Time to release 0.9.6g.

The tag will be OpenSSL_0_9_6g.
When we want to give a -f argument to $(MAKE), we'd better make sure the
2002-08-09 11:37:15 +00:00 · 2002-08-09 08:49:53 +00:00 · 2002-08-09 08:13:13 +00:00 · 2002-08-09 07:39:57 +00:00 · 2002-08-09 07:37:28 +00:00 · 2002-08-09 07:32:38 +00:00
833 changed files with 29923 additions and 54220 deletions
--- a/1465
+++ b/1465
--- a/635
+++ b/635
--- a/242
+++ b/242
@@ -8,6 +8,7 @@ OpenSSL  -  Frequently Asked Questions
 * How can I contact the OpenSSL developers?
 * Where can I get a compiled version of OpenSSL?
 * Why aren't tools like 'autoconf' and 'libtool' used?
 * What is an 'engine' version?
 [LEGAL] Legal questions
@@ -17,6 +18,7 @@ OpenSSL  -  Frequently Asked Questions
 [USER] Questions on using the OpenSSL applications
 * Why do I get a "PRNG not seeded" error message?
 * Why do I get an "unable to write 'random state'" error message?
 * How do I create certificates or certificate requests?
 * Why can't I create certificate requests?
 * Why does <SSL program> fail with a certificate verify error?
@@ -26,15 +28,18 @@ OpenSSL  -  Frequently Asked Questions
 * How can I remove the passphrase on a private key?
 * Why can't I use OpenSSL certificates with SSL client authentication?
 * Why does my browser give a warning about a mismatched hostname?
 * How do I install a CA certificate into a browser?
 [BUILD] Questions about building and testing OpenSSL
 * Why does the linker complain about undefined symbols?
 * Why does the OpenSSL test fail with "bc: command not found"?
 * Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL compilation fail on Alpha True64 Unix?
+* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 * Why does the OpenSSL compilation fail on Win32 with VC++?
 * What is special about OpenSSL on Redhat?
 * Why does the OpenSSL test suite fail on MacOS X?
 [PROG] Questions about programming with OpenSSL
@@ -47,6 +52,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why do I get errors about unknown algorithms?
 * Why can't the OpenSSH configure script detect OpenSSL?
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 * Why doesn't my server application receive a client certificate?
 ===============================================================================
@@ -55,7 +61,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6 was released on September 24th, 2000.
+OpenSSL 0.9.6g was released on 9 August 2002.
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -119,6 +125,12 @@ A number of Linux and *BSD distributions include OpenSSL.
 autoconf will probably be used in future OpenSSL versions. If it was
 less Unix-centric, it might have been used much earlier.
 * What is an 'engine' version?
 With version 0.9.6 OpenSSL was extended to interface to external crypto
 hardware. This was realized in a special release '0.9.6-engine'. With
 version 0.9.7 (not yet released) the changes were merged into the main
 development line, so that the special release is no longer necessary.
 [LEGAL] =======================================================================
@@ -144,7 +156,7 @@ holders claim that you infringe on their rights if you use OpenSSL with
 their software on operating systems that don't normally include OpenSSL.
 If you develop open source software that uses OpenSSL, you may find it
-useful to choose an other license than the GPL, or state explicitely that
+useful to choose an other license than the GPL, or state explicitly that
 "This program is released under the GPL with the additional exemption that
 compiling, linking, and/or using OpenSSL is allowed."  If you are using
 GPL software developed by others, you may want to ask the copyright holder
@@ -160,6 +172,7 @@ correctly.  Many open source operating systems provide a "randomness
 device" that serves this purpose.  On other systems, applications have
 to call the RAND_add() or RAND_seed() function with appropriate data
 before generating keys or performing public key encryption.
 (These functions initialize the pseudo-random number generator, PRNG.)
 Some broken applications do not do this.  As of version 0.9.5, the
 OpenSSL functions that need randomness report an error if the random
@@ -169,25 +182,58 @@ application you are using.  It is likely that it never worked
 correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
 to perform potentially insecure encryption.
-On systems without /dev/urandom, it is a good idea to use the Entropy
+On systems without /dev/urandom and /dev/random, it is a good idea to
-Gathering Demon; see the RAND_egd() manpage for details.
+use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
 details.  Starting with version 0.9.7, OpenSSL will automatically look
 for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
 /etc/entropy.
-Most components of the openssl command line tool try to use the
+Most components of the openssl command line utility automatically try
-file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
+to seed the random number generator from a file.  The name of the
-for seeding the PRNG.  If this file does not exist or is too short,
+default seeding file is determined as follows: If environment variable
-the "PRNG not seeded" error message may occur.
+RANDFILE is set, then it names the seeding file.  Otherwise if
 environment variable HOME is set, then the seeding file is $HOME/.rnd.
 If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
 use file .rnd in the current directory while OpenSSL 0.9.6a uses no
 default seeding file at all.  OpenSSL 0.9.6b and later will behave
 similarly to 0.9.6a, but will use a default of "C:\" for HOME on
 Windows systems if the environment variable has not been set.
-[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
+If the default seeding file does not exist or is too short, the "PRNG
-0.9.5 does not do this and will fail on systems without /dev/urandom
+not seeded" error message may occur.
-when trying to password-encrypt an RSA key!  This is a bug in the
+
-library; try a later version instead.]
+The openssl command line utility will write back a new state to the
 default seeding file (and create this file if necessary) unless
 there was no sufficient seeding.
 Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
 Use the "-rand" option of the OpenSSL command line tools instead.
 The $RANDFILE environment variable and $HOME/.rnd are only used by the
 OpenSSL command line tools. Applications using the OpenSSL library
 provide their own configuration options to specify the entropy source,
 please check out the documentation coming the with application.
 For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
 installing the SUNski package from Sun patch 105710-01 (Sparc) which
 adds a /dev/random device and make sure it gets used, usually through
 $RANDFILE.  There are probably similar patches for the other Solaris
-versions.  However, be warned that /dev/random is usually a blocking
+versions.  An official statement from Sun with respect to /dev/random
-device, which may have some effects on OpenSSL.
+support can be found at
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
 However, be warned that /dev/random is usually a blocking device, which
 may have some effects on OpenSSL.
 * Why do I get an "unable to write 'random state'" error message?
 Sometimes the openssl command line utility does not abort with
 a "PRNG not seeded" error message, but complains that it is
 "unable to write 'random state'".  This message refers to the
 default seeding file (see previous answer).  A possible reason
 is that no default filename is known because neither RANDFILE
 nor HOME is set.  (Versions up to 0.9.6 used file ".rnd" in the
 current directory in this case, but this has changed with 0.9.6a.)
 * How do I create certificates or certificate requests?
@@ -264,7 +310,7 @@ there is little point presenting a certificate which the server will
 reject.
 The solution is to add the relevant CA certificate to your servers "trusted
-CA list". How you do this depends on the server sofware in uses. You can
+CA list". How you do this depends on the server software in uses. You can
 print out the servers list of acceptable CAs using the OpenSSL s_client tool:
 openssl s_client -connect www.some.host:443 -prexit
@@ -283,6 +329,26 @@ Browsers expect the server's hostname to match the value in the commonName
 (CN) field of the certificate. If it does not then you get a warning.
 * How do I install a CA certificate into a browser?
 The usual way is to send the DER encoded certificate to the browser as
 MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
 link. On MSIE certain extensions such as .der or .cacert may also work, or you
 can import the certificate using the certificate import wizard.
 You can convert a certificate to DER form using the command:
 openssl x509 -in ca.pem -outform DER -out ca.der
 Occasionally someone suggests using a command such as:
 openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
 DO NOT DO THIS! This command will give away your CAs private key and
 reduces its security to zero: allowing anyone to forge certificates in
 whatever name they choose.
 [BUILD] =======================================================================
 * Why does the linker complain about undefined symbols?
@@ -326,9 +392,9 @@ and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
 for download instructions) can be safely used, for example.
-* Why does the OpenSSL compilation fail on Alpha True64 Unix?
+* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-On some Alpha installations running True64 Unix and Compaq C, the compilation
+On some Alpha installations running Tru64 Unix and Compaq C, the compilation
 of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
 memory to continue compilation.'  As far as the tests have shown, this may be
 a compiler bug.  What happens is that it eats up a lot of resident memory
@@ -390,6 +456,52 @@ under 'Program Files').  This needs to be done prior to running NMAKE,
 and the changes are only valid for the current DOS session.
 * What is special about OpenSSL on Redhat?
 Red Hat Linux (release 7.0 and later) include a preinstalled limited
 version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
 is disabled in this version. The same may apply to other Linux distributions.
 Users may therefore wish to install more or all of the features left out.
 To do this you MUST ensure that you do not overwrite the openssl that is in
 /usr/bin on your Red Hat machine. Several packages depend on this file,
 including sendmail and ssh. /usr/local/bin is a good alternative choice. The
 libraries that come with Red Hat 7.0 onwards have different names and so are
 not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
 /lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
 /lib/libcrypto.so.2 respectively).
 Please note that we have been advised by Red Hat attempting to recompile the
 openssl rpm with all the cryptography enabled will not work. All other
 packages depend on the original Red Hat supplied openssl package. It is also
 worth noting that due to the way Red Hat supplies its packages, updates to
 openssl on each distribution never change the package version, only the
 build number. For example, on Red Hat 7.1, the latest openssl package has
 version number 0.9.6 and build number 9 even though it contains all the
 relevant updates in packages up to and including 0.9.6b.
 A possible way around this is to persuade Red Hat to produce a non-US
 version of Red Hat Linux.
 FYI: Patent numbers and expiry dates of US patents:
 MDC-2: 4,908,861 13/03/2007
 IDEA:  5,214,703 25/05/2010
 RC5:   5,724,428 03/03/2015
 * Why does the OpenSSL test suite fail on MacOS X?
 If the failure happens when running 'make test' and the RC4 test fails,
 it's very probable that you have OpenSSL 0.9.6b delivered with the
 operating system (you can find out by running '/usr/bin/openssl version')
 and that you were trying to build OpenSSL 0.9.6d.  The problem is that
 the loader ('ld') in MacOS X has a misfeature that's quite difficult to
 go around and has linked the programs "openssl" and the test programs
 with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
 libraries you just built.
 Look in the file PROBLEMS for a more detailed explanation and for possible
 solutions.
 [PROG] ========================================================================
 * Is OpenSSL thread-safe?
@@ -406,10 +518,43 @@ OpenSSL.  This is described in the threads(3) manpage.
 * I've compiled a program under Windows and it crashes: why?
-This is usually because you've missed the comment in INSTALL.W32. You
+This is usually because you've missed the comment in INSTALL.W32.
-must link with the multithreaded DLL version of the VC++ runtime library
+Your application must link against the same version of the Win32
-otherwise the conflict will cause a program to crash: typically on the
+C-Runtime against which your openssl libraries were linked.  The
-first BIO related read or write operation.
+default version for OpenSSL is /MD - "Multithreaded DLL".
 If you are using Microsoft Visual C++'s IDE (Visual Studio), in
 many cases, your new project most likely defaulted to "Debug
 Singlethreaded" - /ML.  This is NOT interchangeable with /MD and your
 program will crash, typically on the first BIO related read or write
 operation.
 For each of the six possible link stage configurations within Win32,
 your application must link  against the same by which OpenSSL was
 built.  If you are using MS Visual C++ (Studio) this can be changed
 by:
 1.  Select Settings... from the Project Menu.
 2.  Select the C/C++ Tab.
 3.  Select "Code Generation from the "Category" drop down list box
 4.  Select the Appropriate library (see table below) from the "Use
    run-time library" drop down list box.  Perform this step for both
    your debug and release versions of your application (look at the
    top left of the settings panel to change between the two)
    Single Threaded           /ML        -  MS VC++ often defaults to
                                            this for the release
                                            version of a new project.
    Debug Single Threaded     /MLd       -  MS VC++ often defaults to
                                            this for the debug version
                                            of a new project.
    Multithreaded             /MT
    Debug Multithreaded       /MTd
    Multithreaded DLL         /MD        -  OpenSSL defaults to this.
    Debug Multithreaded DLL   /MDd
 Note that debug and release libraries are NOT interchangeable.  If you
 built OpenSSL with /MD your application must use /MD and cannot use /MDd.
 * How do I read or write a DER encoded buffer using the ASN1 functions?
@@ -490,44 +635,16 @@ OpenSSL_add_all_algorithms(). See the manual page for more information.
 * Why can't the OpenSSH configure script detect OpenSSL?
-There is a problem with OpenSSH 1.2.2p1, in that the configure script
+Several reasons for problems with the automatic detection exist.
-can't find the installed OpenSSL libraries.  The problem is actually
+OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
-a small glitch that is easily solved with the following patch to be
+Sometimes the distribution has installed an older version in the system
-applied to the OpenSSH distribution:
+locations that is detected instead of a new one installed. The OpenSSL
-
+library might have been compiled for another CPU or another mode (32/64 bits).
----- snip:start -----
+Permissions might be wrong.
 --- openssh-1.2.2p1/configure.in.orig	Thu Mar 23 18:56:58 2000
 +++ openssh-1.2.2p1/configure.in	Thu Mar 23 18:55:05 2000
@@ -152,10 +152,10 @@
 AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
 for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
 	if test ! -z "$ssldir" ; then
 -		LIBS="$saved_LIBS -L$ssldir"
 +		LIBS="$saved_LIBS -L$ssldir/lib"
 		CFLAGS="$CFLAGS -I$ssldir/include"
 		if test "x$need_dash_r" = "x1" ; then
 -			LIBS="$LIBS -R$ssldir"
 +			LIBS="$LIBS -R$ssldir/lib"
 		fi
 	fi
 	LIBS="$LIBS -lcrypto"
 --- openssh-1.2.2p1/configure.orig	Thu Mar 23 18:55:02 2000
 +++ openssh-1.2.2p1/configure	Thu Mar 23 18:57:08 2000
@@ -1890,10 +1890,10 @@
 echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5
 for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
 	if test ! -z "$ssldir" ; then
 -		LIBS="$saved_LIBS -L$ssldir"
 +		LIBS="$saved_LIBS -L$ssldir/lib"
 		CFLAGS="$CFLAGS -I$ssldir/include"
 		if test "x$need_dash_r" = "x1" ; then
 -			LIBS="$LIBS -R$ssldir"
 +			LIBS="$LIBS -R$ssldir/lib"
 		fi
 	fi
 	LIBS="$LIBS -lcrypto"
 ----- snip:end -----
 The general answer is to check the config.log file generated when running
 the OpenSSH configure script. It should contain the detailed information
 on why the OpenSSL library was not detected or considered incompatible.
 * Can I use OpenSSL's SSL library with non-blocking I/O?
@@ -543,5 +660,12 @@ requiring a bi-directional message exchange; both SSL_read() and
 SSL_write() will try to continue any pending handshake.
 * Why doesn't my server application receive a client certificate?
 Due to the TLS protocol definition, a client will only send a certificate,
 if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
 SSL_CTX_set_verify() function to enable the use of client certificates.
 ===============================================================================
--- a/18
+++ b/18
@@ -7,8 +7,11 @@
 To install OpenSSL, you will need:
  * make
  * Perl 5
  * an ANSI C compiler
  * a development environment in form of development libraries and C
    header files
  * a supported Unix operating system
 Quick Start
@@ -125,8 +128,11 @@
     the failure that aren't problems in OpenSSL itself (like missing
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
-     message will be forwarded to a public mailing list).  Include the
+     message will be recorded in the request tracker publicly readable
-     output of "make report" in your message.
+     via http://www.openssl.org/rt2.html and will be forwarded to a public
     mailing list). Include the output of "make report" in your message.
     Please check out the request tracker. Maybe the bug was already
     reported or has already been fixed.
     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]
@@ -144,7 +150,8 @@
     try removing any compiler optimization flags from the CFLAGS line
     in Makefile.ssl and run "make clean; make". Please send a bug
     report to <openssl-bugs@openssl.org>, including the output of
-     "make report".
+     "make report" in order to be added to the request tracker at
     http://www.openssl.org/rt2.html.
  4. If everything tests ok, install OpenSSL with
@@ -266,6 +273,11 @@
 Note on shared libraries
 ------------------------
 Shared library is currently an experimental feature.  The only reason to
 have them would be to conserve memory on systems where several program
 are using OpenSSL.  Binary backward compatibility can't be guaranteed
 before OpenSSL version 1.0.
 For some systems, the OpenSSL Configure script knows what is needed to
 build shared libraries for libcrypto and libssl.  On these systems,
 the shared libraries are currently not created by default, but giving
--- a/INSTALL.MacOS
+++ b/INSTALL.MacOS
@@ -1,7 +1,7 @@
-OpenSSL - Port To The Macintosh
+OpenSSL - Port To The Macintosh OS 9 or Earlier
-===============================
+===============================================
-Thanks to Roy Wood <roy@centricsystems.ca> initial support for MacOS (pre
+Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
 X) is now provided. "Initial" means that unlike other platforms where you
 get an SDK and a "swiss army" openssl application, on Macintosh you only
 get one sample application which fetches a page over HTTPS(*) and dumps it
@@ -32,17 +32,17 @@ Installation procedure:
        to 42, change appropriately.
 (**)	If you use SUNtar, then it might have already unbinhexed the files
 	in question.
-(***)	The project file was saved with CW Pro 5.3. If you have an earlier
+(***)	The project file was saved with CW Pro 5.3. If you have earlier
 	version and it refuses to open it, then download
 	http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it
 	overwriting the original OpenSSL.mcp.
-(****)	Other targets are works in progress. If you feel like giving 'em a
+(****)	Other targets are work in progress. If you feel like giving 'em a
 	shot, then you should know that OpenSSL* and Lib* targets are
 	supposed to be built with the GUSI, MacOS library which mimics
 	BSD sockets and some other POSIX APIs. The GUSI distribution is
-	expected to be found in the same directory as the openssl source tree,
+	expected to be found in the same directory as openssl source tree,
-	i.e., in the parent directory to the one where this very file,
+	i.e. in the parent directory to the one where this very file,
-	namely INSTALL.MacOS, resides. For more information about GUSI, see
+	namely INSTALL.MacOS. For more information about GUSI, see
 	http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
 Finally some essential comments from our generous contributor:-)
--- a/INSTALL.VMS
+++ b/INSTALL.VMS
@@ -8,6 +8,7 @@ Intro:
 This file is divided in the following parts:
  Requirements			- Mandatory reading.
  Checking the distribution	- Mandatory reading.
  Compilation			- Mandatory reading.
  Logical names			- Mandatory reading.
@@ -19,6 +20,15 @@ This file is divided in the following parts:
  TODO				- Things that are to come.
 Requirements:
 =============
 To build and install OpenSSL, you will need:
 * DEC C or some other ANSI C compiler.  VAX C is *not* supported.
   [Note: OpenSSL has only been tested with DEC C.  Compiling with 
    a different ANSI C compiler may require some work]
 Checking the distribution:
 ==========================
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -2,16 +2,19 @@
 INSTALLATION ON THE WIN32 PLATFORM
 ----------------------------------
- Heres a few comments about building OpenSSL in Windows environments. Most of
+ Heres a few comments about building OpenSSL in Windows environments.  Most
- this is tested on Win32 but it may also work in Win 3.1 with some
+ of this is tested on Win32 but it may also work in Win 3.1 with some
 modification.
- You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
+ You need Perl for Win32.  Unless you will build on Cygwin, you will need
 ActiveState Perl, available from http://www.activestate.com/ActivePerl.
 For Cygwin users, there's more info in the Cygwin section.
 and one of the following C compilers:
  * Visual C++
  * Borland C
-  * GNU C (Mingw32 or Cygwin32)
+  * GNU C (Mingw32 or Cygwin)
 If you want to compile in the assembly language routines with Visual C++ then
 you will need an assembler. This is worth doing because it will result in
@@ -78,7 +81,7 @@
 There are various changes you can make to the Win32 compile environment. By
 default the library is not compiled with debugging symbols. If you add 'debug'
- to the mk1mk.pl lines in the do_* batch file then debugging symbols will be
+ to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
 compiled in.
 The default Win32 environment is to leave out any Windows NT specific
@@ -91,6 +94,18 @@
 You can also build a static version of the library using the Makefile
 ms\nt.mak
 Borland C++ builder 5
 ---------------------
 * Configure for building with Borland Builder:
   > perl Configure BC-32
 * Create the appropriate makefile
   > ms\do_nasm
 * Build
   > make -f ms\bcb.mak
 Borland C++ builder 3 and 4
 ---------------------------
@@ -134,28 +149,30 @@
   > cd out
   > ..\ms\test
- GNU C (CygWin32)
+ GNU C (Cygwin)
- ---------------
+ --------------
- CygWin32 provides a bash shell and GNU tools environment running on
+ Cygwin provides a bash shell and GNU tools environment running on
 NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL
- with CygWin is closer to a GNU bash environment such as Linux rather
+ with Cygwin is closer to a GNU bash environment such as Linux rather
 than other W32 makes that are based on a single makefile approach.
- CygWin32 implements Posix/Unix calls through cygwin1.dll, and is
+ Cygwin implements Posix/Unix calls through cygwin1.dll, and is
 contrasted to Mingw32 which links dynamically to msvcrt.dll or
 crtdll.dll.
- To build OpenSSL using CygWin32:
+ To build OpenSSL using Cygwin:
- * Install CygWin32 (see http://sourceware.cygnus.com/cygwin)
+ * Install Cygwin (see http://sourceware.cygnus.com/cygwin)
- * Install Perl and ensure it is in the path
+ * Install Perl and ensure it is in the path (recent Cygwin perl 
   (version 5.6.1-2 of the latter has been reported to work) or
   ActivePerl)
- * Run the CygWin bash shell
+ * Run the Cygwin bash shell
 * $ tar zxvf openssl-x.x.x.tar.gz
   $ cd openssl-x.x.x
-   $ ./Configure no-threads CygWin32
+   $ ./config
   [...]
   $ make
   [...]
@@ -164,27 +181,28 @@
 This will create a default install in /usr/local/ssl.
- CygWin32 Notes:
+ Cygwin Notes:
 "make test" and normal file operations may fail in directories
- mounted as text (i.e. mount -t c:\somewhere /home) due to CygWin
+ mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
 stripping of carriage returns. To avoid this ensure that a binary
 mount is used, e.g. mount -b c:\somewhere /home.
- As of version 1.1.1 CygWin32 is relatively unstable in its handling
+ As of version 1.1.1 Cygwin is relatively unstable in its handling
 of cr/lf issues. These make procedures succeeded with versions 1.1 and
 the snapshot 20000524 (Slow!).
- "bc" is not provided in the CygWin32 distribution.  This causes a
+ "bc" is not provided in the Cygwin distribution.  This causes a
 non-fatal error in "make test" but is otherwise harmless.  If
- desired, GNU bc can be built with CygWin32 without change.
+ desired, GNU bc can be built with Cygwin without change.
 Installation
 ------------
- There's currently no real installation procedure for Win32.  There are,
+ If you used the Cygwin procedure above, you have already installed and
- however, some suggestions:
+ can skip this section.  For all other procedures, there's currently no real
 installation procedure for Win32.  There are, however, some suggestions:
    - do nothing.  The include files are found in the inc32/ subdirectory,
      all binaries are found in out32dll/ or out32/ depending if you built
--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/MacOS/GetHTTPS.src/GetHTTPS.cpp
+++ b/MacOS/GetHTTPS.src/GetHTTPS.cpp
@@ -167,7 +167,7 @@ void main(void)
 		tempString[bytesRead] = '\0';
-		printf("%s", tempString);
+		printf(tempString);
 	}
 	printf("\n\n\n");
@@ -201,7 +201,7 @@ EXITPOINT:
 	{
 		printf("An error occurred:\n");
-		printf("%s",GetErrorMessage());
+		printf(GetErrorMessage());
 	}
--- a/Makefile.org
+++ b/Makefile.org
@@ -24,6 +24,7 @@ INSTALLTOP=/usr/local/ssl
 # Do not edit this manually. Use Configure --openssldir=DIR do change this!
 OPENSSLDIR=/usr/local/ssl
 # RSAref  - Define if we are to link with RSAref.
 # NO_IDEA - Define to build without the IDEA algorithm
 # NO_RC4  - Define to build without the RC4 algorithm
 # NO_RC2  - Define to build without the RC2 algorithm
@@ -56,14 +57,14 @@ CC= gcc
 #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 DEPFLAG= 
-PEX_LIBS= -L. -L.. -L../.. -L../../..
+PEX_LIBS= 
 EX_LIBS= 
 EXE_EXT= 
 AR=ar r
 RANLIB= ranlib
 PERL= perl
 TAR= tar
 TARFLAGS= --no-recursion
 MAKEDEPPROG=makedepend
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
@@ -150,28 +151,20 @@ RMD160_ASM_OBJ= asm/rm86-out.o
 #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
 # KRB5 stuff
 KRB5_INCLUDES=
 LIBKRB5=
 # When we're prepared to use shared libraries in the programs we link here
 # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
 SHLIB_MARK=
-DIRS=   crypto ssl $(SHLIB_MARK) apps test tools
+DIRS=   crypto ssl rsaref $(SHLIB_MARK) apps test tools
 SHLIBDIRS= crypto ssl
 # dirs in crypto to build
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa dh dso engine rijndael \
+	bn rsa dsa dh dso \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 # tests to perform.  "alltests" is a special word indicating that all tests
 # should be performed.
 TESTS = alltests
 MAKEFILE= Makefile.ssl
 MAKE=     make -f Makefile.ssl
@@ -190,13 +183,14 @@ SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
 SHARED_LIBS=
 SHARED_LIBS_LINK_EXTS=
 SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
 TARFILE=        $(NAME).tar
 WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os2.h
+EXHEADER=       e_os.h e_os2.h
 HEADER=         e_os.h
 # When we're prepared to use shared libraries in the programs we link here
@@ -209,7 +203,7 @@ sub_all:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
@@ -228,7 +222,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a
 	fi
 libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' build-shared; \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
@@ -242,94 +236,247 @@ clean-shared:
 			done; \
 		fi; \
 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
-	done
+		if [ "$(PLATFORM)" = "Cygwin" ]; then \
-
+			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
 link-shared:
 	@for i in $(SHLIBDIRS); do \
 		prev=lib$$i$(SHLIB_EXT); \
 		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
 			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
 			for j in $${tmp:-x}; do \
 				( set -x; ln -s -f $$prev lib$$i$$j ); \
 				prev=lib$$i$$j; \
 			done; \
 		fi; \
 	done
 link-shared:
 	@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
 		tmp="$(SHARED_LIBS_LINK_EXTS)"; \
 		for i in $(SHLIBDIRS); do \
 			prev=lib$$i$(SHLIB_EXT); \
 			for j in $${tmp:-x}; do \
 				( set -x; \
 				rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
 				prev=lib$$i$$j; \
 			done; \
 		done; \
 	fi
 build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
-do_bsd-gcc-shared: linux-shared
+do_bsd-gcc-shared: do_gnu-shared
-do_linux-shared:
+do_linux-shared: do_gnu-shared
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+do_gnu-shared:
-	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+	( set -x; ${CC} ${SHARED_LDFLAGS} \
 		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
+	libs="$$libs -l$$i"; \
 	done
 DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
 	collect2=`gcc -print-prog-name=collect2 2>&1` && \
 	[ -n "$$collect2" ] && \
 	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
 	[ -n "$$my_ld" ] && \
 	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
 # For Darwin AKA Mac OS/X (dyld)
 do_darwin-shared: 
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
 		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
 		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
 	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
 	echo "" ; \
 	done
 do_cygwin-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -o cyg$$i.dll \
 		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--out-implib,lib$$i.dll.a \
 		-Wl,--no-whole-archive $$libs ) || exit 1; \
 	libs="$$libs -l$$i"; \
 	done
 # This assumes that GNU utilities are *not* used
 do_alpha-osf1-shared:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # This assumes that GNU utilities are *not* used
 # The difference between alpha-osf1-shared and tru64-shared is the `-msym'
 # option passed to the linker.
 do_tru64-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	if ${DETECT_GNU_LD}; then \
-	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
+		$(MAKE) do_gnu-shared; \
-		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+	else \
-		-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	libs="$$libs -L. -l$$i"; \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
-	done
+			-shared -msym -o lib$$i.so \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # This assumes that GNU utilities are *not* used
 # The difference between tru64-shared and tru64-shared-rpath is the
 # -rpath ${INSTALLTOP}/lib passed to the linker.
 do_tru64-shared-rpath:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -msym -o lib$$i.so \
 			-rpath  ${INSTALLTOP}/lib \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # This assumes that GNU utilities are *not* used
 do_solaris-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	if ${DETECT_GNU_LD}; then \
-	( set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		$(MAKE) do_gnu-shared; \
-		-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+	else \
-		-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	libs="$$libs -L. -l$$i"; \
+		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
-	done
+		  set -x; ${CC} ${SHARED_LDFLAGS} \
 			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # OpenServer 5 native compilers used
 do_svr3-shared:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
 		  find . -name "*.o" -print > allobjs ; \
 		  OBJS= ; export OBJS ; \
 		  for obj in `ar t lib$$i.a` ; do \
 		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
 		  done ; \
 		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # UnixWare 7 and OpenUNIX 8 native compilers used
 do_svr5-shared:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
 		  find . -name "*.o" -print > allobjs ; \
 		  OBJS= ; export OBJS ; \
 		  for obj in `ar t lib$$i.a` ; do \
 		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
 		  done ; \
 		  set -x; ${CC} ${SHARED_LDFLAGS} \
 			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # This assumes that GNU utilities are *not* used
 do_irix-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	if ${DETECT_GNU_LD}; then \
-	( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		$(MAKE) do_gnu-shared; \
-		-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+	else \
-		-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # This assumes that GNU utilities are *not* used
 do_hpux-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
 		+vnocompatwarnings \
 		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
 	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
 	libs="$$libs -L. -l$$i"; \
 	done
 # This assumes that GNU utilities are *not* used
-# HP-UX includes the full pathname of libs we depend on, so we would get
+do_hpux64-shared:
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-# anyway.
+		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 # The object modules are loaded from lib$i.a using the undocumented -Fl
 # option.
 #
 # WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
 #          by temporarily specifying "+s"!
 #
 do_hpux-shared:
 	for i in ${SHLIBDIRS}; do \
 	( set -x; /usr/ccs/bin/ld +vnocompatwarnings \
 		-b -z +s \
 		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Fl lib$$i.a -ldld -lc ) || exit 1; \
+		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
 	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
 	libs="$$libs -L. -l$$i"; \
 	done
-# This assumes that GNU utilities are *not* used
+# The following method is said to work on all platforms.  Tests will
-# HP-UX includes the full pathname of libs we depend on, so we would get
+# determine if that's how it's gong to be used.
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# This assumes that for all but GNU systems, GNU utilities are *not* used.
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# ALLSYMSFLAGS would be:
-# anyway.
+#  GNU systems: --whole-archive
-#
+#  Tru64 Unix:  -all
-# HP-UX in 64bit mode has "+s" enabled by default; it will search for
+#  Solaris:     -z allextract
-# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
+#  Irix:        -all
-#
+#  HP/UX-32bit: -Fl
-do_hpux64-shared:
+#  HP/UX-64bit: +forceload
-	for i in ${SHLIBDIRS}; do \
+#  AIX:		-bnogc
-	( set -x; /usr/ccs/bin/ld -b -z \
+# SHAREDFLAGS would be:
-		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+#  GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
-		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+#  Tru64 Unix:  -shared \
-		+forceload lib$$i.a -ldl -lc ) || exit 1; \
+#		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
 #  Solaris:     -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
 #  Irix:        -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
 #  HP/UX-32bit: +vnocompatwarnings -b -z +s \
 #		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
 #  HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
 #  AIX:		-G -bE:lib$$i.exp -bM:SRE
 # SHAREDCMD would be:
 #  GNU systems: $(CC)
 #  Tru64 Unix:  $(CC)
 #  Solaris:     $(CC)
 #  Irix:        $(CC)
 #  HP/UX-32bit: /usr/ccs/bin/ld
 #  HP/UX-64bit: /usr/ccs/bin/ld
 #  AIX:		$(CC)
 ALLSYMSFLAG=-bnogc
 SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
 SHAREDCMD=$(CC)
 do_aix-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; \
 	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
 	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
 	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
 		$$libs ${EX_LIBS} ) ) \
 	|| exit 1; \
 	libs="$$libs -l$$i"; \
 	done
 Makefile.ssl: Makefile.org
@@ -378,7 +525,7 @@ links:
 	@for i in $(DIRS); do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making links in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
 	fi; \
 	done;
@@ -394,14 +541,14 @@ dclean:
 rehash: rehash.time
 rehash.time: certs
-	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; export OPENSSL OPENSSL_DEBUG_MEMORY; $(PERL) tools/c_rehash certs)
+	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
 	touch rehash.time
 test:   tests
 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' OPENSSL_DEBUG_MEMORY=on tests );
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
 	@apps/openssl version -a
 report:
@@ -412,7 +559,7 @@ depend:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' depend ) || exit 1; \
+		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
 	fi; \
 	done;
@@ -446,9 +593,9 @@ util/libeay.num::
 util/ssleay.num::
 	$(PERL) util/mkdef.pl ssl update
-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
 	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
 	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
 TABLE: Configure
@@ -457,28 +604,26 @@ TABLE: Configure
 update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
 # would occur. Therefore the list of files is temporarily stored into a file
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
 tar:
-	@$(TAR) $(TARFLAGS) -cvf - \
+	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
-		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
+	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\
 	gzip --best >../$(TARFILE).gz; \
 	rm -f ../$(TARFILE).list; \
 	ls -l ../$(TARFILE).gz
 tar-snap:
 	@$(TAR) $(TARFLAGS) -cvf - \
 		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \! -name '*test' \! -name '.#*' | sort` |\
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
 	ls -l ../$(TARFILE)
 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) tar
+	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
@@ -500,7 +645,7 @@ install: all install_docs
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i; echo "installing $$i..."; \
-		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
+		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
 	fi; \
 	done
 	@for i in $(LIBS) ;\
@@ -510,21 +655,30 @@ install: all install_docs
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
-		fi \
+		fi; \
 	done
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		tmp="$(SHARED_LIBS)"; \
 		for i in $${tmp:-x}; \
 		do \
-			if [ -f "$$i" ]; then \
+			if [ -f "$$i" -o -f "$$i.a" ]; then \
 			(       echo installing $$i; \
-				cp -f $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+				if [ "$(PLATFORM)" != "Cygwin" ]; then \
-				chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			fi \
+					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
 					c=`echo $$i | sed 's/^lib/cyg/'`; \
 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 				fi ); \
 			fi; \
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			make -f $$here/Makefile link-shared ); \
+			set $(MAKE); \
 			$$1 -f $$here/Makefile link-shared ); \
 	fi
 install_docs:
@@ -533,22 +687,25 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
-	@for i in doc/apps/*.pod; do \
+	@pod2man=`cd util; ./pod2mantest ignore`; \
 	for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
-		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
+		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `dirname $$i`; \
+		(cd `$(PERL) util/dirname.pl $$i`; \
-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+		sh -c "$(PERL) $$pod2man \
-			 --release=$(VERSION) `basename $$i`) \
+			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
-	done
+	done; \
-	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
-		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
+		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `dirname $$i`; \
+		(cd `$(PERL) util/dirname.pl $$i`; \
-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+		sh -c "$(PERL) $$pod2man \
-			--release=$(VERSION) `basename $$i`) \
+			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
--- a/79
+++ b/79
@@ -5,10 +5,78 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
+  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
-      o New library section OCSP.
+      o Important building fixes on Unix.
-      o Complete haul-over of the ASN.1 library section.
+
  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
      o Various important bugfixes.
  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
      o Important security related bugfixes.
      o Various SSL/TLS library bugfixes.
  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
      o Various SSL/TLS library bugfixes.
      o Fix DH parameter generation for 'non-standard' generators.
  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
      o Various SSL/TLS library bugfixes.
      o BIGNUM library fixes.
      o RSA OAEP and random number generation fixes.
      o Object identifiers corrected and added.
      o Add assembler BN routines for IA64.
      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
        MIPS Linux; shared library support for Irix, HP-UX.
      o Add crypto accelerator support for AEP, Baltimore SureWare,
        Broadcom and Cryptographic Appliance's keyserver
        [in 0.9.6c-engine release].
  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
      o Security fix: PRNG improvements.
      o Security fix: RSA OAEP check.
      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
        attack.
      o MIPS bug fix in BIGNUM.
      o Bug fix in "openssl enc".
      o Bug fix in X.509 printing routine.
      o Bug fix in DSA verification routine and DSA S/MIME verification.
      o Bug fix to make PRNG thread-safe.
      o Bug fix in RAND_file_name().
      o Bug fix in compatibility mode trust settings.
      o Bug fix in blowfish EVP.
      o Increase default size for BIO buffering filter.
      o Compatibility fixes in some scripts.
  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
      o Security fix: change behavior of OpenSSL to avoid using
        environment variables when running as root.
      o Security fix: check the result of RSA-CRT to reduce the
        possibility of deducing the private key from an incorrectly
        calculated signature.
      o Security fix: prevent Bleichenbacher's DSA attack.
      o Security fix: Zero the premaster secret after deriving the
        master secret in DH ciphersuites.
      o Reimplement SSL_peek(), which had various problems.
      o Compatibility fix: the function des_encrypt() renamed to
        des_encrypt1() to avoid clashes with some Unixen libc.
      o Bug fixes for Win32, HP/UX and Irix.
      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
        memory checking routines.
      o Bug fixes for RSA operations in threaded environments.
      o Bug fixes in misc. openssl applications.
      o Remove a few potential memory leaks.
      o Add tighter checks of BIGNUM routines.
      o Shared library support has been reworked for generality.
      o More documentation.
      o New function BN_rand_range().
      o Add "-rand" option to openssl s_client and s_server.
  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
@@ -19,9 +87,12 @@
      o New 'rsautl' application, low level RSA utility.
      o MD4 now included.
      o Bugfix for SSL rollback padding check.
-      o Support for external crypto devices.
+      o Support for external crypto devices [1].
      o Enhanced EVP interface.
    [1] The support for external crypto devices is currently a separate
        distribution.  See the file README.ENGINE.
  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
--- a/42
+++ b/42
@@ -0,0 +1,42 @@
 * System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
 [NOTE: This is currently undergoing tests, and may be removed soon]
 This is really a misfeature in ld, which seems to look for .dylib libraries
 along the whole library path before it bothers looking for .a libraries.  This
 means that -L switches won't matter unless OpenSSL is built with shared
 library support.
 The workaround may be to change the following lines in apps/Makefile.ssl and
 test/Makefile.ssl:
  LIBCRYPTO=-L.. -lcrypto
  LIBSSL=-L.. -lssl
 to:
  LIBCRYPTO=../libcrypto.a
  LIBSSL=../libssl.a
 It's possible that something similar is needed for shared library support
 as well.  That hasn't been well tested yet.
 Another solution that many seem to recommend is to move the libraries
 /usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
 directory, build and install OpenSSL and anything that depends on your
 build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
 original places.  Note that the version numbers on those two libraries
 may differ on your machine.
 As long as Apple doesn't fix the problem with ld, this problem building
 OpenSSL will remain as is.
 * Parallell make leads to errors
 While running tests, running a parallell make is a bad idea.  Many test
 scripts use the same name for output and input files, which means different
 will interfere with each other and lead to test failure.
 The solution is simple for now: don't run parallell make when testing.
--- a/25
+++ b/25
@@ -1,7 +1,7 @@
- OpenSSL 0.9.7-dev 24 Sep 2000
+ OpenSSL 0.9.6g 9 August 2002
- Copyright (c) 1998-2000 The OpenSSL Project
+ Copyright (c) 1998-2002 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.
@@ -62,7 +62,7 @@
     X.509v3 certificates
        X509 encoding/decoding into/from binary ASN1 and a PEM
-             based ascii-binary encoding which supports encryption with a
+             based ASCII-binary encoding which supports encryption with a
             private key.  Program to generate RSA and DSA certificate
             requests and to generate RSA and DSA certificates.
@@ -97,7 +97,7 @@
 locations around the world. _YOU_ are responsible for ensuring that your use
 of any algorithms is legal by checking if there are any patents in your
 country.  The file contains some of the patents that we know about or are
- rumoured to exist. This is not a definitive list.
+ rumored to exist. This is not a definitive list.
 RSA Security holds software patents on the RC5 algorithm.  If you
 intend to use this cipher, you must contact RSA Security for
@@ -122,6 +122,13 @@
 lists the functions; you will probably have to look at the code to work out
 how to use them. Look at the example programs.
 PROBLEMS
 --------
 For some platforms, there are some known problems that may affect the user
 or application author.  We try to collect those in doc/PROBLEMS, with current
 thoughts on how they should be solved in a future of OpenSSL.
 SUPPORT 
 -------
@@ -146,11 +153,13 @@
    - Problem Description (steps that will reproduce the problem, if known)
    - Stack Traceback (if the application dumps core)
- Report the bug to the OpenSSL project at:
+ Report the bug to the OpenSSL project via the Request Tracker
 (http://www.openssl.org/rt2.html) by mail to:
    openssl-bugs@openssl.org
- Note that mail to openssl-bugs@openssl.org is forwarded to a public
+ Note that mail to openssl-bugs@openssl.org is recorded in the publicly
 readable request tracker database and is forwarded to a public
 mailing list. Confidential mail may be sent to openssl-security@openssl.org
 (PGP key available from the key servers).
@@ -164,7 +173,9 @@
 textual explanation of what your patch does.
 Note: For legal reasons, contributions from the US can be accepted only
- if a copy of the patch is sent to crypt@bxa.doc.gov
+ if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
 see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
 and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
 The preferred format for changes is "diff -u" output. You might
 generate it like this:
--- a/README.ASN1
+++ b/README.ASN1
@@ -1,187 +0,0 @@
 OpenSSL ASN1 Revision
 =====================
 This document describes some of the issues relating to the new ASN1 code.
 Previous OpenSSL ASN1 problems
 =============================
 OK why did the OpenSSL ASN1 code need revising in the first place? Well
 there are lots of reasons some of which are included below...
 1. The code is difficult to read and write. For every single ASN1 structure
 (e.g. SEQUENCE) four functions need to be written for new, free, encode and
 decode operations. This is a very painful and error prone operation. Very few
 people have ever written any OpenSSL ASN1 and those that have usually wish
 they hadn't.
 2. Partly because of 1. the code is bloated and takes up a disproportionate
 amount of space. The SEQUENCE encoder is particularly bad: it essentially
 contains two copies of the same operation, one to compute the SEQUENCE length
 and the other to encode it.
 3. The code is memory based: that is it expects to be able to read the whole
 structure from memory. This is fine for small structures but if you have a
 (say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
 4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
 changing the tag to the expected one, attempting to read it, then changing it
 back again. This means that decode buffers have to be writable even though they
 are ultimately unchanged. This gets in the way of constification.
 5. The handling of EXPLICIT isn't much better. It adds a chunk of code into 
 the decoder and encoder for every EXPLICIT tag.
 6. APPLICATION and PRIVATE tags aren't even supported at all.
 7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
 types that are not OPTIONAL.
 8. Much of the code assumes that a tag will fit in a single octet. This is
 only true if the tag is 30 or less (mercifully tags over 30 are rare).
 9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
 macros that properly support it.
 10. Encoders have no concept of OPTIONAL and have no error checking. If the
 passed structure contains a NULL in a mandatory field it will not be encoded,
 resulting in an invalid structure.
 11. It is tricky to add ASN1 encoders and decoders to external applications.
 Template model
 ==============
 One of the major problems with revision is the sheer volume of the ASN1 code.
 Attempts to change (for example) the IMPLICIT behaviour would result in a
 modification of *every* single decode function. 
 I decided to adopt a template based approach. I'm using the term 'template'
 in a manner similar to SNACC templates: it has nothing to do with C++
 templates.
 A template is a description of an ASN1 module as several constant C structures.
 It describes in a machine readable way exactly how the ASN1 structure should
 behave. If this template contains enough detail then it is possible to write
 versions of new, free, encode, decode (and possibly others operations) that
 operate on templates.
 Instead of having to write code to handle each operation only a single
 template needs to be written. If new operations are needed (such as a 'print'
 operation) only a single new template based function needs to be written 
 which will then automatically handle all existing templates.
 Plans for revision
 ==================
 The revision will consist of the following steps. Other than the first two
 these can be handled in any order.
 o Design and write template new, free, encode and decode operations, initially
 memory based. *DONE*
 o Convert existing ASN1 code to template form. *IN PROGRESS*
 o Convert an existing ASN1 compiler (probably SNACC) to output templates
 in OpenSSL form.
 o Add support for BIO based ASN1 encoders and decoders to handle large
 structures, initially blocking I/O.
 o Add support for non blocking I/O: this is quite a bit harder than blocking
 I/O.
 o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
 certificates etc etc.
 Description of major changes
 ============================
 The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
 absent. The meaning of absent depends on the context. If for example the
 boolean type is DEFAULT FALSE (as in the case of the critical flag for
 certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
 Usually the value will only ever be read via an API which will hide this from
 an application.
 There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
 SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
 old code would omit the structure if the STACK was NULL (which is fine) or if
 it had zero elements (which is NOT OK). This causes problems because an empty
 SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
 it is encoded it will be omitted resulting in different encodings. The new code
 only omits the encoding if the STACK is NULL, if it contains zero elements it
 is encoded and empty. There is an additional problem though: because an empty
 STACK was omitted, sometimes the corresponding *_new() function would
 initialize the STACK to empty so an application could immediately use it, if
 this is done with the new code (i.e. a NULL) it wont work. Therefore a new
 STACK should be allocated first. One instance of this is the X509_CRL list of
 revoked certificates: a helper function X509_CRL_add0_revoked() has been added
 for this purpose.
 The X509_ATTRIBUTE structure used to have an element called 'set' which took
 the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
 to the behaviour of CHOICE in the new code this has been changed to a field
 called 'single' which is 0 for a SET OF and 1 for single. The old field has
 been deleted to deliberately break source compatibility. Since this structure
 is normally accessed via higher level functions this shouldn't break too much.
 The X509_REQ_INFO certificate request info structure no longer has a field
 called 'req_kludge'. This used to be set to 1 if the attributes field was
 (incorrectly) omitted. You can check to see if the field is omitted now by
 checking if the attributes field is NULL. Similarly if you need to omit
 the field then free attributes and set it to NULL.
 The top level 'detached' field in the PKCS7 structure is no longer set when
 a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
 The behaviour of PKCS7_get_detached() is unaffected.
 The values of 'type' in the GENERAL_NAME structure have changed. This is
 because the old code use the ASN1 initial octet as the selector. The new
 code uses the index in the ASN1_CHOICE template.
 The DIST_POINT_NAME structure has changed to be a true CHOICE type.
 typedef struct DIST_POINT_NAME_st {
 int type;
 union {
 	STACK_OF(GENERAL_NAME) *fullname;
 	STACK_OF(X509_NAME_ENTRY) *relativename;
 } name;
 } DIST_POINT_NAME;
 This means that name.fullname or name.relativename should be set
 and type reflects the option. That is if name.fullname is set then
 type is 0 and if name.relativename is set type is 1.
 With the old code using the i2d functions would typically involve:
 unsigned char *buf, *p;
 int len;
 /* Find length of encoding */
 len = i2d_SOMETHING(x, NULL);
 /* Allocate buffer */
 buf = OPENSSL_malloc(len);
 if(buf == NULL) {
 	/* Malloc error */
 }
 /* Use temp variable because &p gets updated to point to end of
 * encoding.
 */
 p = buf;
 i2d_SOMETHING(x, &p);
 Using the new i2d you can also do:
 unsigned char *buf = NULL;
 int len;
 len = i2d_SOMETHING(x, &buf);
 if(len < 0) {
 	/* Malloc error */
 }
 and it will automatically allocate and populate a buffer with the
 encoding. After this call 'buf' will point to the start of the
 encoding which is len bytes long.
--- a/README.ENGINE
+++ b/README.ENGINE
@@ -5,7 +5,7 @@
  With OpenSSL 0.9.6, a new component has been added to support external 
  crypto devices, for example accelerator cards.  The component is called
  ENGINE, and has still a pretty experimental status and almost no
-  documentation.  It's designed to be faily easily extensible by the
+  documentation.  It's designed to be fairly easily extensible by the
  calling programs.
  There's currently built-in support for the following crypto devices:
@@ -13,10 +13,11 @@
      o CryptoSwift
      o Compaq Atalla
      o nCipher CHIL
      o Nuron
  A number of things are still needed and are being worked on:
      o An openssl utility command to handle or at least check available
        engines.
      o A better way of handling the methods that are handled by the
        engines.
      o Documentation!
@@ -24,11 +25,30 @@
  What already exists is fairly stable as far as it has been tested, but
  the test base has been a bit small most of the time.
  Because of this experimental status and what's lacking, the ENGINE
  component is not yet part of the default OpenSSL distribution.  However,
  we have made a separate kit for those who want to try this out, to be
  found in the same places as the default OpenSSL distribution, but with
  "-engine-" being part of the kit file name.  For example, version 0.9.6
  is distributed in the following two files:
      openssl-0.9.6.tar.gz
      openssl-engine-0.9.6.tar.gz
  NOTES
  =====
  openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
  not need to download both.
  openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
  crypto device.  The internal OpenSSL functions are contained in the
  engine "openssl", and will be used by default.
  No external crypto device is chosen unless you say so.  You have actively
  tell the openssl utility commands to use it through a new command line
  switch called "-engine".  And if you want to use the ENGINE library to
-  do something similar, you must also explicitely choose an external crypto
+  do something similar, you must also explicitly choose an external crypto
  device, or the built-in crypto routines will be used, just as in the
  default OpenSSL distribution.
@@ -36,7 +56,7 @@
  PROBLEMS
  ========
-  It seems like the ENGINE part doesn't work too well with Cryptoswift on
+  It seems like the ENGINE part doesn't work too well with CryptoSwift on
  Win32.  A quick test done right before the release showed that trying
  "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
  an attempt is made to write at memory address 0x00000002.
--- a/41
+++ b/41
@@ -1,11 +1,17 @@
  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2001/02/22 15:10:11 $
+  ______________                           $Date: 2002/08/09 11:37:13 $
  DEVELOPMENT STATE
    o  OpenSSL 0.9.7:  Under development...
-    o  OpenSSL 0.9.6a: Bugfix release -- under development...
+    o  OpenSSL 0.9.6g: Released on August     9th, 2002
    o  OpenSSL 0.9.6f: Released on August     8th, 2002
    o  OpenSSL 0.9.6e: Released on July      30th, 2002
    o  OpenSSL 0.9.6d: Released on May        9th, 2002
    o  OpenSSL 0.9.6c: Released on December  21st, 2001
    o  OpenSSL 0.9.6b: Released on July       9th, 2001
    o  OpenSSL 0.9.6a: Released on April      5th, 2001
    o  OpenSSL 0.9.6:  Released on September 24th, 2000
    o  OpenSSL 0.9.5a: Released on April      1st, 2000
    o  OpenSSL 0.9.5:  Released on February  28th, 2000
@@ -17,11 +23,9 @@
  RELEASE SHOWSTOPPERS
    o
  AVAILABLE PATCHES
-    o
+    o 
  IN PROGRESS
@@ -36,31 +40,24 @@
    o Geoff and Richard are currently working on:
 	ENGINE (the new code that gives hardware support among others).
    o Richard is currently working on:
 	UI (User Interface)
 	UTIL (a new set of library functions to support some higher level
 	      functionality that is currently missing).
 	Shared library support for VMS.
 	OCSP
 	Kerberos 5 authentication
 	Constification
 	OCSP
  NEEDS PATCH
    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
    o  OpenSSL_0_9_6-stable:
       #include <openssl/e_os.h> in exported header files is illegal since
       e_os.h is suitable only for library-internal use.
    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
       or an error is reported
-  OPEN ISSUES
+    o  "OpenSSL STATUS" is never up-to-date.
-    o  crypto/ex_data.c is not really thread-safe and so must be used
+  OPEN ISSUES
       with care (e.g., extra locking where necessary, or don't call
       CRYPTO_get_ex_new_index once multiple threads exist).
       The current API is not suitable for everything that it pretends
       to offer.
    o  The Makefile hierarchy and build mechanism is still not a round thing:
@@ -104,4 +101,14 @@
  WISHES
-    o 
+    o  SRP in TLS.
       [wished by:
        Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
        Tom Holroyd <tomh@po.crl.go.jp>]
       See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
       as well as http://www-cs-students.stanford.edu/~tjw/srp/.
       Tom Holroyd tells us there is a SRP patch for OpenSSH at
       http://members.tripod.com/professor_tom/archives/, that could
       be useful.
--- a/1388
+++ b/1388
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -5,7 +5,7 @@
 #      things easier between now and when Eric is convinced to fix it :-)
 #
 # CA -newca ... will setup the right stuff
-# CA -newreq[-nodes] ... will generate a certificate request 
+# CA -newreq ... will generate a certificate request 
 # CA -sign ... will sign the generated request and output 
 #
 # At the end of that grab newreq.pem and newcert.pem (one has the key 
@@ -54,7 +54,7 @@ $RET = 0;
 foreach (@ARGV) {
 	if ( /^(-\?|-h|-help)$/ ) {
-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
 	    exit 0;
 	} elsif (/^-newcert$/) {
 	    # create a certificate
@@ -66,11 +66,6 @@ foreach (@ARGV) {
 	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
 	    print "Request (and private key) is in newreq.pem\n";
 	} elsif (/^-newreq-nodes$/) {
 	    # create a certificate request
 	    system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
 	    print "Request (and private key) is in newreq.pem\n";
 	} elsif (/^-newca$/) {
 		# if explicitly asked for or it doesn't exist then setup the
 		# directory structure that Eric likes to manage things 
@@ -148,7 +143,7 @@ foreach (@ARGV) {
 	    }
 	} else {
 	    print STDERR "Unknown arg $_\n";
-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
 	    exit 1;
 	}
 }
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -124,7 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
 	int consider_randfile = (file == NULL);
 	char buffer[200];
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 	BIO_printf(bio_e,"Loading 'screen' into random state -");
 	BIO_flush(bio_e);
 	RAND_screen();
@@ -142,21 +142,18 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
 		}
 	if (file == NULL || !RAND_load_file(file, -1))
 		{
-		if (RAND_status() == 0)
+		if (RAND_status() == 0 && !dont_warn)
 			{
-			if (!dont_warn)
+			BIO_printf(bio_e,"unable to load 'random state'\n");
 			BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
 			BIO_printf(bio_e,"with much random data.\n");
 			if (consider_randfile) /* explanation does not apply when a file is explicitly named */
 				{
-				BIO_printf(bio_e,"unable to load 'random state'\n");
+				BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
-				BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
+				BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
 				BIO_printf(bio_e,"with much random data.\n");
 				if (consider_randfile) /* explanation does not apply when a file is explicitly named */
 					{
 					BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
 					BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
 					}
 				}
 			return 0;
 			}
 		return 0;
 		}
 	seeded = 1;
 	return 1;
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -70,24 +70,10 @@
 #include <openssl/pkcs12.h>
 #include <openssl/safestack.h>
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 #define strcasecmp _stricmp
 #else
 #include <strings.h>
 #endif
 #ifdef OPENSSL_SYS_WINDOWS
 #  include "bss_file.c"
 #endif
 typedef struct {
 	char *name;
 	unsigned long flag;
 	unsigned long mask;
 } NAME_EX_TBL;
 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
 int app_init(long mesgwin);
 #ifdef undef /* never finished - probably never will be :-) */
 int args_from_file(char *file, int *argc, char **argv[])
@@ -184,13 +170,11 @@ int str2fmt(char *s)
 		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
 		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
 		return(FORMAT_PKCS12);
 	else if ((*s == 'E') || (*s == 'e'))
 		return(FORMAT_ENGINE);
 	else
 		return(FORMAT_UNDEF);
 	}
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+#if defined(MSDOS) || defined(WIN32) || defined(WIN16)
 void program_name(char *in, char *out, int size)
 	{
 	int i,n;
@@ -228,7 +212,7 @@ void program_name(char *in, char *out, int size)
 	out[n]='\0';
 	}
 #else
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 void program_name(char *in, char *out, int size)
 	{
 	char *p=in, *q;
@@ -244,9 +228,16 @@ void program_name(char *in, char *out, int size)
 	q=strrchr(p,'.');
 	if (q == NULL)
-		q = in+size;
+		q = p + strlen(p);
-	strncpy(out,p,q-p);
+	strncpy(out,p,size-1);
-	out[q-p]='\0';
+	if (q-p >= size)
 		{
 		out[size-1]='\0';
 		}
 	else
 		{
 		out[q-p]='\0';
 		}
 	}
 #else
 void program_name(char *in, char *out, int size)
@@ -264,10 +255,10 @@ void program_name(char *in, char *out, int size)
 #endif
 #endif
-#ifdef OPENSSL_SYS_WIN32
+#ifdef WIN32
 int WIN32_rename(char *from, char *to)
 	{
-#ifdef OPENSSL_SYS_WINNT
+#ifdef WINNT
 	int ret;
 /* Note: MoveFileEx() doesn't work under Win95, Win98 */
@@ -448,11 +439,7 @@ int add_oid_section(BIO *err, LHASH *conf)
 	STACK_OF(CONF_VALUE) *sktmp;
 	CONF_VALUE *cnf;
 	int i;
-	if(!(p=CONF_get_string(conf,NULL,"oid_section")))
+	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
 		{
 		ERR_clear_error();
 		return 1;
 		}
 	if(!(sktmp = CONF_get_section(conf, p))) {
 		BIO_printf(err, "problem loading oid section %s\n", p);
 		return 0;
@@ -482,10 +469,7 @@ X509 *load_cert(BIO *err, char *file, int format)
 		}
 	if (file == NULL)
 		{
 		setvbuf(stdin, NULL, _IONBF, 0);
 		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
 		}
 	else
 		{
 		if (BIO_read_filename(cert,file) <= 0)
@@ -566,7 +550,7 @@ end:
 	return(x);
 	}
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -576,14 +560,6 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
 	if (format == FORMAT_ENGINE)
 		{
 		if (!e)
 			BIO_printf(bio_err,"no engine specified\n");
 		else
 			pkey = ENGINE_load_private_key(e, file, pass);
 		goto end;
 		}
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -623,7 +599,7 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
 	return(pkey);
 	}
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -633,14 +609,6 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
 	if (format == FORMAT_ENGINE)
 		{
 		if (!e)
 			BIO_printf(bio_err,"no engine specified\n");
 		else
 			pkey = ENGINE_load_public_key(e, file, NULL);
 		goto end;
 		}
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -733,44 +701,16 @@ end:
 	return(othercerts);
 	}
-
+typedef struct {
-#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
+	char *name;
-/* Return error for unknown extensions */
+	unsigned long flag;
-#define X509V3_EXT_DEFAULT		0
+	unsigned long mask;
-/* Print error for unknown extensions */
+} NAME_EX_TBL;
 #define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
 /* ASN1 parse unknown extensions */
 #define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
 /* BIO_dump unknown extensions */
 #define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
 int set_cert_ex(unsigned long *flags, const char *arg)
 {
 	static const NAME_EX_TBL cert_tbl[] = {
 		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},
 		{ "no_header", X509_FLAG_NO_HEADER, 0},
 		{ "no_version", X509_FLAG_NO_VERSION, 0},
 		{ "no_serial", X509_FLAG_NO_SERIAL, 0},
 		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
 		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
 		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
 		{ "no_issuer", X509_FLAG_NO_ISSUER, 0},
 		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
 		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
 		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
 		{ "no_aux", X509_FLAG_NO_AUX, 0},
 		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
 		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
 		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
 		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
 		{ NULL, 0, 0}
 	};
 	return set_table_opts(flags, arg, cert_tbl);
 }
 int set_name_ex(unsigned long *flags, const char *arg)
 {
-	static const NAME_EX_TBL ex_tbl[] = {
+	char c;
 	const NAME_EX_TBL *ptbl, ex_tbl[] = {
 		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
 		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
 		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
@@ -798,13 +738,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
 		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
 		{ NULL, 0, 0}
 	};
 	return set_table_opts(flags, arg, ex_tbl);
 }
 static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
 {
 	char c;
 	const NAME_EX_TBL *ptbl;
 	c = arg[0];
 	if(c == '-') {
@@ -815,8 +749,8 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T
 		arg++;
 	} else c = 1;
-	for(ptbl = in_tbl; ptbl->name; ptbl++) {
+	for(ptbl = ex_tbl; ptbl->name; ptbl++) {
-		if(!strcasecmp(arg, ptbl->name)) {
+		if(!strcmp(arg, ptbl->name)) {
 			*flags &= ~ptbl->mask;
 			if(c) *flags |= ptbl->flag;
 			else *flags &= ~ptbl->flag;
@@ -828,7 +762,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T
 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 {
-	char buf[256];
+	char *buf;
 	char mline = 0;
 	int indent = 0;
 	if(title) BIO_puts(out, title);
@@ -837,9 +771,10 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 		indent = 4;
 	}
 	if(lflags == XN_FLAG_COMPAT) {
-		X509_NAME_oneline(nm,buf,256);
+		buf = X509_NAME_oneline(nm, 0, 0);
-		BIO_puts(out,buf);
+		BIO_puts(out, buf);
 		BIO_puts(out, "\n");
 		OPENSSL_free(buf);
 	} else {
 		if(mline) BIO_puts(out, "\n");
 		X509_NAME_print_ex(out, nm, indent, lflags);
@@ -847,32 +782,3 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 	}
 }
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
 {
 	X509_STORE *store;
 	X509_LOOKUP *lookup;
 	if(!(store = X509_STORE_new())) goto end;
 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
 	if (lookup == NULL) goto end;
 	if (CAfile) {
 		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
 			BIO_printf(bp, "Error loading file %s\n", CAfile);
 			goto end;
 		}
 	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
 	if (lookup == NULL) goto end;
 	if (CApath) {
 		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
 			BIO_printf(bp, "Error loading directory %s\n", CApath);
 			goto end;
 		}
 	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
 	ERR_clear_error();
 	return store;
 	end:
 	X509_STORE_free(store);
 	return NULL;
 }
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -59,7 +59,7 @@
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H
-#include "e_os.h"
+#include "openssl/e_os.h"
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
@@ -67,7 +67,6 @@
 #include <openssl/x509.h>
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
 #include <openssl/engine.h>
 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
 int app_RAND_write_file(const char *file, BIO *bio_e);
@@ -79,11 +78,11 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
                                       * (see e_os.h).  The string is
                                       * destroyed! */
-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 BIO_METHOD *BIO_s_file();
 #endif
-#ifdef OPENSSL_SYS_WIN32
+#ifdef WIN32
 #define rename(from,to) WIN32_rename((from),(to))
 int WIN32_rename(char *oldname,char *newname);
 #endif
@@ -118,21 +117,18 @@ extern BIO *bio_err;
 #if defined(MONOLITH) && !defined(OPENSSL_C)
 #  define apps_startup()	do_pipe_sig()
 #else
-#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+#  if defined(MSDOS) || defined(WIN16) || defined(WIN32)
   defined(OPENSSL_SYS_WIN32)
 #    ifdef _O_BINARY
 #      define apps_startup() \
 		_fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		OpenSSL_add_all_algorithms(); ENGINE_load_builtin_engines()
+		SSLeay_add_all_algorithms()
 #    else
 #      define apps_startup() \
 		_fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		OpenSSL_add_all_algorithms(); ENGINE_load_builtin_engines()
+		SSLeay_add_all_algorithms()
 #    endif
 #  else
-#    define apps_startup() \
+#    define apps_startup()	do_pipe_sig(); SSLeay_add_all_algorithms();
 		do_pipe_sig(); OpenSSL_add_all_algorithms(); \
 		ENGINE_load_builtin_engines()
 #  endif
 #endif
@@ -151,15 +147,13 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 int dump_cert_text(BIO *out, X509 *x);
 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
 int set_cert_ex(unsigned long *flags, const char *arg);
 int set_name_ex(unsigned long *flags, const char *arg);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
 int add_oid_section(BIO *err, LHASH *conf);
 X509 *load_cert(BIO *err, char *file, int format);
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e);
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e);
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
 STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
@@ -168,7 +162,6 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
 #define FORMAT_NETSCAPE 4
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
 #define FORMAT_ENGINE   7
 #define NETSCAPE_CERT_HDR	"certificate"
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -181,7 +181,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
+		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   length of section in file\n");
@@ -192,7 +192,6 @@ bad:
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
 		BIO_printf(bio_err," -out filename output DER encoding to file\n");
 		goto end;
 		}
@@ -206,7 +205,7 @@ bad:
 		goto end;
 		}
 	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	out = BIO_push(tmpbio, out);
--- a/apps/ca.c
+++ b/apps/ca.c
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -95,11 +95,11 @@ int MAIN(int argc, char **argv)
 	char buf[512];
 	BIO *STDout=NULL;
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_server_method();
-#elif !defined(OPENSSL_NO_SSL3)
+#elif !defined(NO_SSL3)
 	meth=SSLv3_server_method();
-#elif !defined(OPENSSL_NO_SSL2)
+#elif !defined(NO_SSL2)
 	meth=SSLv2_server_method();
 #endif
@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	STDout = BIO_push(tmpbio, STDout);
@@ -121,15 +121,15 @@ int MAIN(int argc, char **argv)
 		{
 		if (strcmp(*argv,"-v") == 0)
 			verbose=1;
-#ifndef OPENSSL_NO_SSL2
+#ifndef NO_SSL2
 		else if (strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef NO_SSL3
 		else if (strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
-#ifndef OPENSSL_NO_TLS1
+#ifndef NO_TLS1
 		else if (strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
@@ -150,7 +150,7 @@ int MAIN(int argc, char **argv)
 	if (badops)
 		{
 		for (pp=ciphers_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+			BIO_printf(bio_err,*pp);
 		goto end;
 		}
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -124,7 +124,7 @@ int MAIN(int argc, char **argv)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
 			{
 			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			bio_out = BIO_push(tmpbio, bio_out);
@@ -214,7 +214,7 @@ int MAIN(int argc, char **argv)
 		{
 bad:
 		for (pp=crl_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+			BIO_printf(bio_err,*pp);
 		goto end;
 		}
@@ -324,7 +324,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -241,7 +241,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -66,7 +66,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -81,7 +80,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	unsigned char *buf=NULL;
 	int i,err=0;
 	const EVP_MD *md=NULL,*m;
@@ -89,18 +87,16 @@ int MAIN(int argc, char **argv)
 	BIO *bmd=NULL;
 	BIO *out = NULL;
 	const char *name;
-#define PROG_NAME_SIZE  16
+#define PROG_NAME_SIZE  39
-	char pname[PROG_NAME_SIZE];
+	char pname[PROG_NAME_SIZE+1];
 	int separator=0;
 	int debug=0;
 	int keyform=FORMAT_PEM;
 	const char *outfile = NULL, *keyfile = NULL;
 	const char *sigfile = NULL, *randfile = NULL;
 	int out_bin = -1, want_pub = 0, do_verify = 0;
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
 	char *engine=NULL;
 	apps_startup();
@@ -158,16 +154,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			sigfile=*(++argv);
 			}
 		else if (strcmp(*argv,"-keyform") == 0)
 			{
 			if (--argc < 1) break;
 			keyform=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) break;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-hex") == 0)
 			out_bin = 0;
 		else if (strcmp(*argv,"-binary") == 0)
@@ -202,10 +188,8 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
 		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
 		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
@@ -225,24 +209,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)
@@ -272,7 +238,7 @@ int MAIN(int argc, char **argv)
 		else    out = BIO_new_file(outfile, "w");
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -287,47 +253,20 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
-	if(keyfile)
+	if(keyfile) {
-		{
+		BIO *keybio;
-		if (keyform == FORMAT_PEM)
+		keybio = BIO_new_file(keyfile, "r");
-			{
+		if(!keybio) {
-			BIO *keybio;
+			BIO_printf(bio_err, "Error opening key file %s\n",
-			keybio = BIO_new_file(keyfile, "r");
+								keyfile);
-			if(!keybio)
+			ERR_print_errors(bio_err);
 				{
 				BIO_printf(bio_err,
 					"Error opening key file %s\n",
 					keyfile);
 				ERR_print_errors(bio_err);
 				goto end;
 				}
 			if(want_pub) 
 				sigkey = PEM_read_bio_PUBKEY(keybio,
 					NULL, NULL, NULL);
 			else
 				sigkey = PEM_read_bio_PrivateKey(keybio,
 					NULL, NULL, NULL);
 			BIO_free(keybio);
 			}
 		else if (keyform == FORMAT_ENGINE)
 			{
 			if (!e)
 				{
 				BIO_printf(bio_err,"no engine specified\n");
 				goto end;
 				}
 			if (want_pub)
 				sigkey = ENGINE_load_public_key(e, keyfile, NULL);
 			else
 				sigkey = ENGINE_load_private_key(e, keyfile, NULL);
 			}
 		else
 			{
 			BIO_printf(bio_err,
 				"bad input format specified for key file\n");
 			goto end;
-			}
+		}
 		if(want_pub) 
 			sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
 		else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
 		BIO_free(keybio);
 		if(!sigkey) {
 			BIO_printf(bio_err, "Error reading key file %s\n",
 								keyfile);
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -57,7 +57,7 @@
 * [including the GNU Public Licence.]
 */
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
@@ -69,7 +69,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	dh_main
@@ -88,12 +87,11 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;
 	apps_startup();
@@ -101,7 +99,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -132,11 +129,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -168,30 +160,11 @@ bad:
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -213,7 +186,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -109,7 +109,7 @@
 *
 */
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
@@ -121,9 +121,8 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 #include <openssl/dsa.h>
 #endif
@@ -149,16 +148,15 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	int dsaparam=0;
 #endif
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
-	char *inrand=NULL,*engine=NULL;
+	char *inrand=NULL;
 	int num = 0, g = 0;
 	apps_startup();
@@ -197,16 +195,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		else if (strcmp(*argv,"-dsaparam") == 0)
 			dsaparam=1;
 #endif
@@ -238,7 +231,7 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");
 #endif
 		BIO_printf(bio_err," -check        check the DH parameters\n");
@@ -247,7 +240,6 @@ bad:
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
@@ -257,28 +249,10 @@ bad:
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (g && !num)
 		num = DEFBITS;
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	if (dsaparam)
 		{
 		if (g)
@@ -305,7 +279,7 @@ bad:
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		if (dsaparam)
 			{
 			DSA *dsa;
@@ -366,7 +340,7 @@ bad:
 			goto end;
 			}
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		if (dsaparam)
 			{
 			DSA *dsa;
@@ -419,7 +393,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -68,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	dsa_main
@@ -88,7 +87,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
@@ -96,7 +94,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	int modulus=0;
@@ -107,7 +105,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -148,11 +145,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -184,10 +176,9 @@ bad:
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
@@ -198,24 +189,6 @@ bad:
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
@@ -262,7 +235,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -69,7 +69,6 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	dsaparam_main
@@ -91,7 +90,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
@@ -99,7 +97,6 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog,*inrand=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
 	char *engine=NULL;
 	apps_startup();
@@ -137,11 +134,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if(strcmp(*argv, "-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine = *(++argv);
 			}
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
@@ -184,11 +176,10 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -text         print the key in text\n");
+		BIO_printf(bio_err," -text         print as text\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
 		}
@@ -216,7 +207,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -232,24 +223,6 @@ bad:
 			}
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (need_rand)
 		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -66,12 +66,10 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 #include <openssl/md5.h>
 #endif
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #include <ctype.h>
 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -82,37 +80,17 @@ int set_hex(char *in,unsigned char *out,int size);
 #define BSIZE	(8*1024)
 #define	PROG	enc_main
 void show_ciphers(const OBJ_NAME *name,void *bio_)
 	{
 	BIO *bio=bio_;
 	static int n;
 	if(!islower((unsigned char)*name->name))
 		return;
 	BIO_printf(bio,"-%-25s",name->name);
 	if(++n == 3)
 		{
 		BIO_printf(bio,"\n");
 		n=0;
 		}
 	else
 		BIO_printf(bio," ");
 	}
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	static const char magic[]="Salted__";
 	char mbuf[8];	/* should be 1 smaller than magic */
 	char *strbuf=NULL;
 	unsigned char *buff=NULL,*bufsize=NULL;
 	int bsize=BSIZE,verbose=0;
 	int ret=1,inl;
-	int nopad = 0;
+	unsigned char key[24],iv[MD5_DIGEST_LENGTH];
 	unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
 	unsigned char salt[PKCS5_SALT_LEN];
 	char *str=NULL, *passarg = NULL, *pass = NULL;
 	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
@@ -121,9 +99,8 @@ int MAIN(int argc, char **argv)
 	const EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
-#define PROG_NAME_SIZE  16
+#define PROG_NAME_SIZE  39
-	char pname[PROG_NAME_SIZE];
+	char pname[PROG_NAME_SIZE+1];
 	char *engine = NULL;
 	apps_startup();
@@ -164,19 +141,12 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
 			printkey=1;
 		else if	(strcmp(*argv,"-v") == 0)
 			verbose=1;
 		else if	(strcmp(*argv,"-nopad") == 0)
 			nopad=1;
 		else if	(strcmp(*argv,"-salt") == 0)
 			nosalt=0;
 		else if	(strcmp(*argv,"-nosalt") == 0)
@@ -271,38 +241,79 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
 			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 			BIO_printf(bio_err,"Cipher Types\n");
-			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
-					       show_ciphers,
+			BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n");
-					       bio_err);
+			BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n");
-			BIO_printf(bio_err,"\n");
+#ifndef NO_IDEA
 			BIO_printf(bio_err,"idea    :128 bit key IDEA encryption\n");
 #endif
 #ifndef NO_RC4
 			BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
 #endif
 #ifndef NO_BF
 			BIO_printf(bio_err,"bf      :128 bit key Blowfish encryption\n");
 #endif
 #ifndef NO_RC4
 			BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
 				LN_rc4);
 #endif
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_des_ecb,LN_des_cbc,
 				LN_des_cfb64,LN_des_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n",
 				"des", LN_des_cbc);
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_des_ede,LN_des_ede_cbc,
 				LN_des_ede_cfb64,LN_des_ede_ofb64);
 			BIO_printf(bio_err," -desx -none\n");
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_des_ede3,LN_des_ede3_cbc,
 				LN_des_ede3_cfb64,LN_des_ede3_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n",
 				"des3", LN_des_ede3_cbc);
 #ifndef NO_IDEA
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_idea_ecb, LN_idea_cbc,
 				LN_idea_cfb64, LN_idea_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc);
 #endif
 #ifndef NO_RC2
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_rc2_ecb, LN_rc2_cbc,
 				LN_rc2_cfb64, LN_rc2_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
 #endif
 #ifndef NO_BF
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_bf_ecb, LN_bf_cbc,
 				LN_bf_cfb64, LN_bf_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
 #endif
 #ifndef NO_CAST
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_cast5_ecb, LN_cast5_cbc,
 				LN_cast5_cfb64, LN_cast5_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
 #endif
 #ifndef NO_RC5
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_rc5_ecb, LN_rc5_cbc,
 				LN_rc5_cfb64, LN_rc5_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
 #endif
 			goto end;
 			}
 		argc--;
 		argv++;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -407,7 +418,7 @@ bad:
 	if (outf == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -445,9 +456,6 @@ bad:
 	if (cipher != NULL)
 		{
 		/* Note that str is NULL if a key was passed on the command
 		 * line, so we get no salt in that case. Is this a bug?
 		 */
 		if (str != NULL)
 			{
 			/* Salt handling: if encrypting generate a salt and
@@ -502,12 +510,20 @@ bad:
 			else
 				memset(str,0,strlen(str));
 			}
-		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
+		if ((hiv != NULL) && !set_hex(hiv,iv,8))
 			{
 			BIO_printf(bio_err,"invalid hex iv value\n");
 			goto end;
 			}
-		if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
+		if ((hiv == NULL) && (str == NULL))
 			{
 			/* No IV was explicitly set and no IV was generated
 			 * during EVP_BytesToKey. Hence the IV is undefined,
 			 * making correct decryption impossible. */
 			BIO_printf(bio_err, "iv undefined\n");
 			goto end;
 			}
 		if ((hkey != NULL) && !set_hex(hkey,key,24))
 			{
 			BIO_printf(bio_err,"invalid hex key value\n");
 			goto end;
@@ -516,12 +532,6 @@ bad:
 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
 			goto end;
 		BIO_set_cipher(benc,cipher,key,iv,enc);
 		if (nopad)
 			{
 			EVP_CIPHER_CTX *ctx;
 			BIO_get_cipher_ctx(benc, &ctx);
 			EVP_CIPHER_CTX_set_padding(ctx, 0);
 			}
 		if (debug)
 			{
 			BIO_set_callback(benc,BIO_debug_callback);
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -1,243 +0,0 @@
 /* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
 /* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
 #include <openssl/err.h>
 #include <openssl/engine.h>
 #include <openssl/ssl.h>
 #undef PROG
 #define PROG	engine_main
 static char *engine_usage[]={
 "usage: engine opts [engine ...]\n",
 " -v          - verbose mode, a textual listing of the engines in OpenSSL\n",
 " -c          - for each engine, also list the capabilities\n",
 " -t          - for each engine, check that they are really available\n",
 NULL
 };
 static void identity(void *ptr)
 	{
 	return;
 	}
 static int append_buf(char **buf, char *s, int *size, int step)
 	{
 	int l = strlen(s);
 	if (*buf == NULL)
 		{
 		*size = step;
 		*buf = OPENSSL_malloc(*size);
 		if (*buf == NULL)
 			return 0;
 		**buf = '\0';
 		}
 	if (**buf != '\0')
 		l += 2;		/* ", " */
 	if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
 		{
 		*size += step;
 		*buf = OPENSSL_realloc(*buf, *size);
 		}
 	if (*buf == NULL)
 		return 0;
 	if (**buf != '\0')
 		strcat(*buf, ", ");
 	strcat(*buf, s);
 	return 1;
 	}
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	int ret=1,i;
 	char **pp;
 	int verbose=0, list_cap=0, test_avail=0;
 	ENGINE *e;
 	STACK *engines = sk_new_null();
 	int badops=0;
 	BIO *bio_out=NULL;
 	apps_startup();
 	SSL_load_error_strings();
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	bio_out = BIO_push(tmpbio, bio_out);
 	}
 #endif
 	argc--;
 	argv++;
 	while (argc >= 1)
 		{
 		if (strcmp(*argv,"-v") == 0)
 			verbose=1;
 		else if (strcmp(*argv,"-c") == 0)
 			list_cap=1;
 		else if (strcmp(*argv,"-t") == 0)
 			test_avail=1;
 		else if ((strncmp(*argv,"-h",2) == 0) ||
 			 (strcmp(*argv,"-?") == 0))
 			{
 			badops=1;
 			break;
 			}
 		else
 			{
 			sk_push(engines,*argv);
 			}
 		argc--;
 		argv++;
 		}
 	if (badops)
 		{
 		for (pp=engine_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}
 	if (sk_num(engines) == 0)
 		{
 		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
 			{
 			sk_push(engines,(char *)ENGINE_get_id(e));
 			}
 		}
 	for (i=0; i<sk_num(engines); i++)
 		{
 		const char *id = sk_value(engines,i);
 		if ((e = ENGINE_by_id(id)) != NULL)
 			{
 			const char *name = ENGINE_get_name(e);
 			BIO_printf(bio_out, "%s (%s)", name, id);
 			if (list_cap || test_avail)
 				BIO_printf(bio_out, ":");
 			if (test_avail)
 				{
 				if (ENGINE_init(e))
 					{
 					BIO_printf(bio_out, " available");
 					ENGINE_finish(e);
 					}
 				else
 					{
 					BIO_printf(bio_out, " unavailable");
 					ERR_clear_error();
 					}
 				}
 			if (list_cap)
 				{
 				int cap_size = 256;
 				char *cap_buf = NULL;
 				if (ENGINE_get_RSA(e) != NULL
 					&& !append_buf(&cap_buf, "RSA",
 						&cap_size, 256))
 					goto end;
 				if (ENGINE_get_DSA(e) != NULL
 					&& !append_buf(&cap_buf, "DSA",
 						&cap_size, 256))
 					goto end;
 				if (ENGINE_get_DH(e) != NULL
 					&& !append_buf(&cap_buf, "DH",
 						&cap_size, 256))
 					goto end;
 				if (ENGINE_get_RAND(e) != NULL
 					&& !append_buf(&cap_buf, "RAND",
 						&cap_size, 256))
 					goto end;
 				if (*cap_buf != '\0')
 					BIO_printf(bio_out, " [%s]", cap_buf);
 				OPENSSL_free(cap_buf);
 				}
 			BIO_printf(bio_out, "\n");
 			}
 		else
 			ERR_print_errors(bio_err);
 		}
 	ret=0;
 end:
 	ERR_print_errors(bio_err);
 	sk_pop_free(engines, identity);
 	if (bio_out != NULL) BIO_free_all(bio_out);
 	EXIT(ret);
 	}
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -91,7 +91,7 @@ int MAIN(int argc, char **argv)
 		out=BIO_new(BIO_s_file());
 		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
 			{
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -57,7 +57,7 @@
 * [including the GNU Public Licence.]
 */
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
@@ -70,7 +70,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define DEFBITS	512
 #undef PROG
@@ -82,13 +81,11 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
 	char *inrand=NULL;
 	char *engine=NULL;
 	BIO *out=NULL;
 	apps_startup();
@@ -113,11 +110,6 @@ int MAIN(int argc, char **argv)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -133,34 +125,15 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
+		BIO_printf(bio_err," -2    use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
+	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
+		BIO_printf(bio_err," -5    use 5 as the generator value\n");
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -171,7 +144,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
@@ -68,7 +68,6 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define DEFBITS	512
 #undef PROG
@@ -78,15 +77,13 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
 	char *inrand=NULL,*dsaparams=NULL;
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
-	const EVP_CIPHER *enc=NULL;
+	EVP_CIPHER *enc=NULL;
 	char *engine=NULL;
 	apps_startup();
@@ -109,11 +106,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -121,13 +113,13 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-") == 0)
 			goto bad;
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		else if (strcmp(*argv,"-des") == 0)
 			enc=EVP_des_cbc();
 		else if (strcmp(*argv,"-des3") == 0)
 			enc=EVP_des_ede3_cbc();
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
@@ -146,14 +138,13 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
 		BIO_printf(bio_err," -out file - output the key to 'file'\n");
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
 		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
@@ -162,24 +153,6 @@ bad:
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -207,7 +180,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
@@ -69,7 +69,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define DEFBITS	512
 #undef PROG
@@ -81,16 +80,14 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
 	long l;
-	const EVP_CIPHER *enc=NULL;
+	EVP_CIPHER *enc=NULL;
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
 	char *engine=NULL;
 	char *inrand=NULL;
 	BIO *out=NULL;
@@ -119,23 +116,18 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		else if (strcmp(*argv,"-des") == 0)
 			enc=EVP_des_cbc();
 		else if (strcmp(*argv,"-des3") == 0)
 			enc=EVP_des_ede3_cbc();
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
@@ -155,14 +147,13 @@ bad:
 		BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
 		BIO_printf(bio_err," -des            encrypt the generated key with DES in cbc mode\n");
 		BIO_printf(bio_err," -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt the generated key with IDEA in cbc mode\n");
 #endif
 		BIO_printf(bio_err," -out file       output the key to 'file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
@@ -176,28 +167,10 @@ bad:
 		goto err;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto err;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto err;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -213,8 +186,7 @@ bad:
 			}
 		}
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
 		&& !RAND_status())
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
@@ -269,7 +241,7 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
 	p=n;
 #endif
 	}
-#else /* !OPENSSL_NO_RSA */
+#else /* !NO_RSA */
 # if PEDANTIC
 static void *dummy=&dummy;
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -157,13 +157,13 @@ $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "RSA;RSAUTL;DSA;DSAPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
-	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP"
+	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
 	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
 	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
 	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
-	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ
+	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",OPENSSL,"
@@ -581,7 +581,6 @@ $ CHECK_OPTIONS:
 $!
 $! Check To See If P1 Is Blank.
 $!
 $ P1 = "NORSAREF"
 $ IF (P1.EQS."NORSAREF")
 $ THEN
 $!
@@ -806,7 +805,31 @@ $ ENDIF
 $!
 $! Set Up Initial CC Definitions, Possibly With User Ones
 $!
-$ CCDEFS = "MONOLITH"
+$ CCDEFS = "VMS=1,MONOLITH"
 $ IF F$TRNLNM("OPENSSL_NO_ASM") THEN CCDEFS = CCDEFS + ",NO_ASM"
 $ IF F$TRNLNM("OPENSSL_NO_RSA") THEN CCDEFS = CCDEFS + ",NO_RSA"
 $ IF F$TRNLNM("OPENSSL_NO_DSA") THEN CCDEFS = CCDEFS + ",NO_DSA"
 $ IF F$TRNLNM("OPENSSL_NO_DH") THEN CCDEFS = CCDEFS + ",NO_DH"
 $ IF F$TRNLNM("OPENSSL_NO_MD2") THEN CCDEFS = CCDEFS + ",NO_MD2"
 $ IF F$TRNLNM("OPENSSL_NO_MD5") THEN CCDEFS = CCDEFS + ",NO_MD5"
 $ IF F$TRNLNM("OPENSSL_NO_RIPEMD") THEN CCDEFS = CCDEFS + ",NO_RIPEMD"
 $ IF F$TRNLNM("OPENSSL_NO_SHA") THEN CCDEFS = CCDEFS + ",NO_SHA"
 $ IF F$TRNLNM("OPENSSL_NO_SHA0") THEN CCDEFS = CCDEFS + ",NO_SHA0"
 $ IF F$TRNLNM("OPENSSL_NO_SHA1") THEN CCDEFS = CCDEFS + ",NO_SHA1"
 $ IF F$TRNLNM("OPENSSL_NO_DES")
 $ THEN
 $   CCDEFS = CCDEFS + ",NO_DES,NO_MDC2"
 $ ELSE
 $   IF F$TRNLNM("OPENSSL_NO_MDC2") THEN CCDEFS = CCDEFS + ",NO_MDC2"
 $ ENDIF
 $ IF F$TRNLNM("OPENSSL_NO_RC2") THEN CCDEFS = CCDEFS + ",NO_RC2"
 $ IF F$TRNLNM("OPENSSL_NO_RC4") THEN CCDEFS = CCDEFS + ",NO_RC4"
 $ IF F$TRNLNM("OPENSSL_NO_RC5") THEN CCDEFS = CCDEFS + ",NO_RC5"
 $ IF F$TRNLNM("OPENSSL_NO_IDEA") THEN CCDEFS = CCDEFS + ",NO_IDEA"
 $ IF F$TRNLNM("OPENSSL_NO_BF") THEN CCDEFS = CCDEFS + ",NO_BF"
 $ IF F$TRNLNM("OPENSSL_NO_CAST") THEN CCDEFS = CCDEFS + ",NO_CAST"
 $ IF F$TRNLNM("OPENSSL_NO_HMAC") THEN CCDEFS = CCDEFS + ",NO_HMAC"
 $ IF F$TRNLNM("OPENSSL_NO_SSL2") THEN CCDEFS = CCDEFS + ",NO_SSL2"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
@@ -838,8 +861,7 @@ $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + -
+           "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
 	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -870,8 +892,7 @@ $	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
 $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
 	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -902,8 +923,7 @@ $!
 $!    Use GNU C...
 $!
 $     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
-$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
 	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -1113,6 +1133,7 @@ $!
 $! Save directory information
 $!
 $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
 $ __HERE = F$EDIT(__HERE,"UPCASE")
 $ __TOP = __HERE - "APPS]"
 $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
 $!
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -121,7 +121,7 @@ int MAIN(int argc, char **argv)
 		}
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1,756 +0,0 @@
 /* ocsp.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <string.h>
 #include <openssl/pem.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include "apps.h"
 /* Maximum leeway in validity period: default 5 minutes */
 #define MAX_VALIDITY_PERIOD	(5 * 60)
 static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
 				STACK_OF(OCSP_CERTID) *ids);
 static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
 				STACK_OF(OCSP_CERTID) *ids);
 static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
 				STACK *names, STACK_OF(OCSP_CERTID) *ids,
 				long nsec, long maxage);
 #undef PROG
 #define PROG ocsp_main
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	char **args;
 	char *host = NULL, *port = NULL, *path = "/";
 	char *reqin = NULL, *respin = NULL;
 	char *reqout = NULL, *respout = NULL;
 	char *signfile = NULL, *keyfile = NULL;
 	char *outfile = NULL;
 	int add_nonce = 1, noverify = 0, use_ssl = -1;
 	OCSP_REQUEST *req = NULL;
 	OCSP_RESPONSE *resp = NULL;
 	OCSP_BASICRESP *bs = NULL;
 	X509 *issuer = NULL, *cert = NULL;
 	X509 *signer = NULL;
 	EVP_PKEY *key = NULL;
 	BIO *cbio = NULL, *derbio = NULL;
 	BIO *out = NULL;
 	int req_text = 0, resp_text = 0;
 	long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
 	char *CAfile = NULL, *CApath = NULL;
 	X509_STORE *store = NULL;
 	SSL_CTX *ctx = NULL;
 	STACK_OF(X509) *sign_other = NULL, *verify_other = NULL;
 	char *sign_certfile = NULL, *verify_certfile = NULL;
 	unsigned long sign_flags = 0, verify_flags = 0;
 	int ret = 1;
 	int badarg = 0;
 	int i;
 	STACK *reqnames = NULL;
 	STACK_OF(OCSP_CERTID) *ids = NULL;
 	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
 	SSL_load_error_strings();
 	args = argv + 1;
 	reqnames = sk_new_null();
 	ids = sk_OCSP_CERTID_new_null();
 	while (!badarg && *args && *args[0] == '-')
 		{
 		if (!strcmp(*args, "-out"))
 			{
 			if (args[1])
 				{
 				args++;
 				outfile = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-url"))
 			{
 			if (args[1])
 				{
 				args++;
 				if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl))
 					{
 					BIO_printf(bio_err, "Error parsing URL\n");
 					badarg = 1;
 					}
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-host"))
 			{
 			if (args[1])
 				{
 				args++;
 				host = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-noverify"))
 			noverify = 1;
 		else if (!strcmp(*args, "-nonce"))
 			add_nonce = 2;
 		else if (!strcmp(*args, "-no_nonce"))
 			add_nonce = 0;
 		else if (!strcmp(*args, "-no_certs"))
 			sign_flags |= OCSP_NOCERTS;
 		else if (!strcmp(*args, "-no_signature_verify"))
 			verify_flags |= OCSP_NOSIGS;
 		else if (!strcmp(*args, "-no_cert_verify"))
 			verify_flags |= OCSP_NOVERIFY;
 		else if (!strcmp(*args, "-no_chain"))
 			verify_flags |= OCSP_NOCHAIN;
 		else if (!strcmp(*args, "-no_cert_checks"))
 			verify_flags |= OCSP_NOCHECKS;
 		else if (!strcmp(*args, "-no_explicit"))
 			verify_flags |= OCSP_NOEXPLICIT;
 		else if (!strcmp(*args, "-trust_other"))
 			verify_flags |= OCSP_TRUSTOTHER;
 		else if (!strcmp(*args, "-no_intern"))
 			verify_flags |= OCSP_NOINTERN;
 		else if (!strcmp(*args, "-text"))
 			{
 			req_text = 1;
 			resp_text = 1;
 			}
 		else if (!strcmp(*args, "-req_text"))
 			req_text = 1;
 		else if (!strcmp(*args, "-resp_text"))
 			resp_text = 1;
 		else if (!strcmp(*args, "-reqin"))
 			{
 			if (args[1])
 				{
 				args++;
 				reqin = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-respin"))
 			{
 			if (args[1])
 				{
 				args++;
 				respin = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-signer"))
 			{
 			if (args[1])
 				{
 				args++;
 				signfile = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp (*args, "-VAfile"))
 			{
 			if (args[1])
 				{
 				args++;
 				verify_certfile = *args;
 				verify_flags |= OCSP_TRUSTOTHER;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-sign_other"))
 			{
 			if (args[1])
 				{
 				args++;
 				sign_certfile = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-verify_other"))
 			{
 			if (args[1])
 				{
 				args++;
 				verify_certfile = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp (*args, "-CAfile"))
 			{
 			if (args[1])
 				{
 				args++;
 				CAfile = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp (*args, "-CApath"))
 			{
 			if (args[1])
 				{
 				args++;
 				CApath = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp (*args, "-validity_period"))
 			{
 			if (args[1])
 				{
 				args++;
 				nsec = atol(*args);
 				if (nsec < 0)
 					{
 					BIO_printf(bio_err,
 						"Illegal validity period %s\n",
 						*args);
 					badarg = 1;
 					}
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp (*args, "-status_age"))
 			{
 			if (args[1])
 				{
 				args++;
 				maxage = atol(*args);
 				if (maxage < 0)
 					{
 					BIO_printf(bio_err,
 						"Illegal validity age %s\n",
 						*args);
 					badarg = 1;
 					}
 				}
 			else badarg = 1;
 			}
 		 else if (!strcmp(*args, "-signkey"))
 			{
 			if (args[1])
 				{
 				args++;
 				keyfile = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-reqout"))
 			{
 			if (args[1])
 				{
 				args++;
 				reqout = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-respout"))
 			{
 			if (args[1])
 				{
 				args++;
 				respout = *args;
 				}
 			else badarg = 1;
 			}
 		 else if (!strcmp(*args, "-path"))
 			{
 			if (args[1])
 				{
 				args++;
 				path = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-issuer"))
 			{
 			if (args[1])
 				{
 				args++;
 				X509_free(issuer);
 				issuer = load_cert(bio_err, *args, FORMAT_PEM);
 				if(!issuer) goto end;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp (*args, "-cert"))
 			{
 			if (args[1])
 				{
 				args++;
 				X509_free(cert);
 				cert = load_cert(bio_err, *args, FORMAT_PEM);
 				if(!cert) goto end;
 				if(!add_ocsp_cert(&req, cert, issuer, ids))
 					goto end;
 				if(!sk_push(reqnames, *args))
 					goto end;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-serial"))
 			{
 			if (args[1])
 				{
 				args++;
 				if(!add_ocsp_serial(&req, *args, issuer, ids))
 					goto end;
 				if(!sk_push(reqnames, *args))
 					goto end;
 				}
 			else badarg = 1;
 			}
 		else badarg = 1;
 		args++;
 		}
 	/* Have we anything to do? */
 	if (!req && !reqin && !respin) badarg = 1;
 	if (badarg)
 		{
 		BIO_printf (bio_err, "OCSP utility\n");
 		BIO_printf (bio_err, "Usage ocsp [options]\n");
 		BIO_printf (bio_err, "where options are\n");
 		BIO_printf (bio_err, "-out file          output filename\n");
 		BIO_printf (bio_err, "-issuer file       issuer certificate\n");
 		BIO_printf (bio_err, "-cert file         certificate to check\n");
 		BIO_printf (bio_err, "-serial n          serial number to check\n");
 		BIO_printf (bio_err, "-signer file       certificate to sign OCSP request with\n");
 		BIO_printf (bio_err, "-signkey file      private key to sign OCSP request with\n");
 		BIO_printf (bio_err, "-sign_certs file   additional certificates to include in signed request\n");
 		BIO_printf (bio_err, "-no_certs          don't include any certificates in signed request\n");
 		BIO_printf (bio_err, "-req_text          print text form of request\n");
 		BIO_printf (bio_err, "-resp_text         print text form of response\n");
 		BIO_printf (bio_err, "-text              print text form of request and response\n");
 		BIO_printf (bio_err, "-reqout file       write DER encoded OCSP request to \"file\"\n");
 		BIO_printf (bio_err, "-respout file      write DER encoded OCSP reponse to \"file\"\n");
 		BIO_printf (bio_err, "-reqin file        read DER encoded OCSP request from \"file\"\n");
 		BIO_printf (bio_err, "-respin file       read DER encoded OCSP reponse from \"file\"\n");
 		BIO_printf (bio_err, "-nonce             add OCSP nonce to request\n");
 		BIO_printf (bio_err, "-no_nonce          don't add OCSP nonce to request\n");
 		BIO_printf (bio_err, "-url URL           OCSP responder URL\n");
 		BIO_printf (bio_err, "-host host:n       send OCSP request to host on port n\n");
 		BIO_printf (bio_err, "-path              path to use in OCSP request\n");
 		BIO_printf (bio_err, "-CApath dir        trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file       trusted certificates file\n");
 		BIO_printf (bio_err, "-VAfile file       validator certificates file\n");
 		BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
 		BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");
 		BIO_printf (bio_err, "-noverify          don't verify response at all\n");
 		BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n");
 		BIO_printf (bio_err, "-trust_other       don't verify additional certificates\n");
 		BIO_printf (bio_err, "-no_intern         don't search certificates contained in response for signer\n");
 		BIO_printf (bio_err, "-no_sig_verify     don't check signature on response\n");
 		BIO_printf (bio_err, "-no_cert_verify    don't check signing certificate\n");
 		BIO_printf (bio_err, "-no_chain          don't chain verify response\n");
 		BIO_printf (bio_err, "-no_cert_checks    don't do additional checks on signing certificate\n");
 		goto end;
 		}
 	if(outfile) out = BIO_new_file(outfile, "w");
 	else out = BIO_new_fp(stdout, BIO_NOCLOSE);
 	if(!out)
 		{
 		BIO_printf(bio_err, "Error opening output file\n");
 		goto end;
 		}
 	if (!req && (add_nonce != 2)) add_nonce = 0;
 	if (!req && reqin)
 		{
 		derbio = BIO_new_file(reqin, "rb");
 		if (!derbio)
 			{
 			BIO_printf(bio_err, "Error Opening OCSP request file\n");
 			goto end;
 			}
 		req = d2i_OCSP_REQUEST_bio(derbio, NULL);
 		BIO_free(derbio);
 		if(!req)
 			{
 			BIO_printf(bio_err, "Error reading OCSP request\n");
 			goto end;
 			}
 		}
 	if (!req && (signfile || reqout || host || add_nonce))
 		{
 		BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
 		goto end;
 		}
 	if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1);
 	if (signfile)
 		{
 		if (!keyfile) keyfile = signfile;
 		signer = load_cert(bio_err, signfile, FORMAT_PEM);
 		if (!signer)
 			{
 			BIO_printf(bio_err, "Error loading signer certificate\n");
 			goto end;
 			}
 		if (sign_certfile)
 			{
 			sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM);
 			if (!sign_other) goto end;
 			}
 		key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL);
 		if (!key)
 			{
 			BIO_printf(bio_err, "Error loading signer private key\n");
 			goto end;
 			}
 		if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags))
 			{
 			BIO_printf(bio_err, "Error signing OCSP request\n");
 			goto end;
 			}
 		}
 	if (reqout)
 		{
 		derbio = BIO_new_file(reqout, "wb");
 		if (!derbio)
 			{
 			BIO_printf(bio_err, "Error opening file %s\n", reqout);
 			goto end;
 			}
 		i2d_OCSP_REQUEST_bio(derbio, req);
 		BIO_free(derbio);
 		}
 	if (req_text && req) OCSP_REQUEST_print(out, req, 0);
 	if (host)
 		{
 		cbio = BIO_new_connect(host);
 		if (!cbio)
 			{
 			BIO_printf(bio_err, "Error creating connect BIO\n");
 			goto end;
 			}
 		if (port) BIO_set_conn_port(cbio, port);
 		if (use_ssl == 1)
 			{
 			BIO *sbio;
 			ctx = SSL_CTX_new(SSLv23_client_method());
 			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
 			sbio = BIO_new_ssl(ctx, 1);
 			cbio = BIO_push(sbio, cbio);
 			}
 		if (BIO_do_connect(cbio) <= 0)
 			{
 			BIO_printf(bio_err, "Error connecting BIO\n");
 			goto end;
 			}
 		resp = OCSP_sendreq_bio(cbio, path, req);
 		BIO_free_all(cbio);
 		cbio = NULL;
 		if (!resp)
 			{
 			BIO_printf(bio_err, "Error querying OCSP responsder\n");
 			goto end;
 			}
 		}
 	else if (respin)
 		{
 		derbio = BIO_new_file(respin, "rb");
 		if (!derbio)
 			{
 			BIO_printf(bio_err, "Error Opening OCSP response file\n");
 			goto end;
 			}
 		resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
 		BIO_free(derbio);
 		if(!resp)
 			{
 			BIO_printf(bio_err, "Error reading OCSP response\n");
 			goto end;
 			}
 		}
 	else
 		{
 		ret = 0;
 		goto end;
 		}
 	if (respout)
 		{
 		derbio = BIO_new_file(respout, "wb");
 		if(!derbio)
 			{
 			BIO_printf(bio_err, "Error opening file %s\n", respout);
 			goto end;
 			}
 		i2d_OCSP_RESPONSE_bio(derbio, resp);
 		BIO_free(derbio);
 		}
 	i = OCSP_response_status(resp);
 	if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
 		{
 		BIO_printf(out, "Responder Error: %s (%ld)\n",
 				OCSP_response_status_str(i), i);
 		ret = 0;
 		goto end;
 		}
 	if (resp_text) OCSP_RESPONSE_print(out, resp, 0);
 	store = setup_verify(bio_err, CAfile, CApath);
 	if(!store) goto end;
 	if (verify_certfile)
 		{
 		verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM);
 		if (!verify_other) goto end;
 		}
 	bs = OCSP_response_get1_basic(resp);
 	if (!bs)
 		{
 		BIO_printf(bio_err, "Error parsing response\n");
 		goto end;
 		}
 	if (!noverify)
 		{
 		if (req && ((i = OCSP_check_nonce(req, bs)) <= 0))
 			{
 			if (i == -1)
 				BIO_printf(bio_err, "WARNING: no nonce in response\n");
 			else
 				{
 				BIO_printf(bio_err, "Nonce Verify error\n");
 				goto end;
 				}
 			}
 		i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
                if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);
 		if(i <= 0)
 			{
 			BIO_printf(bio_err, "Response Verify Failure\n", i);
 			ERR_print_errors(bio_err);
 			}
 		else
 			BIO_printf(bio_err, "Response verify OK\n");
 		}
 	if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
 		goto end;
 	ret = 0;
 end:
 	ERR_print_errors(bio_err);
 	X509_free(signer);
 	X509_STORE_free(store);
 	EVP_PKEY_free(key);
 	X509_free(issuer);
 	X509_free(cert);
 	BIO_free_all(cbio);
 	BIO_free(out);
 	OCSP_REQUEST_free(req);
 	OCSP_RESPONSE_free(resp);
 	OCSP_BASICRESP_free(bs);
 	sk_free(reqnames);
 	sk_OCSP_CERTID_free(ids);
 	sk_X509_pop_free(sign_other, X509_free);
 	sk_X509_pop_free(verify_other, X509_free);
 	if (use_ssl != -1)
 		{
 		OPENSSL_free(host);
 		OPENSSL_free(port);
 		OPENSSL_free(path);
 		SSL_CTX_free(ctx);
 		}
 	EXIT(ret);
 }
 static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
 				STACK_OF(OCSP_CERTID) *ids)
 	{
 	OCSP_CERTID *id;
 	if(!issuer)
 		{
 		BIO_printf(bio_err, "No issuer certificate specified\n");
 		return 0;
 		}
 	if(!*req) *req = OCSP_REQUEST_new();
 	if(!*req) goto err;
 	id = OCSP_cert_to_id(NULL, cert, issuer);
 	if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
 	if(!OCSP_request_add0_id(*req, id)) goto err;
 	return 1;
 	err:
 	BIO_printf(bio_err, "Error Creating OCSP request\n");
 	return 0;
 	}
 static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
 				STACK_OF(OCSP_CERTID) *ids)
 	{
 	OCSP_CERTID *id;
 	X509_NAME *iname;
 	ASN1_BIT_STRING *ikey;
 	ASN1_INTEGER *sno;
 	if(!issuer)
 		{
 		BIO_printf(bio_err, "No issuer certificate specified\n");
 		return 0;
 		}
 	if(!*req) *req = OCSP_REQUEST_new();
 	if(!*req) goto err;
 	iname = X509_get_subject_name(issuer);
 	ikey = X509_get0_pubkey_bitstr(issuer);
 	sno = s2i_ASN1_INTEGER(NULL, serial);
 	if(!sno)
 		{
 		BIO_printf(bio_err, "Error converting serial number %s\n", serial);
 		return 0;
 		}
 	id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);
 	ASN1_INTEGER_free(sno);
 	if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
 	if(!OCSP_request_add0_id(*req, id)) goto err;
 	return 1;
 	err:
 	BIO_printf(bio_err, "Error Creating OCSP request\n");
 	return 0;
 	}
 static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
 					STACK *names, STACK_OF(OCSP_CERTID) *ids,
 					long nsec, long maxage)
 	{
 	OCSP_CERTID *id;
 	char *name;
 	int i;
 	int status, reason;
 	ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
 	if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))
 		return 1;
 	for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
 		{
 		id = sk_OCSP_CERTID_value(ids, i);
 		name = sk_value(names, i);
 		BIO_printf(out, "%s: ", name);
 		if(!OCSP_resp_find_status(bs, id, &status, &reason,
 					&rev, &thisupd, &nextupd))
 			{
 			BIO_puts(out, "ERROR: No Status found.\n");
 			continue;
 			}
 		/* Check validity: if invalid write to output BIO so we
 		 * know which response this refers to.
 		 */
 		if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage))
 			{
 			BIO_puts(out, "WARNING: Status times invalid.\n");
 			ERR_print_errors(out);
 			}
 		BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
 		BIO_puts(out, "\tThis Update: ");
 		ASN1_GENERALIZEDTIME_print(out, thisupd);
 		BIO_puts(out, "\n");
 		if(nextupd)
 			{
 			BIO_puts(out, "\tNext Update: ");
 			ASN1_GENERALIZEDTIME_print(out, nextupd);
 			BIO_puts(out, "\n");
 			}
 		if (status != V_OCSP_CERTSTATUS_REVOKED)
 			continue;
 		if (reason != -1)
 			BIO_printf(out, "\tReason: %s\n",
 				OCSP_crl_reason_str(reason));
 		BIO_puts(out, "\tRevocation Time: ");
 		ASN1_GENERALIZEDTIME_print(out, rev);
 		BIO_puts(out, "\n");
 		}
 	return 1;
 	}
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -55,60 +55,6 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <string.h>
@@ -127,15 +73,8 @@
 #include "s_apps.h"
 #include <openssl/err.h>
-/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
+static unsigned long MS_CALLBACK hash(FUNCTION *a);
- * base prototypes (we cast each variable inside the function to the required
+static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
 * functions. */
 /* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
 static unsigned long MS_CALLBACK hash(const void *a_void);
 /* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
 static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
 LHASH *config=NULL;
@@ -146,76 +85,11 @@ char *default_config_file=NULL;
 BIO *bio_err=NULL;
 #endif
 static void lock_dbg_cb(int mode, int type, const char *file, int line)
 	{
 	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
 	const char *errstr = NULL;
 	int rw;
 	rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
 	if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
 		{
 		errstr = "invalid mode";
 		goto err;
 		}
 	if (type < 0 || type > CRYPTO_NUM_LOCKS)
 		{
 		errstr = "type out of bounds";
 		goto err;
 		}
 	if (mode & CRYPTO_LOCK)
 		{
 		if (modes[type])
 			{
 			errstr = "already locked";
 			/* must not happen in a single-threaded program
 			 * (would deadlock) */
 			goto err;
 			}
 		modes[type] = rw;
 		}
 	else if (mode & CRYPTO_UNLOCK)
 		{
 		if (!modes[type])
 			{
 			errstr = "not locked";
 			goto err;
 			}
 		if (modes[type] != rw)
 			{
 			errstr = (rw == CRYPTO_READ) ?
 				"CRYPTO_r_unlock on write lock" :
 				"CRYPTO_w_unlock on read lock";
 			}
 		modes[type] = 0;
 		}
 	else
 		{
 		errstr = "invalid mode";
 		goto err;
 		}
 err:
 	if (errstr)
 		{
 		/* we cannot use bio_err here */
 		fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
 			errstr, mode, type, file, line);
 		}
 	}
 int main(int Argc, char *Argv[])
 	{
 	ARGS arg;
-#define PROG_NAME_SIZE	16
+#define PROG_NAME_SIZE	39
-	char pname[PROG_NAME_SIZE];
+	char pname[PROG_NAME_SIZE+1];
 	FUNCTION f,*fp;
 	MS_STATIC char *prompt,buf[1024],config_name[256];
 	int n,i,ret=0;
@@ -228,22 +102,9 @@ int main(int Argc, char *Argv[])
 	arg.count=0;
 	if (getenv("OPENSSL_DEBUG_MEMORY") != NULL)
-		{
+		CRYPTO_malloc_debug_init();
 		if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
 			{
 			CRYPTO_malloc_debug_init();
 			CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
 			}
 		}
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 #if 0
 	if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
 #endif
 		{
 		CRYPTO_set_locking_callback(lock_dbg_cb);
 		}
 	apps_startup();
 	if (bio_err == NULL)
@@ -251,7 +112,6 @@ int main(int Argc, char *Argv[])
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	ERR_load_crypto_strings();
 	ENGINE_load_builtin_engines();
 	/* Lets load up our environment a little */
 	p=getenv("OPENSSL_CONF");
@@ -260,7 +120,7 @@ int main(int Argc, char *Argv[])
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
+#ifndef VMS
 		strcat(config_name,"/");
 #endif
 		strcat(config_name,OPENSSL_CONF);
@@ -378,7 +238,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 	else if ((strncmp(argv[0],"no-",3)) == 0)
 		{
 		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		bio_stdout = BIO_push(tmpbio, bio_stdout);
@@ -415,7 +275,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
 			list_type = FUNC_TYPE_CIPHER;
 		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		bio_stdout = BIO_push(tmpbio, bio_stdout);
@@ -490,23 +350,19 @@ static LHASH *prog_init(void)
 	    ;
 	qsort(functions,i,sizeof *functions,SortFnByName);
-	if ((ret=lh_new(hash, cmp)) == NULL)
+	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
 		return(NULL);
 	for (f=functions; f->name != NULL; f++)
 		lh_insert(ret,f);
 	return(ret);
 	}
-/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
+static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b)
 static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
 	{
-	return(strncmp(((FUNCTION *)a_void)->name,
+	return(strncmp(a->name,b->name,8));
 			((FUNCTION *)b_void)->name,8));
 	}
-/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
+static unsigned long MS_CALLBACK hash(FUNCTION *a)
 static unsigned long MS_CALLBACK hash(const void *a_void)
 	{
-	return(lh_strhash(((FUNCTION *)a_void)->name));
+	return(lh_strhash(a->name));
 	}
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -132,7 +132,7 @@ commonName			= Common Name (eg, YOUR name)
 commonName_max			= 64
 emailAddress			= Email Address
-emailAddress_max		= 64
+emailAddress_max		= 40
 # SET-ex3			= SET extension number 3
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -1,10 +1,10 @@
 /* apps/passwd.c */
-#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
+#if defined NO_MD5 || defined CHARSET_EBCDIC
 # define NO_MD5CRYPT_1
 #endif
-#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
+#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)
 #include <assert.h>
 #include <string.h>
@@ -16,7 +16,7 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 # include <openssl/des.h>
 #endif
 #ifndef NO_MD5CRYPT_1
@@ -50,7 +50,6 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 * -salt string  - salt
 * -in file      - read passwords from file
 * -stdin        - read passwords from stdin
 * -noverify     - never verify when reading password from terminal
 * -quiet        - no warnings
 * -table        - format output as table
 * -reverse      - switch table columns
@@ -63,7 +62,6 @@ int MAIN(int argc, char **argv)
 	int ret = 1;
 	char *infile = NULL;
 	int in_stdin = 0;
 	int in_noverify = 0;
 	char *salt = NULL, *passwd = NULL, **passwds = NULL;
 	char *salt_malloc = NULL, *passwd_malloc = NULL;
 	size_t passwd_malloc_size = 0;
@@ -83,7 +81,7 @@ int MAIN(int argc, char **argv)
 	if (out == NULL)
 		goto err;
 	BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	out = BIO_push(tmpbio, out);
@@ -130,8 +128,6 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
 		else if (strcmp(argv[i], "-noverify") == 0)
 			in_noverify = 1;
 		else if (strcmp(argv[i], "-quiet") == 0)
 			quiet = 1;
 		else if (strcmp(argv[i], "-table") == 0)
@@ -157,7 +153,7 @@ int MAIN(int argc, char **argv)
 		badopt = 1;
 	/* reject unsupported algorithms */
-#ifdef OPENSSL_NO_DES
+#ifdef NO_DES
 	if (usecrypt) badopt = 1;
 #endif
 #ifdef NO_MD5CRYPT_1
@@ -168,7 +164,7 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
 		BIO_printf(bio_err, "where options are\n");
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		BIO_printf(bio_err, "-crypt             standard Unix password algorithm (default)\n");
 #endif
 #ifndef NO_MD5CRYPT_1
@@ -178,7 +174,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-salt string       use provided salt\n");
 		BIO_printf(bio_err, "-in file           read passwords from file\n");
 		BIO_printf(bio_err, "-stdin             read passwords from stdin\n");
 		BIO_printf(bio_err, "-noverify          never verify when reading password from terminal\n");
 		BIO_printf(bio_err, "-quiet             no warnings\n");
 		BIO_printf(bio_err, "-table             format output as table\n");
 		BIO_printf(bio_err, "-reverse           switch table columns\n");
@@ -227,7 +222,7 @@ int MAIN(int argc, char **argv)
 		passwds = passwds_static;
 		if (in == NULL)
-			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
+			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
 				goto err;
 		passwds[0] = passwd_malloc;
 		}
@@ -423,7 +418,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	/* first make sure we have a salt */
 	if (!passed_salt)
 		{
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		if (usecrypt)
 			{
 			if (*salt_malloc_p == NULL)
@@ -442,7 +437,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 			                                    * back to ASCII */
 #endif
 			}
-#endif /* !OPENSSL_NO_DES */
+#endif /* !NO_DES */
 #ifndef NO_MD5CRYPT_1
 		if (use1 || useapr1)
@@ -477,7 +472,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	assert(strlen(passwd) <= pw_maxlen);
 	/* now compute password hash */
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	if (usecrypt)
 		hash = des_crypt(passwd, *salt_p);
 #endif
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,5 +1,5 @@
 /* pkcs12.c */
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+#if !defined(NO_DES) && !defined(NO_SHA1)
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
@@ -66,11 +66,10 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
 #include <openssl/engine.h>
 #define PROG pkcs12_main
-const EVP_CIPHER *enc;
+EVP_CIPHER *enc;
 #define NOKEYS		0x1
@@ -93,7 +92,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
    ENGINE *e = NULL;
    char *infile=NULL, *outfile=NULL, *keyname = NULL;	
    char *certfile=NULL;
    BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -120,7 +118,6 @@ int MAIN(int argc, char **argv)
    char *passin = NULL, *passout = NULL;
    char *inrand = NULL;
    char *CApath = NULL, *CAfile = NULL;
    char *engine=NULL;
    apps_startup();
@@ -147,7 +144,7 @@ int MAIN(int argc, char **argv)
    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 		else if (!strcmp (*args, "-export")) export_cert = 1;
 		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
 #endif
 		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
@@ -239,11 +236,6 @@ int MAIN(int argc, char **argv)
 			args++;	
 			CAfile = *args;
 		    } else badarg = 1;
 		} else if (!strcmp(*args,"-engine")) {
 		    if (args[1]) {
 			args++;	
 			engine = *args;
 		    } else badarg = 1;
 		} else badarg = 1;
 	} else badarg = 1;
@@ -272,7 +264,7 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-info         give info about PKCS#12 structure.\n");
 	BIO_printf (bio_err, "-des          encrypt private keys with DES\n");
 	BIO_printf (bio_err, "-des3         encrypt private keys with triple DES (default)\n");
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
 #endif
 	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
@@ -287,27 +279,12 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
 	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
    	goto end;
    }
    if (engine != NULL) {
 	if((e = ENGINE_by_id(engine)) == NULL) {
 	    BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
 	    goto end;
 	}
 	if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
 	    BIO_printf(bio_err,"can't use that engine\n");
 	    goto end;
 	}
 	BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 	/* Free our "structural" reference. */
 	ENGINE_free(e);
    }
    if(passarg) {
 	if(export_cert) passargout = passarg;
 	else passargin = passarg;
@@ -375,7 +352,7 @@ int MAIN(int argc, char **argv)
    if (!outfile) {
 	out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 	{
 	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	    out = BIO_push(tmpbio, out);
@@ -521,7 +498,7 @@ int MAIN(int argc, char **argv)
 	for(i = 0; i < sk_X509_num(certs); i++) {
 		X509 *cert = NULL;
 		cert = sk_X509_value(certs, i);
-		bag = PKCS12_x5092certbag(cert);
+		bag = M_PKCS12_x5092certbag(cert);
 		/* If it matches private key set id */
 		if(cert == ucert) {
 			if(name) PKCS12_add_friendlyname(bag, name, -1);
@@ -592,9 +569,9 @@ int MAIN(int argc, char **argv)
 	CRYPTO_push_info("building pkcs12");
 #endif
-	p12 = PKCS12_init(NID_pkcs7_data);
+	p12 = PKCS12_init (NID_pkcs7_data);
-	PKCS12_pack_authsafes(p12, safes);
+	M_PKCS12_pack_authsafes (p12, safes);
 	sk_PKCS7_pop_free(safes, PKCS7_free);
 	safes = NULL;
@@ -702,20 +679,20 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 	int i, bagnid;
 	PKCS7 *p7;
-	if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
+	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
 	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
 		p7 = sk_PKCS7_value (asafes, i);
 		bagnid = OBJ_obj2nid (p7->type);
 		if (bagnid == NID_pkcs7_data) {
-			bags = PKCS12_unpack_p7data(p7);
+			bags = M_PKCS12_unpack_p7data (p7);
 			if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
 		} else if (bagnid == NID_pkcs7_encrypted) {
 			if (options & INFO) {
-				BIO_printf(bio_err, "PKCS7 Encrypted data: ");
+				BIO_printf (bio_err, "PKCS7 Encrypted data: ");
-				alg_print(bio_err, 
+				alg_print (bio_err, 
 					p7->d.encrypted->enc_data->algorithm);
 			}
-			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+			bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
 		} else continue;
 		if (!bags) return 0;
 	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
@@ -770,9 +747,12 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		}
 		if (options & NOKEYS) return 1;
 		print_attribs (out, bag->attrib, "Bag Attributes");
-		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
+		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
 				return 0;
-		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) {
 			PKCS8_PRIV_KEY_INFO_free(p8);
 			return 0;
 		}
 		print_attribs (out, p8->attributes, "Key Attributes");
 		PKCS8_PRIV_KEY_INFO_free(p8);
 		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
@@ -788,7 +768,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
 								 return 1;
-		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
+		if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
 		dump_cert_text (out, x509);
 		PEM_write_bio_X509 (out, x509);
 		X509_free(x509);
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -67,7 +67,6 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	pkcs7_main
@@ -83,15 +82,13 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat;
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
-	int ret=0;
+	int ret=1;
 	char *engine=NULL;
 	apps_startup();
@@ -135,11 +132,6 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -162,30 +154,11 @@ bad:
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		EXIT(1);
 		}
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -225,7 +198,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -62,7 +62,6 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
 #include <openssl/engine.h>
 #include "apps.h"
 #define PROG pkcs8_main
@@ -71,7 +70,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
 	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
 	BIO *in = NULL, *out = NULL;
@@ -87,13 +85,9 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey;
 	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
 	char *engine=NULL;
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
@@ -144,11 +138,6 @@ int MAIN(int argc, char **argv)
 			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
 		else if (strcmp(*args,"-engine") == 0)
 			{
 			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
@@ -181,28 +170,9 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
 		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
 		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		return (1);
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			return (1);
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			return (1);
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		return (1);
@@ -226,7 +196,7 @@ int MAIN(int argc, char **argv)
 		}
 	} else {
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
@@ -325,7 +295,7 @@ int MAIN(int argc, char **argv)
 			p8pass = pass;
 			EVP_read_pw_string(pass, 50, "Enter Password:", 0);
 		}
-		p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
+		p8inf = M_PKCS8_decrypt(p8, p8pass, strlen(p8pass));
 		X509_SIG_free(p8);
 	}
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -35,8 +35,6 @@ extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
 extern int rand_main(int argc,char *argv[]);
 extern int engine_main(int argc,char *argv[]);
 extern int ocsp_main(int argc,char *argv[]);
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -53,66 +51,64 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
 	{FUNC_TYPE_GENERAL,"req",req_main},
 	{FUNC_TYPE_GENERAL,"dgst",dgst_main},
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"dh",dh_main},
 #endif
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
 #endif
 	{FUNC_TYPE_GENERAL,"enc",enc_main},
 	{FUNC_TYPE_GENERAL,"passwd",passwd_main},
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"gendh",gendh_main},
 #endif
 	{FUNC_TYPE_GENERAL,"errstr",errstr_main},
 	{FUNC_TYPE_GENERAL,"ca",ca_main},
 	{FUNC_TYPE_GENERAL,"crl",crl_main},
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"rsa",rsa_main},
 #endif
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"dsa",dsa_main},
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
 #endif
 	{FUNC_TYPE_GENERAL,"x509",x509_main},
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
 #endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_server",s_server_main},
 #endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_client",s_client_main},
 #endif
 	{FUNC_TYPE_GENERAL,"speed",speed_main},
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_time",s_time_main},
 #endif
 	{FUNC_TYPE_GENERAL,"version",version_main},
 	{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
 	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
 	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
 	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
 #endif
 	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+#if !defined(NO_DES) && !defined(NO_SHA1)
 	{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
 #endif
 	{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
 	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
 	{FUNC_TYPE_GENERAL,"smime",smime_main},
 	{FUNC_TYPE_GENERAL,"rand",rand_main},
 	{FUNC_TYPE_GENERAL,"engine",engine_main},
 	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
 	{FUNC_TYPE_MD,"md4",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
@@ -121,139 +117,139 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_MD,"mdc2",dgst_main},
 	{FUNC_TYPE_MD,"rmd160",dgst_main},
 	{FUNC_TYPE_CIPHER,"base64",enc_main},
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des3",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"desx",enc_main},
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	{FUNC_TYPE_CIPHER,"rc4",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	{FUNC_TYPE_CIPHER,"rc4-40",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2",enc_main},
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf",enc_main},
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
 #endif
 	{0,NULL,NULL}
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -9,7 +9,6 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG rand_main
@@ -24,7 +23,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
@@ -32,7 +30,6 @@ int MAIN(int argc, char **argv)
 	int base64 = 0;
 	BIO *out = NULL;
 	int num = -1;
 	char *engine=NULL;
 	apps_startup();
@@ -51,13 +48,6 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
 		else if (strcmp(argv[i], "-engine") == 0)
 			{
 			if ((argv[i+1] != NULL) && (engine == NULL))
 				engine = argv[++i];
 			else
 				badopt = 1;
 			}
 		else if (strcmp(argv[i], "-rand") == 0)
 			{
 			if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -94,31 +84,12 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_printf(bio_err, "Usage: rand [options] num\n");
 		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, "-out file             - write to file\n");
+		BIO_printf(bio_err, "-out file            - write to file\n");
-		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-rand file%cfile%c...  - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err, "-base64              - encode output\n");
 		BIO_printf(bio_err, "-base64               - encode output\n");
 		goto err;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto err;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto err;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@@ -132,7 +103,7 @@ int MAIN(int argc, char **argv)
 	else
 		{
 		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/req.c
+++ b/apps/req.c
@@ -60,7 +60,7 @@
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -73,7 +73,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define SECTION		"req"
@@ -102,7 +101,7 @@
 * -nodes	- no des encryption
 * -config file	- Load configuration file.
 * -key file	- make a request using key in file (or use it for verification).
- * -keyform arg	- key file format.
+ * -keyform	- key file format.
 * -rand file(s) - load the file(s) into the PRNG.
 * -newkey	- make a key and a request.
 * -modulus	- print RSA modulus.
@@ -111,8 +110,7 @@
 *		  require.  This format is wrong
 */
-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs);
+static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
 static int build_subject(X509_REQ *req, char *subj);
 static int prompt_info(X509_REQ *req,
 		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
 		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs);
@@ -123,7 +121,7 @@ static int add_attribute_object(X509_REQ *req, char *text,
 				int max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int nid,int min,int max);
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 static void MS_CALLBACK req_cb(int p,int n,void *arg);
 #endif
 static int req_check_len(int len,int min,int max);
@@ -133,7 +131,6 @@ static char *default_config_file=NULL;
 static LHASH *config=NULL;
 #endif
 static LHASH *req_conf=NULL;
 static int batch=0;
 #define TYPE_RSA	1
 #define TYPE_DSA	2
@@ -143,38 +140,33 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
+#ifndef NO_DSA
 #ifndef OPENSSL_NO_DSA
 	DSA *dsa_params=NULL;
 #endif
 	unsigned long nmflag = 0;
 	int ex=1,x509=0,days=30;
 	X509 *x509ss=NULL;
 	X509_REQ *req=NULL;
 	EVP_PKEY *pkey=NULL;
-	int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA;
+	int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
-	int nodes=0,kludge=0,newhdr=0,subject=0;
+	int nodes=0,kludge=0,newhdr=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
 	char *engine=NULL;
 	char *extensions = NULL;
 	char *req_exts = NULL;
-	const EVP_CIPHER *cipher=NULL;
+	EVP_CIPHER *cipher=NULL;
 	ASN1_INTEGER *serial = NULL;
 	int modulus=0;
 	char *inrand=NULL;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	char *p;
 	char *subj = NULL;
 	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 #ifndef MONOLITH
 	MS_STATIC char config_name[256];
 #endif
 	req_conf = NULL;
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	cipher=EVP_des_ede3_cbc();
 #endif
 	apps_startup();
@@ -203,11 +195,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -215,6 +202,7 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-new") == 0)
 			{
 			pkey_type=TYPE_RSA;
 			newreq=1;
 			}
 		else if (strcmp(*argv,"-config") == 0)
@@ -272,7 +260,7 @@ int MAIN(int argc, char **argv)
 				newkey= atoi(p);
 				}
 			else
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 				if (strncmp("dsa:",p,4) == 0)
 				{
 				X509 *xtmp=NULL;
@@ -295,7 +283,7 @@ int MAIN(int argc, char **argv)
 						goto end;
 						}
-					dtmp=X509_get_pubkey(xtmp);
+					if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
 					if (dtmp->type == EVP_PKEY_DSA)
 						dsa_params=DSAparams_dup(dtmp->pkey.dsa);
 					EVP_PKEY_free(dtmp);
@@ -312,7 +300,7 @@ int MAIN(int argc, char **argv)
 				}
 			else 
 #endif
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 				if (strncmp("dh:",p,4) == 0)
 				{
 				pkey_type=TYPE_DH;
@@ -324,8 +312,6 @@ int MAIN(int argc, char **argv)
 			newreq=1;
 			}
 		else if (strcmp(*argv,"-batch") == 0)
 			batch=1;
 		else if (strcmp(*argv,"-newhdr") == 0)
 			newhdr=1;
 		else if (strcmp(*argv,"-modulus") == 0)
@@ -336,15 +322,6 @@ int MAIN(int argc, char **argv)
 			nodes=1;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-verbose") == 0)
 			verbose=1;
 		else if (strcmp(*argv,"-nameopt") == 0)
 			{
 			if (--argc < 1) goto bad;
 			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
 			}
 		else if (strcmp(*argv,"-subject") == 0)
 			subject=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-x509") == 0)
@@ -353,23 +330,12 @@ int MAIN(int argc, char **argv)
 			kludge=1;
 		else if (strcmp(*argv,"-no-asn1-kludge") == 0)
 			kludge=0;
 		else if (strcmp(*argv,"-subj") == 0)
 			{
 			if (--argc < 1) goto bad;
 			subj= *(++argv);
 			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
 			if (--argc < 1) goto bad;
 			days= atoi(*(++argv));
 			if (days == 0) days=30;
 			}
 		else if (strcmp(*argv,"-set_serial") == 0)
 			{
 			if (--argc < 1) goto bad;
 			serial = s2i_ASN1_INTEGER(NULL, *(++argv));
 			if (!serial) goto bad;
 			}
 		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			{
 			/* ok */
@@ -409,10 +375,7 @@ bad:
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
-		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");
+		BIO_printf(bio_err," -key file	use the private key contained in file\n");
 		BIO_printf(bio_err," -subject       output the request's subject\n");
 		BIO_printf(bio_err," -passin        private key password source\n");
 		BIO_printf(bio_err," -key file      use the private key contained in file\n");
 		BIO_printf(bio_err," -keyform arg   key file format\n");
 		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
@@ -420,14 +383,11 @@ bad:
 		BIO_printf(bio_err,"                the random number generator\n");
 		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
+		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
 		BIO_printf(bio_err," -config file   request template file.\n");
 		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
 		BIO_printf(bio_err," -new           new request.\n");
 		BIO_printf(bio_err," -batch         do not ask anything during request generation\n");
 		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
-		BIO_printf(bio_err," -days          number of days a certificate generated by -x509 is valid for.\n");
+		BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");
 		BIO_printf(bio_err," -set_serial    serial number to use for a certificate generated by -x509.\n");
 		BIO_printf(bio_err," -newhdr        output \"NEW\" in the header lines\n");
 		BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");
 		BIO_printf(bio_err,"                have been reported as requiring\n");
@@ -450,7 +410,7 @@ bad:
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
+#ifndef VMS
 		strcat(config_name,"/");
 #endif
 		strcat(config_name,OPENSSL_CONF);
@@ -486,8 +446,6 @@ bad:
 	if (req_conf != NULL)
 		{
 		p=CONF_get_string(req_conf,NULL,"oid_file");
 		if (p == NULL)
 			ERR_clear_error();
 		if (p != NULL)
 			{
 			BIO *oid_bio;
@@ -507,27 +465,18 @@ bad:
 				}
 			}
 		}
-	if(!add_oid_section(bio_err, req_conf)) goto end;
+		if(!add_oid_section(bio_err, req_conf)) goto end;
-	if (md_alg == NULL)
+	if ((md_alg == NULL) &&
 		((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
 		{
-		p=CONF_get_string(req_conf,SECTION,"default_md");
+		if ((md_alg=EVP_get_digestbyname(p)) != NULL)
-		if (p == NULL)
+			digest=md_alg;
 			ERR_clear_error();
 		if (p != NULL)
 			{
 			if ((md_alg=EVP_get_digestbyname(p)) != NULL)
 				digest=md_alg;
 			}
 		}
-	if (!extensions)
+	if(!extensions)
 		{
 		extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
-		if (!extensions)
+	if(extensions) {
 			ERR_clear_error();
 		}
 	if (extensions) {
 		/* Check syntax of file */
 		X509V3_CTX ctx;
 		X509V3_set_ctx_test(&ctx);
@@ -540,22 +489,12 @@ bad:
 	}
 	if(!passin)
 		{
 		passin = CONF_get_string(req_conf, SECTION, "input_password");
-		if (!passin)
+
 			ERR_clear_error();
 		}
 	if(!passout)
 		{
 		passout = CONF_get_string(req_conf, SECTION, "output_password");
 		if (!passout)
 			ERR_clear_error();
 		}
 	p = CONF_get_string(req_conf, SECTION, STRING_MASK);
 	if (!p)
 		ERR_clear_error();
 	if(p && !ASN1_STRING_set_default_mask_asc(p)) {
 		BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
@@ -563,11 +502,7 @@ bad:
 	}
 	if(!req_exts)
 		{
 		req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
 		if (!req_exts)
 			ERR_clear_error();
 		}
 	if(req_exts) {
 		/* Check syntax of file */
 		X509V3_CTX ctx;
@@ -586,55 +521,24 @@ bad:
 	if ((in == NULL) || (out == NULL))
 		goto end;
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (keyfile != NULL)
 		{
-		if (keyform == FORMAT_ENGINE)
+		if (BIO_read_filename(in,keyfile) <= 0)
 			{
-			if (!e)
+			perror(keyfile);
-				{
+			goto end;
-				BIO_printf(bio_err,"no engine specified\n");
+			}
-				goto end;
+
-				}
+		if (keyform == FORMAT_ASN1)
-			pkey = ENGINE_load_private_key(e, keyfile, NULL);
+			pkey=d2i_PrivateKey_bio(in,NULL);
 		else if (keyform == FORMAT_PEM)
 			{
 			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
 			}
 		else
 			{
-			if (BIO_read_filename(in,keyfile) <= 0)
+			BIO_printf(bio_err,"bad input format specified for X509 request\n");
-				{
+			goto end;
 				perror(keyfile);
 				goto end;
 				}
 			if (keyform == FORMAT_ASN1)
 				pkey=d2i_PrivateKey_bio(in,NULL);
 			else if (keyform == FORMAT_PEM)
 				{
 				pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
 					passin);
 				}
 			else
 				{
 				BIO_printf(bio_err,"bad input format specified for X509 request\n");
 				goto end;
 				}
 			}
 		if (pkey == NULL)
@@ -642,20 +546,16 @@ bad:
 			BIO_printf(bio_err,"unable to load Private key\n");
 			goto end;
 			}
-		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
+                if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
 			{
 			char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
 			if (randfile == NULL)
 				ERR_clear_error();
 			app_RAND_load_file(randfile, bio_err, 0);
-			}
+                	}
 		}
 	if (newreq && (pkey == NULL))
 		{
 		char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
 		if (randfile == NULL)
 			ERR_clear_error();
 		app_RAND_load_file(randfile, bio_err, 0);
 		if (inrand)
 			app_RAND_load_files(inrand);
@@ -678,7 +578,7 @@ bad:
 		if ((pkey=EVP_PKEY_new()) == NULL) goto end;
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 		if (pkey_type == TYPE_RSA)
 			{
 			if (!EVP_PKEY_assign_RSA(pkey,
@@ -688,7 +588,7 @@ bad:
 			}
 		else
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 			if (pkey_type == TYPE_DSA)
 			{
 			if (!DSA_generate_key(dsa_params)) goto end;
@@ -702,17 +602,13 @@ bad:
 		if (pkey == NULL) goto end;
 		if (keyout == NULL)
 			{
 			keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
-			if (keyout == NULL)
+
 				ERR_clear_error();
 			}
 		if (keyout == NULL)
 			{
 			BIO_printf(bio_err,"writing new private key to stdout\n");
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
@@ -731,12 +627,7 @@ bad:
 		p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
 		if (p == NULL)
 			{
 			ERR_clear_error();
 			p=CONF_get_string(req_conf,SECTION,"encrypt_key");
 			if (p == NULL)
 				ERR_clear_error();
 			}
 		if ((p != NULL) && (strcmp(p,"no") == 0))
 			cipher=NULL;
 		if (nodes) cipher=NULL;
@@ -798,7 +689,7 @@ loop:
 			BIO_printf(bio_err,"you need to specify a private key\n");
 			goto end;
 			}
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
 #endif
@@ -810,13 +701,9 @@ loop:
 				goto end;
 				}
-			i=make_REQ(req,pkey,subj,!x509);
+			i=make_REQ(req,pkey,!x509);
-			subj=NULL; /* done processing '-subj' option */
+			if (kludge >= 0)
-			if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
+				req->req_info->req_kludge=kludge;
 				{
 				sk_X509_ATTRIBUTE_free(req->req_info->attributes);
 				req->req_info->attributes = NULL;
 				}
 			if (!i)
 				{
 				BIO_printf(bio_err,"problems making Certificate Request\n");
@@ -831,20 +718,14 @@ loop:
 			/* Set version to V3 */
 			if(!X509_set_version(x509ss, 2)) goto end;
-			if (serial)
+			if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
 				X509_set_serialNumber(x509ss, serial);
 			else
 				ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
-			X509_set_issuer_name(x509ss,
+			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
-				X509_REQ_get_subject_name(req));
+			if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
-			X509_gmtime_adj(X509_get_notBefore(x509ss),0);
+			if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
-			X509_gmtime_adj(X509_get_notAfter(x509ss),
+			if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
 				(long)60*60*24*days);
 			X509_set_subject_name(x509ss,
 				X509_REQ_get_subject_name(req));
 			tmppkey = X509_REQ_get_pubkey(req);
-			X509_set_pubkey(x509ss,tmppkey);
+			if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
 			EVP_PKEY_free(tmppkey);
 			/* Set up V3 context struct */
@@ -855,13 +736,13 @@ loop:
 			/* Add extensions */
 			if(extensions && !X509V3_EXT_add_conf(req_conf, 
 				 	&ext_ctx, extensions, x509ss))
-				{
+			    {
-				BIO_printf(bio_err,
+			    BIO_printf(bio_err,
-					"Error Loading extension section %s\n",
+				       "Error Loading extension section %s\n",
-					extensions);
+				       extensions);
-				goto end;
+			    goto end;
-				}
+			    }
-			
+
 			if (!(i=X509_sign(x509ss,pkey,digest)))
 				goto end;
 			}
@@ -877,46 +758,17 @@ loop:
 			/* Add extensions */
 			if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, 
 				 	&ext_ctx, req_exts, req))
-				{
+			    {
-				BIO_printf(bio_err,
+			    BIO_printf(bio_err,
-					"Error Loading extension section %s\n",
+				       "Error Loading extension section %s\n",
-					req_exts);
+				       req_exts);
-				goto end;
+			    goto end;
-				}
+			    }
 			if (!(i=X509_REQ_sign(req,pkey,digest)))
 				goto end;
 			}
 		}
 	if (subj && x509)
 		{
 		BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
 		goto end;
 		}
 	if (subj && !x509)
 		{
 		if (verbose)
 			{
 			BIO_printf(bio_err, "Modifying Request's Subject\n");
 			print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
 			}
 		if (build_subject(req, subj) == 0)
 			{
 			BIO_printf(bio_err, "ERROR: cannot modify subject\n");
 			ex=1;
 			goto end;
 			}
 		req->req_info->enc.modified = 1;
 		if (verbose)
 			{
 			print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
 			}
 		}
 	if (verify && !x509)
 		{
 		int tmp=0;
@@ -946,7 +798,7 @@ loop:
 			BIO_printf(bio_err,"verify OK\n");
 		}
-	if (noout && !text && !modulus && !subject)
+	if (noout && !text && !modulus)
 		{
 		ex=0;
 		goto end;
@@ -955,7 +807,7 @@ loop:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -983,14 +835,6 @@ loop:
 			X509_REQ_print(out,req);
 		}
 	if(subject) 
 		{
 		if(x509)
 			print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
 		else
 			print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
 		}
 	if (modulus)
 		{
 		EVP_PKEY *pubkey;
@@ -1005,7 +849,7 @@ loop:
 			goto end; 
 			}
 		fprintf(stdout,"Modulus=");
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 		if (pubkey->type == EVP_PKEY_RSA)
 			BN_print(out,pubkey->pkey.rsa->n);
 		else
@@ -1059,17 +903,16 @@ end:
 	EVP_PKEY_free(pkey);
 	X509_REQ_free(req);
 	X509_free(x509ss);
 	ASN1_INTEGER_free(serial);
 	if(passargin && passin) OPENSSL_free(passin);
 	if(passargout && passout) OPENSSL_free(passout);
 	OBJ_cleanup();
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
 	EXIT(ex);
 	}
-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	{
 	int ret=0,i;
 	char no_prompt = 0;
@@ -1077,8 +920,6 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
 	char *tmp, *dn_sect,*attr_sect;
 	tmp=CONF_get_string(req_conf,SECTION,PROMPT);
 	if (tmp == NULL)
 		ERR_clear_error();
 	if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
 	dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
@@ -1097,10 +938,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
 	attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
 	if (attr_sect == NULL)
 		{
 		ERR_clear_error();		
 		attr_sk=NULL;
 		}
 	else
 		{
 		attr_sk=CONF_get_section(req_conf,attr_sect);
@@ -1114,86 +952,17 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
 	/* setup version number */
 	if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
-	if (no_prompt) 
+	if(no_prompt) i = auto_info(req, dn_sk, attr_sk, attribs);
-		i = auto_info(req, dn_sk, attr_sk, attribs);
+	else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
 	else 
 		{
 		if (subj)
 			i = build_subject(req, subj);
 		else
 			i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
 		}
 	if(!i) goto err;
-	X509_REQ_set_pubkey(req,pkey);
+	if (!X509_REQ_set_pubkey(req,pkey)) goto err;
 	ret=1;
 err:
 	return(ret);
 	}
 static int build_subject(X509_REQ *req, char *subject)
 	{
 	X509_NAME *n = NULL;
 	int i, nid, ne_num=0;
 	char *ne_name = NULL;
 	char *ne_value = NULL;
 	char *tmp = NULL;
 	char *p[2];
 	char *str_list[256];
 	p[0] = ",/";
        p[1] = "=";
 	n = X509_NAME_new();
 	tmp = strtok(subject, p[0]);
 	while((tmp != NULL) && (ne_num < (sizeof str_list/sizeof *str_list)))
 		{
 		char *token = tmp;
 		while (token[0] == ' ')
 			token++;
 		str_list[ne_num] = token;
 		tmp = strtok(NULL, p[0]);
 		ne_num++;
 		}
 	for(i = 0; i < ne_num; i++)
 		{
 		ne_name  = strtok(str_list[i], p[1]);
 		ne_value = strtok(NULL, p[1]);
 		if ((nid=OBJ_txt2nid(ne_name)) == NID_undef)
 			{
 			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_name);
 			continue;
 			}
 		if (ne_value == NULL)
 			{
 			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_name);
 			continue;
 			}
 		if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, (unsigned char*)ne_value, -1,-1,0))
 			{
 			X509_NAME_free(n);
 			return 0;
 			}
 		}
 	if (!X509_REQ_set_subject_name(req, n))
 		return 0;
 	X509_NAME_free(n);
 	return 1;
 }
 static int prompt_info(X509_REQ *req,
 		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
@@ -1207,17 +976,13 @@ static int prompt_info(X509_REQ *req,
 	CONF_VALUE *v;
 	X509_NAME *subj;
 	subj = X509_REQ_get_subject_name(req);
-
+	BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
-	if(!batch)
+	BIO_printf(bio_err,"into your certificate request.\n");
-		{
+	BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
-		BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
+	BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
-		BIO_printf(bio_err,"into your certificate request.\n");
+	BIO_printf(bio_err,"For some fields there will be a default value,\n");
-		BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
+	BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
-		BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
+	BIO_printf(bio_err,"-----\n");
 		BIO_printf(bio_err,"For some fields there will be a default value,\n");
 		BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
 		BIO_printf(bio_err,"-----\n");
 		}
 	if (sk_CONF_VALUE_num(dn_sk))
@@ -1248,17 +1013,11 @@ start:		for (;;)
 			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
 			sprintf(buf,"%s_default",v->name);
 			if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
 				{
 				ERR_clear_error();
 				def="";
 				}
 			sprintf(buf,"%s_value",v->name);
 			if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
 				{
 				ERR_clear_error();
 				value=NULL;
 				}
 			sprintf(buf,"%s_min",v->name);
 			min=(int)CONF_get_number(req_conf,dn_sect,buf);
@@ -1278,7 +1037,7 @@ start:		for (;;)
 		if (attribs)
 			{
-			if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
+			if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0))
 				{
 				BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
 				BIO_printf(bio_err,"to be sent with your certificate request\n");
@@ -1300,19 +1059,12 @@ start2:			for (;;)
 				sprintf(buf,"%s_default",type);
 				if ((def=CONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
 					{
 					ERR_clear_error();
 					def="";
 					}
 				sprintf(buf,"%s_value",type);
 				if ((value=CONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
 					{
 					ERR_clear_error();
 					value=NULL;
 					}
 				sprintf(buf,"%s_min",type);
 				min=(int)CONF_get_number(req_conf,attr_sect,buf);
@@ -1394,9 +1146,9 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int i,ret=0;
 	MS_STATIC char buf[1024];
 start:
-	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
+	BIO_printf(bio_err,"%s [%s]:",text,def);
 	(void)BIO_flush(bio_err);
-	if(value != NULL)
+	if (value != NULL)
 		{
 		strcpy(buf,value);
 		strcat(buf,"\n");
@@ -1405,15 +1157,7 @@ start:
 	else
 		{
 		buf[0]='\0';
-		if (!batch)
+		fgets(buf,1024,stdin);
 			{
 			fgets(buf,1024,stdin);
 			}
 		else
 			{
 			buf[0] = '\n';
 			buf[1] = '\0';
 			}
 		}
 	if (buf[0] == '\0') return(0);
@@ -1433,6 +1177,7 @@ start:
 		return(0);
 		}
 	buf[--i]='\0';
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, i);
 #endif
@@ -1452,7 +1197,7 @@ static int add_attribute_object(X509_REQ *req, char *text,
 	static char buf[1024];
 start:
-	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
+	BIO_printf(bio_err,"%s [%s]:",text,def);
 	(void)BIO_flush(bio_err);
 	if (value != NULL)
 		{
@@ -1463,15 +1208,7 @@ start:
 	else
 		{
 		buf[0]='\0';
-		if (!batch)
+		fgets(buf,1024,stdin);
 			{
 			fgets(buf,1024,stdin);
 			}
 		else
 			{
 			buf[0] = '\n';
 			buf[1] = '\0';
 			}
 		}
 	if (buf[0] == '\0') return(0);
@@ -1508,7 +1245,7 @@ err:
 	return(0);
 	}
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 static void MS_CALLBACK req_cb(int p, int n, void *arg)
 	{
 	char c='*';
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -68,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	rsa_main
@@ -91,7 +90,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0, sgckey=0;
@@ -102,7 +100,6 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	char *engine=NULL;
 	int modulus=0;
 	apps_startup();
@@ -151,11 +148,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-sgckey") == 0)
 			sgckey=1;
 		else if (strcmp(*argv,"-pubin") == 0)
@@ -194,7 +186,7 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
@@ -203,30 +195,11 @@ bad:
 		BIO_printf(bio_err," -check          verify key consistency\n");
 		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
@@ -261,11 +234,11 @@ bad:
 		if (pubin) rsa=d2i_RSA_PUBKEY_bio(in,NULL);
 		else rsa=d2i_RSAPrivateKey_bio(in,NULL);
 	}
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	else if (informat == FORMAT_NETSCAPE)
 		{
 		BUF_MEM *buf=NULL;
-		const unsigned char *p;
+		unsigned char *p;
 		int size=0;
 		buf=BUF_MEM_new();
@@ -307,7 +280,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -346,14 +319,14 @@ bad:
 			BIO_printf(out,"RSA key ok\n");
 		else if (r == 0)
 			{
-			long err;
+			long e;
-			while ((err = ERR_peek_error()) != 0 &&
+			while ((e = ERR_peek_error()) != 0 &&
-				ERR_GET_LIB(err) == ERR_LIB_RSA &&
+				ERR_GET_LIB(e) == ERR_LIB_RSA &&
-				ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
+				ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
-				ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
+				ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
 				{
-				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
+				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
 				ERR_get_error(); /* remove e from error stack */
 				}
 			}
@@ -375,7 +348,7 @@ bad:
 		if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
 		else i=i2d_RSAPrivateKey_bio(out,rsa);
 	}
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	else if (outformat == FORMAT_NETSCAPE)
 		{
 		unsigned char *p,*pp;
@@ -418,7 +391,7 @@ end:
 	if(passout) OPENSSL_free(passout);
 	EXIT(ret);
 	}
-#else /* !OPENSSL_NO_RSA */
+#else /* !NO_RSA */
 # if PEDANTIC
 static void *dummy=&dummy;
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -56,13 +56,12 @@
 *
 */
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 #include "apps.h"
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define RSA_SIGN 	1
 #define RSA_VERIFY 	2
@@ -83,10 +82,8 @@ int MAIN(int argc, char **);
 int MAIN(int argc, char **argv)
 {
 	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
 	char *engine = NULL;
 	char *keyfile = NULL;
 	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
 	int keyform = FORMAT_PEM;
@@ -120,9 +117,6 @@ int MAIN(int argc, char **argv)
 		} else if(!strcmp(*argv, "-inkey")) {
 			if (--argc < 1) badarg = 1;
 			keyfile = *(++argv);
 		} else if(!strcmp(*argv, "-engine")) {
 			if (--argc < 1) badarg = 1;
 			engine = *(++argv);
 		} else if(!strcmp(*argv, "-pubin")) {
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
@@ -157,34 +151,16 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
 	switch(key_type) {
 		case KEY_PRIVKEY:
-		pkey = load_key(bio_err, keyfile, keyform, NULL, e);
+		pkey = load_key(bio_err, keyfile, keyform, NULL);
 		break;
 		case KEY_PUBKEY:
-		pkey = load_pubkey(bio_err, keyfile, keyform, e);
+		pkey = load_pubkey(bio_err, keyfile, keyform);
 		break;
 		case KEY_CERT:
@@ -227,7 +203,7 @@ int MAIN(int argc, char **argv)
 		}
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -57,9 +57,7 @@
 */
 #include <sys/types.h>
-#include <openssl/opensslconf.h>
+#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET)
 #if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
 /* VAX C does not defined fd_set and friends, but it's actually quite simple */
 /* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */
 #define MAX_NOFILE	32
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -60,8 +60,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <openssl/e_os2.h>
+#ifdef NO_STDIO
 #ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
@@ -69,7 +68,7 @@
   recursive header file inclusion, resulting in the compiler complaining
   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
   is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
 #define __U_INT
 typedef unsigned int u_int;
 #endif
@@ -80,15 +79,15 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
+#include <openssl/rand.h>
 #include "s_apps.h"
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 #include <conio.h>
 #endif
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+#if (defined(VMS) && __VMS_VER < 70000000)
 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
 #undef FIONBIO
 #endif
@@ -152,10 +151,8 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	}
@@ -185,17 +182,15 @@ int MAIN(int argc, char **argv)
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
 	char *inrand=NULL;
-	char *engine_id=NULL;
+#ifdef WINDOWS
 	ENGINE *e=NULL;
 #ifdef OPENSSL_SYS_WINDOWS
 	struct timeval tv;
 #endif
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_client_method();
-#elif !defined(OPENSSL_NO_SSL3)
+#elif !defined(NO_SSL3)
 	meth=SSLv3_client_method();
-#elif !defined(OPENSSL_NO_SSL2)
+#elif !defined(NO_SSL2)
 	meth=SSLv2_client_method();
 #endif
@@ -276,15 +271,15 @@ int MAIN(int argc, char **argv)
 			nbio_test=1;
 		else if	(strcmp(*argv,"-state") == 0)
 			state=1;
-#ifndef OPENSSL_NO_SSL2
+#ifndef NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
-#ifndef OPENSSL_NO_TLS1
+#ifndef NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
@@ -315,8 +310,6 @@ int MAIN(int argc, char **argv)
 			off|=SSL_OP_NO_SSLv3;
 		else if (strcmp(*argv,"-no_ssl2") == 0)
 			off|=SSL_OP_NO_SSLv2;
 		else if (strcmp(*argv,"-serverpref") == 0)
 			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -326,11 +319,6 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-nbio") == 0)
 			{ c_nbio=1; }
 #endif
 		else if	(strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine_id = *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -376,30 +364,6 @@ bad:
 	OpenSSL_add_ssl_algorithms();
 	SSL_load_error_strings();
 	if (engine_id != NULL)
 		{
 		if((e = ENGINE_by_id(engine_id)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (c_debug)
 			{
 			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
 				0, bio_err, 0);
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
 		ENGINE_free(e);
 		}
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -438,12 +402,6 @@ bad:
 	con=SSL_new(ctx);
 #ifndef OPENSSL_NO_KRB5
 	if (con  &&  (con->kssl_ctx = kssl_ctx_new()) != NULL)
                {
                kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
 		}
 #endif	/* OPENSSL_NO_KRB5  */
 /*	SSL_set_cipher_list(con,"RC4-MD5"); */
 re_start:
@@ -538,7 +496,7 @@ re_start:
 		if (!ssl_pending)
 			{
-#ifndef OPENSSL_SYS_WINDOWS
+#ifndef WINDOWS
 			if (tty_on)
 				{
 				if (read_tty)  FD_SET(fileno(stdin),&readfds);
@@ -565,7 +523,7 @@ re_start:
 			 * will choke the compiler: if you do have a cast then
 			 * you can either go for (int *) or (void *).
 			 */
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 			/* Under Windows we make the assumption that we can
 			 * always write to the tty: therefore if we need to
 			 * write to the tty we just fall through. Otherwise
@@ -664,7 +622,7 @@ re_start:
 				goto shut;
 				}
 			}
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 		/* Assume Windows can always write */
 		else if (!ssl_pending && write_tty)
 #else
@@ -745,7 +703,7 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 				}
 			}
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 		else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
 #else
 		else if (FD_ISSET(fileno(stdin),&readfds))
@@ -938,5 +896,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)
 		X509_free(peer);
 	/* flush, or debugging output gets mixed with http response */
 	BIO_flush(bio);
 	}
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -62,8 +62,7 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <openssl/e_os2.h>
+#ifdef NO_STDIO
 #ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
@@ -71,7 +70,7 @@
   recursive header file inclusion, resulting in the compiler complaining
   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
   is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
 #define __U_INT
 typedef unsigned int u_int;
 #endif
@@ -84,19 +83,19 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
-#include <openssl/engine.h>
+#include <openssl/rand.h>
 #include "s_apps.h"
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 #include <conio.h>
 #endif
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+#if (defined(VMS) && __VMS_VER < 70000000)
 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
 #undef FIONBIO
 #endif
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
 #endif
 static int sv_body(char *hostname, int s, unsigned char *context);
@@ -105,9 +104,7 @@ static void close_accept_socket(void );
 static void sv_usage(void);
 static int init_ssl_connection(SSL *s);
 static void print_stats(BIO *bp,SSL_CTX *ctx);
-static int generate_session_id(const SSL *ssl, unsigned char *id,
+#ifndef NO_DH
 				unsigned int *id_len);
 #ifndef OPENSSL_NO_DH
 static DH *load_dh_param(char *dhfile);
 static DH *get_dh512(void);
 #endif
@@ -123,7 +120,7 @@ static void s_server_init(void);
 # endif
 #endif
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 static unsigned char dh512_p[]={
 	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
 	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
@@ -180,8 +177,6 @@ static int s_debug=0;
 static int s_quiet=0;
 static int hack=0;
 static char *engine_id=NULL;
 static const char *session_id_prefix=NULL;
 #ifdef MONOLITH
 static void s_server_init(void)
@@ -204,7 +199,6 @@ static void s_server_init(void)
 	s_debug=0;
 	s_quiet=0;
 	hack=0;
 	engine_id=NULL;
 	}
 #endif
@@ -235,7 +229,6 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
 	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
 	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
 	BIO_printf(bio_err," -quiet        - No server output\n");
 	BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
 	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
@@ -244,16 +237,12 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
 	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
 	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
 #endif
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
        BIO_printf(bio_err,"                 with the assumption it contains a complete HTTP response.\n");
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	}
@@ -424,14 +413,16 @@ int MAIN(int argc, char *argv[])
 	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
 	ENGINE *e=NULL;
 	char *inrand=NULL;
 #ifndef NO_DH
 	DH *dh=NULL;
 #endif
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_server_method();
-#elif !defined(OPENSSL_NO_SSL3)
+#elif !defined(NO_SSL3)
 	meth=SSLv3_server_method();
-#elif !defined(OPENSSL_NO_SSL2)
+#elif !defined(NO_SSL2)
 	meth=SSLv2_server_method();
 #endif
@@ -518,8 +509,6 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			CApath= *(++argv);
 			}
 		else if	(strcmp(*argv,"-serverpref") == 0)
 			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -561,36 +550,24 @@ int MAIN(int argc, char *argv[])
 			{ www=1; }
 		else if	(strcmp(*argv,"-WWW") == 0)
 			{ www=2; }
 		else if	(strcmp(*argv,"-HTTP") == 0)
 			{ www=3; }
 		else if	(strcmp(*argv,"-no_ssl2") == 0)
 			{ off|=SSL_OP_NO_SSLv2; }
 		else if	(strcmp(*argv,"-no_ssl3") == 0)
 			{ off|=SSL_OP_NO_SSLv3; }
 		else if	(strcmp(*argv,"-no_tls1") == 0)
 			{ off|=SSL_OP_NO_TLSv1; }
-#ifndef OPENSSL_NO_SSL2
+#ifndef NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			{ meth=SSLv2_server_method(); }
 #endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			{ meth=SSLv3_server_method(); }
 #endif
-#ifndef OPENSSL_NO_TLS1
+#ifndef NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			{ meth=TLSv1_server_method(); }
 #endif
 		else if (strcmp(*argv, "-id_prefix") == 0)
 			{
 			if (--argc < 1) goto bad;
 			session_id_prefix = *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine_id= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -634,7 +611,7 @@ bad:
 			}
 		}
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
+#if !defined(NO_RSA) || !defined(NO_DSA)
 	if (nocert)
 #endif
 		{
@@ -647,51 +624,13 @@ bad:
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 	if (engine_id != NULL)
 		{
 		if((e = ENGINE_by_id(engine_id)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (s_debug)
 			{
 			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
 				0, bio_err, 0);
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
 		ENGINE_free(e);
 		}
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-	if (session_id_prefix)
+
 		{
 		if(strlen(session_id_prefix) >= 32)
 			BIO_printf(bio_err,
 "warning: id_prefix is too long, only one new session will be possible\n");
 		else if(strlen(session_id_prefix) >= 16)
 			BIO_printf(bio_err,
 "warning: id_prefix is too long if you use SSLv2\n");
 		if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
 			{
 			BIO_printf(bio_err,"error setting 'id_prefix'\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
 		}
 	SSL_CTX_set_quiet_shutdown(ctx,1);
 	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
@@ -722,16 +661,10 @@ bad:
 		/* goto end; */
 		}
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 	if (!no_dhe)
 		{
-		DH *dh=NULL;
+		dh=load_dh_param(dhfile ? dhfile : s_cert_file);
 		if (dhfile)
 			dh = load_dh_param(dhfile);
 		else if (s_cert_file)
 			dh = load_dh_param(s_cert_file);
 		if (dh != NULL)
 			{
 			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
@@ -756,7 +689,7 @@ bad:
 			goto end;
 		}
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 #if 1
 	if (!no_tmp_rsa)
 		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
@@ -845,7 +778,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 	unsigned long l;
 	SSL *con=NULL;
 	BIO *sbio;
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 	struct timeval tv;
 #endif
@@ -868,13 +801,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 	if (con == NULL) {
 		con=SSL_new(ctx);
 #ifndef OPENSSL_NO_KRB5
 		if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
                        {
                        kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
                        kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
                        }
 #endif	/* OPENSSL_NO_KRB5 */
 		if(context)
 		      SSL_set_session_id_context(con, context,
 						 strlen((char *)context));
@@ -912,7 +838,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		if (!read_from_sslcon)
 			{
 			FD_ZERO(&readfds);
-#ifndef OPENSSL_SYS_WINDOWS
+#ifndef WINDOWS
 			FD_SET(fileno(stdin),&readfds);
 #endif
 			FD_SET(s,&readfds);
@@ -922,7 +848,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 			 * the compiler: if you do have a cast then you can either
 			 * go for (int *) or (void *).
 			 */
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 			/* Under Windows we can't select on stdin: only
 			 * on sockets. As a workaround we timeout the select every
 			 * second and check for any keypress. In a proper Windows
@@ -1188,7 +1114,7 @@ static int init_ssl_connection(SSL *con)
 	return(1);
 	}
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 static DH *load_dh_param(char *dhfile)
 	{
 	DH *ret=NULL;
@@ -1324,7 +1250,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			else
 				{
 				BIO_printf(bio_s_out,"read R BLOCK\n");
-#ifndef OPENSSL_SYS_MSDOS
+#ifndef MSDOS
 				sleep(1);
 #endif
 				continue;
@@ -1418,25 +1344,37 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			BIO_puts(io,"</BODY></HTML>\r\n\r\n");
 			break;
 			}
-		else if ((www == 2 || www == 3)
+		else if ((www == 2) && (strncmp("GET /",buf,5) == 0))
                         && (strncmp("GET /",buf,5) == 0))
 			{
 			BIO *file;
 			char *p,*e;
-			static char *text="HTTP/1.0 200 ok\r\n"
+			static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
                                "Content-type: text/plain\r\n\r\n";
 			/* skip the '/' */
 			p= &(buf[5]);
-			dot=0;
+
 			dot = 1;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ') break;
+				if (e[0] == ' ')
-				if (	(e[0] == '.') &&
+					break;
-					(strncmp(&(e[-1]),"/../",4) == 0))
+
-					dot=1;
+				switch (dot)
 					{
 				case 1:
 					dot = (e[0] == '.') ? 2 : 0;
 					break;
 				case 2:
 					dot = (e[0] == '.') ? 3 : 0;
 					break;
 				case 3:
 					dot = (e[0] == '/') ? -1 : 0;
 					break;
 					}
 				if (dot == 0)
 					dot = (e[0] == '/') ? 1 : 0;
 				}
-			
+			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
 			if (*e == '\0')
 				{
@@ -1460,9 +1398,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				break;
 				}
 #if 0
 			/* append if a directory lookup */
 			if (e[-1] == '/')
 				strcat(p,"index.html");
 #endif
 			/* if a directory, do the index thang */
 			if (stat(p,&st_buf) < 0)
@@ -1474,7 +1414,13 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				}
 			if (S_ISDIR(st_buf.st_mode))
 				{
 #if 0 /* must check buffer size */
 				strcat(p,"/index.html");
 #else
 				BIO_puts(io,text);
 				BIO_printf(io,"'%s' is a directory\r\n",p);
 				break;
 #endif
 				}
 			if ((file=BIO_new_file(p,"r")) == NULL)
@@ -1488,16 +1434,13 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			if (!s_quiet)
 				BIO_printf(bio_err,"FILE:%s\n",p);
-                        if (www == 2)
+			i=strlen(p);
-                                {
+			if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
-                                i=strlen(p);
+				((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
-                                if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
+				((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
-                                        ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
+				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
-                                        ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
+			else
-                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
                                else
                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
                                }
 			/* send the file */
 			total_bytes=0;
 			for (;;)
@@ -1575,7 +1518,7 @@ err:
 	return(ret);
 	}
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	{
 	static RSA *rsa_tmp=NULL;
@@ -1597,26 +1540,3 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	return(rsa_tmp);
 	}
 #endif
 #define MAX_SESSION_ID_ATTEMPTS 10
 static int generate_session_id(const SSL *ssl, unsigned char *id,
 				unsigned int *id_len)
 	{
 	unsigned int count = 0;
 	do	{
 		RAND_pseudo_bytes(id, *id_len);
 		/* Prefix the session_id with the required prefix. NB: If our
 		 * prefix is too long, clip it - but there will be worse effects
 		 * anyway, eg. the server could only possibly create 1 session
 		 * ID (ie. the prefix!) so all future session negotiations will
 		 * fail due to conflicts. */
 		memcpy(id, session_id_prefix,
 			(strlen(session_id_prefix) < *id_len) ?
 			strlen(session_id_prefix) : *id_len);
 		}
 	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
 		(++count < MAX_SESSION_ID_ATTEMPTS));
 	if(count >= MAX_SESSION_ID_ATTEMPTS)
 		return 0;
 	return 1;
 	}
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -62,13 +62,11 @@
 #include <errno.h>
 #include <signal.h>
 #include <openssl/e_os2.h>
 /* With IPv6, it looks like Digital has mixed up the proper order of
   recursive header file inclusion, resulting in the compiler complaining
   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
   is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
 #define __U_INT
 typedef unsigned int u_int;
 #endif
@@ -82,7 +80,7 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 static struct hostent *GetHostByName(char *name);
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 static void sock_cleanup(void);
 #endif
 static int sock_init(void);
@@ -92,17 +90,17 @@ static int init_server_long(int *sock, int port,char *ip);
 static int do_accept(int acc_sock, int *sock, char **host);
 static int host_ip(char *str, unsigned char ip[4]);
-#ifdef OPENSSL_SYS_WIN16
+#ifdef WIN16
 #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
 #else
 #define SOCKET_PROTOCOL	IPPROTO_TCP
 #endif
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 static struct WSAData wsa_state;
 static int wsa_init_done=0;
-#ifdef OPENSSL_SYS_WIN16
+#ifdef WIN16
 static HWND topWnd=0;
 static FARPROC lpTopWndProc=NULL;
 static FARPROC lpTopHookProc=NULL;
@@ -131,10 +129,10 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
 	return(FALSE);
 	}
-#endif /* OPENSSL_SYS_WIN32 */
+#endif /* WIN32 */
-#endif /* OPENSSL_SYS_WINDOWS */
+#endif /* WINDOWS */
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 static void sock_cleanup(void)
 	{
 	if (wsa_init_done)
@@ -148,7 +146,7 @@ static void sock_cleanup(void)
 static int sock_init(void)
 	{
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 	if (!wsa_init_done)
 		{
 		int err;
@@ -165,15 +163,15 @@ static int sock_init(void)
 			return(0);
 			}
-#ifdef OPENSSL_SYS_WIN16
+#ifdef WIN16
 		EnumTaskWindows(GetCurrentTask(),enumproc,0L);
 		lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
 		lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
 		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
-#endif /* OPENSSL_SYS_WIN16 */
+#endif /* WIN16 */
 		}
-#endif /* OPENSSL_SYS_WINDOWS */
+#endif /* WINDOWS */
 	return(1);
 	}
@@ -211,7 +209,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-#ifndef OPENSSL_SYS_MPE
+#ifndef MPE
 	i=0;
 	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 	if (i < 0) { perror("keepalive"); return(0); }
@@ -287,7 +285,7 @@ static int init_server_long(int *sock, int port, char *ip)
 #endif
 	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
 		{
-#ifndef OPENSSL_SYS_WINDOWS
+#ifndef WINDOWS
 		perror("bind");
 #endif
 		goto err;
@@ -320,7 +318,7 @@ static int do_accept(int acc_sock, int *sock, char **host)
 	if (!sock_init()) return(0);
-#ifndef OPENSSL_SYS_WINDOWS
+#ifndef WINDOWS
 redoit:
 #endif
@@ -334,7 +332,7 @@ redoit:
 	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -67,7 +67,7 @@
 #include <stdlib.h>
 #include <string.h>
-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #define USE_SOCKETS
@@ -82,7 +82,7 @@
 #include "wintext.h"
 #endif
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#if !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) || defined (_DARWIN)
 #define TIMES
 #endif
@@ -98,11 +98,11 @@
   The __TMS macro will show if it was.  If it wasn't defined, we should
   undefine TIMES, since that tells the rest of the program how things
   should be handled.				-- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
 #undef TIMES
 #endif
-#ifndef TIMES
+#if !defined(TIMES) && !defined(VXWORKS)
 #include <sys/timeb.h>
 #endif
@@ -139,6 +139,8 @@
 #undef BUFSIZZ
 #define BUFSIZZ 1024*10
 #undef min
 #undef max
 #define min(a,b) (((a) < (b)) ? (a) : (b))
 #define max(a,b) (((a) > (b)) ? (a) : (b))
@@ -174,7 +176,7 @@ static int perform=0;
 #ifdef FIONBIO
 static int t_nbio=0;
 #endif
-#ifdef OPENSSL_SYS_WIN32
+#ifdef WIN32
 static int exitNow = 0;		/* Set when it's time to exit main */
 #endif
@@ -198,7 +200,7 @@ static void s_time_init(void)
 #ifdef FIONBIO
 	t_nbio=0;
 #endif
-#ifdef OPENSSL_SYS_WIN32
+#ifdef WIN32
 	exitNow = 0;		/* Set when it's time to exit main */
 #endif
 	}
@@ -314,11 +316,11 @@ static int parseArgs(int argc, char **argv)
 		}
 	else if(strcmp(*argv,"-bugs") == 0)
 	    st_bugs=1;
-#ifndef OPENSSL_NO_SSL2
+#ifndef NO_SSL2
 	else if(strcmp(*argv,"-ssl2") == 0)
 	    s_time_meth=SSLv2_client_method();
 #endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef NO_SSL3
 	else if(strcmp(*argv,"-ssl3") == 0)
 	    s_time_meth=SSLv3_client_method();
 #endif
@@ -368,6 +370,22 @@ static double tm_Time_F(int s)
 		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
 		return((ret == 0.0)?1e-6:ret);
 	}
 #elif defined(VXWORKS)
        {
 	static unsigned long tick_start, tick_end;
 	if( s == START )
 		{
 		tick_start = tickGet();
 		return 0;
 		}
 	else
 		{
 		tick_end = tickGet();
 		ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
 		return((ret == 0.0)?1e-6:ret);
 		}
        }
 #else /* !times() */
 	static struct timeb tstart,tend;
 	long i;
@@ -406,11 +424,11 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
 	s_time_meth=SSLv23_client_method();
-#elif !defined(OPENSSL_NO_SSL3)
+#elif !defined(NO_SSL3)
 	s_time_meth=SSLv3_client_method();
-#elif !defined(OPENSSL_NO_SSL2)
+#elif !defined(NO_SSL2)
 	s_time_meth=SSLv2_client_method();
 #endif
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -156,7 +156,7 @@ int MAIN(int argc, char **argv)
 		{
 bad:
 		for (pp=sess_id_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+			BIO_printf(bio_err,*pp);
 		goto end;
 		}
@@ -208,7 +208,7 @@ bad:
 		if (outfile == NULL)
 			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -64,10 +64,10 @@
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG smime_main
 static X509_STORE *setup_verify(char *CAfile, char *CApath);
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 #define SMIME_OP	0x10
@@ -81,7 +81,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
 	ENGINE *e = NULL;
 	int operation = 0;
 	int ret = 0;
 	char **args;
@@ -89,7 +88,7 @@ int MAIN(int argc, char **argv)
 	char *infile = NULL, *outfile = NULL;
 	char *signerfile = NULL, *recipfile = NULL;
 	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
-	const EVP_CIPHER *cipher = NULL;
+	EVP_CIPHER *cipher = NULL;
 	PKCS7 *p7 = NULL;
 	X509_STORE *store = NULL;
 	X509 *cert = NULL, *recip = NULL, *signer = NULL;
@@ -104,9 +103,8 @@ int MAIN(int argc, char **argv)
 	char *inrand = NULL;
 	int need_rand = 0;
 	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
 	char *engine=NULL;
 	args = argv + 1;
 	ret = 1;
 	while (!badarg && *args && *args[0] == '-') {
@@ -115,13 +113,13 @@ int MAIN(int argc, char **argv)
 		else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
 		else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
 		else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		else if (!strcmp (*args, "-des3")) 
 				cipher = EVP_des_ede3_cbc();
 		else if (!strcmp (*args, "-des")) 
 				cipher = EVP_des_cbc();
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 		else if (!strcmp (*args, "-rc2-40")) 
 				cipher = EVP_rc2_40_cbc();
 		else if (!strcmp (*args, "-rc2-128")) 
@@ -155,11 +153,6 @@ int MAIN(int argc, char **argv)
 				inrand = *args;
 			} else badarg = 1;
 			need_rand = 1;
 		} else if (!strcmp(*args,"-engine")) {
 			if (args[1]) {
 				args++;
 				engine = *args;
 			} else badarg = 1;
 		} else if (!strcmp(*args,"-passin")) {
 			if (args[1]) {
 				args++;
@@ -266,11 +259,11 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-sign          sign message\n");
 		BIO_printf (bio_err, "-verify        verify signed message\n");
 		BIO_printf (bio_err, "-pk7out        output PKCS#7 structure\n");
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
 		BIO_printf (bio_err, "-des           encrypt with DES\n");
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
 		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
 		BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
@@ -297,7 +290,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
-		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
+		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,  "               the random number generator\n");
@@ -305,24 +298,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -349,7 +324,7 @@ int MAIN(int argc, char **argv)
 	if(operation == SMIME_ENCRYPT) {
 		if (!cipher) {
-#ifndef OPENSSL_NO_RC2			
+#ifndef NO_RC2			
 			cipher = EVP_rc2_40_cbc();
 #else
 			BIO_printf(bio_err, "No cipher selected\n");
@@ -398,7 +373,7 @@ int MAIN(int argc, char **argv)
 	} else keyfile = NULL;
 	if(keyfile) {
-		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) {
+		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
 			ERR_print_errors(bio_err);
 			goto end;
@@ -421,7 +396,7 @@ int MAIN(int argc, char **argv)
 		}
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
@@ -430,7 +405,7 @@ int MAIN(int argc, char **argv)
 	}
 	if(operation == SMIME_VERIFY) {
-		if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;
+		if(!(store = setup_verify(CAfile, CApath))) goto end;
 	}
 	ret = 3;
@@ -439,7 +414,10 @@ int MAIN(int argc, char **argv)
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
 	} else if(operation == SMIME_SIGN) {
 		p7 = PKCS7_sign(signer, key, other, in, flags);
-		BIO_reset(in);
+		if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
 		  BIO_printf(bio_err, "Can't rewind input file\n");
 		  goto end;
 		}
 	} else {
 		if(informat == FORMAT_SMIME) 
 			p7 = SMIME_read_PKCS7(in, &indata);
@@ -479,9 +457,9 @@ int MAIN(int argc, char **argv)
 	} else if(operation == SMIME_VERIFY) {
 		STACK_OF(X509) *signers;
 		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
-			BIO_printf(bio_err, "Verification Successful\n");
+			BIO_printf(bio_err, "Verification successful\n");
 		} else {
-			BIO_printf(bio_err, "Verification Failure\n");
+			BIO_printf(bio_err, "Verification failure\n");
 			goto end;
 		}
 		signers = PKCS7_get0_signers(p7, other, flags);
@@ -529,6 +507,36 @@ end:
 	return (ret);
 }
 static X509_STORE *setup_verify(char *CAfile, char *CApath)
 {
 	X509_STORE *store;
 	X509_LOOKUP *lookup;
 	if(!(store = X509_STORE_new())) goto end;
 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
 	if (lookup == NULL) goto end;
 	if (CAfile) {
 		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
 			BIO_printf(bio_err, "Error loading file %s\n", CAfile);
 			goto end;
 		}
 	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
 	if (lookup == NULL) goto end;
 	if (CApath) {
 		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
 			BIO_printf(bio_err, "Error loading directory %s\n", CApath);
 			goto end;
 		}
 	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
 	ERR_clear_error();
 	return store;
 	end:
 	X509_STORE_free(store);
 	return NULL;
 }
 static int save_certs(char *signerfile, STACK_OF(X509) *signers)
 {
 	int i;
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -75,22 +75,19 @@
 #include <string.h>
 #include <math.h>
 #include "apps.h"
-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
 #include <openssl/engine.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#if defined(__FreeBSD__) || defined(OPENSSL_SYS_MACOSX)
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN)
 # define USE_TOD
-#elif !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
+#elif !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC))
 # define TIMES
 #endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) /* FIXME */
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) && !defined(_DARWIN) && !defined(VXWORKS)
 # define TIMEB
 #endif
@@ -110,7 +107,7 @@
   The __TMS macro will show if it was.  If it wasn't defined, we should
   undefine TIMES, since that tells the rest of the program how things
   should be handled.				-- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
 #undef TIMES
 #endif
@@ -118,7 +115,7 @@
 #include <sys/timeb.h>
 #endif
-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD)
+#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(VXWORKS)
 #error "It seems neither struct tms nor struct timeb is supported in this platform!"
 #endif
@@ -128,55 +125,55 @@
 #include <sys/param.h>
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 #include <openssl/des.h>
 #endif
-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 #include <openssl/md2.h>
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef NO_MDC2
 #include <openssl/mdc2.h>
 #endif
-#ifndef OPENSSL_NO_MD4
+#ifndef NO_MD4
 #include <openssl/md4.h>
 #endif
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 #include <openssl/md5.h>
 #endif
-#ifndef OPENSSL_NO_HMAC
+#ifndef NO_HMAC
 #include <openssl/hmac.h>
 #endif
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_SHA
+#ifndef NO_SHA
 #include <openssl/sha.h>
 #endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef NO_RIPEMD
 #include <openssl/ripemd.h>
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 #include <openssl/rc4.h>
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 #include <openssl/rc5.h>
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 #include <openssl/rc2.h>
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 #include <openssl/idea.h>
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 #include <openssl/blowfish.h>
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 #include <openssl/cast.h>
 #endif
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 #include <openssl/rsa.h>
 #include "./testrsa.h"
 #endif
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 #include "./testdsa.h"
 #endif
@@ -198,7 +195,7 @@
 int run=0;
 static double Time_F(int s, int usertime);
-static void print_message(const char *s,long num,int length);
+static void print_message(char *s,long num,int length);
 static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
@@ -227,7 +224,7 @@ static double Time_F(int s, int usertime)
 #ifdef USE_TOD
 	if(usertime)
-	    {
+		{
 		static struct rusage tstart,tend;
 		if (s == START)
@@ -287,7 +284,23 @@ static double Time_F(int s, int usertime)
 # if defined(TIMES) && defined(TIMEB)
 	else
 # endif
-# ifdef TIMEB
+# ifdef VXWORKS
 		{
 		static unsigned long tick_start, tick_end;
 		if( s == START )
 			{
 			tick_start = tickGet();
 			return 0;
 			}
 		else
 			{
 			tick_end = tickGet();
 			ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
 			return((ret < 0.001)?0.001:ret);
 			}
                }
 # elif defined(TIMEB)
 		{
 		static struct timeb tstart,tend;
 		long i;
@@ -306,6 +319,7 @@ static double Time_F(int s, int usertime)
 			}
 		}
 # endif
 #endif
 	}
@@ -313,60 +327,59 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e;
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
-#define ALGOR_NUM	16
+#define ALGOR_NUM	15
 #define SIZE_NUM	5
 #define RSA_NUM		4
 #define DSA_NUM		3
-	long count,rsa_count,save_count=0;
+	long count,rsa_count;
 	int i,j,k;
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	unsigned rsa_num;
 #endif
-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 	unsigned char md2[MD2_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef NO_MDC2
 	unsigned char mdc2[MDC2_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_MD4
+#ifndef NO_MD4
 	unsigned char md4[MD4_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 	unsigned char md5[MD5_DIGEST_LENGTH];
 	unsigned char hmac[MD5_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_SHA
+#ifndef NO_SHA
 	unsigned char sha[SHA_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef NO_RIPEMD
 	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	RC4_KEY rc4_ks;
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	RC5_32_KEY rc5_ks;
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	RC2_KEY rc2_ks;
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	IDEA_KEY_SCHEDULE idea_ks;
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	BF_KEY bf_ks;
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	CAST_KEY cast_ks;
 #endif
 	static unsigned char key16[16]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
 	unsigned char iv[8];
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	des_cblock *buf_as_des_cblock = NULL;
 	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
 	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
@@ -388,11 +401,10 @@ int MAIN(int argc, char **argv)
 #define	D_CBC_RC5	12
 #define	D_CBC_BF	13
 #define	D_CBC_CAST	14
 #define D_EVP		15
 	double d,results[ALGOR_NUM][SIZE_NUM];
 	static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
 	long c[ALGOR_NUM][SIZE_NUM];
-	static const char *names[ALGOR_NUM]={
+	static char *names[ALGOR_NUM]={
 		"md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
 		"des cbc","des ede3","idea cbc",
 		"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
@@ -403,7 +415,7 @@ int MAIN(int argc, char **argv)
 #define	R_RSA_1024	1
 #define	R_RSA_2048	2
 #define	R_RSA_4096	3
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	RSA *rsa_key[RSA_NUM];
 	long rsa_c[RSA_NUM][2];
 	double rsa_results[RSA_NUM][2];
@@ -414,7 +426,7 @@ int MAIN(int argc, char **argv)
 		sizeof(test512),sizeof(test1024),
 		sizeof(test2048),sizeof(test4096)};
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	DSA *dsa_key[DSA_NUM];
 	long dsa_c[DSA_NUM][2];
 	double dsa_results[DSA_NUM][2];
@@ -425,7 +437,6 @@ int MAIN(int argc, char **argv)
 	int doit[ALGOR_NUM];
 	int pr_header=0;
 	int usertime=1;
 	const EVP_CIPHER *evp=NULL;
 #ifndef TIMES
 	usertime=-1;
@@ -433,7 +444,7 @@ int MAIN(int argc, char **argv)
 	apps_startup();
 	memset(results, 0, sizeof(results));
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	memset(dsa_key,0,sizeof(dsa_key));
 #endif
@@ -441,7 +452,7 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	memset(rsa_key,0,sizeof(rsa_key));
 	for (i=0; i<RSA_NUM; i++)
 		rsa_key[i]=NULL;
@@ -452,7 +463,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	buf_as_des_cblock = (des_cblock *)buf;
 #endif
 	if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
@@ -478,81 +489,33 @@ int MAIN(int argc, char **argv)
 		{
 		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
 			usertime = 0;
-		else if	((argc > 0) && (strcmp(*argv,"-evp") == 0))
+#ifndef NO_MD2
 			{
 			argc--;
 			argv++;
 			if(argc == 0)
 				{
 				BIO_printf(bio_err,"no EVP given\n");
 				goto end;
 				}
 			evp=EVP_get_cipherbyname(*argv);
 			if(!evp)
 				{
 				BIO_printf(bio_err,"%s is an unknown cipher\n",*argv);
 				goto end;
 				}
 			doit[D_EVP]=1;
 			}
 		else
 		if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
 			{
 			argc--;
 			argv++;
 			if(argc == 0)
 				{
 				BIO_printf(bio_err,"no engine given\n");
 				goto end;
 				}
 			if((e = ENGINE_by_id(*argv)) == NULL)
 				{
 				BIO_printf(bio_err,"invalid engine \"%s\"\n",
 					*argv);
 				goto end;
 				}
 			if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 				{
 				BIO_printf(bio_err,"can't use that engine\n");
 				goto end;
 				}
 			BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
 			/* Free our "structural" reference. */
 			ENGINE_free(e);
 			/* It will be increased again further down.  We just
 			   don't want speed to confuse an engine with an
 			   algorithm, especially when none is given (which
 			   means all of them should be run) */
 			j--;
 			}
 		else
 #ifndef OPENSSL_NO_MD2
 		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef NO_MDC2
 			if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_MD4
+#ifndef NO_MD4
 			if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 			if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 			if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_SHA
+#ifndef NO_SHA
 			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
 		else
 			if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef NO_RIPEMD
 			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
 		else
 			if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
@@ -560,20 +523,20 @@ int MAIN(int argc, char **argv)
 			if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 			if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
 		else 
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 			if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
 		else	if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
-#if 0 /* was: #ifdef RSAref */
+#ifdef RSAref
 			if (strcmp(*argv,"rsaref") == 0) 
 			{
-			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
+			RSA_set_default_method(RSA_PKCS1_RSAref());
 			j--;
 			}
 		else
@@ -581,12 +544,12 @@ int MAIN(int argc, char **argv)
 #ifndef RSA_NULL
 			if (strcmp(*argv,"openssl") == 0) 
 			{
-			RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
+			RSA_set_default_method(RSA_PKCS1_SSLeay());
 			j--;
 			}
 		else
 #endif
-#endif /* !OPENSSL_NO_RSA */
+#endif /* !NO_RSA */
 		     if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
 		else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
 		else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
@@ -595,34 +558,34 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
 		else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
 		else
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 		     if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
 		else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 		     if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
 		else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		     if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
 		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 		     if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
 		else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
 		else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 			if (strcmp(*argv,"des") == 0)
 			{
 			doit[D_CBC_DES]=1;
@@ -630,7 +593,7 @@ int MAIN(int argc, char **argv)
 			}
 		else
 #endif
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 			if (strcmp(*argv,"rsa") == 0)
 			{
 			rsa_doit[R_RSA_512]=1;
@@ -640,7 +603,7 @@ int MAIN(int argc, char **argv)
 			}
 		else
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 			if (strcmp(*argv,"dsa") == 0)
 			{
 			dsa_doit[R_DSA_512]=1;
@@ -652,91 +615,85 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"Error: bad option or value\n");
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"Available values:\n");
-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 			BIO_printf(bio_err,"md2      ");
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef NO_MDC2
 			BIO_printf(bio_err,"mdc2     ");
 #endif
-#ifndef OPENSSL_NO_MD4
+#ifndef NO_MD4
 			BIO_printf(bio_err,"md4      ");
 #endif
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 			BIO_printf(bio_err,"md5      ");
-#ifndef OPENSSL_NO_HMAC
+#ifndef NO_HMAC
 			BIO_printf(bio_err,"hmac     ");
 #endif
 #endif
-#ifndef OPENSSL_NO_SHA1
+#ifndef NO_SHA1
 			BIO_printf(bio_err,"sha1     ");
 #endif
-#ifndef OPENSSL_NO_RIPEMD160
+#ifndef NO_RIPEMD160
 			BIO_printf(bio_err,"rmd160");
 #endif
-#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
+#if !defined(NO_MD2) || !defined(NO_MDC2) || !defined(NO_MD4) || !defined(NO_MD5) || !defined(NO_SHA1) || !defined(NO_RIPEMD160)
    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160)
 			BIO_printf(bio_err,"\n");
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 			BIO_printf(bio_err,"idea-cbc ");
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 			BIO_printf(bio_err,"rc2-cbc  ");
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 			BIO_printf(bio_err,"rc5-cbc  ");
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 			BIO_printf(bio_err,"bf-cbc");
 #endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
+#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_BF) || !defined(NO_RC5)
    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
 			BIO_printf(bio_err,"\n");
 #endif
 			BIO_printf(bio_err,"des-cbc  des-ede3 ");
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 			BIO_printf(bio_err,"rc4");
 #endif
 			BIO_printf(bio_err,"\n");
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 			BIO_printf(bio_err,"rsa512   rsa1024  rsa2048  rsa4096\n");
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 			BIO_printf(bio_err,"idea     ");
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 			BIO_printf(bio_err,"rc2      ");
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 			BIO_printf(bio_err,"des      ");
 #endif
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 			BIO_printf(bio_err,"rsa      ");
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 			BIO_printf(bio_err,"blowfish");
 #endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
+#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_DES) || !defined(NO_RSA) || !defined(NO_BF)
    !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \
    !defined(OPENSSL_NO_BF)
 			BIO_printf(bio_err,"\n");
 #endif
 #ifdef TIMES
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"Available options:\n");
 #ifdef TIMES
 			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
 			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 			goto end;
 			}
 		argc--;
@@ -747,10 +704,7 @@ int MAIN(int argc, char **argv)
 	if (j == 0)
 		{
 		for (i=0; i<ALGOR_NUM; i++)
-			{
+			doit[i]=1;
 			if (i != D_EVP)
 				doit[i]=1;
 			}
 		for (i=0; i<RSA_NUM; i++)
 			rsa_doit[i]=1;
 		for (i=0; i<DSA_NUM; i++)
@@ -767,10 +721,10 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"program when this computer is idle.\n");
 		}
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	for (i=0; i<RSA_NUM; i++)
 		{
-		const unsigned char *p;
+		unsigned char *p;
 		p=rsa_data[i];
 		rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
@@ -790,40 +744,40 @@ int MAIN(int argc, char **argv)
 		}
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	dsa_key[0]=get_dsa512();
 	dsa_key[1]=get_dsa1024();
 	dsa_key[2]=get_dsa2048();
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	des_set_key_unchecked(&key,sch);
 	des_set_key_unchecked(&key2,sch2);
 	des_set_key_unchecked(&key3,sch3);
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	idea_set_encrypt_key(key16,&idea_ks);
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	RC4_set_key(&rc4_ks,16,key16);
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	RC2_set_key(&rc2_ks,16,key16,128);
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	RC5_32_set_key(&rc5_ks,16,key16,12);
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	BF_set_key(&bf_ks,16,key16);
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	CAST_set_key(&cast_ks,16,key16);
 #endif
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	memset(rsa_c,0,sizeof(rsa_c));
 #endif
 #ifndef SIGALRM
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
 	count=10;
 	do	{
@@ -835,7 +789,6 @@ int MAIN(int argc, char **argv)
 				&(sch[0]),DES_ENCRYPT);
 		d=Time_F(STOP,usertime);
 		} while (d <3);
 	save_count=count;
 	c[D_MD2][0]=count/10;
 	c[D_MDC2][0]=count/10;
 	c[D_MD4][0]=count;
@@ -877,7 +830,7 @@ int MAIN(int argc, char **argv)
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
 		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
 		}
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;
 	rsa_c[R_RSA_512][1]=count/400;
 	for (i=1; i<RSA_NUM; i++)
@@ -897,6 +850,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 #ifndef NO_DSA
 	dsa_c[R_DSA_512][0]=count/1000;
 	dsa_c[R_DSA_512][1]=count/1000/2;
 	for (i=1; i<DSA_NUM; i++)
@@ -914,20 +868,21 @@ int MAIN(int argc, char **argv)
 				}
 			}				
 		}
 #endif
 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
 #else
 /* not worth fixing */
 # error "You cannot disable DES on systems without SIGALRM."
-#endif /* OPENSSL_NO_DES */
+#endif /* NO_DES */
 #else
 #define COND(c)	(run)
 #define COUNT(d) (count)
 	signal(SIGALRM,sig_done);
 #endif /* SIGALRM */
-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 	if (doit[D_MD2])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -943,7 +898,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef NO_MDC2
 	if (doit[D_MDC2])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -960,7 +915,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif
-#ifndef OPENSSL_NO_MD4
+#ifndef NO_MD4
 	if (doit[D_MD4])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -977,7 +932,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 	if (doit[D_MD5])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -994,7 +949,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif
-#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
+#if !defined(NO_MD5) && !defined(NO_HMAC)
 	if (doit[D_HMAC])
 		{
 		HMAC_CTX hctx;
@@ -1018,7 +973,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_SHA
+#ifndef NO_SHA
 	if (doit[D_SHA1])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1034,7 +989,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef NO_RIPEMD
 	if (doit[D_RMD160])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1050,7 +1005,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	if (doit[D_RC4])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1067,7 +1022,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	if (doit[D_CBC_DES])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1101,7 +1056,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	if (doit[D_CBC_IDEA])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1119,7 +1074,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	if (doit[D_CBC_RC2])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1137,7 +1092,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	if (doit[D_CBC_RC5])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1155,7 +1110,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	if (doit[D_CBC_BF])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1173,7 +1128,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	if (doit[D_CBC_CAST])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1192,30 +1147,8 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 	if (doit[D_EVP])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			EVP_CIPHER_CTX ctx;
 			int outl;
 			names[D_EVP]=OBJ_nid2ln(evp->nid);
 			print_message(names[D_EVP],save_count,
 						  lengths[j]);
 			EVP_EncryptInit(&ctx,evp,key16,iv);
 			Time_F(START,usertime);
 			for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
 			    EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
 			EVP_EncryptFinal(&ctx,buf,&outl);
 			d=Time_F(STOP,usertime);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 					   count,names[D_EVP],d);
 			results[D_EVP][j]=((double)count)/d*lengths[j];
 			}
 		}
 	RAND_pseudo_bytes(buf,36);
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	for (j=0; j<RSA_NUM; j++)
 		{
 		int ret;
@@ -1261,7 +1194,7 @@ int MAIN(int argc, char **argv)
 			{
 			BIO_printf(bio_err,"RSA verify failure.  No RSA verify will be done.\n");
 			ERR_print_errors(bio_err);
-			dsa_doit[j] = 0;
+			rsa_doit[j] = 0;
 			}
 		else
 			{
@@ -1300,7 +1233,7 @@ int MAIN(int argc, char **argv)
 #endif
 	RAND_pseudo_bytes(buf,20);
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	if (RAND_status() != 1)
 		{
 		RAND_seed(rnd_seed, sizeof rnd_seed);
@@ -1395,19 +1328,19 @@ int MAIN(int argc, char **argv)
        fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
 	printf("options:");
 	printf("%s ",BN_options());
-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 	printf("%s ",MD2_options());
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	printf("%s ",RC4_options());
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	printf("%s ",des_options());
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	printf("%s ",idea_options());
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	printf("%s ",BF_options());
 #endif
 	fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
@@ -1434,7 +1367,7 @@ int MAIN(int argc, char **argv)
 			}
 		fprintf(stdout,"\n");
 		}
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	j=1;
 	for (k=0; k<RSA_NUM; k++)
 		{
@@ -1450,7 +1383,7 @@ int MAIN(int argc, char **argv)
 		fprintf(stdout,"\n");
 		}
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	j=1;
 	for (k=0; k<DSA_NUM; k++)
 		{
@@ -1467,15 +1400,14 @@ int MAIN(int argc, char **argv)
 #endif
 	mret=0;
 end:
 	ERR_print_errors(bio_err);
 	if (buf != NULL) OPENSSL_free(buf);
 	if (buf2 != NULL) OPENSSL_free(buf2);
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	for (i=0; i<RSA_NUM; i++)
 		if (rsa_key[i] != NULL)
 			RSA_free(rsa_key[i]);
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	for (i=0; i<DSA_NUM; i++)
 		if (dsa_key[i] != NULL)
 			DSA_free(dsa_key[i]);
@@ -1483,7 +1415,7 @@ end:
 	EXIT(mret);
 	}
-static void print_message(const char *s, long num, int length)
+static void print_message(char *s, long num, int length)
 	{
 #ifdef SIGALRM
 	BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -69,7 +69,6 @@
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	spkac_main
@@ -82,7 +81,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i,badops=0, ret = 1;
 	BIO *in = NULL,*out = NULL, *key = NULL;
 	int verify=0,noout=0,pubkey=0;
@@ -93,7 +91,6 @@ int MAIN(int argc, char **argv)
 	LHASH *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
 	char *engine=NULL;
 	apps_startup();
@@ -139,11 +136,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -169,7 +161,6 @@ bad:
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
 		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		goto end;
 		}
@@ -179,24 +170,6 @@ bad:
 		goto end;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(keyfile) {
 		if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
 		else key = BIO_new_fp(stdin, BIO_NOCLOSE);
@@ -221,7 +194,7 @@ bad:
 		if (outfile) out = BIO_new_file(outfile, "w");
 		else {
 			out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 			{
 			    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			    out = BIO_push(tmpbio, out);
@@ -278,7 +251,7 @@ bad:
 	if (outfile) out = BIO_new_file(outfile, "w");
 	else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -65,7 +65,6 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	verify_main
@@ -79,7 +78,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i,ret=1;
 	int purpose = -1;
 	char *CApath=NULL,*CAfile=NULL;
@@ -87,7 +85,6 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
 	char *engine=NULL;
 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
@@ -140,11 +137,6 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				trustfile= *(++argv);
 				}
 			else if (strcmp(*argv,"-engine") == 0)
 				{
 				if (--argc < 1) goto end;
 				engine= *(++argv);
 				}
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
 			else if (strcmp(*argv,"-issuer_checks") == 0)
@@ -162,24 +154,6 @@ int MAIN(int argc, char **argv)
 			break;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
 	if (CAfile) {
@@ -227,7 +201,7 @@ int MAIN(int argc, char **argv)
 	ret=0;
 end:
 	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;
--- a/apps/version.c
+++ b/apps/version.c
@@ -71,7 +71,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	int i,ret=0;
-	int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
+	int cflags=0,version=0,date=0,options=0,platform=0;
 	apps_startup();
@@ -92,10 +92,8 @@ int MAIN(int argc, char **argv)
 			options=1;
 		else if (strcmp(argv[i],"-p") == 0)
 			platform=1;
 		else if (strcmp(argv[i],"-d") == 0)
 			dir=1;
 		else if (strcmp(argv[i],"-a") == 0)
-			date=version=cflags=options=platform=dir=1;
+			date=version=cflags=options=platform=1;
 		else
 			{
 			BIO_printf(bio_err,"usage:version -[avbofp]\n");
@@ -111,25 +109,24 @@ int MAIN(int argc, char **argv)
 		{
 		printf("options:  ");
 		printf("%s ",BN_options());
-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 		printf("%s ",MD2_options());
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 		printf("%s ",RC4_options());
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		printf("%s ",des_options());
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		printf("%s ",idea_options());
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 		printf("%s ",BF_options());
 #endif
 		printf("\n");
 		}
 	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
 	if (dir)  printf("%s\n",SSLeay_version(SSLEAY_DIR));
 end:
 	EXIT(ret);
 	}
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -60,7 +60,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -73,7 +73,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG x509_main
@@ -106,7 +105,6 @@ static char *x509_usage[]={
 " -fingerprint    - print the certificate fingerprint\n",
 " -alias          - output certificate alias\n",
 " -noout          - no certificate output\n",
 " -ocspid         - print OCSP hash values for the subject name and public key\n",
 " -trustout       - output a \"trusted\" certificate\n",
 " -clrtrust       - clear all trusted purposes\n",
 " -clrreject      - clear all rejected purposes\n",
@@ -124,7 +122,6 @@ static char *x509_usage[]={
 "                   missing, it is assumed to be in the CA file.\n",
 " -CAcreateserial - create serial number file if it does not exist\n",
 " -CAserial       - serial file\n",
 " -set_serial     - serial number to use\n",
 " -text           - print the certificate in text form\n",
 " -C              - print out C code forms\n",
 " -md2/-md5/-sha1/-mdc2 - digest to use\n",
@@ -132,8 +129,6 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
 " -engine e       - use engine e, possibly a hardware device.\n",
 " -certopt arg    - various certificate text options\n",
 NULL
 };
@@ -142,8 +137,7 @@ static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *dige
 						LHASH *conf, char *section);
 static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
 			 X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
-			 int create,int days, int clrext, LHASH *conf, char *section,
+			 int create,int days, int clrext, LHASH *conf, char *section);
 						ASN1_INTEGER *sno);
 static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
 static int reqfile=0;
@@ -151,13 +145,11 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	X509_REQ *req=NULL;
 	X509 *x=NULL,*xca=NULL;
 	ASN1_OBJECT *objtmp;
 	EVP_PKEY *Upkey=NULL,*CApkey=NULL;
 	ASN1_INTEGER *sno = NULL;
 	int i,num,badops=0;
 	BIO *out=NULL;
 	BIO *STDout=NULL;
@@ -167,7 +159,6 @@ int MAIN(int argc, char **argv)
 	char *CAkeyfile=NULL,*CAserial=NULL;
 	char *alias=NULL;
 	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
 	int ocspid=0;
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
@@ -183,8 +174,7 @@ int MAIN(int argc, char **argv)
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
-	unsigned long nmflag = 0, certflag = 0;
+	unsigned long nmflag = 0;
 	char *engine=NULL;
 	reqfile=0;
@@ -193,7 +183,7 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	STDout = BIO_push(tmpbio, STDout);
@@ -243,7 +233,7 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-CAkeyform") == 0)
 			{
 			if (--argc < 1) goto bad;
-			CAformat=str2fmt(*(++argv));
+			CAkeyformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
@@ -304,12 +294,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			CAserial= *(++argv);
 			}
 		else if (strcmp(*argv,"-set_serial") == 0)
 			{
 			if (--argc < 1) goto bad;
 			if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
 				goto bad;
 			}
 		else if (strcmp(*argv,"-addtrust") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -342,11 +326,6 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
 		else if (strcmp(*argv,"-certopt") == 0)
 			{
 			if (--argc < 1) goto bad;
 			if (!set_cert_ex(&certflag, *(++argv))) goto bad;
 			}
 		else if (strcmp(*argv,"-nameopt") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -358,11 +337,6 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-C") == 0)
 			C= ++num;
 		else if (strcmp(*argv,"-email") == 0)
@@ -423,8 +397,6 @@ int MAIN(int argc, char **argv)
 			clrext = 1;
 			}
 #endif
 		else if (strcmp(*argv,"-ocspid") == 0)
 			ocspid= ++num;
 		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
 			{
 			/* ok */
@@ -444,28 +416,10 @@ int MAIN(int argc, char **argv)
 		{
 bad:
 		for (pp=x509_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+			BIO_printf(bio_err,*pp);
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (need_rand)
 		app_RAND_load_file(NULL, bio_err, 0);
@@ -507,15 +461,8 @@ bad:
 							,errorline,extfile);
 			goto end;
 			}
-		if (!extsect)
+		if (!extsect && !(extsect = CONF_get_string(extconf, "default",
-			{
+					 "extensions"))) extsect = "default";
 			extsect = CONF_get_string(extconf, "default", "extensions");
 			if (!extsect)
 				{
 				ERR_clear_error();
 				extsect = "default";
 				}
 			}
 		X509V3_set_ctx_test(&ctx2);
 		X509V3_set_conf_lhash(&ctx2, extconf);
 		if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
@@ -602,12 +549,7 @@ bad:
 		if ((x=X509_new()) == NULL) goto end;
 		ci=x->cert_info;
-		if (sno)
+		if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
 			{
 			if (!X509_set_serialNumber(x, sno))
 				goto end;
 			}
 		else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
 		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
 		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
@@ -642,7 +584,7 @@ bad:
 		if (outfile == NULL)
 			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
@@ -746,12 +688,12 @@ bad:
 					goto end;
 					}
 				BIO_printf(STDout,"Modulus=");
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 				if (pkey->type == EVP_PKEY_RSA)
 					BN_print(STDout,pkey->pkey.rsa->n);
 				else
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 				if (pkey->type == EVP_PKEY_DSA)
 					BN_print(STDout,pkey->pkey.dsa->pub_key);
 				else
@@ -832,7 +774,7 @@ bad:
 				}
 			else if (text == i)
 				{
-				X509_print_ex(out,x,nmflag, certflag);
+				X509_print(out,x);
 				}
 			else if (startdate == i)
 				{
@@ -874,10 +816,10 @@ bad:
 				if (Upkey == NULL)
 					{
 					Upkey=load_key(bio_err,
-						keyfile,keyformat, passin, e);
+						keyfile,keyformat, passin);
 					if (Upkey == NULL) goto end;
 					}
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		                if (Upkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
@@ -892,11 +834,10 @@ bad:
 				if (CAkeyfile != NULL)
 					{
 					CApkey=load_key(bio_err,
-						CAkeyfile,CAkeyformat, passin,
+						CAkeyfile,CAkeyformat, passin);
 						e);
 					if (CApkey == NULL) goto end;
 					}
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		                if (CApkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
@@ -904,7 +845,7 @@ bad:
 				assert(need_rand);
 				if (!x509_certify(ctx,CAfile,digest,x,xca,
 					CApkey, CAserial,CA_createserial,days, clrext,
-					extconf, extsect, sno))
+					extconf, extsect))
 					goto end;
 				}
 			else if (x509req == i)
@@ -920,14 +861,16 @@ bad:
 				else
 					{
 					pk=load_key(bio_err,
-						keyfile,FORMAT_PEM, passin, e);
+						keyfile,FORMAT_PEM, passin);
 					if (pk == NULL) goto end;
 					}
 				BIO_printf(bio_err,"Generating certificate request\n");
 #ifndef NO_DSA
 		                if (pk->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
 				rq=X509_to_X509_REQ(x,pk,digest);
 				EVP_PKEY_free(pk);
@@ -943,10 +886,6 @@ bad:
 					}
 				noout=1;
 				}
 			else if (ocspid == i)
 				{
 				X509_ocspid_print(out, x);
 				}
 			}
 		}
@@ -1019,22 +958,32 @@ end:
 	EVP_PKEY_free(Upkey);
 	EVP_PKEY_free(CApkey);
 	X509_REQ_free(rq);
 	ASN1_INTEGER_free(sno);
 	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
 	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
 	if (passin) OPENSSL_free(passin);
 	EXIT(ret);
 	}
-static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
 	     int days, int clrext, LHASH *conf, char *section)
 	{
-	char *buf = NULL, *p;
+	int ret=0;
 	BIO *io=NULL;
 	MS_STATIC char buf2[1024];
-	ASN1_INTEGER *bs = NULL, *bs2 = NULL;
+	char *buf=NULL,*p;
-	BIO *io = NULL;
+	BIGNUM *serial=NULL;
-	BIGNUM *serial = NULL;
+	ASN1_INTEGER *bs=NULL,bs2;
 	X509_STORE_CTX xsc;
 	EVP_PKEY *upkey;
-	buf=OPENSSL_malloc( ((serialfile == NULL)
+	upkey = X509_get_pubkey(xca);
 	EVP_PKEY_copy_parameters(upkey,pkey);
 	EVP_PKEY_free(upkey);
 	X509_STORE_CTX_init(&xsc,ctx,x,NULL);
 	buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+
 		((serialfile == NULL)
 			?(strlen(CAfile)+strlen(POSTFIX)+1)
 			:(strlen(serialfile)))+1);
 	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
@@ -1100,51 +1049,20 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
 	if (!BN_add_word(serial,1))
 		{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
-	if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
+	bs2.data=(unsigned char *)buf2;
-		{ BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
+	bs2.length=BN_bn2bin(serial,bs2.data);
 	if (BIO_write_filename(io,buf) <= 0)
 		{
 		BIO_printf(bio_err,"error attempting to write serial number file\n");
 		perror(buf);
 		goto end;
 		}
-	i2a_ASN1_INTEGER(io,bs2);
+	i2a_ASN1_INTEGER(io,&bs2);
 	BIO_puts(io,"\n");
 	BIO_free(io);
 	if (buf) OPENSSL_free(buf);
 	ASN1_INTEGER_free(bs2);
 	BN_free(serial);
 	io=NULL;
-	return bs;
+	
 	end:
 	if (buf) OPENSSL_free(buf);
 	BIO_free(io);
 	ASN1_INTEGER_free(bs);
 	BN_free(serial);
 	return NULL;
 	}
 static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
 	     int days, int clrext, LHASH *conf, char *section, ASN1_INTEGER *sno)
 	{
 	int ret=0;
 	ASN1_INTEGER *bs=NULL;
 	X509_STORE_CTX xsc;
 	EVP_PKEY *upkey;
 	upkey = X509_get_pubkey(xca);
 	EVP_PKEY_copy_parameters(upkey,pkey);
 	EVP_PKEY_free(upkey);
 	X509_STORE_CTX_init(&xsc,ctx,x,NULL);
 	if (sno) bs = sno;
 	else if (!(bs = load_serial(CAfile, serialfile, create)))
 		goto end;
 	if (!X509_STORE_add_cert(ctx,x)) goto end;
 	/* NOTE: this certificate can/should be self signed, unless it was
@@ -1189,7 +1107,10 @@ end:
 	X509_STORE_CTX_cleanup(&xsc);
 	if (!ret)
 		ERR_print_errors(bio_err);
-	if (!sno) ASN1_INTEGER_free(bs);
+	if (buf != NULL) OPENSSL_free(buf);
 	if (bs != NULL) ASN1_INTEGER_free(bs);
 	if (io != NULL)	BIO_free(io);
 	if (serial != NULL) BN_free(serial);
 	return ret;
 	}
@@ -1282,3 +1203,6 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
 		}
 	return 1;
 }
--- a/bugs/stream.c
+++ b/bugs/stream.c
@@ -58,7 +58,7 @@
 #include <stdio.h>
 #include <openssl/rc4.h>
-#ifdef OPENSSL_NO_DES
+#ifdef NO_DES
 #include <des.h>
 #else
 #include <openssl/des.h>
--- a/certs/RegTP-4R.pem
+++ b/certs/RegTP-4R.pem
@@ -1,19 +0,0 @@
 issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
 notBefore=Jan 21 16:04:53 1999 GMT
 notAfter=Jan 21 16:04:53 2004 GMT
 subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
 -----BEGIN CERTIFICATE-----
 MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
 MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
 dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
 MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
 AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
 dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
 IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
 aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
 jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
 5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
 JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
 Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
 JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
 -----END CERTIFICATE-----
--- a/certs/RegTP-5R.pem
+++ b/certs/RegTP-5R.pem
@@ -1,19 +0,0 @@
 issuer= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
 notBefore=Mar 22 08:55:51 2000 GMT
 notAfter=Mar 22 08:55:51 2005 GMT
 subject= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
 -----BEGIN CERTIFICATE-----
 MIICaDCCAdSgAwIBAgIDDIOqMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
 OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
 aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4w
 IhgPMjAwMDAzMjIwODU1NTFaGA8yMDA1MDMyMjA4NTU1MVowbzELMAkGA1UEBhMC
 REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
 bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0Eg
 MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAih5BUycfBpqKhU8RDsaS
 vV5AtzWeXQRColL9CH3t0DKnhjKAlJ8iccFtJNv+d3bh8bb9sh0maRSo647xP7hs
 HTjKgTE4zM5BYNfXvST79OtcMgAzrnDiGjQIIWv8xbfV1MqxxdtZJygrwzRMb9jG
 CAGoJEymoyzAMNG7tSdBWnUCBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
 KyQDAwECBQADgYEAOaK8ihVSBUcL2IdVBxZYYUKwMz5m7H3zqhN8W9w+iafWudH6
 b+aahkbENEwzg3C3v5g8nze7v7ssacQze657LHjP+e7ksUDIgcS4R1pU2eN16bjS
 P/qGPF3rhrIEHoK5nJULkjkZYTtNiOvmQ/+G70TXDi3Os/TwLlWRvu+7YLM=
 -----END CERTIFICATE-----
--- a/certs/RegTP-6R.pem
+++ b/certs/RegTP-6R.pem
@@ -1,19 +0,0 @@
 issuer= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
 notBefore=Feb  1 09:52:17 2001 GMT
 notAfter=Jun  1 09:52:17 2005 GMT
 subject= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
 -----BEGIN CERTIFICATE-----
 MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
 OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
 aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
 IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
 REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
 bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
 MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
 wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
 mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
 ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
 KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
 IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
 XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
 -----END CERTIFICATE-----
--- a/262
+++ b/262
@@ -20,31 +20,6 @@
 # Be as similar to the output of config.guess/config.sub
 # as possible.
 PREFIX=""
 SUFFIX=""
 TEST="false"
 # pick up any command line args to config
 for i
 do
 case "$i" in 
 -d*) PREFIX="debug-";;
 -t*) TEST="true";;
 -h*) TEST="true"; cat <<EOF
 Usage: config [options]
 -d	Add a debug- prefix to machine choice.
 -t	Test mode, do not run the Configure perl script.
 -h	This help.
 Any other text will be passed to the Configure perl script.
 See INSTALL for instructions.
 EOF
 ;;
 *) options=$options" $i" ;;
 esac
 done
 # First get uname entries that we use below
 MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
@@ -74,10 +49,18 @@ if [ "x$XREL" != "x" ]; then
 		echo "whatever-whatever-sco5"; exit 0
 		;;
 	    4.2MP)
-		if [ "x$VERSION" = "x2.1.1" ]; then
+		if [ "x$VERSION" = "x2.01" ]; then
 		    echo "${MACHINE}-whatever-unixware201"; exit 0
 		elif [ "x$VERSION" = "x2.02" ]; then
 		    echo "${MACHINE}-whatever-unixware202"; exit 0
 		elif [ "x$VERSION" = "x2.03" ]; then
 		    echo "${MACHINE}-whatever-unixware203"; exit 0
 		elif [ "x$VERSION" = "x2.1.1" ]; then
 		    echo "${MACHINE}-whatever-unixware211"; exit 0
 		elif [ "x$VERSION" = "x2.1.2" ]; then
 		    echo "${MACHINE}-whatever-unixware212"; exit 0
 		elif [ "x$VERSION" = "x2.1.3" ]; then
 		    echo "${MACHINE}-whatever-unixware213"; exit 0
 		else
 		    echo "${MACHINE}-whatever-unixware2"; exit 0
 		fi
@@ -85,6 +68,11 @@ if [ "x$XREL" != "x" ]; then
 	    4.2)
 		echo "whatever-whatever-unixware1"; exit 0
 		;;
     OpenUNIX)
 		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
 		    echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
 		fi
 		;;
 	    5)
 		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
 		    echo "${MACHINE}-sco-unixware7"; exit 0
@@ -104,6 +92,14 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "m68k-apple-aux3"; exit 0
 	;;
    AIX:[3456789]:4:*)
 	echo "${MACHINE}-ibm-aix43"; exit 0
 	;;
    AIX:*:[56789]:*)
 	echo "${MACHINE}-ibm-aix43"; exit 0
 	;;
    AIX:*)
 	echo "${MACHINE}-ibm-aix"; exit 0
 	;;
@@ -151,10 +147,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-linux1"; exit 0
 	;;
    GNU*)
 	echo "hurd-x86"; exit 0;
 	;;
    LynxOS:*)
 	echo "${MACHINE}-lynx-lynxos"; exit 0
 	;;
@@ -208,15 +200,33 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-openbsd"; exit 0
 	;;
    OpenUNIX:*)
 	echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
 	;;
    OSF1:*:*:*alpha*)
-	echo "${MACHINE}-dec-osf"; exit 0
+	OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
 	case "$OSFMAJOR" in
 	    4|5)
 		echo "${MACHINE}-dec-tru64"; exit 0
 		;;
 	    1|2|3)
 		echo "${MACHINE}-dec-osf"; exit 0
 		;;
 	    *)
 		echo "${MACHINE}-dec-osf"; exit 0
 		;;
 	esac
 	;;
    QNX:*)
-	case "$VERSION" in
+	case "$RELEASE" in
 	    4*)
 		echo "${MACHINE}-whatever-qnx4"
 		;;
 	    6*)
 		echo "${MACHINE}-whatever-qnx6"
 		;;
 	    *)
 		echo "${MACHINE}-whatever-qnx"
 		;;
@@ -233,15 +243,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	;;
    Darwin:*)
-	case "$MACHINE" in
+	echo "ppc-apple-darwin"; exit 0
 	    Power*)
 		echo "ppc-apple-darwin${VERSION}"
 		;;
 	    *)
 		echo "i386-apple-darwin${VERSION}"
 		;;
 	esac
 	exit 0
 	;;
    SunOS:5.*)
@@ -296,6 +298,25 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "mips-sony-newsos4"; exit 0;
 	;;
    CYGWIN*)
 	case "$RELEASE" in
 	    [bB]*|1.0|1.[12].*)
 		echo "${MACHINE}-whatever-cygwin_pre1.3"
 		;;
 	    *)
 		echo "${MACHINE}-whatever-cygwin"
 		;;
 	esac
 	exit 0
 	;;
    *"CRAY T3E")
       echo "t3e-cray-unicosmk"; exit 0;
       ;;
    *CRAY*)
       echo "j90-cray-unicos"; exit 0;
       ;;
 esac
 #
@@ -333,19 +354,60 @@ exit 0
 # this is where the translation occurs into SSLeay terms
 # ---------------------------------------------------------------------------
 PREFIX=""
 SUFFIX=""
 TEST="false"
 # pick up any command line args to config
 for i
 do
 case "$i" in 
 -d*) PREFIX="debug-";;
 -t*) TEST="true";;
 -h*) TEST="true"; cat <<EOF
 Usage: config [options]
 -d	Add a debug- prefix to machine choice.
 -t	Test mode, do not run the Configure perl script.
 -h	This help.
 Any other text will be passed to the Configure perl script.
 See INSTALL for instructions.
 EOF
 ;;
 *) options=$options" $i" ;;
 esac
 done
 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
-GCCVER=`(gcc --version) 2>/dev/null`
+GCCVER=`(gcc -dumpversion) 2>/dev/null`
 if [ "$GCCVER" != "" ]; then
  CC=gcc
-  # then strip off whatever prefix Cygnus prepends the number with...
+  # then strip off whatever prefix egcs prepends the number with...
-  GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
+  # Hopefully, this will work for any future prefixes as well.
  GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
  # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
  # does give us what we want though, so we use that.  We just just the
  # major and minor version numbers.
  # peak single digit before and after first dot, e.g. 2.95.1 gives 29
  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
 else
  CC=cc
 fi
-
+GCCVER=${GCCVER:-0}
 if [ "$SYSTEM" = "HP-UX" ];then
  # By default gcc is a ILP32 compiler (with long long == 64).
  GCC_BITS="32"
  if [ $GCCVER -ge 30 ]; then
    # PA64 support only came in with gcc 3.0.x.
    # We look for the preprocessor symbol __LP64__ indicating
    # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
    if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
      GCC_BITS="64"
    fi
  fi
 fi
 if [ "$SYSTEM" = "SunOS" ]; then
  # check for WorkShop C, expected output is "cc: blah-blah C x.x"
  CCVER=`(cc -V 2>&1) 2>/dev/null | \
@@ -411,9 +473,7 @@ case "$GUESSOS" in
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
 	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
 	echo "         Type return if you want to continue, Ctrl-C to abort."
-	if [ "$TEST" = "false" ]; then
+	read waste < /dev/tty
 	  read waste < /dev/tty
 	fi
        CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
        CPU=${CPU:-0}
        if [ $CPU -ge 5000 ]; then
@@ -453,12 +513,15 @@ EOF
 	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
 	rm dummy dummy.c
 	;;
  ppc64-*-linux2)
 	#Use the standard target for PPC architecture until we create a
 	#special one for the 64bit architecture.
 	OUT="linux-ppc" ;;
  ppc-*-linux2) OUT="linux-ppc" ;;
  m68k-*-linux*) OUT="linux-m68k" ;;
  ia64-*-linux?) OUT="linux-ia64" ;;
  ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
-  ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
+  ppc-apple-darwin) OUT="darwin-ppc-cc" ;;
  i386-apple-darwin*) OUT="darwin-i386-cc" ;;
  sparc64-*-linux2)
 	#Before we can uncomment following lines we have to wait at least
 	#till 64-bit glibc for SPARC is operational:-(
@@ -475,8 +538,29 @@ EOF
 	sun4d)	OUT="linux-sparcv8" ;;
 	*)	OUT="linux-sparcv7" ;;
 	esac ;;
  parisc-*-linux2)
        CPUARCH=`awk '/cpu family/{print substr($5,1,3)}' /proc/cpuinfo`
 	CPUSCHEDULE=`awk '/^cpu.[ 	]: PA/{print substr($3,3)}' /proc/cpuinfo`
 	# ??TODO ??  Model transformations
 	# 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
 	#    assuming no further arch. identification will ever be used by GCC.
 	# 1. I'm most concerned about whether is a 7300LC is closer to a 7100 versus a 7100LC.
 	# 2. The variant 64-bit processors cause concern should GCC support explicit schedulers
 	#    for these chips in the future.
 	#         PA7300LC -> 7100LC (1.1)
 	#         PA8200   -> 8000   (2.0)
 	#         PA8500   -> 8000   (2.0)
 	#         PA8600   -> 8000   (2.0)
 	CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'`
 	# Finish Model transformations
 	options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH"
 	OUT="linux-parisc" ;;
  arm*-*-linux2) OUT="linux-elf-arm" ;;
  s390-*-linux2) OUT="linux-s390" ;;
  s390x-*-linux?) OUT="linux-s390x" ;;
  *-*-linux2) OUT="linux-elf" ;;
  *-*-linux1) OUT="linux-aout" ;;
  sun4u*-*-solaris2)
@@ -485,9 +569,7 @@ EOF
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
 		echo "         Type return if you want to continue, Ctrl-C to abort."
-		if [ "$TEST" = "false" ]; then
+		read waste < /dev/tty
 		  read waste < /dev/tty
 		fi
 	fi
 	OUT="solaris-sparcv9-$CC" ;;
  sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
@@ -506,37 +588,56 @@ EOF
  pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
  *-*-openbsd) OUT="OpenBSD" ;;
  *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
-  *-*-osf) OUT="alpha-cc" ;;
+  *-*-osf) OUT="alphaold-cc" ;;
  *-*-tru64) OUT="alpha-cc" ;;
  *-*-OpenUNIX*)
 	if [ "$CC" = "gcc" ]; then
 	  OUT="OpenUNIX-8-gcc" 
 	else    
 	  OUT="OpenUNIX-8" 
 	fi
 	;;
  *-*-unixware7) OUT="unixware-7" ;;
  *-*-UnixWare7) OUT="unixware-7" ;;
  *-*-Unixware7) OUT="unixware-7" ;;
-  *-*-unixware[1-2]*) OUT="unixware-2.0" ;;
+  *-*-unixware20*) OUT="unixware-2.0" ;;
-  *-*-UnixWare[1-2]*) OUT="unixware-2.0" ;;
+  *-*-unixware21*) OUT="unixware-2.1" ;;
-  *-*-Unixware[1-2]*) OUT="unixware-2.0" ;;
+  *-*-UnixWare20*) OUT="unixware-2.0" ;;
  *-*-UnixWare21*) OUT="unixware-2.1" ;;
  *-*-Unixware20*) OUT="unixware-2.0" ;;
  *-*-Unixware21*) OUT="unixware-2.1" ;;
  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
-  *-hpux1*)	OUT="hpux-parisc-$CC"
+  *-hpux1*)
-		options="$options -D_REENTRANT" ;;
+	if [ $CC = "gcc" ];
 	then
 	  if [ $GCC_BITS = "64" ]; then
 	    OUT="hpux64-parisc-gcc"
 	  else
 	    OUT="hpux-parisc-gcc"
 	  fi
 	else
 	  OUT="hpux-parisc-$CC"
 	fi
 	options="$options -D_REENTRANT" ;;
  *-hpux)	OUT="hpux-parisc-$CC" ;;
  # these are all covered by the catchall below
  # *-aix) OUT="aix-$CC" ;;
  # *-dgux) OUT="dgux" ;;
  mips-sony-newsos4) OUT="newsos4-gcc" ;;
  *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
  *-*-cygwin) OUT="Cygwin" ;;
  t3e-cray-unicosmk) OUT="cray-t3e" ;;
  j90-cray-unicos) OUT="cray-j90" ;;
  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 # NB: This atalla support has been superceded by the ENGINE support
 # That contains its own header and definitions anyway. Support can
 # be enabled or disabled on any supported platform without external
 # headers, eg. by adding the "hw-atalla" switch to ./config or
 # perl Configure
 #
 # See whether we can compile Atalla support
-#if [ -f /usr/include/atasi.h ]
+if [ -f /usr/include/atasi.h ]
-#then
+then
-#  options="$options -DATALLA"
+  options="$options -DATALLA"
-#fi
+fi
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
@@ -557,7 +658,7 @@ case "$GUESSOS" in
  i386-*) options="$options 386" ;;
 esac
-for i in bf cast des dh dsa ec hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+for i in bf cast des dh dsa hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
 do
  if [ ! -d crypto/$i ]
  then
@@ -565,27 +666,6 @@ do
  fi
 done
 # Discover Kerberos 5 (since it's still a prototype, we don't
 # do any guesses yet, that's why this section is commented away.
 #if [ -d /usr/kerberos ]; then
 #    krb5_dir=/usr/kerberos
 #    if [ \( -f $krb5_dir/lib/libgssapi_krb5.a -o -f $krb5_dir/lib/libgssapi_krb5.so* \)\
 #	-a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
 #	-a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
 #	-a \( -f $krb5_dir/lib/libk5crypto.a -o -f $krb5_dir/lib/libk5crypto.so* \)\
 #	-a \( -f $krb5_dir/include/krb5.h \) ]; then
 #	options="$options --with-krb5-flavor=MIT"
 #    fi
 #elif [ -d /usr/heimdal ]; then
 #    krb5_dir=/usr/heimdal
 #    if [ \( -f $krb5_dir/lib/libgssapi.a -o -f $krb5_dir/lib/libgssapi.so* \)\
 #	-a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
 #	-a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
 #	-a \( -f $krb5_dir/include/krb5.h \) ]; then
 #	options="$options --with-krb5-flavor=Heimdal"
 #    fi
 #fi
 if [ -z "$OUT" ]; then
  OUT="$CC"
 fi
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -5,15 +5,14 @@
 DIR=		crypto
 TOP=		..
 CC=		cc
-INCLUDE=	-I. -I$(TOP) -I../include
+INCLUDE=	-I. -I../include
 INCLUDES=	-I.. -I../.. -I../../include
 CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
 RM=             rm -f
 AR=		ar r
@@ -28,9 +27,9 @@ LIBS=
 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa dh dso engine rijndael \
+	bn rsa dsa dh dso \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 GENERAL=Makefile README crypto-lib.com install.com
@@ -52,11 +51,11 @@ all: buildinf.h lib subdirs
 buildinf.h: ../Makefile.ssl
 	( echo "#ifndef MK1MF_BUILD"; \
-	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+	echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
-	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
-	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+	echo '  #define PLATFORM "$(PLATFORM)"'; \
-	echo "  #define DATE \"`date`\""; \
+	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
-	echo "#endif" ) >buildinf.h
+	echo '#endif' ) >buildinf.h
 testapps:
 	if echo ${SDIRS} | fgrep ' des '; \
@@ -74,7 +73,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making 'files' in crypto/$$i..." && \
+	(cd $$i; echo "making 'files' in crypto/$$i..."; \
 	$(MAKE) PERL='${PERL}' files ); \
 	done;
@@ -85,26 +84,27 @@ links:
 	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@for i in $(SDIRS); do \
-	(cd $$i && echo "making links in crypto/$$i..." && \
+	(cd $$i; echo "making links in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
 	done;
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB) || echo Never mind.
+	@echo You may get an error following this line.  Please ignore.
 	- $(RANLIB) $(LIB)
 	@touch lib
 libs:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making libs in crypto/$$i..." && \
+	(cd $$i; echo "making libs in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
 	done;
 tests:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making tests in crypto/$$i..." && \
+	(cd $$i; echo "making tests in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
 	done;
@@ -116,14 +116,14 @@ install:
 	done;
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making install in crypto/$$i..." && \
+	(cd $$i; echo "making install in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
 	done;
 lint:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making lint in crypto/$$i..." && \
+	(cd $$i; echo "making lint in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
 	done;
@@ -133,15 +133,15 @@ depend:
 	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making depend in crypto/$$i..." && \
+	(cd $$i; echo "making depend in crypto/$$i..."; \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
 	done;
 clean:
 	rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making clean in crypto/$$i..." && \
+	(cd $$i; echo "making clean in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
 	done;
@@ -150,56 +150,54 @@ dclean:
 	mv -f Makefile.new $(MAKEFILE)
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making dclean in crypto/$$i..." && \
+	(cd $$i; echo "making dclean in crypto/$$i..."; \
 	$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
 	done;
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
-cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
 cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cpt_err.c
+cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-cryptlib.o: ../include/openssl/symhacks.h cryptlib.c cryptlib.h
+cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h cversion.c
+cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
-ebcdic.o: ../include/openssl/opensslconf.h ebcdic.c
+cversion.o: cryptlib.h
-ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
+ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-ex_data.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-ex_data.o: ../include/openssl/symhacks.h cryptlib.h ex_data.c
+ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c
+mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
+mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
+tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-tmdiff.o: ../include/openssl/symhacks.h ../include/openssl/tmdiff.h cryptlib.h
+tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-tmdiff.o: tmdiff.c
+tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
-uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
 uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-uid.o: ../include/openssl/symhacks.h uid.c
+uid.o: ../include/openssl/symhacks.h
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -60,9 +60,27 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 ASN1_BIT_STRING *ASN1_BIT_STRING_new(void)
 { return M_ASN1_BIT_STRING_new(); }
 void ASN1_BIT_STRING_free(ASN1_BIT_STRING *x)
 { M_ASN1_BIT_STRING_free(x); }
 int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
 { return M_ASN1_BIT_STRING_set(x, d, len); }
 int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 {
 	int len, ret;
 	len = i2c_ASN1_BIT_STRING(a, NULL);	
 	ret=ASN1_object_size(0,len,V_ASN1_BIT_STRING);
 	if(pp) {
 		ASN1_put_object(pp,0,len,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
 		i2c_ASN1_BIT_STRING(a, pp);	
 	}
 	return ret;
 }
 int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	{
 	int ret,j,bits,len;
@@ -71,8 +89,6 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	if (a == NULL) return(0);
 	len=a->length;
 	ret=1+len;
 	if (pp == NULL) return(ret);
 	if (len > 0)
 		{
@@ -100,6 +116,10 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 		}
 	else
 		bits=0;
 	ret=1+len;
 	if (pp == NULL) return(ret);
 	p= *pp;
 	*(p++)=(unsigned char)bits;
@@ -111,6 +131,40 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	return(ret);
 	}
 /* Convert DER encoded ASN1 BIT_STRING to ASN1_BIT_STRING structure */
 ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
 	     long length)
 {
 	unsigned char *p;
 	long len;
 	int i;
 	int inf,tag,xclass;
 	ASN1_BIT_STRING *ret;
 	p= *pp;
 	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
 	if (inf & 0x80)
 		{
 		i=ASN1_R_BAD_OBJECT_HEADER;
 		goto err;
 		}
 	if (tag != V_ASN1_BIT_STRING)
 		{
 		i=ASN1_R_EXPECTING_A_BIT_STRING;
 		goto err;
 		}
 	if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
 	ret = c2i_ASN1_BIT_STRING(a, &p, len);
 	if(ret) *pp = p;
 	return ret;
 err:
 	ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
 	return(NULL);
 }
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
 	     long len)
 	{
@@ -172,6 +226,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 	w=n/8;
 	v=1<<(7-(n&0x07));
 	iv= ~v;
 	if (!value) v=0;
 	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
--- a/crypto/asn1/a_bmp.c
+++ b/crypto/asn1/a_bmp.c
@@ -0,0 +1,89 @@
 /* crypto/asn1/a_bmp.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 ASN1_BMPSTRING *ASN1_BMPSTRING_new(void)
 { return M_ASN1_BMPSTRING_new(); }
 void ASN1_BMPSTRING_free(ASN1_BMPSTRING *x)
 { M_ASN1_BMPSTRING_free(x); }
 int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp)
 	{
 	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 		V_ASN1_BMPSTRING,V_ASN1_UNIVERSAL));
 	}
 ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
 	     long length)
 	{
 	ASN1_BMPSTRING *ret=NULL;
 	ret=(ASN1_BMPSTRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
 		pp,length,V_ASN1_BMPSTRING,V_ASN1_UNIVERSAL);
 	if (ret == NULL)
 		{
 		ASN1err(ASN1_F_D2I_ASN1_BMPSTRING,ERR_R_NESTED_ASN1_ERROR);
 		return(NULL);
 		}
 	return(ret);
 	}
--- a/crypto/asn1/a_bool.c
+++ b/crypto/asn1/a_bool.c
@@ -58,7 +58,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1t.h>
+#include <openssl/asn1.h>
 int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
 	{
@@ -110,5 +110,3 @@ err:
 	ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
 	return(ret);
 	}
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@@ -58,26 +58,19 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
 static unsigned long tag2bit[32]={
 0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
 B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
 B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
 B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,   /* tags 16-19 */
+0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
-B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,			       /* tags 23-24 */	
+0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
-B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
 B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
 	};
 unsigned long ASN1_tag2bit(int tag)
 {
 	if((tag < 0) || (tag > 30)) return 0;
 	return tag2bit[tag];
 }
 static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
 /* type is a 'bitmap' of acceptable string types.
 */
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -61,11 +61,9 @@
 #include <openssl/buffer.h>
 #include <openssl/asn1_mac.h>
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+#define HEADER_SIZE   8
 #ifndef NO_OLD_ASN1
 #ifndef OPENSSL_NO_FP_API
 #ifndef NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
 	     unsigned char **x)
        {
@@ -87,65 +85,10 @@ char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
 char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
 	     unsigned char **x)
 	{
 	BUF_MEM *b = NULL;
 	unsigned char *p;
 	char *ret=NULL;
 	int len;
 	len = asn1_d2i_read_bio(in, &b);
 	if(len < 0) goto err;
 	p=(unsigned char *)b->data;
 	ret=d2i(x,&p,len);
 err:
 	if (b != NULL) BUF_MEM_free(b);
 	return(ret);
 	}
 #endif
 void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
 	{
 	BUF_MEM *b = NULL;
 	unsigned char *p;
 	void *ret=NULL;
 	int len;
 	len = asn1_d2i_read_bio(in, &b);
 	if(len < 0) goto err;
 	p=(unsigned char *)b->data;
 	ret=ASN1_item_d2i(x,&p,len, it);
 err:
 	if (b != NULL) BUF_MEM_free(b);
 	return(ret);
 	}
 #ifndef OPENSSL_NO_FP_API
 void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
        {
        BIO *b;
        char *ret;
        if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
                return(NULL);
 		}
        BIO_set_fp(b,in,BIO_NOCLOSE);
        ret=ASN1_item_d2i_bio(it,b,x);
        BIO_free(b);
        return(ret);
        }
 #endif
 #define HEADER_SIZE   8
 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 	{
 	BUF_MEM *b;
 	unsigned char *p;
 	int i;
-	int ret=-1;
+	char *ret=NULL;
 	ASN1_CTX c;
 	int want=HEADER_SIZE;
 	int eos=0;
@@ -156,7 +99,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 	if (b == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
-		return -1;
+		return(NULL);
 		}
 	ERR_clear_error();
@@ -244,8 +187,8 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 			}
 		}
-	*pb = b;
+	p=(unsigned char *)b->data;
-	return off;
+	ret=d2i(x,&p,off);
 err:
 	if (b != NULL) BUF_MEM_free(b);
 	return(ret);
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -69,11 +69,10 @@
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
 #ifndef NO_ASN1_OLD
 int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 		unsigned char *md, unsigned int *len)
 	{
 	EVP_MD_CTX ctx;
 	int i;
 	unsigned char *str,*p;
@@ -82,24 +81,9 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 	p=str;
 	i2d(data,&p);
-	EVP_Digest(str, i, md, len, type);
+	EVP_DigestInit(&ctx,type);
-	OPENSSL_free(str);
+	EVP_DigestUpdate(&ctx,str,i);
-	return(1);
+	EVP_DigestFinal(&ctx,md,len);
 	}
 #endif
 int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
 		unsigned char *md, unsigned int *len)
 	{
 	int i;
 	unsigned char *str = NULL;
 	i=ASN1_item_i2d(asn,&str, it);
 	if (!str) return(0);
 	EVP_Digest(str, i, md, len, type);
 	OPENSSL_free(str);
 	return(1);
 	}
--- a/crypto/asn1/a_dup.c
+++ b/crypto/asn1/a_dup.c
@@ -58,9 +58,9 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
-#ifndef NO_OLD_ASN1
+#define READ_CHUNK   2048
 char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 	{
@@ -81,27 +81,3 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 	OPENSSL_free(b);
 	return(ret);
 	}
 #endif
 /* ASN1_ITEM version of dup: this follows the model above except we don't need
 * to allocate the buffer. At some point this could be rewritten to directly dup
 * the underlying structure instead of doing and encode and decode.
 */
 void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
 	{
 	unsigned char *b = NULL, *p;
 	long i;
 	void *ret;
 	if (x == NULL) return(NULL);
 	i=ASN1_item_i2d(x,&b,it);
 	if (b == NULL)
 		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
 	p= b;
 	ret=ASN1_item_d2i(NULL,&p,i, it);
 	OPENSSL_free(b);
 	return(ret);
 	}
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -65,6 +65,60 @@
 * for comments on encoding see a_int.c
 */
 ASN1_ENUMERATED *ASN1_ENUMERATED_new(void)
 { return M_ASN1_ENUMERATED_new(); }
 void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
 { M_ASN1_ENUMERATED_free(x); }
 int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
 {
 	int len, ret;
 	if(!a) return 0;
 	len = i2c_ASN1_INTEGER(a, NULL);	
 	ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
 	if(pp) {
 		ASN1_put_object(pp,0,len,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
 		i2c_ASN1_INTEGER(a, pp);	
 	}
 	return ret;
 }
 ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
 	     long length)
 {
 	unsigned char *p;
 	long len;
 	int i;
 	int inf,tag,xclass;
 	ASN1_ENUMERATED *ret;
 	p= *pp;
 	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
 	if (inf & 0x80)
 		{
 		i=ASN1_R_BAD_OBJECT_HEADER;
 		goto err;
 		}
 	if (tag != V_ASN1_ENUMERATED)
 		{
 		i=ASN1_R_EXPECTING_AN_ENUMERATED;
 		goto err;
 		}
 	ret = c2i_ASN1_INTEGER(a, &p, len);
 	if(ret) {
 		ret->type = (V_ASN1_NEG & ret->type) | V_ASN1_ENUMERATED;
 		*pp = p;
 	}
 	return ret;
 err:
 	ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
 	return(NULL);
 }
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
 	{
 	int i,j,k;
@@ -114,7 +168,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 	if (i == V_ASN1_NEG_ENUMERATED)
 		neg=1;
 	else if (i != V_ASN1_ENUMERATED)
-		return -1;
+		return(0);
 	if (a->length > sizeof(long))
 		{
@@ -122,7 +176,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 		return(0xffffffffL);
 		}
 	if (a->data == NULL)
-		return 0;
+		return(0);
 	for (i=0; i<a->length; i++)
 		{
@@ -151,7 +205,18 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 	else ret->type=V_ASN1_ENUMERATED;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+	if (ret->length < len+4)
 		{
 		unsigned char *new_data=
 			OPENSSL_realloc(ret->data, len+4);
 		if (!new_data)
 			{
 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
 		ret->data=new_data;
 		}
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -63,7 +63,11 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-#if 0
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void)
 { return M_ASN1_GENERALIZEDTIME_new(); }
 void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *x)
 { M_ASN1_GENERALIZEDTIME_free(x); }
 int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
 	{
@@ -112,8 +116,6 @@ err:
 	return(NULL);
 	}
 #endif
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
 	{
 	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
@@ -180,7 +182,6 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
 			{
 			ASN1_STRING_set((ASN1_STRING *)s,
 				(unsigned char *)str,t.length);
 			s->type=V_ASN1_GENERALIZEDTIME;
 			}
 		return(1);
 		}
@@ -193,7 +194,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	{
 	char *p;
 	struct tm *ts;
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
+#if defined(THREADS) && !defined(WIN32)
 	struct tm data;
 #endif
@@ -202,7 +203,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	if (s == NULL)
 		return(NULL);
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
+#if defined(THREADS) && !defined(WIN32) && ! defined(_DARWIN)
 	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
 	ts=&data;
 #else
--- a/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.c
@@ -59,11 +59,9 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
-#ifndef NO_OLD_ASN1
+#ifndef NO_FP_API
 #ifndef OPENSSL_NO_FP_API
 int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
        {
        BIO *b;
@@ -113,51 +111,3 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
 	OPENSSL_free(b);
 	return(ret);
 	}
 #endif
 #ifndef OPENSSL_NO_FP_API
 int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
        {
        BIO *b;
        int ret;
        if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
                return(0);
 		}
        BIO_set_fp(b,out,BIO_NOCLOSE);
        ret=ASN1_item_i2d_bio(it,b,x);
        BIO_free(b);
        return(ret);
        }
 #endif
 int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
 	{
 	unsigned char *b = NULL;
 	int i,j=0,n,ret=1;
 	n = ASN1_item_i2d(x, &b, it);
 	if (b == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
 		return(0);
 		}
 	for (;;)
 		{
 		i=BIO_write(out,&(b[j]),n);
 		if (i == n) break;
 		if (i <= 0)
 			{
 			ret=0;
 			break;
 			}
 		j+=i;
 		n-=i;
 		}
 	OPENSSL_free(b);
 	return(ret);
 	}
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -60,12 +60,33 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 ASN1_INTEGER *ASN1_INTEGER_new(void)
 { return M_ASN1_INTEGER_new();}
 void ASN1_INTEGER_free(ASN1_INTEGER *x)
 { M_ASN1_INTEGER_free(x);}
 ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
 { return M_ASN1_INTEGER_dup(x);}
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
 { return M_ASN1_INTEGER_cmp(x,y);}
 /* Output ASN1 INTEGER including tag+length */
 int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 {
 	int len, ret;
 	if(!a) return 0;
 	len = i2c_ASN1_INTEGER(a, NULL);	
 	ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
 	if(pp) {
 		ASN1_put_object(pp,0,len,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
 		i2c_ASN1_INTEGER(a, pp);	
 	}
 	return ret;
 }
 /* 
 * This converts an ASN1 INTEGER into its content encoding.
 * The internal representation is an ASN1_STRING whose data is a big endian
@@ -153,6 +174,39 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 	return(ret);
 	}
 /* Convert DER encoded ASN1 INTEGER to ASN1_INTEGER structure */
 ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
 	     long length)
 {
 	unsigned char *p;
 	long len;
 	int i;
 	int inf,tag,xclass;
 	ASN1_INTEGER *ret;
 	p= *pp;
 	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
 	if (inf & 0x80)
 		{
 		i=ASN1_R_BAD_OBJECT_HEADER;
 		goto err;
 		}
 	if (tag != V_ASN1_INTEGER)
 		{
 		i=ASN1_R_EXPECTING_AN_INTEGER;
 		goto err;
 		}
 	ret = c2i_ASN1_INTEGER(a, &p, len);
 	if(ret) *pp = p;
 	return ret;
 err:
 	ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
 	return(NULL);
 }
 /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
@@ -360,7 +414,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
 	if (i == V_ASN1_NEG_INTEGER)
 		neg=1;
 	else if (i != V_ASN1_INTEGER)
-		return -1;
+		return(0);
 	if (a->length > sizeof(long))
 		{
@@ -368,7 +422,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
 		return(0xffffffffL);
 		}
 	if (a->data == NULL)
-		return 0;
+		return(0);
 	for (i=0; i<a->length; i++)
 		{
@@ -397,14 +451,17 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+	if (ret->length < len+4)
 	ret->length=BN_bn2bin(bn,ret->data);
 	/* Correct zero case */
 	if(!ret->length)
 		{
-		ret->data[0] = 0;
+		unsigned char *new_data= OPENSSL_realloc(ret->data, len+4);
-		ret->length = 1;
+		if (!new_data)
 			{
 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
 		ret->data=new_data;
 		}
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:
 	if (ret != ai) M_ASN1_INTEGER_free(ret);
--- a/crypto/asn1/a_null.c
+++ b/crypto/asn1/a_null.c
@@ -1,9 +1,9 @@
-/* dh_asn1.c */
+/* a_null.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
+ * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -58,30 +58,62 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
+#include <openssl/asn1.h>
 #include <openssl/dh.h>
 #include <openssl/objects.h>
 #include <openssl/asn1t.h>
-/* Override the default free and new methods */
+/* ASN1 functions for NULL type. For compatibility with other ASN1 code
-static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+ * it returns a pointer to an "ASN1_NULL" structure. The new/free functions
-{
+ * don't need to do any allocating because nothing is stored in a NULL.
-	if(operation == ASN1_OP_NEW_PRE) {
+ */
-		*pval = (ASN1_VALUE *)DH_new();
+
-		if(*pval) return 2;
+int i2d_ASN1_NULL(ASN1_NULL *a, unsigned char **pp)
-		return 0;
+	{
-	} else if(operation == ASN1_OP_FREE_PRE) {
+	if(!a) return 0;
-		DH_free((DH *)*pval);
+	if (pp) ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL);
-		*pval = NULL;
+	return 2;
 		return 2;
 	}
-	return 1;
+
 ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, unsigned char **pp, long length)
 	{
 	ASN1_NULL *ret = NULL;
 	unsigned char *p;
 	long len;
 	int inf,tag,xclass;
 	int i=0;
 	p= *pp;
 	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
 	if (inf & 0x80)
 		{
 		i=ASN1_R_BAD_OBJECT_HEADER;
 		goto err;
 		}
 	if (tag != V_ASN1_NULL)
 		{
 		i=ASN1_R_EXPECTING_A_NULL;
 		goto err;
 		}
 	if (len != 0)
 		{
 		i=ASN1_R_NULL_IS_WRONG_LENGTH;
 		goto err;
 		}
 	ret=(ASN1_NULL *)1;
 	if (a != NULL) (*a)=ret;
 	*pp=p;
 	return(ret);
 err:
 	ASN1err(ASN1_F_D2I_ASN1_NULL,i);
 	return(ret);
 	}
 ASN1_NULL *ASN1_NULL_new(void)
 {
 	return (ASN1_NULL *)1;
 }
-ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
+void ASN1_NULL_free(ASN1_NULL *a)
-	ASN1_SIMPLE(DH, p, BIGNUM),
+{
-	ASN1_SIMPLE(DH, g, BIGNUM),
+	return;
-	ASN1_OPT(DH, length, ZLONG),
+}
 } ASN1_SEQUENCE_END_cb(DH, DHparams)
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -302,7 +302,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
 	}
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
-	     const char *sn, const char *ln)
+	     char *sn, char *ln)
 	{
 	ASN1_OBJECT o;
--- a/crypto/asn1/a_octet.c
+++ b/crypto/asn1/a_octet.c
@@ -60,6 +60,12 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void)
 { return M_ASN1_OCTET_STRING_new(); }
 void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *x)
 { M_ASN1_OCTET_STRING_free(x); }
 ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
 { return M_ASN1_OCTET_STRING_dup(x); }
@@ -69,3 +75,21 @@ int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
 int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len)
 { return M_ASN1_OCTET_STRING_set(x, d, len); }
 int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **pp)
 { return M_i2d_ASN1_OCTET_STRING(a, pp); }
 ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
 	     unsigned char **pp, long length)
 	{
 	ASN1_OCTET_STRING *ret=NULL;
 	ret=(ASN1_OCTET_STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
 		pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL);
 	if (ret == NULL)
 		{
 		ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ERR_R_NESTED_ASN1_ERROR);
 		return(NULL);
 		}
 	return(ret);
 	}
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -60,6 +60,50 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 ASN1_IA5STRING *ASN1_IA5STRING_new(void)
 { return M_ASN1_IA5STRING_new();}
 void ASN1_IA5STRING_free(ASN1_IA5STRING *x)
 { M_ASN1_IA5STRING_free(x);}
 int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **pp)
 	{ return(M_i2d_ASN1_IA5STRING(a,pp)); }
 ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, unsigned char **pp,
 	     long l)
 	{ return(M_d2i_ASN1_IA5STRING(a,pp,l)); }
 ASN1_T61STRING *ASN1_T61STRING_new(void)
 { return M_ASN1_T61STRING_new();}
 void ASN1_T61STRING_free(ASN1_T61STRING *x)
 { M_ASN1_T61STRING_free(x);}
 ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, unsigned char **pp,
 	     long l)
 	{ return(M_d2i_ASN1_T61STRING(a,pp,l)); }
 ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void)
 { return M_ASN1_PRINTABLESTRING_new();}
 void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *x)
 { M_ASN1_PRINTABLESTRING_free(x);}
 ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
 	     unsigned char **pp, long l)
 	{ return(M_d2i_ASN1_PRINTABLESTRING(a,pp,
 	     l)); }
 int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp)
 	{ return(M_i2d_ASN1_PRINTABLESTRING(a,pp)); }
 int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **pp)
 	{ return(M_i2d_ASN1_PRINTABLE(a,pp)); }
 ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, unsigned char **pp,
 	     long l)
 	{ return(M_d2i_ASN1_PRINTABLE(a,pp,l)); }
 int ASN1_PRINTABLE_type(unsigned char *s, int len)
 	{
 	int c;
@@ -125,3 +169,29 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
 	s->type=ASN1_PRINTABLE_type(s->data,s->length);
 	return(1);
 	}
 ASN1_STRING *DIRECTORYSTRING_new(void)
 { return M_DIRECTORYSTRING_new();}
 void DIRECTORYSTRING_free(ASN1_STRING *x)
 { M_DIRECTORYSTRING_free(x);}
 int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **pp)
 	{ return(M_i2d_DIRECTORYSTRING(a,pp)); }
 ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
 	     long l)
 	{ return(M_d2i_DIRECTORYSTRING(a,pp,l)); }
 ASN1_STRING *DISPLAYTEXT_new(void)
 { return M_DISPLAYTEXT_new();}
 void DISPLAYTEXT_free(ASN1_STRING *x)
 { M_DISPLAYTEXT_free(x);}
 int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **pp)
 	{ return(M_i2d_DISPLAYTEXT(a,pp)); }
 ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp,
 	     long l)
 	{ return(M_d2i_DISPLAYTEXT(a,pp,l)); }
--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -60,8 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
 #ifndef NO_ASN1_OLD
 typedef struct
    {
    unsigned char *pbData;
@@ -118,7 +116,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
 		}
        pStart  = p; /* Catch the beg of Setblobs*/
-        rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
+        if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
 we will store the SET blobs */
        for (i=0; i<sk_num(a); i++)
@@ -135,7 +133,7 @@ SetBlob
 /* Now we have to sort the blobs. I am using a simple algo.
    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-        pTempMem = OPENSSL_malloc(totSize);
+        if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
 /* Copy to temp mem */
        p = pTempMem;
@@ -217,4 +215,3 @@ err:
 	return(NULL);
 	}
 #endif
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <time.h>
@@ -71,8 +124,6 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #ifndef NO_ASN1_OLD
 int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	     ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
 	     const EVP_MD *type)
@@ -89,7 +140,14 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 		else
 			a=algor2;
 		if (a == NULL) continue;
-		if (	(a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
 			{
 			/* special case: RFC 2459 tells us to omit 'parameters'
 			 * with id-dsa-with-sha1 */
 			ASN1_TYPE_free(a->parameter);
 			a->parameter = NULL;
 			}
 		else if ((a->parameter == NULL) || 
 			(a->parameter->type != V_ASN1_NULL))
 			{
 			ASN1_TYPE_free(a->parameter);
@@ -148,78 +206,3 @@ err:
 		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
 	return(outl);
 	}
 #endif
 int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 	     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
 	     const EVP_MD *type)
 	{
 	EVP_MD_CTX ctx;
 	unsigned char *buf_in=NULL,*buf_out=NULL;
 	int i,inl=0,outl=0,outll=0;
 	X509_ALGOR *a;
 	for (i=0; i<2; i++)
 		{
 		if (i == 0)
 			a=algor1;
 		else
 			a=algor2;
 		if (a == NULL) continue;
 		if (	(a->parameter == NULL) || 
 			(a->parameter->type != V_ASN1_NULL))
 			{
 			ASN1_TYPE_free(a->parameter);
 			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
 			a->parameter->type=V_ASN1_NULL;
 			}
 		ASN1_OBJECT_free(a->algorithm);
 		a->algorithm=OBJ_nid2obj(type->pkey_type);
 		if (a->algorithm == NULL)
 			{
 			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
 			goto err;
 			}
 		if (a->algorithm->length == 0)
 			{
 			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
 			goto err;
 			}
 		}
 	inl=ASN1_item_i2d(asn,&buf_in, it);
 	outll=outl=EVP_PKEY_size(pkey);
 	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
 	if ((buf_in == NULL) || (buf_out == NULL))
 		{
 		outl=0;
 		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 	EVP_SignInit(&ctx,type);
 	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
 	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
 			(unsigned int *)&outl,pkey))
 		{
 		outl=0;
 		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
 		goto err;
 		}
 	if (signature->data != NULL) OPENSSL_free(signature->data);
 	signature->data=buf_out;
 	buf_out=NULL;
 	signature->length=outl;
 	/* In the interests of compatibility, I'll make sure that
 	 * the bit string has a 'not-used bits' value of 0
 	 */
 	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
 	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 err:
 	memset(&ctx,0,sizeof(ctx));
 	if (buf_in != NULL)
 		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
 	if (buf_out != NULL)
 		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
 	return(outl);
 	}
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -491,24 +491,12 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
 {
 	if(flags == XN_FLAG_COMPAT)
 		return X509_NAME_print(out, nm, indent);
 	return do_name_ex(send_bio_chars, out, nm, indent, flags);
 }
 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
 {
 	if(flags == XN_FLAG_COMPAT)
 		{
 		BIO *btmp;
 		int ret;
 		btmp = BIO_new_fp(fp, BIO_NOCLOSE);
 		if(!btmp) return -1;
 		ret = X509_NAME_print(btmp, nm, indent);
 		BIO_free(btmp);
 		return ret;
 		}
 	return do_name_ex(send_fp_chars, fp, nm, indent, flags);
 }
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -105,9 +105,9 @@ int ASN1_STRING_set_default_mask_asc(char *p)
 		mask = strtoul(p + 5, &end, 0);
 		if(*end) return 0;
 	} else if(!strcmp(p, "nombstr"))
-			 mask = ~(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING);
+		mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
 	else if(!strcmp(p, "pkix"))
-			mask = ~B_ASN1_T61STRING;
+			mask = ~((unsigned long)B_ASN1_T61STRING);
 	else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
 	else if(!strcmp(p, "default"))
 	    mask = 0xFFFFFFFFL;
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -64,13 +64,14 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/asn1t.h>
+#include <openssl/asn1.h>
-IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
+ASN1_TIME *ASN1_TIME_new(void)
 { return M_ASN1_TIME_new(); }
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
+void ASN1_TIME_free(ASN1_TIME *x)
 { M_ASN1_TIME_free(x); }
 #if 0
 int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
 	{
 #ifdef CHARSET_EBCDIC
@@ -94,13 +95,25 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
 	ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
 	return -1;
 	}
-#endif
+
 ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
 	{
 	unsigned char tag;
 	tag = **pp & ~V_ASN1_CONSTRUCTED;
 	if(tag == (V_ASN1_UTCTIME|V_ASN1_UNIVERSAL))
 					 return d2i_ASN1_UTCTIME(a, pp, length);
 	if(tag == (V_ASN1_GENERALIZEDTIME|V_ASN1_UNIVERSAL))
 				return d2i_ASN1_GENERALIZEDTIME(a, pp, length);
 	ASN1err(ASN1_F_D2I_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
 	return(NULL);
 	}
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 	{
 	struct tm *ts;
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(__CYGWIN32__)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
 	struct tm data;
 	gmtime_r(&t,&data);
@@ -112,49 +125,3 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 					return ASN1_UTCTIME_set(s, t);
 	return ASN1_GENERALIZEDTIME_set(s,t);
 	}
 int ASN1_TIME_check(ASN1_TIME *t)
 	{
 	if (t->type == V_ASN1_GENERALIZEDTIME)
 		return ASN1_GENERALIZEDTIME_check(t);
 	else if (t->type == V_ASN1_UTCTIME)
 		return ASN1_UTCTIME_check(t);
 	return 0;
 	}
 /* Convert an ASN1_TIME structure to GeneralizedTime */
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
 	{
 	ASN1_GENERALIZEDTIME *ret;
 	char *str;
 	if (!ASN1_TIME_check(t)) return NULL;
 	if (!out || !*out)
 		{
 		if (!(ret = ASN1_GENERALIZEDTIME_new ()))
 			return NULL;
 		if (out) *out = ret;
 		}
 	else ret = *out;
 	/* If already GeneralizedTime just copy across */
 	if (t->type == V_ASN1_GENERALIZEDTIME)
 		{
 		if(!ASN1_STRING_set(ret, t->data, t->length))
 			return NULL;
 		return ret;
 		}
 	/* grow the string */
 	if (!ASN1_STRING_set(ret, NULL, t->length + 2))
 		return NULL;
 	str = (char *)ret->data;
 	/* Work out the century and prepend */
 	if (t->data[0] >= '5') strcpy(str, "19");
 	else strcpy(str, "20");
 	strcat(str, (char *)t->data);
 	return ret;
 	}
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -57,8 +57,236 @@
 */
 #include <stdio.h>
 #include <openssl/asn1t.h>
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
 static void ASN1_TYPE_component_free(ASN1_TYPE *a);
 int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
 	{
 	int r=0;
 	if (a == NULL) return(0);
 	switch (a->type)
 		{
 	case V_ASN1_NULL:
 		if (pp != NULL)
 			ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL);
 		r=2;
 		break;
 	case V_ASN1_INTEGER:
 	case V_ASN1_NEG_INTEGER:
 		r=i2d_ASN1_INTEGER(a->value.integer,pp);
 		break;
 	case V_ASN1_ENUMERATED:
 	case V_ASN1_NEG_ENUMERATED:
 		r=i2d_ASN1_ENUMERATED(a->value.enumerated,pp);
 		break;
 	case V_ASN1_BIT_STRING:
 		r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp);
 		break;
 	case V_ASN1_OCTET_STRING:
 		r=i2d_ASN1_OCTET_STRING(a->value.octet_string,pp);
 		break;
 	case V_ASN1_OBJECT:
 		r=i2d_ASN1_OBJECT(a->value.object,pp);
 		break;
 	case V_ASN1_PRINTABLESTRING:
 		r=M_i2d_ASN1_PRINTABLESTRING(a->value.printablestring,pp);
 		break;
 	case V_ASN1_T61STRING:
 		r=M_i2d_ASN1_T61STRING(a->value.t61string,pp);
 		break;
 	case V_ASN1_IA5STRING:
 		r=M_i2d_ASN1_IA5STRING(a->value.ia5string,pp);
 		break;
 	case V_ASN1_GENERALSTRING:
 		r=M_i2d_ASN1_GENERALSTRING(a->value.generalstring,pp);
 		break;
 	case V_ASN1_UNIVERSALSTRING:
 		r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp);
 		break;
 	case V_ASN1_UTF8STRING:
 		r=M_i2d_ASN1_UTF8STRING(a->value.utf8string,pp);
 		break;
 	case V_ASN1_VISIBLESTRING:
 		r=M_i2d_ASN1_VISIBLESTRING(a->value.visiblestring,pp);
 		break;
 	case V_ASN1_BMPSTRING:
 		r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp);
 		break;
 	case V_ASN1_UTCTIME:
 		r=i2d_ASN1_UTCTIME(a->value.utctime,pp);
 		break;
 	case V_ASN1_GENERALIZEDTIME:
 		r=i2d_ASN1_GENERALIZEDTIME(a->value.generalizedtime,pp);
 		break;
 	case V_ASN1_SET:
 	case V_ASN1_SEQUENCE:
 	case V_ASN1_OTHER:
 	default:
 		if (a->value.set == NULL)
 			r=0;
 		else
 			{
 			r=a->value.set->length;
 			if (pp != NULL)
 				{
 				memcpy(*pp,a->value.set->data,r);
 				*pp+=r;
 				}
 			}
 		break;
 		}
 	return(r);
 	}
 ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
 	{
 	ASN1_TYPE *ret=NULL;
 	unsigned char *q,*p,*max;
 	int inf,tag,xclass;
 	long len;
 	if ((a == NULL) || ((*a) == NULL))
 		{
 		if ((ret=ASN1_TYPE_new()) == NULL) goto err;
 		}
 	else
 		ret=(*a);
 	p= *pp;
 	q=p;
 	max=(p+length);
 	inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
 	if (inf & 0x80) goto err;
 	/* If not universal tag we've no idea what it is */
 	if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER;
 	ASN1_TYPE_component_free(ret);
 	switch (tag)
 		{
 	case V_ASN1_NULL:
 		p=q;
 		ret->value.ptr=NULL;
 		break;
 	case V_ASN1_INTEGER:
 		if ((ret->value.integer=
 			d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_ENUMERATED:
 		if ((ret->value.enumerated=
 			d2i_ASN1_ENUMERATED(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_BIT_STRING:
 		if ((ret->value.bit_string=
 			d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_OCTET_STRING:
 		if ((ret->value.octet_string=
 			d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_VISIBLESTRING:
 		if ((ret->value.visiblestring=
 			d2i_ASN1_VISIBLESTRING(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_UTF8STRING:
 		if ((ret->value.utf8string=
 			d2i_ASN1_UTF8STRING(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_OBJECT:
 		if ((ret->value.object=
 			d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_PRINTABLESTRING:
 		if ((ret->value.printablestring=
 			d2i_ASN1_PRINTABLESTRING(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_T61STRING:
 		if ((ret->value.t61string=
 			M_d2i_ASN1_T61STRING(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_IA5STRING:
 		if ((ret->value.ia5string=
 			M_d2i_ASN1_IA5STRING(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_GENERALSTRING:
 		if ((ret->value.generalstring=
 			M_d2i_ASN1_GENERALSTRING(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_UNIVERSALSTRING:
 		if ((ret->value.universalstring=
 			M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_BMPSTRING:
 		if ((ret->value.bmpstring=
 			M_d2i_ASN1_BMPSTRING(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_UTCTIME:
 		if ((ret->value.utctime=
 			d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_GENERALIZEDTIME:
 		if ((ret->value.generalizedtime=
 			d2i_ASN1_GENERALIZEDTIME(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
 	case V_ASN1_SET:
 	case V_ASN1_SEQUENCE:
 	case V_ASN1_OTHER:
 	default:
 		/* Sets and sequences are left complete */
 		if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
 		ret->value.set->type=tag;
 		len+=(q-p);
 		if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
 		p+=len;
 		break;
 		}
 	ret->type=tag;
 	if (a != NULL) (*a)=ret;
 	*pp=p;
 	return(ret);
 err:
 	if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_TYPE_free(ret);
 	return(NULL);
 	}
 ASN1_TYPE *ASN1_TYPE_new(void)
 	{
 	ASN1_TYPE *ret=NULL;
 	ASN1_CTX c;
 	M_ASN1_New_Malloc(ret,ASN1_TYPE);
 	ret->type= -1;
 	ret->value.ptr=NULL;
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW);
 	}
 void ASN1_TYPE_free(ASN1_TYPE *a)
 	{
 	if (a == NULL) return;
 	ASN1_TYPE_component_free(a);
 	OPENSSL_free(a);
 	}
 int ASN1_TYPE_get(ASN1_TYPE *a)
 	{
@@ -71,11 +299,54 @@ int ASN1_TYPE_get(ASN1_TYPE *a)
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 	{
 	if (a->value.ptr != NULL)
-		ASN1_primitive_free((ASN1_VALUE **)&a, NULL);
+		ASN1_TYPE_component_free(a);
 	a->type=type;
 	a->value.ptr=value;
 	}
 static void ASN1_TYPE_component_free(ASN1_TYPE *a)
 	{
 	if (a == NULL) return;
 	if (a->value.ptr != NULL)
 		{
 		switch (a->type)
 			{
 		case V_ASN1_OBJECT:
 			ASN1_OBJECT_free(a->value.object);
 			break;
 		case V_ASN1_NULL:
 			break;
 		case V_ASN1_INTEGER:
 		case V_ASN1_NEG_INTEGER:
 		case V_ASN1_ENUMERATED:
 		case V_ASN1_NEG_ENUMERATED:
 		case V_ASN1_BIT_STRING:
 		case V_ASN1_OCTET_STRING:
 		case V_ASN1_SEQUENCE:
 		case V_ASN1_SET:
 		case V_ASN1_NUMERICSTRING:
 		case V_ASN1_PRINTABLESTRING:
 		case V_ASN1_T61STRING:
 		case V_ASN1_VIDEOTEXSTRING:
 		case V_ASN1_IA5STRING:
 		case V_ASN1_UTCTIME:
 		case V_ASN1_GENERALIZEDTIME:
 		case V_ASN1_GRAPHICSTRING:
 		case V_ASN1_VISIBLESTRING:
 		case V_ASN1_GENERALSTRING:
 		case V_ASN1_UNIVERSALSTRING:
 		case V_ASN1_BMPSTRING:
 		case V_ASN1_UTF8STRING:
 		case V_ASN1_OTHER:
 		default:
 			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
 			break;
 			}
 		a->type=0;
 		a->value.ptr=NULL;
 		}
 	}
 IMPLEMENT_STACK_OF(ASN1_TYPE)
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -58,15 +58,20 @@
 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
+#ifdef VMS
 #include <openssl/asn1.h>
 #ifdef OPENSSL_SYS_VMS
 #include <descrip.h>
 #include <lnmdef.h>
 #include <starlet.h>
 #endif
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 ASN1_UTCTIME *ASN1_UTCTIME_new(void)
 { return M_ASN1_UTCTIME_new(); }
 void ASN1_UTCTIME_free(ASN1_UTCTIME *x)
 { M_ASN1_UTCTIME_free(x); }
 #if 0
 int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
 	{
 #ifndef CHARSET_EBCDIC
@@ -114,8 +119,6 @@ err:
 	return(NULL);
 	}
 #endif
 int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
 	{
 	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
@@ -179,7 +182,6 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
 			{
 			ASN1_STRING_set((ASN1_STRING *)s,
 				(unsigned char *)str,t.length);
 			s->type = V_ASN1_UTCTIME;
 			}
 		return(1);
 		}
@@ -191,7 +193,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	{
 	char *p;
 	struct tm *ts;
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(__CYGWIN32__)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
 	struct tm data;
 #endif
@@ -201,13 +203,13 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	if (s == NULL)
 		return(NULL);
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(__CYGWIN32__)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
 	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
 	ts=&data;
 #else
 	ts=gmtime(&t);
 #endif
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 	if (ts == NULL)
 		{
 		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
@@ -268,6 +270,9 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	{
 	struct tm *tm;
 #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
 	struct tm data;
 #endif
 	int offset;
 	int year;
@@ -284,8 +289,9 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	t -= offset*60; /* FIXME: may overflow in extreme cases */
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(__CYGWIN32__)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
-	{ struct tm data; gmtime_r(&t, &data); tm = &data; }
+	gmtime_r(&t, &data);
 	tm = &data;
 #else
 	tm = gmtime(&t);
 #endif
--- a/crypto/asn1/a_utf8.c
+++ b/crypto/asn1/a_utf8.c
@@ -60,6 +60,33 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 ASN1_UTF8STRING *ASN1_UTF8STRING_new(void)
 { return M_ASN1_UTF8STRING_new();}
 void ASN1_UTF8STRING_free(ASN1_UTF8STRING *x)
 { M_ASN1_UTF8STRING_free(x);}
 int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **pp)
 	{
 	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 		V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL));
 	}
 ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, unsigned char **pp,
 	     long length)
 	{
 	ASN1_UTF8STRING *ret=NULL;
 	ret=(ASN1_UTF8STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
 		pp,length,V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL);
 	if (ret == NULL)
 		{
 		ASN1err(ASN1_F_D2I_ASN1_UTF8STRING,ERR_R_NESTED_ASN1_ERROR);
 		return(NULL);
 		}
 	return(ret);
 	}
 /* UTF8 utilities */
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -71,8 +71,6 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #ifndef NO_ASN1_OLD
 int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	     char *data, EVP_PKEY *pkey)
 	{
@@ -119,53 +117,3 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 err:
 	return(ret);
 	}
 #endif
 int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	     void *asn, EVP_PKEY *pkey)
 	{
 	EVP_MD_CTX ctx;
 	const EVP_MD *type;
 	unsigned char *buf_in=NULL;
 	int ret= -1,i,inl;
 	i=OBJ_obj2nid(a->algorithm);
 	type=EVP_get_digestbyname(OBJ_nid2sn(i));
 	if (type == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
 		goto err;
 		}
 	inl = ASN1_item_i2d(asn, &buf_in, it);
 	if (buf_in == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 	EVP_VerifyInit(&ctx,type);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 	memset(buf_in,0,(unsigned int)inl);
 	OPENSSL_free(buf_in);
 	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
 			(unsigned int)signature->length,pkey) <= 0)
 		{
 		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
 		ret=0;
 		goto err;
 		}
 	/* we don't need to zero the 'ctx' because we just checked
 	 * public information */
 	/* memset(&ctx,0,sizeof(ctx)); */
 	ret=1;
 err:
 	return(ret);
 	}
--- a/crypto/asn1/a_vis.c
+++ b/crypto/asn1/a_vis.c
@@ -0,0 +1,89 @@
 /* crypto/asn1/a_vis.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 ASN1_VISIBLESTRING *ASN1_VISIBLESTRING_new(void)
 { return M_ASN1_VISIBLESTRING_new(); }
 void ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *x)
 { M_ASN1_VISIBLESTRING_free(x); }
 int i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a, unsigned char **pp)
 	{
 	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 		V_ASN1_VISIBLESTRING,V_ASN1_UNIVERSAL));
 	}
 ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a,
 	     unsigned char **pp, long length)
 	{
 	ASN1_VISIBLESTRING *ret=NULL;
 	ret=(ASN1_VISIBLESTRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
 		pp,length,V_ASN1_VISIBLESTRING,V_ASN1_UNIVERSAL);
 	if (ret == NULL)
 		{
 		ASN1err(ASN1_F_D2I_ASN1_VISIBLESTRING,ERR_R_NESTED_ASN1_ERROR);
 		return(NULL);
 		}
 	return(ret);
 	}
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -60,23 +60,15 @@
 #define HEADER_ASN1_H
 #include <time.h>
-#ifndef OPENSSL_NO_BIO
+#ifndef NO_BIO
 #include <openssl/bio.h>
 #endif
 #include <openssl/e_os2.h>
 #include <openssl/bn.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 #include <openssl/symhacks.h>
 #include <openssl/e_os2.h>
 #ifdef OPENSSL_BUILD_SHLIBCRYPTO
 # undef OPENSSL_EXTERN
 # define OPENSSL_EXTERN OPENSSL_EXPORT
 #endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -92,7 +84,6 @@ extern "C" {
 #define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */
 #define V_ASN1_OTHER			-3	/* used in ASN1_TYPE */
 #define V_ASN1_ANY			-4	/* used in ASN1 template code */
 #define V_ASN1_NEG			0x100	/* negative flag */
@@ -145,8 +136,6 @@ extern "C" {
 #define B_ASN1_BMPSTRING	0x0800
 #define B_ASN1_UNKNOWN		0x1000
 #define B_ASN1_UTF8STRING	0x2000
 #define B_ASN1_UTCTIME		0x4000
 #define B_ASN1_GENERALIZEDTIME	0x8000
 /* For use with ASN1_mbstring_copy() */
 #define MBSTRING_FLAG		0x1000
@@ -204,21 +193,6 @@ typedef struct asn1_string_st
 	long flags;
 	} ASN1_STRING;
 /* ASN1_ENCODING structure: this is used to save the received
 * encoding of an ASN1 type. This is useful to get round
 * problems with invalid encodings which can break signatures.
 */
 typedef struct ASN1_ENCODING_st
 	{
 	unsigned char *enc;	/* DER encoding */
 	long len;		/* Length of encoding */
 	int modified;		 /* set to 1 if 'enc' is invalid */
 	} ASN1_ENCODING;
 /* Used with ASN1 LONG type: if a long is set to this it is omitted */
 #define ASN1_LONG_UNDEF	0x7fffffffL
 #define STABLE_FLAGS_MALLOC	0x01
 #define STABLE_NO_MASK		0x02
 #define DIRSTRING_TYPE	\
@@ -263,7 +237,6 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
 #define ASN1_VISIBLESTRING	ASN1_STRING
 #define ASN1_UTF8STRING		ASN1_STRING
 #define ASN1_BOOLEAN		int
 #define ASN1_NULL		int
 #else
 typedef struct asn1_string_st ASN1_INTEGER;
 typedef struct asn1_string_st ASN1_ENUMERATED;
@@ -281,119 +254,9 @@ typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
 typedef struct asn1_string_st ASN1_VISIBLESTRING;
 typedef struct asn1_string_st ASN1_UTF8STRING;
 typedef int ASN1_BOOLEAN;
 #endif
 typedef int ASN1_NULL;
 #endif
 /* Declarations for template structures: for full definitions
 * see asn1t.h
 */
 typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
 typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct ASN1_TLC_st ASN1_TLC;
 /* This is just an opaque pointer */
 typedef struct ASN1_VALUE_st ASN1_VALUE;
 /* Declare ASN1 functions: the implement macro in in asn1t.h */
 #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
 #define DECLARE_ASN1_FUNCTIONS_name(type, name) \
 	type *name##_new(void); \
 	void name##_free(type *a); \
 	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
 #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
 	type *name##_new(void); \
 	void name##_free(type *a); \
 	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
 #define	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
 	type *d2i_##name(type **a, unsigned char **in, long len); \
 	int i2d_##name(type *a, unsigned char **out); \
 	DECLARE_ASN1_ITEM(itname)
 #define	DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
 	type *d2i_##name(type **a, const unsigned char **in, long len); \
 	int i2d_##name(const type *a, unsigned char **out); \
 	DECLARE_ASN1_ITEM(name)
 #define DECLARE_ASN1_FUNCTIONS_const(name) \
 	name *name##_new(void); \
 	void name##_free(name *a);
 /* The following macros and typedefs allow an ASN1_ITEM
 * to be embedded in a structure and referenced. Since
 * the ASN1_ITEM pointers need to be globally accessible
 * (possibly from shared libraries) they may exist in
 * different forms. On platforms that support it the
 * ASN1_ITEM structure itself will be globally exported.
 * Other platforms will export a function that returns
 * an ASN1_ITEM pointer.
 *
 * To handle both cases transparently the macros below
 * should be used instead of hard coding an ASN1_ITEM
 * pointer in a structure.
 *
 * The structure will look like this:
 *
 * typedef struct SOMETHING_st {
 *      ...
 *      ASN1_ITEM_EXP *iptr;
 *      ...
 * } SOMETHING; 
 *
 * It would be initialised as e.g.:
 *
 * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
 *
 * and the actual pointer extracted with:
 *
 * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
 *
 * Finally an ASN1_ITEM pointer can be extracted from an
 * appropriate reference with: ASN1_ITEM_rptr(X509). This
 * would be used when a function takes an ASN1_ITEM * argument.
 *
 */
 #ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
 /* ASN1_ITEM pointer exported type */
 typedef const ASN1_ITEM ASN1_ITEM_EXP;
 /* Macro to obtain ASN1_ITEM pointer from exported type */
 #define ASN1_ITEM_ptr(iptr) (iptr)
 /* Macro to include ASN1_ITEM pointer from base type */
 #define ASN1_ITEM_ref(iptr) (&(iptr##_it))
 #define ASN1_ITEM_rptr(ref) (&(ref##_it))
 #define DECLARE_ASN1_ITEM(name) \
 	OPENSSL_EXTERN const ASN1_ITEM name##_it;
 #else
 /* Platforms that can't easily handle shared global variables are declared
 * as functions returning ASN1_ITEM pointers.
 */
 /* ASN1_ITEM pointer exported type */
 typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
 /* Macro to obtain ASN1_ITEM pointer from exported type */
 #define ASN1_ITEM_ptr(iptr) (iptr())
 /* Macro to include ASN1_ITEM pointer from base type */
 #define ASN1_ITEM_ref(iptr) (iptr##_it)
 #define ASN1_ITEM_rptr(ref) (ref##_it())
 #define DECLARE_ASN1_ITEM(name) \
 	const ASN1_ITEM * name##_it(void);
 #endif
 /* Parameters used by ASN1_STRING_print_ex() */
@@ -575,11 +438,12 @@ typedef struct BIT_STRING_BITNAME_st {
 		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
 		V_ASN1_UNIVERSAL)
-#define B_ASN1_TIME \
+#define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
-			B_ASN1_UTCTIME | \
+#define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-			B_ASN1_GENERALIZEDTIME
+#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-
+		pp,a->type,V_ASN1_UNIVERSAL)
-#define B_ASN1_PRINTABLE \
+#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
 		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
 			B_ASN1_PRINTABLESTRING| \
 			B_ASN1_T61STRING| \
 			B_ASN1_IA5STRING| \
@@ -587,28 +451,7 @@ typedef struct BIT_STRING_BITNAME_st {
 			B_ASN1_UNIVERSALSTRING|\
 			B_ASN1_BMPSTRING|\
 			B_ASN1_UTF8STRING|\
-			B_ASN1_UNKNOWN
+			B_ASN1_UNKNOWN)
 #define B_ASN1_DIRECTORYSTRING \
 			B_ASN1_PRINTABLESTRING| \
 			B_ASN1_TELETEXSTRING|\
 			B_ASN1_BMPSTRING|\
 			B_ASN1_UNIVERSALSTRING|\
 			B_ASN1_UTF8STRING
 #define B_ASN1_DISPLAYTEXT \
 			B_ASN1_IA5STRING| \
 			B_ASN1_VISIBLESTRING| \
 			B_ASN1_BMPSTRING|\
 			B_ASN1_UTF8STRING
 #define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
 #define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
 #define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
 		pp,a->type,V_ASN1_UNIVERSAL)
 #define M_d2i_ASN1_PRINTABLE(a,pp,l) \
 		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
 			B_ASN1_PRINTABLE)
 #define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
 #define M_DIRECTORYSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
@@ -616,7 +459,11 @@ typedef struct BIT_STRING_BITNAME_st {
 						pp,a->type,V_ASN1_UNIVERSAL)
 #define M_d2i_DIRECTORYSTRING(a,pp,l) \
 		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_DIRECTORYSTRING)
+			B_ASN1_PRINTABLESTRING| \
 			B_ASN1_TELETEXSTRING|\
 			B_ASN1_BMPSTRING|\
 			B_ASN1_UNIVERSALSTRING|\
 			B_ASN1_UTF8STRING)
 #define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
 #define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
@@ -624,7 +471,9 @@ typedef struct BIT_STRING_BITNAME_st {
 						pp,a->type,V_ASN1_UNIVERSAL)
 #define M_d2i_DISPLAYTEXT(a,pp,l) \
 		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_DISPLAYTEXT)
+			B_ASN1_VISIBLESTRING| \
 			B_ASN1_BMPSTRING|\
 			B_ASN1_UTF8STRING)
 #define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
 		ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
@@ -728,8 +577,10 @@ typedef struct BIT_STRING_BITNAME_st {
 #define IS_SEQUENCE	0
 #define IS_SET		1
-DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+ASN1_TYPE *	ASN1_TYPE_new(void );
-
+void		ASN1_TYPE_free(ASN1_TYPE *a);
 int		i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
 ASN1_TYPE *	d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
@@ -741,8 +592,6 @@ ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 			long length);
 DECLARE_ASN1_ITEM(ASN1_OBJECT)
 DECLARE_STACK_OF(ASN1_OBJECT)
 DECLARE_ASN1_SET_OF(ASN1_OBJECT)
@@ -759,8 +608,12 @@ void ASN1_STRING_length_set(ASN1_STRING *x, int n);
 int ASN1_STRING_type(ASN1_STRING *x);
 unsigned char * ASN1_STRING_data(ASN1_STRING *x);
-DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+ASN1_BIT_STRING *	ASN1_BIT_STRING_new(void);
 void		ASN1_BIT_STRING_free(ASN1_BIT_STRING *a);
 int		i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
 int		i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
 ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
 			long length);
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
 			long length);
 int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
@@ -768,7 +621,7 @@ int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
 int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
 int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
-#ifndef OPENSSL_NO_BIO
+#ifndef NO_BIO
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
 				BIT_STRING_BITNAME *tbl, int indent);
 #endif
@@ -779,8 +632,12 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
 int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
 int 		d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
-DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
+ASN1_INTEGER *	ASN1_INTEGER_new(void);
 void		ASN1_INTEGER_free(ASN1_INTEGER *a);
 int		i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
 int		i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
 ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
 			long length);
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
 			long length);
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
@@ -788,7 +645,11 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
 ASN1_INTEGER *	ASN1_INTEGER_dup(ASN1_INTEGER *x);
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
-DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+ASN1_ENUMERATED *	ASN1_ENUMERATED_new(void);
 void		ASN1_ENUMERATED_free(ASN1_ENUMERATED *a);
 int		i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a,unsigned char **pp);
 ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
 			long length);
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
@@ -802,33 +663,91 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 
-DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+ASN1_OCTET_STRING *	ASN1_OCTET_STRING_new(void);
 void		ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a);
 int		i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp);
 ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
 			unsigned char **pp,long length);
 ASN1_OCTET_STRING *	ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
 int 	ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
 int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len);
-DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+ASN1_VISIBLESTRING *	ASN1_VISIBLESTRING_new(void);
-DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+void		ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a);
-DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+int	i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a,unsigned char **pp);
-DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a,
 			unsigned char **pp,long length);
 ASN1_UTF8STRING *	ASN1_UTF8STRING_new(void);
 void		ASN1_UTF8STRING_free(ASN1_UTF8STRING *a);
 int		i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a,unsigned char **pp);
 ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a,
 			unsigned char **pp,long length);
 ASN1_NULL *	ASN1_NULL_new(void);
 void		ASN1_NULL_free(ASN1_NULL *a);
 int		i2d_ASN1_NULL(ASN1_NULL *a,unsigned char **pp);
 ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, unsigned char **pp,long length);
 ASN1_BMPSTRING *	ASN1_BMPSTRING_new(void);
 void		ASN1_BMPSTRING_free(ASN1_BMPSTRING *a);
 int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp);
 ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
 	long length);
 int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
 int UTF8_putc(unsigned char *str, int len, unsigned long value);
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp);
 ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a,
 	unsigned char **pp, long l);
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+ASN1_PRINTABLESTRING *	ASN1_PRINTABLESTRING_new(void);
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+void		ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a);
-DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
-DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+	unsigned char **pp, long l);
-DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp);
 DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
 ASN1_STRING *	DIRECTORYSTRING_new(void);
 void		DIRECTORYSTRING_free(ASN1_STRING *a);
 int	i2d_DIRECTORYSTRING(ASN1_STRING *a,unsigned char **pp);
 ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
 								 long length);
 ASN1_STRING *	DISPLAYTEXT_new(void);
 void		DISPLAYTEXT_free(ASN1_STRING *a);
 int	i2d_DISPLAYTEXT(ASN1_STRING *a,unsigned char **pp);
 ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp, long length);
 ASN1_T61STRING *	ASN1_T61STRING_new(void);
 void		ASN1_T61STRING_free(ASN1_IA5STRING *a);
 ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a,
 	unsigned char **pp, long l);
 ASN1_IA5STRING *	ASN1_IA5STRING_new(void);
 void		ASN1_IA5STRING_free(ASN1_IA5STRING *a);
 int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp);
 ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a,
 	unsigned char **pp, long l);
 ASN1_UTCTIME *	ASN1_UTCTIME_new(void);
 void		ASN1_UTCTIME_free(ASN1_UTCTIME *a);
 int		i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp);
 ASN1_UTCTIME *	d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp,
 			long length);
 ASN1_GENERALIZEDTIME *	ASN1_GENERALIZEDTIME_new(void);
 void		ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a);
 int		i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a,unsigned char **pp);
 ASN1_GENERALIZEDTIME *	d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,unsigned char **pp,
 			long length);
 ASN1_TIME *	ASN1_TIME_new(void);
 void		ASN1_TIME_free(ASN1_TIME *a);
 int		i2d_ASN1_TIME(ASN1_TIME *a,unsigned char **pp);
 ASN1_TIME *	d2i_ASN1_TIME(ASN1_TIME **a,unsigned char **pp, long length);
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
 int ASN1_TIME_check(ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
 int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
 			int (*func)(), int ex_tag, int ex_class, int is_set);
@@ -836,7 +755,7 @@ STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
 			char *(*func)(), void (*free_func)(void *),
 			int ex_tag, int ex_class);
-#ifndef OPENSSL_NO_BIO
+#ifndef NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
 int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
 int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
@@ -849,7 +768,7 @@ int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
 int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
-	const char *sn, const char *ln);
+	char *sn, char *ln);
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
 long ASN1_INTEGER_get(ASN1_INTEGER *a);
@@ -868,7 +787,6 @@ int ASN1_PRINTABLE_type(unsigned char *s, int max);
 int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
 ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
 	long length, int Ptag, int Pclass);
 unsigned long ASN1_tag2bit(int tag);
 /* type is one or more of the B_ASN1_ values. */
 ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
 		long length,int type);
@@ -887,23 +805,17 @@ int ASN1_object_size(int constructed, int length, int tag);
 /* Used to implement other functions */
 char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
-void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+#ifndef NO_FP_API
 #ifndef OPENSSL_NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
 void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
 int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
 int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
 int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
 #endif
 int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
-#ifndef OPENSSL_NO_BIO
+#ifndef NO_BIO
 char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
 void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
 int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
 int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
 int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
 int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
 int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
@@ -922,8 +834,6 @@ void ASN1_HEADER_free(ASN1_HEADER *a);
 int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
 void ERR_load_ASN1_strings(void);
 /* Not used that much at this point, except for the first two */
 ASN1_METHOD *X509_asn1_meth(void);
 ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
@@ -944,9 +854,7 @@ STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
 unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
 			     int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
 void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
 ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
 void ASN1_STRING_set_default_mask(unsigned long mask);
 int ASN1_STRING_set_default_mask_asc(char *p);
@@ -963,173 +871,279 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
 int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
 void ASN1_STRING_TABLE_cleanup(void);
 /* ASN1 template functions */
 /* Old API compatible functions */
 ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
 void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
 ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it);
 int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_ASN1_strings(void);
 /* Error codes for the ASN1 functions. */
 /* Function codes. */
 #define ASN1_F_A2D_ASN1_OBJECT				 100
-#define ASN1_F_A2I_ASN1_ENUMERATED			 101
+#define ASN1_F_A2I_ASN1_ENUMERATED			 236
-#define ASN1_F_A2I_ASN1_INTEGER				 102
+#define ASN1_F_A2I_ASN1_INTEGER				 101
-#define ASN1_F_A2I_ASN1_STRING				 103
+#define ASN1_F_A2I_ASN1_STRING				 102
-#define ASN1_F_ASN1_CHECK_TLEN				 104
+#define ASN1_F_ACCESS_DESCRIPTION_NEW			 291
-#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 105
+#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 103
-#define ASN1_F_ASN1_COLLECT				 106
+#define ASN1_F_ASN1_D2I_BIO				 104
-#define ASN1_F_ASN1_D2I_BIO				 107
+#define ASN1_F_ASN1_D2I_FP				 105
-#define ASN1_F_ASN1_D2I_EX_PRIMITIVE			 108
+#define ASN1_F_ASN1_DUP					 106
-#define ASN1_F_ASN1_D2I_FP				 109
+#define ASN1_F_ASN1_ENUMERATED_SET			 232
-#define ASN1_F_ASN1_DO_ADB				 110
+#define ASN1_F_ASN1_ENUMERATED_TO_BN			 233
-#define ASN1_F_ASN1_DUP					 111
+#define ASN1_F_ASN1_GENERALIZEDTIME_NEW			 222
-#define ASN1_F_ASN1_ENUMERATED_SET			 112
+#define ASN1_F_ASN1_GET_OBJECT				 107
-#define ASN1_F_ASN1_ENUMERATED_TO_BN			 113
+#define ASN1_F_ASN1_HEADER_NEW				 108
-#define ASN1_F_ASN1_GET_OBJECT				 114
+#define ASN1_F_ASN1_I2D_BIO				 109
-#define ASN1_F_ASN1_HEADER_NEW				 115
+#define ASN1_F_ASN1_I2D_FP				 110
-#define ASN1_F_ASN1_I2D_BIO				 116
+#define ASN1_F_ASN1_INTEGER_SET				 111
-#define ASN1_F_ASN1_I2D_FP				 117
+#define ASN1_F_ASN1_INTEGER_TO_BN			 112
-#define ASN1_F_ASN1_INTEGER_SET				 118
+#define ASN1_F_ASN1_MBSTRING_COPY			 282
-#define ASN1_F_ASN1_INTEGER_TO_BN			 119
+#define ASN1_F_ASN1_OBJECT_NEW				 113
-#define ASN1_F_ASN1_ITEM_EX_D2I				 120
+#define ASN1_F_ASN1_PACK_STRING				 245
-#define ASN1_F_ASN1_ITEM_NEW				 121
+#define ASN1_F_ASN1_PBE_SET				 253
-#define ASN1_F_ASN1_MBSTRING_COPY			 122
+#define ASN1_F_ASN1_SEQ_PACK				 246
-#define ASN1_F_ASN1_OBJECT_NEW				 123
+#define ASN1_F_ASN1_SEQ_UNPACK				 247
-#define ASN1_F_ASN1_PACK_STRING				 124
+#define ASN1_F_ASN1_SIGN				 114
-#define ASN1_F_ASN1_PBE_SET				 125
+#define ASN1_F_ASN1_STRING_NEW				 115
-#define ASN1_F_ASN1_SEQ_PACK				 126
+#define ASN1_F_ASN1_STRING_TABLE_ADD			 283
-#define ASN1_F_ASN1_SEQ_UNPACK				 127
+#define ASN1_F_ASN1_STRING_TYPE_NEW			 116
-#define ASN1_F_ASN1_SIGN				 128
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 117
-#define ASN1_F_ASN1_STRING_TABLE_ADD			 129
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 118
-#define ASN1_F_ASN1_STRING_TYPE_NEW			 130
+#define ASN1_F_ASN1_TYPE_NEW				 119
-#define ASN1_F_ASN1_TEMPLATE_D2I			 131
+#define ASN1_F_ASN1_UNPACK_STRING			 248
-#define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
+#define ASN1_F_ASN1_UTCTIME_NEW				 120
-#define ASN1_F_ASN1_TEMPLATE_NEW			 133
+#define ASN1_F_ASN1_VERIFY				 121
-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
+#define ASN1_F_AUTHORITY_KEYID_NEW			 237
-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
+#define ASN1_F_BASIC_CONSTRAINTS_NEW			 226
-#define ASN1_F_ASN1_UNPACK_STRING			 136
+#define ASN1_F_BN_TO_ASN1_ENUMERATED			 234
-#define ASN1_F_ASN1_VERIFY				 137
+#define ASN1_F_BN_TO_ASN1_INTEGER			 122
-#define ASN1_F_BN_TO_ASN1_ENUMERATED			 138
+#define ASN1_F_D2I_ACCESS_DESCRIPTION			 284
-#define ASN1_F_BN_TO_ASN1_INTEGER			 139
+#define ASN1_F_D2I_ASN1_BIT_STRING			 123
-#define ASN1_F_COLLECT_DATA				 140
+#define ASN1_F_D2I_ASN1_BMPSTRING			 124
-#define ASN1_F_D2I_ASN1_BIT_STRING			 141
+#define ASN1_F_D2I_ASN1_BOOLEAN				 125
-#define ASN1_F_D2I_ASN1_BOOLEAN				 142
+#define ASN1_F_D2I_ASN1_BYTES				 126
-#define ASN1_F_D2I_ASN1_BYTES				 143
+#define ASN1_F_D2I_ASN1_ENUMERATED			 235
-#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 144
+#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 223
-#define ASN1_F_D2I_ASN1_HEADER				 145
+#define ASN1_F_D2I_ASN1_HEADER				 127
-#define ASN1_F_D2I_ASN1_INTEGER				 146
+#define ASN1_F_D2I_ASN1_INTEGER				 128
-#define ASN1_F_D2I_ASN1_OBJECT				 147
+#define ASN1_F_D2I_ASN1_NULL				 292
-#define ASN1_F_D2I_ASN1_SET				 148
+#define ASN1_F_D2I_ASN1_OBJECT				 129
-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 149
+#define ASN1_F_D2I_ASN1_OCTET_STRING			 130
-#define ASN1_F_D2I_ASN1_UINTEGER			 150
+#define ASN1_F_D2I_ASN1_PRINT_TYPE			 131
-#define ASN1_F_D2I_ASN1_UTCTIME				 151
+#define ASN1_F_D2I_ASN1_SET				 132
-#define ASN1_F_D2I_NETSCAPE_RSA				 152
+#define ASN1_F_D2I_ASN1_TIME				 224
-#define ASN1_F_D2I_NETSCAPE_RSA_2			 153
+#define ASN1_F_D2I_ASN1_TYPE				 133
-#define ASN1_F_D2I_PRIVATEKEY				 154
+#define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
-#define ASN1_F_D2I_PUBLICKEY				 155
+#define ASN1_F_D2I_ASN1_UINTEGER			 280
-#define ASN1_F_D2I_X509					 156
+#define ASN1_F_D2I_ASN1_UTCTIME				 135
-#define ASN1_F_D2I_X509_CINF				 157
+#define ASN1_F_D2I_ASN1_UTF8STRING			 266
-#define ASN1_F_D2I_X509_NAME				 158
+#define ASN1_F_D2I_ASN1_VISIBLESTRING			 267
-#define ASN1_F_D2I_X509_PKEY				 159
+#define ASN1_F_D2I_AUTHORITY_KEYID			 238
-#define ASN1_F_I2D_ASN1_TIME				 160
+#define ASN1_F_D2I_BASIC_CONSTRAINTS			 227
-#define ASN1_F_I2D_DSA_PUBKEY				 161
+#define ASN1_F_D2I_DHPARAMS				 136
-#define ASN1_F_I2D_NETSCAPE_RSA				 162
+#define ASN1_F_D2I_DIST_POINT				 276
-#define ASN1_F_I2D_PRIVATEKEY				 163
+#define ASN1_F_D2I_DIST_POINT_NAME			 277
-#define ASN1_F_I2D_PUBLICKEY				 164
+#define ASN1_F_D2I_DSAPARAMS				 137
-#define ASN1_F_I2D_RSA_PUBKEY				 165
+#define ASN1_F_D2I_DSAPRIVATEKEY			 138
-#define ASN1_F_LONG_C2I					 166
+#define ASN1_F_D2I_DSAPUBLICKEY				 139
-#define ASN1_F_PKCS5_PBE2_SET				 167
+#define ASN1_F_D2I_GENERAL_NAME				 230
-#define ASN1_F_X509_CINF_NEW				 168
+#define ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE		 228
-#define ASN1_F_X509_CRL_ADD0_REVOKED			 169
+#define ASN1_F_D2I_NETSCAPE_PKEY			 140
-#define ASN1_F_X509_INFO_NEW				 170
+#define ASN1_F_D2I_NETSCAPE_RSA				 141
-#define ASN1_F_X509_NAME_NEW				 171
+#define ASN1_F_D2I_NETSCAPE_RSA_2			 142
-#define ASN1_F_X509_NEW					 172
+#define ASN1_F_D2I_NETSCAPE_SPKAC			 143
-#define ASN1_F_X509_PKEY_NEW				 173
+#define ASN1_F_D2I_NETSCAPE_SPKI			 144
 #define ASN1_F_D2I_NOTICEREF				 268
 #define ASN1_F_D2I_OTHERNAME				 287
 #define ASN1_F_D2I_PBE2PARAM				 262
 #define ASN1_F_D2I_PBEPARAM				 249
 #define ASN1_F_D2I_PBKDF2PARAM				 263
 #define ASN1_F_D2I_PKCS12				 254
 #define ASN1_F_D2I_PKCS12_BAGS				 255
 #define ASN1_F_D2I_PKCS12_MAC_DATA			 256
 #define ASN1_F_D2I_PKCS12_SAFEBAG			 257
 #define ASN1_F_D2I_PKCS7				 145
 #define ASN1_F_D2I_PKCS7_DIGEST				 146
 #define ASN1_F_D2I_PKCS7_ENCRYPT			 147
 #define ASN1_F_D2I_PKCS7_ENC_CONTENT			 148
 #define ASN1_F_D2I_PKCS7_ENVELOPE			 149
 #define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 150
 #define ASN1_F_D2I_PKCS7_RECIP_INFO			 151
 #define ASN1_F_D2I_PKCS7_SIGNED				 152
 #define ASN1_F_D2I_PKCS7_SIGNER_INFO			 153
 #define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 154
 #define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO			 250
 #define ASN1_F_D2I_PKEY_USAGE_PERIOD			 239
 #define ASN1_F_D2I_POLICYINFO				 269
 #define ASN1_F_D2I_POLICYQUALINFO			 270
 #define ASN1_F_D2I_PRIVATEKEY				 155
 #define ASN1_F_D2I_PUBLICKEY				 156
 #define ASN1_F_D2I_RSAPRIVATEKEY			 157
 #define ASN1_F_D2I_RSAPUBLICKEY				 158
 #define ASN1_F_D2I_SXNET				 241
 #define ASN1_F_D2I_SXNETID				 243
 #define ASN1_F_D2I_USERNOTICE				 271
 #define ASN1_F_D2I_X509					 159
 #define ASN1_F_D2I_X509_ALGOR				 160
 #define ASN1_F_D2I_X509_ATTRIBUTE			 161
 #define ASN1_F_D2I_X509_CERT_AUX			 285
 #define ASN1_F_D2I_X509_CINF				 162
 #define ASN1_F_D2I_X509_CRL				 163
 #define ASN1_F_D2I_X509_CRL_INFO			 164
 #define ASN1_F_D2I_X509_EXTENSION			 165
 #define ASN1_F_D2I_X509_KEY				 166
 #define ASN1_F_D2I_X509_NAME				 167
 #define ASN1_F_D2I_X509_NAME_ENTRY			 168
 #define ASN1_F_D2I_X509_PKEY				 169
 #define ASN1_F_D2I_X509_PUBKEY				 170
 #define ASN1_F_D2I_X509_REQ				 171
 #define ASN1_F_D2I_X509_REQ_INFO			 172
 #define ASN1_F_D2I_X509_REVOKED				 173
 #define ASN1_F_D2I_X509_SIG				 174
 #define ASN1_F_D2I_X509_VAL				 175
 #define ASN1_F_DIST_POINT_NAME_NEW			 278
 #define ASN1_F_DIST_POINT_NEW				 279
 #define ASN1_F_GENERAL_NAME_NEW				 231
 #define ASN1_F_I2D_ASN1_HEADER				 176
 #define ASN1_F_I2D_ASN1_TIME				 225
 #define ASN1_F_I2D_DHPARAMS				 177
 #define ASN1_F_I2D_DSAPARAMS				 178
 #define ASN1_F_I2D_DSAPRIVATEKEY			 179
 #define ASN1_F_I2D_DSAPUBLICKEY				 180
 #define ASN1_F_I2D_DSA_PUBKEY				 290
 #define ASN1_F_I2D_NETSCAPE_RSA				 181
 #define ASN1_F_I2D_PKCS7				 182
 #define ASN1_F_I2D_PRIVATEKEY				 183
 #define ASN1_F_I2D_PUBLICKEY				 184
 #define ASN1_F_I2D_RSAPRIVATEKEY			 185
 #define ASN1_F_I2D_RSAPUBLICKEY				 186
 #define ASN1_F_I2D_RSA_PUBKEY				 289
 #define ASN1_F_I2D_X509_ATTRIBUTE			 187
 #define ASN1_F_I2T_ASN1_OBJECT				 188
 #define ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW		 229
 #define ASN1_F_NETSCAPE_PKEY_NEW			 189
 #define ASN1_F_NETSCAPE_SPKAC_NEW			 190
 #define ASN1_F_NETSCAPE_SPKI_NEW			 191
 #define ASN1_F_NOTICEREF_NEW				 272
 #define ASN1_F_OTHERNAME_NEW				 288
 #define ASN1_F_PBE2PARAM_NEW				 264
 #define ASN1_F_PBEPARAM_NEW				 251
 #define ASN1_F_PBKDF2PARAM_NEW				 265
 #define ASN1_F_PKCS12_BAGS_NEW				 258
 #define ASN1_F_PKCS12_MAC_DATA_NEW			 259
 #define ASN1_F_PKCS12_NEW				 260
 #define ASN1_F_PKCS12_SAFEBAG_NEW			 261
 #define ASN1_F_PKCS5_PBE2_SET				 281
 #define ASN1_F_PKCS7_DIGEST_NEW				 192
 #define ASN1_F_PKCS7_ENCRYPT_NEW			 193
 #define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194
 #define ASN1_F_PKCS7_ENVELOPE_NEW			 195
 #define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 196
 #define ASN1_F_PKCS7_NEW				 197
 #define ASN1_F_PKCS7_RECIP_INFO_NEW			 198
 #define ASN1_F_PKCS7_SIGNED_NEW				 199
 #define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
 #define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW			 252
 #define ASN1_F_PKEY_USAGE_PERIOD_NEW			 240
 #define ASN1_F_POLICYINFO_NEW				 273
 #define ASN1_F_POLICYQUALINFO_NEW			 274
 #define ASN1_F_SXNETID_NEW				 244
 #define ASN1_F_SXNET_NEW				 242
 #define ASN1_F_USERNOTICE_NEW				 275
 #define ASN1_F_X509_ALGOR_NEW				 202
 #define ASN1_F_X509_ATTRIBUTE_NEW			 203
 #define ASN1_F_X509_CERT_AUX_NEW			 286
 #define ASN1_F_X509_CINF_NEW				 204
 #define ASN1_F_X509_CRL_INFO_NEW			 205
 #define ASN1_F_X509_CRL_NEW				 206
 #define ASN1_F_X509_DHPARAMS_NEW			 207
 #define ASN1_F_X509_EXTENSION_NEW			 208
 #define ASN1_F_X509_INFO_NEW				 209
 #define ASN1_F_X509_KEY_NEW				 210
 #define ASN1_F_X509_NAME_ENTRY_NEW			 211
 #define ASN1_F_X509_NAME_NEW				 212
 #define ASN1_F_X509_NEW					 213
 #define ASN1_F_X509_PKEY_NEW				 214
 #define ASN1_F_X509_PUBKEY_NEW				 215
 #define ASN1_F_X509_REQ_INFO_NEW			 216
 #define ASN1_F_X509_REQ_NEW				 217
 #define ASN1_F_X509_REVOKED_NEW				 218
 #define ASN1_F_X509_SIG_NEW				 219
 #define ASN1_F_X509_VAL_FREE				 220
 #define ASN1_F_X509_VAL_NEW				 221
 /* Reason codes. */
-#define ASN1_R_AUX_ERROR				 100
+#define ASN1_R_BAD_CLASS				 100
-#define ASN1_R_BAD_CLASS				 101
+#define ASN1_R_BAD_OBJECT_HEADER			 101
-#define ASN1_R_BAD_OBJECT_HEADER			 102
+#define ASN1_R_BAD_PASSWORD_READ			 102
-#define ASN1_R_BAD_PASSWORD_READ			 103
+#define ASN1_R_BAD_PKCS7_CONTENT			 103
-#define ASN1_R_BAD_TAG					 104
+#define ASN1_R_BAD_PKCS7_TYPE				 104
-#define ASN1_R_BN_LIB					 105
+#define ASN1_R_BAD_TAG					 105
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
+#define ASN1_R_BAD_TYPE					 106
-#define ASN1_R_BUFFER_TOO_SMALL				 107
+#define ASN1_R_BN_LIB					 107
-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 108
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 108
-#define ASN1_R_DATA_IS_WRONG				 109
+#define ASN1_R_BUFFER_TOO_SMALL				 109
-#define ASN1_R_DECODE_ERROR				 110
+#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 166
 #define ASN1_R_DATA_IS_WRONG				 110
 #define ASN1_R_DECODE_ERROR				 155
 #define ASN1_R_DECODING_ERROR				 111
-#define ASN1_R_ENCODE_ERROR				 112
+#define ASN1_R_ENCODE_ERROR				 156
-#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113
+#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 112
-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114
+#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 157
-#define ASN1_R_EXPECTING_AN_INTEGER			 115
+#define ASN1_R_EXPECTING_AN_ENUMERATED			 154
-#define ASN1_R_EXPECTING_AN_OBJECT			 116
+#define ASN1_R_EXPECTING_AN_INTEGER			 113
 #define ASN1_R_EXPECTING_AN_OBJECT			 114
 #define ASN1_R_EXPECTING_AN_OCTET_STRING		 115
 #define ASN1_R_EXPECTING_A_BIT_STRING			 116
 #define ASN1_R_EXPECTING_A_BOOLEAN			 117
-#define ASN1_R_EXPECTING_A_TIME				 118
+#define ASN1_R_EXPECTING_A_GENERALIZEDTIME		 151
-#define ASN1_R_EXPLICIT_LENGTH_MISMATCH			 119
+#define ASN1_R_EXPECTING_A_NULL				 164
-#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED		 120
+#define ASN1_R_EXPECTING_A_TIME				 152
-#define ASN1_R_FIELD_MISSING				 121
+#define ASN1_R_EXPECTING_A_UTCTIME			 118
-#define ASN1_R_FIRST_NUM_TOO_LARGE			 122
+#define ASN1_R_FIRST_NUM_TOO_LARGE			 119
-#define ASN1_R_HEADER_TOO_LONG				 123
+#define ASN1_R_GENERALIZEDTIME_TOO_LONG			 153
-#define ASN1_R_ILLEGAL_CHARACTERS			 124
+#define ASN1_R_HEADER_TOO_LONG				 120
-#define ASN1_R_ILLEGAL_NULL				 125
+#define ASN1_R_ILLEGAL_CHARACTERS			 158
-#define ASN1_R_ILLEGAL_OPTIONAL_ANY			 126
+#define ASN1_R_INVALID_BMPSTRING_LENGTH			 159
-#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE		 170
+#define ASN1_R_INVALID_DIGIT				 121
-#define ASN1_R_ILLEGAL_TAGGED_ANY			 127
+#define ASN1_R_INVALID_SEPARATOR			 122
-#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
+#define ASN1_R_INVALID_TIME_FORMAT			 123
-#define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
+#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 160
-#define ASN1_R_INVALID_DIGIT				 130
+#define ASN1_R_INVALID_UTF8STRING			 161
-#define ASN1_R_INVALID_SEPARATOR			 131
+#define ASN1_R_IV_TOO_LARGE				 124
-#define ASN1_R_INVALID_TIME_FORMAT			 132
+#define ASN1_R_LENGTH_ERROR				 125
-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133
+#define ASN1_R_MISSING_SECOND_NUMBER			 126
-#define ASN1_R_INVALID_UTF8STRING			 134
+#define ASN1_R_NON_HEX_CHARACTERS			 127
-#define ASN1_R_IV_TOO_LARGE				 135
+#define ASN1_R_NOT_ENOUGH_DATA				 128
-#define ASN1_R_LENGTH_ERROR				 136
+#define ASN1_R_NULL_IS_WRONG_LENGTH			 165
-#define ASN1_R_MISSING_EOC				 137
+#define ASN1_R_ODD_NUMBER_OF_CHARS			 129
-#define ASN1_R_MISSING_SECOND_NUMBER			 138
+#define ASN1_R_PARSING					 130
-#define ASN1_R_MSTRING_NOT_UNIVERSAL			 139
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 131
-#define ASN1_R_MSTRING_WRONG_TAG			 140
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 132
-#define ASN1_R_NON_HEX_CHARACTERS			 141
+#define ASN1_R_SHORT_LINE				 133
-#define ASN1_R_NOT_ENOUGH_DATA				 142
+#define ASN1_R_STRING_TOO_LONG				 163
-#define ASN1_R_NO_MATCHING_CHOICE_TYPE			 143
+#define ASN1_R_STRING_TOO_SHORT				 134
-#define ASN1_R_NULL_IS_WRONG_LENGTH			 144
+#define ASN1_R_TAG_VALUE_TOO_HIGH			 135
-#define ASN1_R_ODD_NUMBER_OF_CHARS			 145
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 136
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 146
+#define ASN1_R_TOO_LONG					 137
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 147
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 138
-#define ASN1_R_SEQUENCE_LENGTH_MISMATCH			 148
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 139
-#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED			 149
+#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 140
-#define ASN1_R_SHORT_LINE				 150
+#define ASN1_R_UNKNOWN_FORMAT				 162
-#define ASN1_R_STRING_TOO_LONG				 151
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 141
-#define ASN1_R_STRING_TOO_SHORT				 152
+#define ASN1_R_UNKNOWN_OBJECT_TYPE			 142
-#define ASN1_R_TAG_VALUE_TOO_HIGH			 153
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 143
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+#define ASN1_R_UNSUPPORTED_CIPHER			 144
-#define ASN1_R_TOO_LONG					 155
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 145
-#define ASN1_R_TYPE_NOT_CONSTRUCTED			 156
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 146
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
+#define ASN1_R_UTCTIME_TOO_LONG				 147
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
+#define ASN1_R_WRONG_PRINTABLE_TYPE			 148
-#define ASN1_R_UNEXPECTED_EOC				 159
+#define ASN1_R_WRONG_TAG				 149
-#define ASN1_R_UNKNOWN_FORMAT				 160
+#define ASN1_R_WRONG_TYPE				 150
 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
 #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 163
 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE		 164
 #define ASN1_R_UNSUPPORTED_CIPHER			 165
 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166
 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167
 #define ASN1_R_WRONG_TAG				 168
 #define ASN1_R_WRONG_TYPE				 169
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -63,31 +63,27 @@
 #include <openssl/asn1.h>
 /* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
+#ifndef NO_ERR
 static ERR_STRING_DATA ASN1_str_functs[]=
 	{
 {ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),	"a2d_ASN1_OBJECT"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),	"a2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),	"a2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),	"a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0),	"ASN1_CHECK_TLEN"},
+{ERR_PACK(0,ASN1_F_ACCESS_DESCRIPTION_NEW,0),	"ACCESS_DESCRIPTION_new"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),	"ASN1_COLLATE_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLECT,0),	"ASN1_COLLECT"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),	"ASN1_d2i_bio"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0),	"ASN1_D2I_EX_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),	"ASN1_d2i_fp"},
 {ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0),	"ASN1_DO_ADB"},
 {ERR_PACK(0,ASN1_F_ASN1_DUP,0),	"ASN1_dup"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),	"ASN1_ENUMERATED_set"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),	"ASN1_ENUMERATED_to_BN"},
 {ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_NEW,0),	"ASN1_GENERALIZEDTIME_new"},
 {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),	"ASN1_get_object"},
 {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),	"ASN1_HEADER_new"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),	"ASN1_i2d_bio"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0),	"ASN1_i2d_fp"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0),	"ASN1_INTEGER_set"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),	"ASN1_INTEGER_to_BN"},
 {ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0),	"ASN1_ITEM_EX_D2I"},
 {ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0),	"ASN1_item_new"},
 {ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0),	"ASN1_mbstring_copy"},
 {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),	"ASN1_OBJECT_new"},
 {ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0),	"ASN1_pack_string"},
@@ -95,61 +91,186 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),	"ASN1_seq_pack"},
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),	"ASN1_seq_unpack"},
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_sign"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),	"ASN1_STRING_new"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),	"ASN1_STRING_TABLE_add"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),	"ASN1_TEMPLATE_D2I"},
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),	"ASN1_TEMPLATE_EX_D2I"},
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),	"ASN1_TEMPLATE_NEW"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),	"ASN1_TYPE_new"},
 {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
 {ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0),	"ASN1_UTCTIME_new"},
 {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_verify"},
 {ERR_PACK(0,ASN1_F_AUTHORITY_KEYID_NEW,0),	"AUTHORITY_KEYID_new"},
 {ERR_PACK(0,ASN1_F_BASIC_CONSTRAINTS_NEW,0),	"BASIC_CONSTRAINTS_new"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),	"BN_to_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_COLLECT_DATA,0),	"COLLECT_DATA"},
+{ERR_PACK(0,ASN1_F_D2I_ACCESS_DESCRIPTION,0),	"d2i_ACCESS_DESCRIPTION"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"D2I_ASN1_BIT_STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"d2i_ASN1_BIT_STRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),	"d2i_ASN1_BMPSTRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0),	"d2i_ASN1_BOOLEAN"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),	"d2i_ASN1_bytes"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0),	"D2I_ASN1_GENERALIZEDTIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_ENUMERATED,0),	"d2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0),	"d2i_ASN1_GENERALIZEDTIME"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),	"d2i_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"D2I_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"d2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_NULL,0),	"d2i_ASN1_NULL"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0),	"d2i_ASN1_OBJECT"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_OCTET_STRING,0),	"d2i_ASN1_OCTET_STRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_PRINT_TYPE,0),	"D2I_ASN1_PRINT_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0),	"d2i_ASN1_SET"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_TIME,0),	"d2i_ASN1_TIME"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0),	"d2i_ASN1_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),	"d2i_ASN1_type_bytes"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0),	"d2i_ASN1_UINTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"D2I_ASN1_UTCTIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"d2i_ASN1_UTCTIME"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_UTF8STRING,0),	"d2i_ASN1_UTF8STRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_VISIBLESTRING,0),	"d2i_ASN1_VISIBLESTRING"},
 {ERR_PACK(0,ASN1_F_D2I_AUTHORITY_KEYID,0),	"d2i_AUTHORITY_KEYID"},
 {ERR_PACK(0,ASN1_F_D2I_BASIC_CONSTRAINTS,0),	"d2i_BASIC_CONSTRAINTS"},
 {ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0),	"d2i_DHparams"},
 {ERR_PACK(0,ASN1_F_D2I_DIST_POINT,0),	"d2i_DIST_POINT"},
 {ERR_PACK(0,ASN1_F_D2I_DIST_POINT_NAME,0),	"d2i_DIST_POINT_NAME"},
 {ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0),	"d2i_DSAparams"},
 {ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0),	"d2i_DSAPrivateKey"},
 {ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0),	"d2i_DSAPublicKey"},
 {ERR_PACK(0,ASN1_F_D2I_GENERAL_NAME,0),	"d2i_GENERAL_NAME"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE,0),	"d2i_NETSCAPE_CERT_SEQUENCE"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_PKEY,0),	"D2I_NETSCAPE_PKEY"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0),	"d2i_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"D2I_NETSCAPE_RSA_2"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"d2i_Netscape_RSA_2"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"d2i_NETSCAPE_SPKAC"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"d2i_NETSCAPE_SPKI"},
 {ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0),	"d2i_NOTICEREF"},
 {ERR_PACK(0,ASN1_F_D2I_OTHERNAME,0),	"d2i_OTHERNAME"},
 {ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),	"d2i_PBE2PARAM"},
 {ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),	"d2i_PBEPARAM"},
 {ERR_PACK(0,ASN1_F_D2I_PBKDF2PARAM,0),	"d2i_PBKDF2PARAM"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS12,0),	"d2i_PKCS12"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS12_BAGS,0),	"d2i_PKCS12_BAGS"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS12_MAC_DATA,0),	"d2i_PKCS12_MAC_DATA"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS12_SAFEBAG,0),	"d2i_PKCS12_SAFEBAG"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7,0),	"d2i_PKCS7"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0),	"d2i_PKCS7_DIGEST"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),	"d2i_PKCS7_ENCRYPT"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0),	"d2i_PKCS7_ENC_CONTENT"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0),	"d2i_PKCS7_ENVELOPE"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0),	"d2i_PKCS7_ISSUER_AND_SERIAL"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0),	"d2i_PKCS7_RECIP_INFO"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0),	"d2i_PKCS7_SIGNED"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0),	"d2i_PKCS7_SIGNER_INFO"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0),	"d2i_PKCS7_SIGN_ENVELOPE"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0),	"d2i_PKCS8_PRIV_KEY_INFO"},
 {ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0),	"d2i_PKEY_USAGE_PERIOD"},
 {ERR_PACK(0,ASN1_F_D2I_POLICYINFO,0),	"d2i_POLICYINFO"},
 {ERR_PACK(0,ASN1_F_D2I_POLICYQUALINFO,0),	"d2i_POLICYQUALINFO"},
 {ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),	"d2i_PrivateKey"},
 {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),	"d2i_PublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_X509,0),	"D2I_X509"},
+{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),	"d2i_RSAPrivateKey"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"D2I_X509_CINF"},
+{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0),	"d2i_RSAPublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"D2I_X509_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_SXNET,0),	"d2i_SXNET"},
 {ERR_PACK(0,ASN1_F_D2I_SXNETID,0),	"d2i_SXNETID"},
 {ERR_PACK(0,ASN1_F_D2I_USERNOTICE,0),	"d2i_USERNOTICE"},
 {ERR_PACK(0,ASN1_F_D2I_X509,0),	"d2i_X509"},
 {ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),	"d2i_X509_ALGOR"},
 {ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),	"d2i_X509_ATTRIBUTE"},
 {ERR_PACK(0,ASN1_F_D2I_X509_CERT_AUX,0),	"d2i_X509_CERT_AUX"},
 {ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"d2i_X509_CINF"},
 {ERR_PACK(0,ASN1_F_D2I_X509_CRL,0),	"d2i_X509_CRL"},
 {ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0),	"d2i_X509_CRL_INFO"},
 {ERR_PACK(0,ASN1_F_D2I_X509_EXTENSION,0),	"d2i_X509_EXTENSION"},
 {ERR_PACK(0,ASN1_F_D2I_X509_KEY,0),	"D2I_X509_KEY"},
 {ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"d2i_X509_NAME"},
 {ERR_PACK(0,ASN1_F_D2I_X509_NAME_ENTRY,0),	"d2i_X509_NAME_ENTRY"},
 {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"d2i_X509_PKEY"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"I2D_ASN1_TIME"},
+{ERR_PACK(0,ASN1_F_D2I_X509_PUBKEY,0),	"d2i_X509_PUBKEY"},
 {ERR_PACK(0,ASN1_F_D2I_X509_REQ,0),	"d2i_X509_REQ"},
 {ERR_PACK(0,ASN1_F_D2I_X509_REQ_INFO,0),	"d2i_X509_REQ_INFO"},
 {ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0),	"d2i_X509_REVOKED"},
 {ERR_PACK(0,ASN1_F_D2I_X509_SIG,0),	"d2i_X509_SIG"},
 {ERR_PACK(0,ASN1_F_D2I_X509_VAL,0),	"d2i_X509_VAL"},
 {ERR_PACK(0,ASN1_F_DIST_POINT_NAME_NEW,0),	"DIST_POINT_NAME_new"},
 {ERR_PACK(0,ASN1_F_DIST_POINT_NEW,0),	"DIST_POINT_new"},
 {ERR_PACK(0,ASN1_F_GENERAL_NAME_NEW,0),	"GENERAL_NAME_new"},
 {ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0),	"i2d_ASN1_HEADER"},
 {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"i2d_ASN1_TIME"},
 {ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0),	"i2d_DHparams"},
 {ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0),	"i2d_DSAparams"},
 {ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0),	"i2d_DSAPrivateKey"},
 {ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0),	"i2d_DSAPublicKey"},
 {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),	"i2d_DSA_PUBKEY"},
 {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"i2d_Netscape_RSA"},
 {ERR_PACK(0,ASN1_F_I2D_PKCS7,0),	"i2d_PKCS7"},
 {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"i2d_PrivateKey"},
 {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"i2d_PublicKey"},
 {ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0),	"i2d_RSAPrivateKey"},
 {ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0),	"i2d_RSAPublicKey"},
 {ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0),	"i2d_RSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_LONG_C2I,0),	"LONG_C2I"},
+{ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0),	"i2d_X509_ATTRIBUTE"},
 {ERR_PACK(0,ASN1_F_I2T_ASN1_OBJECT,0),	"i2t_ASN1_OBJECT"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW,0),	"NETSCAPE_CERT_SEQUENCE_new"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),	"NETSCAPE_PKEY_NEW"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_new"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_new"},
 {ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0),	"NOTICEREF_new"},
 {ERR_PACK(0,ASN1_F_OTHERNAME_NEW,0),	"OTHERNAME_new"},
 {ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),	"PBE2PARAM_new"},
 {ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),	"PBEPARAM_new"},
 {ERR_PACK(0,ASN1_F_PBKDF2PARAM_NEW,0),	"PBKDF2PARAM_new"},
 {ERR_PACK(0,ASN1_F_PKCS12_BAGS_NEW,0),	"PKCS12_BAGS_new"},
 {ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0),	"PKCS12_MAC_DATA_new"},
 {ERR_PACK(0,ASN1_F_PKCS12_NEW,0),	"PKCS12_new"},
 {ERR_PACK(0,ASN1_F_PKCS12_SAFEBAG_NEW,0),	"PKCS12_SAFEBAG_new"},
 {ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),	"PKCS5_pbe2_set"},
-{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0),	"PKCS7_DIGEST_new"},
-{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0),	"X509_CRL_add0_revoked"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),	"PKCS7_ENCRYPT_new"},
 {ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),	"PKCS7_ENC_CONTENT_new"},
 {ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0),	"PKCS7_ENVELOPE_new"},
 {ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0),	"PKCS7_ISSUER_AND_SERIAL_new"},
 {ERR_PACK(0,ASN1_F_PKCS7_NEW,0),	"PKCS7_new"},
 {ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0),	"PKCS7_RECIP_INFO_new"},
 {ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0),	"PKCS7_SIGNED_new"},
 {ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),	"PKCS7_SIGNER_INFO_new"},
 {ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0),	"PKCS7_SIGN_ENVELOPE_new"},
 {ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0),	"PKCS8_PRIV_KEY_INFO_new"},
 {ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0),	"PKEY_USAGE_PERIOD_new"},
 {ERR_PACK(0,ASN1_F_POLICYINFO_NEW,0),	"POLICYINFO_new"},
 {ERR_PACK(0,ASN1_F_POLICYQUALINFO_NEW,0),	"POLICYQUALINFO_new"},
 {ERR_PACK(0,ASN1_F_SXNETID_NEW,0),	"SXNETID_new"},
 {ERR_PACK(0,ASN1_F_SXNET_NEW,0),	"SXNET_new"},
 {ERR_PACK(0,ASN1_F_USERNOTICE_NEW,0),	"USERNOTICE_new"},
 {ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),	"X509_ALGOR_new"},
 {ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),	"X509_ATTRIBUTE_new"},
 {ERR_PACK(0,ASN1_F_X509_CERT_AUX_NEW,0),	"X509_CERT_AUX_new"},
 {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_new"},
 {ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0),	"X509_CRL_INFO_new"},
 {ERR_PACK(0,ASN1_F_X509_CRL_NEW,0),	"X509_CRL_new"},
 {ERR_PACK(0,ASN1_F_X509_DHPARAMS_NEW,0),	"X509_DHPARAMS_NEW"},
 {ERR_PACK(0,ASN1_F_X509_EXTENSION_NEW,0),	"X509_EXTENSION_new"},
 {ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),	"X509_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_NEW"},
+{ERR_PACK(0,ASN1_F_X509_KEY_NEW,0),	"X509_KEY_NEW"},
-{ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NAME_ENTRY_NEW,0),	"X509_NAME_ENTRY_new"},
 {ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_new"},
 {ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_new"},
 {ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),	"X509_PKEY_new"},
 {ERR_PACK(0,ASN1_F_X509_PUBKEY_NEW,0),	"X509_PUBKEY_new"},
 {ERR_PACK(0,ASN1_F_X509_REQ_INFO_NEW,0),	"X509_REQ_INFO_new"},
 {ERR_PACK(0,ASN1_F_X509_REQ_NEW,0),	"X509_REQ_new"},
 {ERR_PACK(0,ASN1_F_X509_REVOKED_NEW,0),	"X509_REVOKED_new"},
 {ERR_PACK(0,ASN1_F_X509_SIG_NEW,0),	"X509_SIG_new"},
 {ERR_PACK(0,ASN1_F_X509_VAL_FREE,0),	"X509_VAL_free"},
 {ERR_PACK(0,ASN1_F_X509_VAL_NEW,0),	"X509_VAL_new"},
 {0,NULL}
 	};
 static ERR_STRING_DATA ASN1_str_reasons[]=
 	{
 {ASN1_R_AUX_ERROR                        ,"aux error"},
 {ASN1_R_BAD_CLASS                        ,"bad class"},
 {ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
 {ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
 {ASN1_R_BAD_PKCS7_CONTENT                ,"bad pkcs7 content"},
 {ASN1_R_BAD_PKCS7_TYPE                   ,"bad pkcs7 type"},
 {ASN1_R_BAD_TAG                          ,"bad tag"},
 {ASN1_R_BAD_TYPE                         ,"bad type"},
 {ASN1_R_BN_LIB                           ,"bn lib"},
 {ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
 {ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
@@ -160,21 +281,20 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_ENCODE_ERROR                     ,"encode error"},
 {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
 {ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
 {ASN1_R_EXPECTING_AN_ENUMERATED          ,"expecting an enumerated"},
 {ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
 {ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
 {ASN1_R_EXPECTING_AN_OCTET_STRING        ,"expecting an octet string"},
 {ASN1_R_EXPECTING_A_BIT_STRING           ,"expecting a bit string"},
 {ASN1_R_EXPECTING_A_BOOLEAN              ,"expecting a boolean"},
 {ASN1_R_EXPECTING_A_GENERALIZEDTIME      ,"expecting a generalizedtime"},
 {ASN1_R_EXPECTING_A_NULL                 ,"expecting a null"},
 {ASN1_R_EXPECTING_A_TIME                 ,"expecting a time"},
-{ASN1_R_EXPLICIT_LENGTH_MISMATCH         ,"explicit length mismatch"},
+{ASN1_R_EXPECTING_A_UTCTIME              ,"expecting a utctime"},
 {ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED     ,"explicit tag not constructed"},
 {ASN1_R_FIELD_MISSING                    ,"field missing"},
 {ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
 {ASN1_R_GENERALIZEDTIME_TOO_LONG         ,"generalizedtime too long"},
 {ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
 {ASN1_R_ILLEGAL_CHARACTERS               ,"illegal characters"},
 {ASN1_R_ILLEGAL_NULL                     ,"illegal null"},
 {ASN1_R_ILLEGAL_OPTIONAL_ANY             ,"illegal optional any"},
 {ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"},
 {ASN1_R_ILLEGAL_TAGGED_ANY               ,"illegal tagged any"},
 {ASN1_R_INTEGER_TOO_LARGE_FOR_LONG       ,"integer too large for long"},
 {ASN1_R_INVALID_BMPSTRING_LENGTH         ,"invalid bmpstring length"},
 {ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
 {ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
@@ -183,37 +303,32 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_INVALID_UTF8STRING               ,"invalid utf8string"},
 {ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
 {ASN1_R_LENGTH_ERROR                     ,"length error"},
 {ASN1_R_MISSING_EOC                      ,"missing eoc"},
 {ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
 {ASN1_R_MSTRING_NOT_UNIVERSAL            ,"mstring not universal"},
 {ASN1_R_MSTRING_WRONG_TAG                ,"mstring wrong tag"},
 {ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
 {ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
 {ASN1_R_NO_MATCHING_CHOICE_TYPE          ,"no matching choice type"},
 {ASN1_R_NULL_IS_WRONG_LENGTH             ,"null is wrong length"},
 {ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
 {ASN1_R_PARSING                          ,"parsing"},
 {ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
 {ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
 {ASN1_R_SEQUENCE_LENGTH_MISMATCH         ,"sequence length mismatch"},
 {ASN1_R_SEQUENCE_NOT_CONSTRUCTED         ,"sequence not constructed"},
 {ASN1_R_SHORT_LINE                       ,"short line"},
 {ASN1_R_STRING_TOO_LONG                  ,"string too long"},
 {ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
 {ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
 {ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
 {ASN1_R_TOO_LONG                         ,"too long"},
 {ASN1_R_TYPE_NOT_CONSTRUCTED             ,"type not constructed"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
-{ASN1_R_UNEXPECTED_EOC                   ,"unexpected eoc"},
+{ASN1_R_UNKNOWN_ATTRIBUTE_TYPE           ,"unknown attribute type"},
 {ASN1_R_UNKNOWN_FORMAT                   ,"unknown format"},
 {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
 {ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
 {ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
 {ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE  ,"unsupported any defined by type"},
 {ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
 {ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
 {ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
 {ASN1_R_UTCTIME_TOO_LONG                 ,"utctime too long"},
 {ASN1_R_WRONG_PRINTABLE_TYPE             ,"wrong printable type"},
 {ASN1_R_WRONG_TAG                        ,"wrong tag"},
 {ASN1_R_WRONG_TYPE                       ,"wrong type"},
 {0,NULL}
@@ -228,7 +343,7 @@ void ERR_load_ASN1_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef OPENSSL_NO_ERR
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
 #endif
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -57,8 +57,10 @@
 */
 #include <stdio.h>
 #include <limits.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
 static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
 static void asn1_put_length(unsigned char **pp, int length);
@@ -123,15 +125,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
 		(int)(omax+ *pp));
 #endif
-#if 0
+	if (*plength > (omax - (p - *pp)))
 	if ((p+ *plength) > (omax+ *pp))
 		{
 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
 		/* Set this so that even if things are not long enough
 		 * the values are set correctly */
 		ret|=0x80;
 		}
 #endif
 	*pp=p;
 	return(ret|inf);
 err:
@@ -142,7 +142,7 @@ err:
 static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 	{
 	unsigned char *p= *pp;
-	long ret=0;
+	unsigned long ret=0;
 	int i;
 	if (max-- < 1) return(0);
@@ -158,6 +158,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		i= *p&0x7f;
 		if (*(p++) & 0x80)
 			{
 			if (i > sizeof(long))
 				return 0;
 			if (max-- == 0) return(0);
 			while (i-- > 0)
 				{
@@ -169,8 +171,10 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		else
 			ret=i;
 		}
 	if (ret > LONG_MAX)
 		return 0;
 	*pp=p;
-	*rl=ret;
+	*rl=(long)ret;
 	return(1);
 	}
@@ -300,7 +304,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length)
 		return(0);
 		}
 	if (c->inf == (1|V_ASN1_CONSTRUCTED))
-		c->slen= *length+ *(c->pp)-c->p;
+		c->slen= *length;
 	c->eos=0;
 	return(1);
 	}
@@ -406,7 +410,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
 void asn1_add_error(unsigned char *address, int offset)
 	{
-	char buf1[16],buf2[16];
+	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 	sprintf(buf1,"%lu",(unsigned long)address);
 	sprintf(buf2,"%d",offset);
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -70,14 +70,14 @@ extern "C" {
 #endif 
 #define ASN1_MAC_H_err(f,r,line) \
-	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
+	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),ERR_file_name,(line))
 #define M_ASN1_D2I_vars(a,type,func) \
 	ASN1_CTX c; \
 	type ret=NULL; \
 	\
-	c.pp=(unsigned char **)pp; \
+	c.pp=pp; \
-	c.q= *(unsigned char **)pp; \
+	c.q= *pp; \
 	c.error=ERR_R_NESTED_ASN1_ERROR; \
 	if ((a == NULL) || ((*a) == NULL)) \
 		{ if ((ret=(type)func()) == NULL) \
@@ -85,13 +85,13 @@ extern "C" {
 	else	ret=(*a);
 #define M_ASN1_D2I_Init() \
-	c.p= *(unsigned char **)pp; \
+	c.p= *pp; \
 	c.max=(length == 0)?0:(c.p+length);
 #define M_ASN1_D2I_Finish_2(a) \
 	if (!asn1_Finish(&c)) \
 		{ c.line=__LINE__; goto err; } \
-	*(unsigned char **)pp=c.p; \
+	*pp=c.p; \
 	if (a != NULL) (*a)=ret; \
 	return(ret);
@@ -99,7 +99,7 @@ extern "C" {
 	M_ASN1_D2I_Finish_2(a); \
 err:\
 	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
+	asn1_add_error(*pp,(int)(c.q- *pp)); \
 	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
 	return(NULL)
@@ -196,6 +196,9 @@ err:\
 	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
 #define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
 	if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
 #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
 	if ((c.slen != 0) && \
 		(M_ASN1_next == \
@@ -389,6 +392,9 @@ err:\
 		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
 #define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
 		if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
 #define M_ASN1_I2D_len_IMP_SET(a,f,x) \
 		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
@@ -452,6 +458,15 @@ err:\
 			ret+=ASN1_object_size(1,v,mtag); \
 			}
 #define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
 		if (a)\
 			{ \
 			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
 						 V_ASN1_UNIVERSAL, \
 						 IS_SEQUENCE); \
 			ret+=ASN1_object_size(1,v,mtag); \
 			}
 /* Put Macros */
 #define M_ASN1_I2D_put(a,f)	f(a,&p)
@@ -536,6 +551,14 @@ err:\
 					       IS_SEQUENCE); \
 			}
 #define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
 		if (a) \
 			{ \
 			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
 			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
 					       IS_SEQUENCE); \
 			}
 #define M_ASN1_I2D_seq_total() \
 		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
 		if (pp == NULL) return(r); \
--- a/Show More
+++ b/Show More