printf(STDout,"subject=%s\n",buf);
 				}
 			else if (serial == i)
 				{
@ -1082,7 +1086,6 @@ end:
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 	int err;
 	X509 *err_cert;
@ -1104,8 +1107,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 	else
 		{
 		err_cert=X509_STORE_CTX_get_current_cert(ctx);
-		X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+		print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
 		BIO_printf(bio_err,"%s\n",buf);
 		BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
 			err,X509_STORE_CTX_get_error_depth(ctx),
 			X509_verify_cert_error_string(err));
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@ -24,7 +24,7 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 	a_null.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \
-	a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c \
+	a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
 	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
 	x_name.c x_cinf.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
 	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
@ -39,7 +39,7 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	a_null.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
-	a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o \
+	a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
 	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
 	x_name.o x_cinf.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
 	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
@ -284,6 +284,23 @@ a_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 a_sign.o: ../cryptlib.h
 a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
 a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
 a_strex.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 a_strex.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 a_strex.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 a_strex.o: charmap.h
 a_strnid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_strnid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@ -75,6 +75,7 @@ void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
 int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
 {
 	int len, ret;
 	if(!a) return 0;
 	len = i2c_ASN1_INTEGER(a, NULL);	
 	ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
 	if(pp) {
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@ -77,6 +77,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
 int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 {
 	int len, ret;
 	if(!a) return 0;
 	len = i2c_ASN1_INTEGER(a, NULL);	
 	ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
 	if(pp) {
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@ -190,24 +190,13 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
 ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
 	     long length)
-	{
+{
 	ASN1_OBJECT *ret=NULL;
 	unsigned char *p;
 	long len;
 	int tag,xclass;
 	int inf,i;
-
+	ASN1_OBJECT *ret = NULL;
 	/* only the ASN1_OBJECTs from the 'table' will have values
 	 * for ->sn or ->ln */
 	if ((a == NULL) || ((*a) == NULL) ||
 		!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
 		{
 		if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
 		}
 	else	ret=(*a);
 	p= *pp;
 	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
 	if (inf & 0x80)
 		{
@ -220,6 +209,32 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
 		i=ASN1_R_EXPECTING_AN_OBJECT;
 		goto err;
 		}
 	ret = c2i_ASN1_OBJECT(a, &p, len);
 	if(ret) *pp = p;
 	return ret;
 err:
 	ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
 	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
 		ASN1_OBJECT_free(ret);
 	return(NULL);
 }
 ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
 	     long len)
 	{
 	ASN1_OBJECT *ret=NULL;
 	unsigned char *p;
 	int i;
 	/* only the ASN1_OBJECTs from the 'table' will have values
 	 * for ->sn or ->ln */
 	if ((a == NULL) || ((*a) == NULL) ||
 		!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
 		{
 		if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
 		}
 	else	ret=(*a);
 	p= *pp;
 	if ((ret->data == NULL) || (ret->length < len))
 		{
 		if (ret->data != NULL) OPENSSL_free(ret->data);
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@ -237,6 +237,7 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
 #define ASN1_BMPSTRING		ASN1_STRING
 #define ASN1_VISIBLESTRING	ASN1_STRING
 #define ASN1_UTF8STRING		ASN1_STRING
 #define ASN1_BOOLEAN		int
 #else
 typedef struct asn1_string_st ASN1_INTEGER;
 typedef struct asn1_string_st ASN1_ENUMERATED;
@ -253,10 +254,90 @@ typedef struct asn1_string_st ASN1_TIME;
 typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
 typedef struct asn1_string_st ASN1_VISIBLESTRING;
 typedef struct asn1_string_st ASN1_UTF8STRING;
 typedef int ASN1_BOOLEAN;
 #endif
 typedef int ASN1_NULL;
 /* Parameters used by ASN1_STRING_print_ex() */
 /* These determine which characters to escape:
 * RFC2253 special characters, control characters and
 * MSB set characters
 */
 #define ASN1_STRFLGS_ESC_2253		1
 #define ASN1_STRFLGS_ESC_CTRL		2
 #define ASN1_STRFLGS_ESC_MSB		4
 /* This flag determines how we do escaping: normally
 * RC2253 backslash only, set this to use backslash and
 * quote.
 */
 #define ASN1_STRFLGS_ESC_QUOTE		8
 /* These three flags are internal use only. */
 /* Character is a valid PrintableString character */
 #define CHARTYPE_PRINTABLESTRING	0x10
 /* Character needs escaping if it is the first character */
 #define CHARTYPE_FIRST_ESC_2253		0x20
 /* Character needs escaping if it is the last character */
 #define CHARTYPE_LAST_ESC_2253		0x40
 /* NB the internal flags are safely reused below by flags
 * handled at the top level.
 */
 /* If this is set we convert all character strings
 * to UTF8 first 
 */
 #define ASN1_STRFLGS_UTF8_CONVERT	0x10
 /* If this is set we don't attempt to interpret content:
 * just assume all strings are 1 byte per character. This
 * will produce some pretty odd looking output!
 */
 #define ASN1_STRFLGS_IGNORE_TYPE	0x20
 /* If this is set we include the string type in the output */
 #define ASN1_STRFLGS_SHOW_TYPE		0x40
 /* This determines which strings to display and which to
 * 'dump' (hex dump of content octets or DER encoding). We can
 * only dump non character strings or everything. If we
 * don't dump 'unknown' they are interpreted as character
 * strings with 1 octet per character and are subject to
 * the usual escaping options.
 */
 #define ASN1_STRFLGS_DUMP_ALL		0x80
 #define ASN1_STRFLGS_DUMP_UNKNOWN	0x100
 /* These determine what 'dumping' does, we can dump the
 * content octets or the DER encoding: both use the
 * RFC2253 #XXXXX notation.
 */
 #define ASN1_STRFLGS_DUMP_DER		0x200
 /* All the string flags consistent with RFC2253,
 * escaping control characters isn't essential in
 * RFC2253 but it is advisable anyway.
 */
 #define ASN1_STRFLGS_RFC2253	(ASN1_STRFLGS_ESC_2253 | \
 				ASN1_STRFLGS_ESC_CTRL | \
 				ASN1_STRFLGS_ESC_MSB | \
 				ASN1_STRFLGS_UTF8_CONVERT | \
 				ASN1_STRFLGS_DUMP_UNKNOWN | \
 				ASN1_STRFLGS_DUMP_DER)
 DECLARE_STACK_OF(ASN1_INTEGER)
 DECLARE_ASN1_SET_OF(ASN1_INTEGER)
@ -265,6 +346,7 @@ typedef struct asn1_type_st
 	int type;
 	union	{
 		char *ptr;
 		ASN1_BOOLEAN		boolean;
 		ASN1_STRING *		asn1_string;
 		ASN1_OBJECT *		object;
 		ASN1_INTEGER *		integer;
@ -506,6 +588,8 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 ASN1_OBJECT *	ASN1_OBJECT_new(void );
 void		ASN1_OBJECT_free(ASN1_OBJECT *a);
 int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
 ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 			long length);
 ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 			long length);
@ -722,6 +806,7 @@ char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
 #ifndef NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
 int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
 int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
 #endif
 #ifndef NO_BIO
@ -731,7 +816,9 @@ int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
 int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
 int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
 int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
 int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
 int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
 int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump);
 #endif
 const char *ASN1_tag2str(int tag);
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@ -65,7 +65,7 @@
 static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
 	int indent);
 static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
-	int offset, int depth, int indent);
+	int offset, int depth, int indent, int dump);
 static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
 	     int indent)
 	{
@ -110,11 +110,16 @@ err:
 int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
 	{
-	return(asn1_parse2(bp,&pp,len,0,0,indent));
+	return(asn1_parse2(bp,&pp,len,0,0,indent,0));
 	}
 int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump)
 	{
 	return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
 	}
 static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
-	     int depth, int indent)
+	     int depth, int indent, int dump)
 	{
 	unsigned char *p,*ep,*tot,*op,*opp;
 	long len;
@ -123,7 +128,13 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
 	ASN1_OBJECT *o=NULL;
 	ASN1_OCTET_STRING *os=NULL;
 	/* ASN1_BMPSTRING *bmp=NULL;*/
 	int dump_indent;
 #if 0
 	dump_indent = indent;
 #else
 	dump_indent = 6;	/* Because we know BIO_dump_indent() */
 #endif
 	p= *pp;
 	tot=p+length;
 	op=p-1;
@ -178,7 +189,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
 					{
 					r=asn1_parse2(bp,&p,(long)(tot-p),
 						offset+(p - *pp),depth+1,
-						indent);
+						indent,dump);
 					if (r == 0) { ret=0; goto end; }
 					if ((r == 2) || (p >= tot)) break;
 					}
@ -188,7 +199,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
 					{
 					r=asn1_parse2(bp,&p,(long)len,
 						offset+(p - *pp),depth+1,
-						indent);
+						indent,dump);
 					if (r == 0) { ret=0; goto end; }
 					}
 			}
@ -273,6 +284,20 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
 							os->length) <= 0)
 							goto end;
 						}
 					if (!printable && (os->length > 0)
 						&& dump)
 						{
 						if (!nl) 
 							{
 							if (BIO_write(bp,"\n",1) <= 0)
 								goto end;
 							}
 						if (BIO_dump_indent(bp,opp,
 							((dump == -1 || dump > os->length)?os->length:dump),
 							dump_indent) <= 0)
 							goto end;
 						nl=1;
 						}
 					M_ASN1_OCTET_STRING_free(os);
 					os=NULL;
 					}
@ -341,6 +366,19 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
 					}
 				M_ASN1_ENUMERATED_free(bs);
 				}
 			else if (len > 0 && dump)
 				{
 				if (!nl) 
 					{
 					if (BIO_write(bp,"\n",1) <= 0)
 						goto end;
 					}
 				if (BIO_dump_indent(bp,p,
 					((dump == -1 || dump > len)?len:dump),
 					dump_indent) <= 0)
 					goto end;
 				nl=1;
 				}
 			if (!nl) 
 				{
--- a/crypto/asn1/d2i_dsap.c
+++ b/crypto/asn1/d2i_dsap.c
@ -64,7 +64,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
-#ifdef NEG_PUBKEY_BUG
+#ifndef NO_NEG_PUBKEY_BUG
 #define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
 #endif
--- a/crypto/asn1/d2i_r_pu.c
+++ b/crypto/asn1/d2i_r_pu.c
@ -64,7 +64,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
-#ifdef NEG_PUBKEY_BUG
+#ifndef NO_NEG_PUBKEY_BUG
 #define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
 #endif
--- a/crypto/asn1/d2i_s_pu.c
+++ b/crypto/asn1/d2i_s_pu.c
@ -66,7 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
-#ifdef NEG_PUBKEY_BUG
+#ifndef NO_NEG_PUBKEY_BUG
 #define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
 #endif
--- a/crypto/bio/b_dump.c
+++ b/crypto/bio/b_dump.c
@ -66,13 +66,20 @@
 #define TRUNCATE
 #define DUMP_WIDTH	16
 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
 int BIO_dump(BIO *bio, const char *s, int len)
 	{
 	return BIO_dump_indent(bio, s, len, 0);
 	}
 int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
 {
  int ret=0;
-  char buf[160+1],tmp[20];
+  char buf[288+1],tmp[20],str[128+1];
  int i,j,rows,trunc;
  unsigned char ch;
  int dump_width;
  trunc=0;
@ -81,27 +88,37 @@ int BIO_dump(BIO *bio, const char *s, int len)
    trunc++;
 #endif
-  rows=(len/DUMP_WIDTH);
+  if (indent < 0)
-  if ((rows*DUMP_WIDTH)<len)
+    indent = 0;
  if (indent) {
    if (indent > 128) indent=128;
    memset(str,' ',indent);
  }
  str[indent]='\0';
  dump_width=DUMP_WIDTH_LESS_INDENT(indent);
  rows=(len/dump_width);
  if ((rows*dump_width)<len)
    rows++;
  for(i=0;i<rows;i++) {
    buf[0]='\0';	/* start with empty string */
-    sprintf(tmp,"%04x - ",i*DUMP_WIDTH);
+    strcpy(buf,str);
-    strcpy(buf,tmp);
+    sprintf(tmp,"%04x - ",i*dump_width);
-    for(j=0;j<DUMP_WIDTH;j++) {
+    strcat(buf,tmp);
-      if (((i*DUMP_WIDTH)+j)>=len) {
+    for(j=0;j<dump_width;j++) {
      if (((i*dump_width)+j)>=len) {
 	strcat(buf,"   ");
      } else {
-        ch=((unsigned char)*(s+i*DUMP_WIDTH+j)) & 0xff;
+        ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
 	sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
        strcat(buf,tmp);
      }
    }
    strcat(buf,"  ");
-    for(j=0;j<DUMP_WIDTH;j++) {
+    for(j=0;j<dump_width;j++) {
-      if (((i*DUMP_WIDTH)+j)>=len)
+      if (((i*dump_width)+j)>=len)
 	break;
-      ch=((unsigned char)*(s+i*DUMP_WIDTH+j)) & 0xff;
+      ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
 #ifndef CHARSET_EBCDIC
      sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
 #else
@ -119,7 +136,7 @@ int BIO_dump(BIO *bio, const char *s, int len)
  }
 #ifdef TRUNCATE
  if (trunc > 0) {
-    sprintf(buf,"%04x - <SPACES/NULS>\n",len+trunc);
+    sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc);
    ret+=BIO_write(bio,(char *)buf,strlen(buf));
  }
 #endif
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@ -105,17 +105,22 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
 	struct hostent *he;
 	i=get_ip(str,ip);
 	if (i > 0) return(1);
 	if (i < 0)
 		{
 		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
 		goto err;
 		}
-	/* do a gethostbyname */
+	/* At this point, we have something that is most probably correct
 	   in some way, so let's init the socket. */
 	if (!BIO_sock_init())
 		return(0); /* don't generate another error code here */
 	/* If the string actually contained an IP address, we need not do
 	   anything more */
 	if (i > 0) return(1);
 	/* do a gethostbyname */
 	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
 	locked = 1;
 	he=BIO_gethostbyname(str);
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@ -559,6 +559,7 @@ int BIO_sock_non_fatal_error(int error);
 int BIO_fd_should_retry(int i);
 int BIO_fd_non_fatal_error(int error);
 int BIO_dump(BIO *b,const char *bytes,int len);
 int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
 struct hostent *BIO_gethostbyname(const char *name);
 /* We might want a thread-safe interface too:
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@ -631,7 +631,6 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 	al=a->top;
 	bl=b->top;
 	r->neg=a->neg^b->neg;
 	if ((al == 0) || (bl == 0))
 		{
@ -647,6 +646,7 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 		}
 	else
 		rr = r;
 	rr->neg=a->neg^b->neg;
 #if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
 	i = al-bl;
--- a/crypto/bn/bn_word.c
+++ b/crypto/bn/bn_word.c
@ -115,7 +115,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
 		a->neg=0;
 		i=BN_sub_word(a,w);
 		if (!BN_is_zero(a))
-			a->neg=1;
+			a->neg=!(a->neg);
 		return(i);
 		}
 	w&=BN_MASK2;
@ -140,7 +140,7 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
 	{
 	int i;
-	if (a->neg)
+	if (BN_is_zero(a) || a->neg)
 		{
 		a->neg=0;
 		i=BN_add_word(a,w);
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@ -244,11 +244,11 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
 * unless CRYPTO_MDEBUG is defined) */
 #define CRYPTO_malloc_debug_init()	do {\
 	CRYPTO_set_mem_debug_functions(\
-		(void (*)())CRYPTO_dbg_malloc,\
+		CRYPTO_dbg_malloc,\
-		(void (*)())CRYPTO_dbg_realloc,\
+		CRYPTO_dbg_realloc,\
-		(void (*)())CRYPTO_dbg_free,\
+		CRYPTO_dbg_free,\
-		(void (*)())CRYPTO_dbg_set_options,\
+		CRYPTO_dbg_set_options,\
-		(long (*)())CRYPTO_dbg_get_options);\
+		CRYPTO_dbg_get_options);\
 	} while(0)
 int CRYPTO_mem_ctrl(int mode);
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@ -560,7 +560,7 @@ const char *ERR_lib_error_string(unsigned long e)
 	l=ERR_GET_LIB(e);
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
 	if (error_hash != NULL)
 		{
@ -568,7 +568,7 @@ const char *ERR_lib_error_string(unsigned long e)
 		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
 		}
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
 	return((p == NULL)?NULL:p->string);
 	}
@ -581,7 +581,7 @@ const char *ERR_func_error_string(unsigned long e)
 	l=ERR_GET_LIB(e);
 	f=ERR_GET_FUNC(e);
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
 	if (error_hash != NULL)
 		{
@ -589,7 +589,7 @@ const char *ERR_func_error_string(unsigned long e)
 		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
 		}
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
 	return((p == NULL)?NULL:p->string);
 	}
@ -602,7 +602,7 @@ const char *ERR_reason_error_string(unsigned long e)
 	l=ERR_GET_LIB(e);
 	r=ERR_GET_REASON(e);
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
 	if (error_hash != NULL)
 		{
@ -615,7 +615,7 @@ const char *ERR_reason_error_string(unsigned long e)
 			}
 		}
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
 	return((p == NULL)?NULL:p->string);
 	}
@ -646,7 +646,7 @@ static int pid_cmp(ERR_STATE *a, ERR_STATE *b)
 void ERR_remove_state(unsigned long pid)
 	{
-	ERR_STATE *p,tmp;
+	ERR_STATE *p = NULL,tmp;
 	if (thread_hash == NULL)
 		return;
@ -654,12 +654,15 @@ void ERR_remove_state(unsigned long pid)
 		pid=(unsigned long)CRYPTO_thread_id();
 	tmp.pid=pid;
 	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	p=(ERR_STATE *)lh_delete(thread_hash,&tmp);
+	if (thread_hash)
 	if (lh_num_items(thread_hash) == 0)
 		{
-		/* make sure we don't leak memory */
+		p=(ERR_STATE *)lh_delete(thread_hash,&tmp);
-		lh_free(thread_hash);
+		if (lh_num_items(thread_hash) == 0)
-		thread_hash = NULL;
+			{
 			/* make sure we don't leak memory */
 			lh_free(thread_hash);
 			thread_hash = NULL;
 			}
 		}
 	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
@ -676,13 +679,13 @@ ERR_STATE *ERR_get_state(void)
 	pid=(unsigned long)CRYPTO_thread_id();
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
 	if (thread_hash != NULL)
 		{
 		tmp.pid=pid;
 		ret=(ERR_STATE *)lh_retrieve(thread_hash,&tmp);
 		}
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 	/* ret == the error state, if NULL, make a new one */
 	if (ret == NULL)
--- a/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
@ -370,10 +370,11 @@ static int b64_write(BIO *b, const char *in, int inl)
 		n-=i;
 		}
 	/* at this point all pending data has been written */
 	ctx->buf_off=0;
 	ctx->buf_len=0;
 	if ((in == NULL) || (inl <= 0)) return(0);
 	ctx->buf_off=0;
 	while (inl > 0)
 		{
 		n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
@ -383,14 +384,20 @@ static int b64_write(BIO *b, const char *in, int inl)
 			if (ctx->tmp_len > 0)
 				{
 				n=3-ctx->tmp_len;
 				/* There's a teoretical possibility for this */
 				if (n > inl) 
 					n=inl;
 				memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
 				ctx->tmp_len+=n;
-				n=ctx->tmp_len;
+				if (ctx->tmp_len < 3)
 				if (n < 3)
 					break;
 				ctx->buf_len=EVP_EncodeBlock(
 					(unsigned char *)ctx->buf,
-					(unsigned char *)ctx->tmp,n);
+					(unsigned char *)ctx->tmp,
 					ctx->tmp_len);
 				/* Since we're now done using the temporary
 				   buffer, the length should be 0'd */
 				ctx->tmp_len=0;
 				}
 			else
 				{
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@ -29,4 +29,57 @@
 #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.5b-dev 1 Apr 2000"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 /* The macros below are to be used for shared library (.so, .dll, ...)
 * versioning.  That kind of versioning works a bit differently between
 * operating systems.  The most usual scheme is to set a major and a minor
 * number, and have the runtime loader check that the major number is equal
 * to what it was at application link time, while the minor number has to
 * be greater or equal to what it was at application link time.  With this
 * scheme, the version number is usually part of the file name, like this:
 *
 *	libcrypto.so.0.9
 *
 * Some unixen also make a softlink with the major verson number only:
 *
 *	libcrypto.so.0
 *
 * On True64 it works a little bit differently.  There, the shared library
 * version is stored in the file, and is actually a series of versions,
 * separated by colons.  The rightmost version present in the library when
 * linking an application is stored in the application to be matched at
 * run time.  When the application is run, a check is done to see if the
 * library version stored in the application matches any of the versions
 * in the version string of the library itself.
 * This version string can be constructed in any way, depending on what
 * kind of matching is desired.  However, to implement the same scheme as
 * the one used in the other unixen, all compatible versions, from lowest
 * to highest, should be part of the string.  Consecutive builds would
 * give the following versions strings:
 *
 *	3.0
 *	3.0:3.1
 *	3.0:3.1:3.2
 *	4.0
 *	4.0:4.1
 *
 * Notice how version 4 is completely incompatible with version, and
 * therefore give the breach you can see.
 *
 * There may be other schemes as well that I haven't yet discovered.
 *
 * So, here's the way it works here: first of all, the library version
 * number doesn't need at all to match the overall OpenSSL version.
 * However, it's nice and more understandable if it actually does.
 * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
 * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
 * For the sake of True64 and any other OS that behaves in similar ways,
 * we need to keep a history of version numbers, which is done in the
 * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
 * should only keep the versions that are binary compatible with the current.
 */
 #define SHLIB_VERSION_HISTORY ""
 #define SHLIB_VERSION_NUMBER "0.9.5b"
 #endif /* HEADER_OPENSSLV_H */
--- a/crypto/rand/Makefile.ssl
+++ b/crypto/rand/Makefile.ssl
@ -83,7 +83,7 @@ md_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 md_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h rand_lcl.h
 rand_egd.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
 rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 rand_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@ -104,6 +104,13 @@ rand_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 rand_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 rand_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 rand_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 rand_win.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 rand_win.o: ../../include/openssl/stack.h ../cryptlib.h rand_lcl.h
 randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@ -109,8 +109,6 @@
 *
 */
 #define ENTROPY_NEEDED 20  /* require 160 bits = 20 bytes of randomness */
 #ifdef MD_RAND_DEBUG
 # ifndef NDEBUG
 #   define NDEBUG
@ -119,75 +117,20 @@
 #include <assert.h>
 #include <stdio.h>
 #include <time.h>
 #include <string.h>
 #include "openssl/e_os.h"
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
 #if !defined(NO_SHA) && !defined(NO_SHA1)
 #define USE_SHA1_RAND
 #elif !defined(NO_MD5)
 #define USE_MD5_RAND
 #elif !defined(NO_MDC2) && !defined(NO_DES)
 #define USE_MDC2_RAND
 #elif !defined(NO_MD2)
 #define USE_MD2_RAND
 #else
 #error No message digest algorithm available
 #endif
 #endif
 /* Changed how the state buffer used.  I now attempt to 'wrap' such
 * that I don't run over the same locations the next time  go through
 * the 1023 bytes - many thanks to
 * Robert J. LeBlanc <rjl@renaissoft.com> for his comments
 */
 #if defined(USE_MD5_RAND)
 #include <openssl/md5.h>
 #define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
 #define MD_CTX			MD5_CTX
 #define MD_Init(a)		MD5_Init(a)
 #define MD_Update(a,b,c)	MD5_Update(a,b,c)
 #define	MD_Final(a,b)		MD5_Final(a,b)
 #define	MD(a,b,c)		MD5(a,b,c)
 #elif defined(USE_SHA1_RAND)
 #include <openssl/sha.h>
 #define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
 #define MD_CTX			SHA_CTX
 #define MD_Init(a)		SHA1_Init(a)
 #define MD_Update(a,b,c)	SHA1_Update(a,b,c)
 #define	MD_Final(a,b)		SHA1_Final(a,b)
 #define	MD(a,b,c)		SHA1(a,b,c)
 #elif defined(USE_MDC2_RAND)
 #include <openssl/mdc2.h>
 #define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
 #define MD_CTX			MDC2_CTX
 #define MD_Init(a)		MDC2_Init(a)
 #define MD_Update(a,b,c)	MDC2_Update(a,b,c)
 #define	MD_Final(a,b)		MDC2_Final(a,b)
 #define	MD(a,b,c)		MDC2(a,b,c)
 #elif defined(USE_MD2_RAND)
 #include <openssl/md2.h>
 #define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
 #define MD_CTX			MD2_CTX
 #define MD_Init(a)		MD2_Init(a)
 #define MD_Update(a,b,c)	MD2_Update(a,b,c)
 #define	MD_Final(a,b)		MD2_Final(a,b)
 #define	MD(a,b,c)		MD2(a,b,c)
 #endif
 #include <openssl/rand.h>
 #ifdef BN_DEBUG
 # define PREDICT
 #endif
 /* #define NORAND	1 */
 /* #define PREDICT	1 */
 #define STATE_SIZE	1023
@ -198,6 +141,11 @@ static long md_count[2]={0,0};
 static double entropy=0;
 static int initialized=0;
 /* This should be set to 1 only when ssleay_rand_add() is called inside
   an already locked state, so it doesn't try to lock and thereby cause
   a hang.  And it should always be reset back to 0 before unlocking. */
 static int add_do_not_lock=0;
 #ifdef PREDICT
 int rand_predictable=0;
 #endif
@ -243,10 +191,6 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 	unsigned char local_md[MD_DIGEST_LENGTH];
 	MD_CTX m;
 #ifdef NORAND
 	return;
 #endif
 	/*
 	 * (Based on the rand(3) manpage)
 	 *
@ -262,7 +206,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
         * hash function.
 	 */
-	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+	if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	st_idx=state_index;
 	/* use our own copies of the counters so that even
@ -294,7 +238,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 	md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+	if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 	for (i=0; i<num; i+=MD_DIGEST_LENGTH)
 		{
@ -336,7 +280,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 		}
 	memset((char *)&m,0,sizeof(m));
-	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+	if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	/* Don't just copy back local_md into md -- this could mean that
 	 * other thread's seeding remains without effect (except for
 	 * the incremented counter).  By XORing it we keep at least as
@ -347,9 +291,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
 		}
 	if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
 	    entropy += add;
-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+	if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-#ifndef THREADS	
+#if !defined(THREADS) && !defined(WIN32)
 	assert(md_c[1] == md_count[1]);
 #endif
 	}
@ -359,56 +303,6 @@ static void ssleay_rand_seed(const void *buf, int num)
 	ssleay_rand_add(buf, num, num);
 	}
 static void ssleay_rand_initialize(void) /* not exported in RAND_METHOD */
 	{
 	unsigned long l;
 #ifndef GETPID_IS_MEANINGLESS
 	pid_t curr_pid = getpid();
 #endif
 #ifdef DEVRANDOM
 	FILE *fh;
 #endif
 #ifdef NORAND
 	return;
 #endif
 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 	/* put in some default random data, we need more than just this */
 #ifndef GETPID_IS_MEANINGLESS
 	l=curr_pid;
 	RAND_add(&l,sizeof(l),0);
 	l=getuid();
 	RAND_add(&l,sizeof(l),0);
 #endif
 	l=time(NULL);
 	RAND_add(&l,sizeof(l),0);
 #ifdef DEVRANDOM
 	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
 	 * have this. Use /dev/urandom if you can as /dev/random may block
 	 * if it runs out of random entries.  */
 	if ((fh = fopen(DEVRANDOM, "r")) != NULL)
 		{
 		unsigned char tmpbuf[ENTROPY_NEEDED];
 		int n;
 		setvbuf(fh, NULL, _IONBF, 0);
 		n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh);
 		fclose(fh);
 		RAND_add(tmpbuf,sizeof tmpbuf,n);
 		memset(tmpbuf,0,n);
 		}
 #endif
 #ifdef PURIFY
 	memset(state,0,STATE_SIZE);
 	memset(md,0,MD_DIGEST_LENGTH);
 #endif
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	initialized=1;
 	}
 static int ssleay_rand_bytes(unsigned char *buf, int num)
 	{
 	static volatile int stirred_pool = 0;
@ -452,11 +346,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 	 * global 'md'.
 	 */
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	if (!initialized)
-		ssleay_rand_initialize();
+		RAND_poll();
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	add_do_not_lock = 1;	/* Since we call ssleay_rand_add while in
 				   this locked state. */
 	initialized = 1;
 	if (!stirred_pool)
 		do_stir_pool = 1;
@ -519,6 +416,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 	 * are now ours (but other threads may use them too) */
 	md_count[0] += 1;
 	add_do_not_lock = 0;	/* If this would ever be forgotten, we can
 				   expect any evil god to eat our souls. */
 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 	while (num > 0)
@ -598,12 +498,12 @@ static int ssleay_rand_status(void)
 	{
 	int ret;
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	if (!initialized)
-		ssleay_rand_initialize();
+		RAND_poll();
 	ret = entropy >= ENTROPY_NEEDED;
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	initialized = 1;
 	ret = entropy >= ENTROPY_NEEDED;
 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 	return ret;
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@ -94,6 +94,7 @@ int RAND_status(void);
 int RAND_egd(const char *path);
 int RAND_egd_bytes(const char *path,int bytes);
 void ERR_load_RAND_strings(void);
 int RAND_poll(void);
 #ifdef  __cplusplus
 }
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@ -109,51 +109,246 @@
 *
 */
 #include "cryptlib.h"
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 #if defined(WINDOWS) || defined(WIN32)
 #include "cryptlib.h"
 #include <windows.h>
-#include <openssl/rand.h>
+#ifndef _WIN32_WINNT
-/* XXX There are probably other includes missing here ... */
+# define _WIN32_WINNT 0x0400
 #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
 #if !defined(NO_SHA) && !defined(NO_SHA1)
 #define USE_SHA1_RAND
 #elif !defined(NO_MD5)
 #define USE_MD5_RAND
 #elif !defined(NO_MDC2) && !defined(NO_DES)
 #define USE_MDC2_RAND
 #elif !defined(NO_MD2)
 #define USE_MD2_RAND
 #else
 #error No message digest algorithm available
 #endif
 #include <wincrypt.h>
 #include <tlhelp32.h>
 /* Intel hardware RNG CSP -- available from
 * http://developer.intel.com/design/security/rng/redist_license.htm
 */
 #define PROV_INTEL_SEC 22
 #define INTEL_DEF_PROV "Intel Hardware Cryptographic Service Provider"
 static void readtimer(void);
 static void readscreen(void);
 typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *, LPCTSTR, LPCTSTR,
 				    DWORD, DWORD);
 typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
 typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
 typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID);
 typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
 typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
 typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
 typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
 typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
 typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
 typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
 typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
 typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
 int RAND_poll(void)
 {
 	MEMORYSTATUS m;
 	HCRYPTPROV hProvider = 0;
 	BYTE buf[64];
 	DWORD w;
 	HWND h;
 	HMODULE advapi, kernel, user;
 	CRYPTACQUIRECONTEXT acquire;
 	CRYPTGENRANDOM gen;
 	CRYPTRELEASECONTEXT release;
 	/* load functions dynamically - not available on all systems */
 	advapi = GetModuleHandle("ADVAPI32.DLL");
 	kernel = GetModuleHandle("KERNEL32.DLL");
 	user = GetModuleHandle("USER32.DLL");
 	if (advapi)
 		{
 		acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi,
 			"CryptAcquireContextA");
 		gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
 			"CryptGenRandom");
 		release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
 			"CryptReleaseContext");
 		}
 	if (acquire && gen && release)
 		{
 		/* poll the CryptoAPI PRNG */
 		if (acquire(&hProvider, 0, 0, PROV_RSA_FULL,
 			CRYPT_VERIFYCONTEXT))
 			{
 			if (gen(hProvider, sizeof(buf), buf) != 0)
 				{
 				RAND_add(buf, sizeof(buf), 0);
 #ifdef DEBUG
 				printf("randomness from PROV_RSA_FULL\n");
 #endif
 				}
 			release(hProvider, 0); 
 			}
 		/* poll the Pentium PRG with CryptoAPI */
 		if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
 			{
 			if (gen(hProvider, sizeof(buf), buf) != 0)
 				{
 				RAND_add(buf, sizeof(buf), 0);
 #ifdef DEBUG
 				printf("randomness from PROV_INTEL_SEC\n");
 #endif
 				}
 			release(hProvider, 0);
 			}
 		}
 	/* timer data */
 	readtimer();
 	/* memory usage statistics */
 	GlobalMemoryStatus(&m);
 	RAND_add(&m, sizeof(m), 1);
 	/* process ID */
 	w = GetCurrentProcessId();
 	RAND_add(&w, sizeof(w), 0);
 	if (user)
 		{
 		GETCURSORINFO cursor;
 		GETFOREGROUNDWINDOW win;
 		GETQUEUESTATUS queue;
 		win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
 		cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
 		queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
 		if (win)
 		{
 			/* window handle */
 			h = win();
 			RAND_add(&h, sizeof(h), 0);
 		}
 		if (cursor)
 			{
 			/* cursor position */
 			cursor(buf);
 			RAND_add(buf, sizeof(buf), 0);
 			}
 		if (queue)
 			{
 			/* message queue status */
 			w = queue(QS_ALLEVENTS);
 			RAND_add(&w, sizeof(w), 0);
 			}
 		}
 	/* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
 	 * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
 	 * (Win 9x only, not available on NT)
 	 *
 	 * This seeding method was proposed in Peter Gutmann, Software
 	 * Generation of Practically Strong Random Numbers,
 	 * http://www.cs.auckland.ac.nz/~pgut001/pubs/random2.pdf
 	 * (The assignment of entropy estimates below is arbitrary, but based
 	 * on Peter's analysis the full poll appears to be safe. Additional
 	 * interactive seeding is encouraged.)
 	 */
 	if (kernel)
 		{
 		CREATETOOLHELP32SNAPSHOT snap;
 		HANDLE handle;
 		HEAP32FIRST heap_first;
 		HEAP32NEXT heap_next;
 		HEAP32LIST heaplist_first, heaplist_next;
 		PROCESS32 process_first, process_next;
 		THREAD32 thread_first, thread_next;
 		MODULE32 module_first, module_next;
 		HEAPLIST32 hlist;
 		HEAPENTRY32 hentry;
 		PROCESSENTRY32 p;
 		THREADENTRY32 t;
 		MODULEENTRY32 m;
 		snap = (CREATETOOLHELP32SNAPSHOT)
 		  GetProcAddress(kernel, "CreateToolhelp32Snapshot");
 		heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
 		heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
 		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
 		heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
 		process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
 		process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
 		thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
 		thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
 		module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
 		module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
 		if (snap && heap_first && heap_next && heaplist_first &&
 			heaplist_next && process_first && process_next &&
 			thread_first && thread_next && module_first &&
 			module_next && (handle = snap(TH32CS_SNAPALL,0))
 			!= NULL)
 			{
 			/* heap list and heap walking */
 			hlist.dwSize = sizeof(HEAPLIST32);		
 			if (heaplist_first(handle, &hlist))
 				do
 					{
 					RAND_add(&hlist, hlist.dwSize, 0);
 					hentry.dwSize = sizeof(HEAPENTRY32);
 					if (heap_first(&hentry,
 						hlist.th32ProcessID,
 						hlist.th32HeapID))
 						do
 							RAND_add(&hentry,
 								hentry.dwSize, 0);
 						while (heap_next(&hentry));
 					} while (heaplist_next(handle,
 						&hlist));
 			/* process walking */
 			p.dwSize = sizeof(PROCESSENTRY32);
 			if (process_first(handle, &p))
 				do
 					RAND_add(&p, p.dwSize, 0);
 				while (process_next(handle, &p));
 			/* thread walking */
 			t.dwSize = sizeof(THREADENTRY32);
 			if (thread_first(handle, &t))
 				do
 					RAND_add(&t, t.dwSize, 0);
 				while (thread_next(handle, &t));
 			/* module walking */
 			m.dwSize = sizeof(MODULEENTRY32);
 			if (module_first(handle, &m))
 				do
 					RAND_add(&m, m.dwSize, 1);
 				while (module_next(handle, &m));
 			CloseHandle(handle);
 			}
 		}
 #ifdef DEBUG
 	printf("Exiting RAND_poll\n");
 #endif
-#if defined(USE_MD5_RAND)
+	return(1);
-#include <openssl/md5.h>
+}
 #define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
 #define	MD(a,b,c)		MD5(a,b,c)
 #elif defined(USE_SHA1_RAND)
 #include <openssl/sha.h>
 #define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
 #define	MD(a,b,c)		SHA1(a,b,c)
 #elif defined(USE_MDC2_RAND)
 #include <openssl/mdc2.h>
 #define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
 #define	MD(a,b,c)		MDC2(a,b,c)
 #elif defined(USE_MD2_RAND)
 #include <openssl/md2.h>
 #define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
 #define	MD(a,b,c)		MD2(a,b,c)
 #endif
 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
        {
        double add_entropy=0;
        SYSTEMTIME t;
        switch (iMsg)
                {
@ -182,19 +377,61 @@ int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
 		break;
 		}
-        GetSystemTime(&t);
+	readtimer();
        RAND_add(&iMsg, sizeof(iMsg), add_entropy);
 	RAND_add(&wParam, sizeof(wParam), 0);
 	RAND_add(&lParam, sizeof(lParam), 0);
-        RAND_add(&t, sizeof(t), 0);
+ 
 	return (RAND_status());
 	}
 void RAND_screen(void) /* function available for backward compatibility */
 {
 	RAND_poll();
 	readscreen();
 }
 /* feed timing information to the PRNG */
 static void readtimer(void)
 {
 	DWORD w, cyclecount;
 	LARGE_INTEGER l;
 	static int have_perfc = 1;
 #ifndef __GNUC__
 	static int have_tsc = 1;
 	if (have_tsc) {
 	  __try {
 	    __asm {
 	      rdtsc
 	      mov cyclecount, eax
 	      }
 	    RAND_add(&cyclecount, sizeof(cyclecount), 1);
 	  } __except(EXCEPTION_EXECUTE_HANDLER) {
 	    have_tsc = 0;
 	  }
 	}
 #else
 # define have_tsc 0
 #endif
 	if (have_perfc) {
 	  if (QueryPerformanceCounter(&l) == 0)
 	    have_perfc = 0;
 	  else
 	    RAND_add(&l, sizeof(l), 0);
 	}
 	if (!have_tsc && !have_perfc) {
 	  w = GetTickCount();
 	  RAND_add(&w, sizeof(w), 0);
 	}
 }
 /* feed screen contents to PRNG */
 /*****************************************************************************
 * Initialisation function for the SSL random generator.  Takes the contents
 * of the screen as random seed.
 *
 * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
 *
@ -210,18 +447,8 @@ int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
 *   Microsoft has no warranty obligations or liability for any
 *   Sample Application Files which are modified.
 */
-/*
+
- * I have modified the loading of bytes via RAND_seed() mechanism since
+static void readscreen(void)
 * the original would have been very very CPU intensive since RAND_seed()
 * does an MD5 per 16 bytes of input.  The cost to digest 16 bytes is the same
 * as that to digest 56 bytes.  So under the old system, a screen of
 * 1024*768*256 would have been CPU cost of approximately 49,000 56 byte MD5
 * digests or digesting 2.7 mbytes.  What I have put in place would
 * be 48 16k MD5 digests, or effectively 48*16+48 MD5 bytes or 816 kbytes
 * or about 3.5 times as much.
 * - eric 
 */
 void RAND_screen(void)
 {
  HDC		hScrDC;		/* screen DC */
  HDC		hMemDC;		/* memory DC */
@ -266,11 +493,11 @@ void RAND_screen(void)
 	/* Copy bitmap bits from memory DC to bmbits */
 	GetBitmapBits(hBitmap, size, bmbits);
-	/* Get the MD5 of the bitmap */
+	/* Get the hash of the bitmap */
 	MD(bmbits,size,md);
-	/* Seed the random generator with the MD5 digest */
+	/* Seed the random generator with the hash value */
-	RAND_seed(md, MD_DIGEST_LENGTH);
+	RAND_add(md, MD_DIGEST_LENGTH, 0);
 	}
    OPENSSL_free(bmbits);
@ -285,10 +512,49 @@ void RAND_screen(void)
  DeleteDC(hScrDC);
 }
-#else
+#else /* Unix version */
-# if PEDANTIC
+#include <time.h>
-static void *dummy=&dummy;
+
-# endif
+int RAND_poll(void)
 {
 	unsigned long l;
 	pid_t curr_pid = getpid();
 #ifdef DEVRANDOM
 	FILE *fh;
 #endif
 #ifdef DEVRANDOM
 	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
 	 * have this. Use /dev/urandom if you can as /dev/random may block
 	 * if it runs out of random entries.  */
 	if ((fh = fopen(DEVRANDOM, "r")) != NULL)
 		{
 		unsigned char tmpbuf[ENTROPY_NEEDED];
 		int n;
 		setvbuf(fh, NULL, _IONBF, 0);
 		n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh);
 		fclose(fh);
 		RAND_add(tmpbuf,sizeof tmpbuf,n);
 		memset(tmpbuf,0,n);
 		}
 #endif
 	/* put in some default random data, we need more than just this */
 	l=curr_pid;
 	RAND_add(&l,sizeof(l),0);
 	l=getuid();
 	RAND_add(&l,sizeof(l),0);
 	l=time(NULL);
 	RAND_add(&l,sizeof(l),0);
 #ifdef DEVRANDOM
 	return 1;
 #endif
 	return 0;
 }
 #endif
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@ -134,7 +134,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
 		{
 		if (p[k] !=  0x03) break;
 		}
-	if (k == 0)
+	if (k == -1)
 		{
 		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
 		return(-1);
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@ -138,8 +138,8 @@ DECLARE_ASN1_SET_OF(X509_ALGOR)
 typedef struct X509_val_st
 	{
-	ASN1_UTCTIME *notBefore;
+	ASN1_TIME *notBefore;
-	ASN1_UTCTIME *notAfter;
+	ASN1_TIME *notAfter;
 	} X509_VAL;
 typedef struct X509_pubkey_st
@ -320,10 +320,65 @@ DECLARE_STACK_OF(X509_TRUST)
 #define X509_TRUST_REJECTED	2
 #define X509_TRUST_UNTRUSTED	3
 /* Flags specific to X509_NAME_print_ex() */	
 /* The field separator information */
 #define XN_FLAG_SEP_MASK	(0xf << 16)
 #define XN_FLAG_COMPAT		0		/* Traditional SSLeay: use old X509_NAME_print */
 #define XN_FLAG_SEP_COMMA_PLUS	(1 << 16)	/* RFC2253 ,+ */
 #define XN_FLAG_SEP_CPLUS_SPC	(2 << 16)	/* ,+ spaced: more readable */
 #define XN_FLAG_SEP_SPLUS_SPC	(3 << 16)	/* ;+ spaced */
 #define XN_FLAG_SEP_MULTILINE	(4 << 16)	/* One line per field */
 #define XN_FLAG_DN_REV		(1 << 20)	/* Reverse DN order */
 /* How the field name is shown */
 #define XN_FLAG_FN_MASK		(0x3 << 21)
 #define XN_FLAG_FN_SN		0		/* Object short name */
 #define XN_FLAG_FN_LN		(1 << 21)	/* Object long name */
 #define XN_FLAG_FN_OID		(2 << 21)	/* Always use OIDs */
 #define XN_FLAG_FN_NONE		(3 << 21)	/* No field names */
 #define XN_FLAG_SPC_EQ		(1 << 23)	/* Put spaces round '=' */
 /* This determines if we dump fields we don't recognise:
 * RFC2253 requires this.
 */
 #define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
 /* Complete set of RFC2253 flags */
 #define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
 			XN_FLAG_SEP_COMMA_PLUS | \
 			XN_FLAG_DN_REV | \
 			XN_FLAG_FN_SN | \
 			XN_FLAG_DUMP_UNKNOWN_FIELDS)
 /* readable oneline form */
 #define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
 			ASN1_STRFLGS_ESC_QUOTE | \
 			XN_FLAG_SEP_CPLUS_SPC | \
 			XN_FLAG_SPC_EQ | \
 			XN_FLAG_FN_SN)
 /* readable multiline form */
 #define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
 			ASN1_STRFLGS_ESC_MSB | \
 			XN_FLAG_SEP_MULTILINE | \
 			XN_FLAG_SPC_EQ | \
 			XN_FLAG_FN_LN)
 typedef struct X509_revoked_st
 	{
 	ASN1_INTEGER *serialNumber;
-	ASN1_UTCTIME *revocationDate;
+	ASN1_TIME *revocationDate;
 	STACK_OF(X509_EXTENSION) /* optional */ *extensions;
 	int sequence; /* load sequence */
 	} X509_REVOKED;
@ -336,8 +391,8 @@ typedef struct X509_crl_info_st
 	ASN1_INTEGER *version;
 	X509_ALGOR *sig_alg;
 	X509_NAME *issuer;
-	ASN1_UTCTIME *lastUpdate;
+	ASN1_TIME *lastUpdate;
-	ASN1_UTCTIME *nextUpdate;
+	ASN1_TIME *nextUpdate;
 	STACK_OF(X509_REVOKED) *revoked;
 	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
 	} X509_CRL_INFO;
@ -737,8 +792,8 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
 #endif /* !SSLEAY_MACROS */
-int		X509_cmp_current_time(ASN1_UTCTIME *s);
+int		X509_cmp_current_time(ASN1_TIME *s);
-ASN1_UTCTIME *	X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
+ASN1_TIME *	X509_gmtime_adj(ASN1_TIME *s, long adj);
 const char *	X509_get_default_cert_area(void );
 const char *	X509_get_default_cert_dir(void );
@ -920,8 +975,8 @@ int 		X509_set_issuer_name(X509 *x, X509_NAME *name);
 X509_NAME *	X509_get_issuer_name(X509 *a);
 int 		X509_set_subject_name(X509 *x, X509_NAME *name);
 X509_NAME *	X509_get_subject_name(X509 *a);
-int 		X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
+int 		X509_set_notBefore(X509 *x, ASN1_TIME *tm);
-int 		X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
+int 		X509_set_notAfter(X509 *x, ASN1_TIME *tm);
 int 		X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 EVP_PKEY *	X509_get_pubkey(X509 *x);
 int		X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
@ -975,10 +1030,12 @@ int		X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
 int		X509_print_fp(FILE *bp,X509 *x);
 int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);
 int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);
 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
 #endif
 #ifndef NO_BIO
 int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
 int		X509_print(BIO *bp,X509 *x);
 int		X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 int		X509_CRL_print(BIO *bp,X509_CRL *x);
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@ -104,36 +104,36 @@ int X509_set_subject_name(X509 *x, X509_NAME *name)
 	return(X509_NAME_set(&x->cert_info->subject,name));
 	}
-int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
+int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
 	{
-	ASN1_UTCTIME *in;
+	ASN1_TIME *in;
 	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
 	in=x->cert_info->validity->notBefore;
 	if (in != tm)
 		{
-		in=M_ASN1_UTCTIME_dup(tm);
+		in=M_ASN1_TIME_dup(tm);
 		if (in != NULL)
 			{
-			M_ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
+			M_ASN1_TIME_free(x->cert_info->validity->notBefore);
 			x->cert_info->validity->notBefore=in;
 			}
 		}
 	return(in != NULL);
 	}
-int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
+int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
 	{
-	ASN1_UTCTIME *in;
+	ASN1_TIME *in;
 	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
 	in=x->cert_info->validity->notAfter;
 	if (in != tm)
 		{
-		in=M_ASN1_UTCTIME_dup(tm);
+		in=M_ASN1_TIME_dup(tm);
 		if (in != NULL)
 			{
-			M_ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
+			M_ASN1_TIME_free(x->cert_info->validity->notAfter);
 			x->cert_info->validity->notAfter=in;
 			}
 		}
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@ -502,10 +502,10 @@ end:
 	return(ok);
 	}
-int X509_cmp_current_time(ASN1_UTCTIME *ctm)
+int X509_cmp_current_time(ASN1_TIME *ctm)
 	{
 	char *str;
-	ASN1_UTCTIME atm;
+	ASN1_TIME atm;
 	time_t offset;
 	char buff1[24],buff2[24],*p;
 	int i,j;
@ -513,14 +513,32 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
 	p=buff1;
 	i=ctm->length;
 	str=(char *)ctm->data;
-	if ((i < 11) || (i > 17)) return(0);
+	if(ctm->type == V_ASN1_UTCTIME) {
-	memcpy(p,str,10);
+		if ((i < 11) || (i > 17)) return(0);
-	p+=10;
+		memcpy(p,str,10);
-	str+=10;
+		p+=10;
 		str+=10;
 	} else {
 		if(i < 13) return 0;
 		memcpy(p,str,12);
 		p+=12;
 		str+=12;
 	}
 	if ((*str == 'Z') || (*str == '-') || (*str == '+'))
 		{ *(p++)='0'; *(p++)='0'; }
-	else	{ *(p++)= *(str++); *(p++)= *(str++); }
+	else
 		{ 
 		*(p++)= *(str++);
 		*(p++)= *(str++);
 		/* Skip any fractional seconds... */
 		if(*str == '.')
 			{
 			str++;
 			while((*str >= '0') && (*str <= '9')) str++;
 			}
 	}
 	*(p++)='Z';
 	*(p++)='\0';
@ -535,19 +553,22 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
 		if (*str == '-')
 			offset= -offset;
 		}
-	atm.type=V_ASN1_UTCTIME;
+	atm.type=ctm->type;
 	atm.length=sizeof(buff2);
 	atm.data=(unsigned char *)buff2;
 	X509_gmtime_adj(&atm,-offset*60);
-	i=(buff1[0]-'0')*10+(buff1[1]-'0');
+	if(ctm->type == V_ASN1_UTCTIME)
-	if (i < 50) i+=100; /* cf. RFC 2459 */
+		{
-	j=(buff2[0]-'0')*10+(buff2[1]-'0');
+		i=(buff1[0]-'0')*10+(buff1[1]-'0');
-	if (j < 50) j+=100;
+		if (i < 50) i+=100; /* cf. RFC 2459 */
 		j=(buff2[0]-'0')*10+(buff2[1]-'0');
 		if (j < 50) j+=100;
-	if (i < j) return (-1);
+		if (i < j) return (-1);
-	if (i > j) return (1);
+		if (i > j) return (1);
 		}
 	i=strcmp(buff1,buff2);
 	if (i == 0) /* wait a second then return younger :-) */
 		return(-1);
@ -555,13 +576,14 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
 		return(i);
 	}
-ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj)
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
 	{
 	time_t t;
 	time(&t);
 	t+=adj;
-	return(ASN1_UTCTIME_set(s,t));
+	if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t));
 	return ASN1_GENERALIZEDTIME_set(s, t);
 	}
 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
--- a/doc/apps/CA.pl.pod
+++ b/doc/apps/CA.pl.pod
@ -69,7 +69,7 @@ list box), otherwise the name "My Certificate" is used.
 calls the B<ca> program to sign a certificate request. It expects the request
 to be in the file "newreq.pem". The new certificate is written to the file
-"newcert.pem" except in the case of the B<-xcert> option when it is written
+"newcert.pem" except in the case of the B<-xsign> option when it is written
 to standard output.
 =item B<-signcert>
@ -122,7 +122,7 @@ Create the CA directories and files:
 enter cacert.pem when prompted for the CA file name.
-Create a DSA certificate request and privat key (a different set of parameters
+Create a DSA certificate request and private key (a different set of parameters
 can optionally be created first):
 openssl req -out newreq.pem -newkey dsa:dsap.pem 
--- a/doc/apps/passwd.pod
+++ b/doc/apps/passwd.pod
@ -8,6 +8,7 @@ passwd - compute password hashes
 B<openssl passwd>
 [B<-crypt>]
 [B<-1>]
 [B<-apr1>]
 [B<-salt> I<string>]
 [B<-in> I<file>]
@ -22,8 +23,8 @@ The B<passwd> command computes the hash of a password typed at
 run-time or the hash of each password in a list.  The password list is
 taken from the named file for option B<-in file>, from stdin for
 option B<-stdin>, and from the command line otherwise.
-The Unix standard algorithm B<crypt> and the MD5-based B<apr1> algorithm
+The Unix standard algorithm B<crypt> and the MD5-based BSD password
-are available.
+algorithm B<1> and its Apache variant B<apr1> are available.
 =head1 OPTIONS
@ -33,9 +34,13 @@ are available.
 Use the B<crypt> algorithm (default).
 =item B<-1>
 Use the MD5 based BSD password algorithm B<1>.
 =item B<-apr1>
-Use the B<apr1> algorithm.
+Use the B<apr1> algorithm (Apache variant of the BSD algorithm).
 =item B<-salt> I<string>
@ -64,6 +69,8 @@ to each password hash.
 B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
 B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1>.
 B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
 =cut
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@ -22,8 +22,11 @@ B<openssl> B<smime>
 [B<-signer file>]
 [B<-recip  file>]
 [B<-in file>]
 [B<-inform SMIME|PEM|DER>]
 [B<-inkey file>]
 [B<-out file>]
 [B<-outform SMIME|PEM|DER>]
 [B<-content file>]
 [B<-to addr>]
 [B<-from ad>]
 [B<-subject s>]
@ -74,11 +77,37 @@ takes an input message and writes out a PEM encoded PKCS#7 structure.
 the input message to be encrypted or signed or the MIME message to
 be decrypted or verified.
 =item B<-inform SMIME|PEM|DER>
 this specifies the input format for the PKCS#7 structure. The default
 is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
 format change this to expect PEM and DER format PKCS#7 structures
 instead. This currently only affects the input format of the PKCS#7
 structure, if no PKCS#7 structure is being input (for example with
 B<-encrypt> or B<-sign>) this option has no effect.
 =item B<-out filename>
 the message text that has been decrypted or verified or the output MIME
 format message that has been signed or verified.
 =item B<-outform SMIME|PEM|DER>
 this specifies the output format for the PKCS#7 structure. The default
 is B<SMIME> which write an S/MIME format message. B<PEM> and B<DER>
 format change this to write PEM and DER format PKCS#7 structures
 instead. This currently only affects the output format of the PKCS#7
 structure, if no PKCS#7 structure is being output (for example with
 B<-verify> or B<-decrypt>) this option has no effect.
 =item B<-content filename>
 This specifies a file containing the detached content, this is only
 useful with the B<-verify> command. This is only usable if the PKCS#7
 structure is using the detached signature form where the content is
 not included. This option will override any content if the input format
 is S/MIME and it uses the multipart/signed MIME content type.
 =item B<-text>
 this option adds plain text (text/plain) MIME headers to the supplied
@ -204,7 +233,7 @@ a blank line. Piping the mail directly to sendmail is one way to
 achieve the correct format.
 The supplied message to be signed or encrypted must include the
-necessary MIME headers: or many S/MIME clients wont display it
+necessary MIME headers or many S/MIME clients wont display it
 properly (if at all). You can use the B<-text> option to automatically
 add plain text headers.
@ -301,6 +330,22 @@ Decrypt mail:
 openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
 The output from Netscape form signing is a PKCS#7 structure with the
 detached signature format. You can use this program to verify the
 signature by line wrapping the base64 encoded structure and surrounding
 it with:
 -----BEGIN PKCS7----
 -----END PKCS7----
 and using the command, 
 openssl smime -verify -inform PEM -in signature.pem -content content.txt
 alternatively you can base64 decode the signature and use
 openssl smime -verify -inform DER -in signature.der -content content.txt
 =head1 BUGS
 The MIME parser isn't very clever: it seems to handle most messages that I've thrown
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@ -19,6 +19,7 @@ B<openssl> B<x509>
 [B<-hash>]
 [B<-subject>]
 [B<-issuer>]
 [B<-nameopt option>]
 [B<-email>]
 [B<-startdate>]
 [B<-enddate>]
@ -138,6 +139,12 @@ outputs the subject name.
 outputs the issuer name.
 =item B<-nameopt option>
 option which determine how the subject or issuer names are displayed. This
 option may be used more than once to set multiple options. See the B<NAME
 OPTIONS> section for more information.
 =item B<-email>
 outputs the email address(es) if any.
@ -335,6 +342,138 @@ specified then the extensions should either be contained in the unnamed
 =back
 =head1 NAME OPTIONS
 The B<nameopt> command line switch determines how the subject and issuer
 names are displayed. If no B<nameopt> switch is present the default "oneline"
 format is used which is compatible with previous versions of OpenSSL.
 Each option is described in detail below, all options can be preceded by
 a B<-> to turn the option off. Only the first four will normally be used.
 =over 4
 =item B<compat>
 use the old format. This is equivalent to specifying no name options at all.
 =item B<RFC2253>
 displays names compatible with RFC2253 equivalent to B<esc_2253>, B<esc_ctrl>,
 B<esc_msb>, B<utf8>, B<dump_nostr>, B<dump_unknown>, B<dump_der>,
 B<sep_comma_plus>, B<dn_rev> and B<sname>.
 =item B<oneline>
 a oneline format which is more readable than RFC2253. It is equivalent to
 specifying the  B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>,
 B<dump_der>, B<use_quote>, B<sep_comma_plus_spc>, B<spc_eq> and B<sname>
 options.
 =item B<multiline>
 a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>,
 B<spc_eq> and B<lname>.
 =item B<esc_2253>
 escape the "special" characters required by RFC2253 in a field That is
 B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginnging of a string
 and a space character at the beginning or end of a string.
 =item B<esc_ctrl>
 escape and control characters. That is those with ASCII values less than
 0x20 (space) and the delete (0x7f) character. They are escaped using the
 RFC2253 \XX notation (where XX are two hex digits representing the
 character value).
 =item B<esc_msb>
 escape characters with the MSB set, that is with ASCII values larger than
 127.
 =item B<use_quote>
 escapes some characters by surrounding the whole string with B<"> characters,
 without the option all escaping is done with the B<\> character.
 =item B<utf8>
 convert all strings to UTF8 format first. This is required by RFC2253. If
 you are lucky enough to have a UTF8 compatible terminal then the use
 of this option (and B<not> setting B<esc_msb>) may result in the correct
 display of multibyte (international) characters. Is this option is not
 present then multibyte characters larger than 0xff will be represented
 using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits.
 Also if this option is off any UTF8Strings will be converted to their
 character form first.
 =item B<no_type>
 this option does not attempt to interpret multibyte characters in any
 way. That is their content octets are merely dumped as though one octet
 represents each character. This is useful for diagnostic purposes but
 will result in rather odd looking output.
 =item B<show_type>
 show the type of the ASN1 character string. The type precedes the
 field contents. For example "BMPSTRING: Hello World".
 =item B<dump_der>
 when this option is set any fields that need to be hexdumped will
 be dumped using the DER encoding of the field. Otherwise just the
 content octets will be displayed. Both options use the RFC2253
 B<#XXXX...> format.
 =item B<dump_nostr>
 dump non character string types (for example OCTET STRING) if this
 option is not set then non character string types will be displayed
 as though each content octet repesents a single character.
 =item B<dump_all>
 dump all fields. This option when used with B<dump_der> allows the
 DER encoding of the structure to be unambiguously determined.
 =item B<dump_unknown>
 dump any field whose OID is not recognised by OpenSSL.
 =item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>,
 B<sep_multiline>
 these options determine the field separators. The first character is
 between RDNs and the second between multiple AVAs (multiple AVAs are
 very rare and their use is discouraged). The options ending in
 "space" additionally place a space after the separator to make it
 more readable. The B<sep_multiline> uses a linefeed character for
 the RDN separator and a spaced B<+> for the AVA separator. It also
 indents the fields by four characters.
 =item B<dn_rev>
 reverse the fields of the DN. This is required by RFC2253. As a side
 effect this also reveress the order of multiple AVAs but this is
 permissible.
 =item B<nofname>, B<sname>, B<lname>, B<oid>
 these options alter how the field name is displayed. B<nofname> does
 not display the field at all. B<sname> uses the "short name" form
 (CN for commonName for example). B<lname> uses the long form.
 B<oid> represents the OID in numerical form and is useful for
 diagnostic purpose.
 =item B<spc_eq>
 places spaces round the B<=> character which follows the field
 name.
 =back
 =head1 EXAMPLES
 Note: in these examples the '\' means the example should be all on one
@ -348,6 +487,19 @@ Display the certificate serial number:
 openssl x509 -in cert.pem -noout -serial
 Display the certificate subject name:
 openssl x509 -in cert.pem -noout -subject
 Display the certificate subject name in RFC2253 form:
 openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
 Display the certificate subject name in oneline form on a terminal
 supporting UTF8:
 openssl x509 -in cert.pem -noout -subject -nameopt oneline -nameopt -escmsb
 Display the certificate MD5 fingerprint:
 openssl x509 -in cert.pem -noout -fingerprint
@ -400,6 +552,11 @@ Trusted certificates have the lines
 -----BEGIN TRUSTED CERTIFICATE----
 -----END TRUSTED CERTIFICATE----
 The conversion to UTF8 format used with the name options assumes that
 T61Strings use the ISO8859-1 character set. This is wrong but Netscape
 and MSIE do this as do many certificates. So although this is incorrect
 it is more likely to display the majority of certificates correctly.
 The B<-fingerprint> option takes the digest of the DER encoded certificate.
 This is commonly called a "fingerprint". Because of the nature of message
 digests the fingerprint of a certificate is unique to that certificate and
@ -526,10 +683,6 @@ must be present.
 =head1 BUGS
 The way DNs are printed is in a "historical SSLeay" format which doesn't
 follow any published standard. It should follow some standard like RFC2253
 or RFC1779 with options to make the stuff more readable.
 Extensions in certificates are not transferred to certificate requests and
 vice versa.
--- a/doc/standards.txt
+++ b/doc/standards.txt
@ -55,6 +55,8 @@ These are documents that describe things that are implemented in OpenSSL.
     Profile. R. Housley, W. Ford, W. Polk, D. Solo. January 1999.
     (Format: TXT=278438 bytes) (Status: PROPOSED STANDARD)
 PKCS#8: Private-Key Information Syntax Standard
 PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@ -366,7 +366,9 @@ static int ssl23_get_server_hello(SSL *s)
 			}
 		s->state=SSL2_ST_GET_SERVER_HELLO_A;
-		s->s2->ssl2_rollback=1;
+		if (!(s->client_version == SSL2_VERSION))
 			/* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
 			s->s2->ssl2_rollback=1;
 		/* setup the 5 bytes we have read so we get them from
 		 * the sslv2 buffer */
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@ -495,9 +495,12 @@ int ssl23_get_client_hello(SSL *s)
 		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
 		if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-			use_sslv2_strong)
+			use_sslv2_strong ||
 			(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
 			s->s2->ssl2_rollback=0;
 		else
 			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
 			 * (SSL 3.0 draft/RFC 2246, App. E.2) */
 			s->s2->ssl2_rollback=1;
 		/* setup the n bytes we have read so we get them from
--- a/util/libeay.num
+++ b/util/libeay.num
@ -1842,63 +1842,71 @@ CRYPTO_get_dynlock_lock_callback        2417
 CRYPTO_get_dynlock_destroy_callback     2418
 CRYPTO_get_dynlock_value                2419
 CRYPTO_get_dynlock_create_callback      2420
-ERR_load_ENGINE_strings                 2421
+c2i_ASN1_BIT_STRING                     2421
-ENGINE_set_DSA                          2422
+i2c_ASN1_BIT_STRING                     2422
-ENGINE_get_default_RSA                  2423
+RAND_poll                               2423
-ENGINE_get_BN_mod_exp                   2424
+c2i_ASN1_INTEGER                        2424
-DSA_get_default_openssl_method          2425
+i2c_ASN1_INTEGER                        2425
-ENGINE_set_DH                           2426
+ERR_load_ENGINE_strings                 2426
-ENGINE_set_default_BN_mod_exp_crt       2427
+ENGINE_set_DSA                          2427
-ENGINE_init                             2428
+ENGINE_get_finish_function              2428
-DH_get_default_openssl_method           2429
+ENGINE_get_default_RSA                  2429
-RSA_set_default_openssl_method          2430
+BIO_dump_indent                         2430
-ENGINE_finish                           2431
+ENGINE_get_BN_mod_exp                   2431
-ENGINE_get_DH                           2432
+ASN1_parse_dump                         2432
-ENGINE_set_default_DSA                  2433
+DSA_get_default_openssl_method          2433
-ENGINE_get_name                         2434
+c2i_ASN1_OBJECT                         2434
-ENGINE_get_last                         2435
+ENGINE_set_DH                           2435
-ENGINE_get_prev                         2436
+ENGINE_set_default_BN_mod_exp_crt       2436
-ENGINE_get_default_DH                   2437
+ENGINE_init                             2437
-ENGINE_get_RSA                          2438
+DH_get_default_openssl_method           2438
-ENGINE_set_default                      2439
+RSA_set_default_openssl_method          2439
-ENGINE_get_RAND                         2440
+ENGINE_finish                           2440
-ENGINE_get_first                        2441
+ENGINE_load_public_key                  2441
-ENGINE_by_id                            2442
+ENGINE_get_DH                           2442
-ENGINE_get_default_BN_mod_exp_crt       2443
+ENGINE_ctrl                             2443
-RSA_get_default_openssl_method          2444
+ENGINE_get_init_function                2444
-ENGINE_set_RSA                          2445
+ENGINE_set_init_function                2445
-ENGINE_set_default_RAND                 2446
+ENGINE_set_default_DSA                  2446
-ENGINE_set_BN_mod_exp                   2447
+ENGINE_get_name                         2447
-ENGINE_remove                           2448
+ENGINE_get_last                         2448
-ENGINE_free                             2449
+ENGINE_get_prev                         2449
-ENGINE_get_BN_mod_exp_crt               2450
+ENGINE_get_default_DH                   2450
-ENGINE_get_next                         2451
+ENGINE_get_RSA                          2451
-ENGINE_set_name                         2452
+X509_NAME_print_ex_fp                   2452
-ENGINE_get_default_DSA                  2453
+ASN1_STRING_print_ex_fp                 2453
-ENGINE_set_default_BN_mod_exp           2454
+ENGINE_set_default                      2454
-ENGINE_set_default_RSA                  2455
+ENGINE_get_RAND                         2455
-ENGINE_get_default_RAND                 2456
+ENGINE_get_first                        2456
-ENGINE_get_default_BN_mod_exp           2457
+ENGINE_by_id                            2457
-ENGINE_set_RAND                         2458
+ENGINE_set_finish_function              2458
-ENGINE_set_id                           2459
+ENGINE_get_default_BN_mod_exp_crt       2459
-ENGINE_set_BN_mod_exp_crt               2460
+RSA_get_default_openssl_method          2460
-ENGINE_set_default_DH                   2461
+ENGINE_set_RSA                          2461
-ENGINE_new                              2462
+ENGINE_load_private_key                 2462
-ENGINE_get_id                           2463
+ENGINE_set_default_RAND                 2463
-DSA_set_default_openssl_method          2464
+ENGINE_set_BN_mod_exp                   2464
-ENGINE_add                              2465
+ENGINE_remove                           2465
-DH_set_default_openssl_method           2466
+ENGINE_free                             2466
-ENGINE_get_DSA                          2467
+ENGINE_get_BN_mod_exp_crt               2467
-ENGINE_ctrl                             2468
+ENGINE_get_next                         2468
-ENGINE_get_finish_function              2469
+ENGINE_set_name                         2469
-ENGINE_get_init_function                2470
+ENGINE_get_default_DSA                  2470
-ENGINE_set_init_function                2471
+ENGINE_set_default_BN_mod_exp           2471
-ENGINE_set_finish_function              2472
+ENGINE_set_default_RSA                  2472
-ENGINE_get_ctrl_function                2473
+ENGINE_get_default_RAND                 2473
-ENGINE_set_ctrl_function                2474
+ENGINE_get_default_BN_mod_exp           2474
-ENGINE_load_public_key                  2475
+ENGINE_set_RAND                         2475
-ENGINE_load_private_key                 2476
+ENGINE_set_id                           2476
-c2i_ASN1_BIT_STRING                     2477
+X509_NAME_print_ex                      2477
-i2c_ASN1_BIT_STRING                     2478
+ENGINE_set_BN_mod_exp_crt               2478
-c2i_ASN1_INTEGER                        2479
+ENGINE_set_default_DH                   2479
-i2c_ASN1_INTEGER                        2480
+ENGINE_new                              2480
 ENGINE_get_id                           2481
 DSA_set_default_openssl_method          2482
 ENGINE_add                              2483
 DH_set_default_openssl_method           2484
 ASN1_STRING_print_ex                    2485
 ENGINE_get_DSA                          2486
 ENGINE_get_ctrl_function                2487
 ENGINE_set_ctrl_function                2488
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@ -65,6 +65,7 @@ and [options] can be one of
 	no-err					- No error strings
 	dll/shlib				- Build shared libraries (MS)
 	debug					- Debug build
        profile                                 - Profiling build
 	gcc					- Use Gcc (unix)
 	rsaref					- Build to require RSAref
@ -217,9 +218,10 @@ $cflags.=" -DNO_SSL3" if $no_ssl3;
 $cflags.=" -DNO_ERR"  if $no_err;
 $cflags.=" -DRSAref"  if $rsaref ne "";
-if ($unix)
+## if ($unix)
-	{ $cflags="$c_flags" if ($c_flags ne ""); }
+##	{ $cflags="$c_flags" if ($c_flags ne ""); }
-else	{ $cflags="$c_flags$cflags" if ($c_flags ne ""); }
+##else
 	{ $cflags="$c_flags$cflags" if ($c_flags ne ""); }
 $ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
@ -878,8 +880,10 @@ sub read_options
 	elsif (/^rsaref$/)	{ $rsaref=1; }
 	elsif (/^gcc$/)		{ $gcc=1; }
 	elsif (/^debug$/)	{ $debug=1; }
 	elsif (/^profile$/)	{ $profile=1; }
 	elsif (/^shlib$/)	{ $shlib=1; }
 	elsif (/^dll$/)		{ $shlib=1; }
 	elsif (/^shared$/)	{ } # We just need to ignore it for now...
 	elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
 	elsif (/^-[lL].*$/)	{ $l_flags.="$_ "; }
 	elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@ -79,8 +79,11 @@ while (($lib, $hdr) = each %hinc)
 	next if($hdr eq "NONE");
 	print STDERR "Scanning header file $hdr\n" if $debug; 
 	open(IN, "<$hdr") || die "Can't open Header file $hdr\n";
-	my $line = "", $def= "";
+	my $line = "", $def= "", $linenr = 0;
 	while(<IN>) {
 	    $linenr++;
 	    print STDERR "line: $linenr\r" if $debug;
 	    last if(/BEGIN\s+ERROR\s+CODES/);
 	    if ($line ne '') {
 		$_ = $line . $_;
@ -110,7 +113,12 @@ while (($lib, $hdr) = each %hinc)
 	    }
 	}
 	print STDERR "                                  \r" if $debug;
        $defnr = 0;
 	foreach (split /;/, $def) {
 	    $defnr++;
 	    print STDERR "def: $defnr\r" if $debug;
 	    s/^[\n\s]*//g;
 	    s/[\n\s]*$//g;
 	    next if(/typedef\W/);
@ -136,6 +144,8 @@ while (($lib, $hdr) = each %hinc)
 	    }
 	}
 	print STDERR "                                  \r" if $debug;
 	next if $reindex;
 	# Scan function and reason codes and store them: keep a note of the
--- a/util/pl/linux.pl
+++ b/util/pl/linux.pl
@ -12,6 +12,8 @@ $rm='/bin/rm -f';
 $cc='gcc';
 if ($debug)
 	{ $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
 elsif ($profile)
 	{ $cflags="-pg -O3"; }
 else
 	{ $cflags="-O3 -fomit-frame-pointer"; }