About to release 0.9.6d, so set all versoin numbers right.

The tag will be OpenSSL_0_9_6d.
make update
2002-05-09 22:40:31 +00:00 · 2002-05-09 21:16:19 +00:00 · 2002-05-09 20:14:17 +00:00 · 2002-05-09 18:19:35 +00:00 · 2002-05-08 15:50:48 +00:00 · 2002-05-08 15:20:12 +00:00
321 changed files with 10824 additions and 10214 deletions
--- a/493
+++ b/493
@@ -2,7 +2,489 @@
 OpenSSL CHANGES
 _______________
- Changes between 0.9.6 and 0.9.6a  [xx XXX 2001]
+ Changes between 0.9.6c and 0.9.6d  [9 May 2002]
  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
     encoded as NULL) with id-dsa-with-sha1.
     [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
  *) Check various X509_...() return values in apps/req.c.
     [Nils Larsch <nla@trustcenter.de>]
  *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
     an end-of-file condition would erronously be flagged, when the CRLF
     was just at the end of a processed block. The bug was discovered when
     processing data through a buffering memory BIO handing the data to a
     BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
     <ptsekov@syntrex.com> and Nedelcho Stanev.
     [Lutz Jaenicke]
  *) Implement a countermeasure against a vulnerability recently found
     in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
     before application data chunks to avoid the use of known IVs
     with data potentially chosen by the attacker.
     [Bodo Moeller]
  *) Fix length checks in ssl3_get_client_hello().
     [Bodo Moeller]
  *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
     to prevent ssl3_read_internal() from incorrectly assuming that
     ssl3_read_bytes() found application data while handshake
     processing was enabled when in fact s->s3->in_read_app_data was
     merely automatically cleared during the initial handshake.
     [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>]
  *) Fix object definitions for Private and Enterprise: they were not
     recognized in their shortname (=lowercase) representation. Extend
     obj_dat.pl to issue an error when using undefined keywords instead
     of silently ignoring the problem (Svenning Sorensen
     <sss@sss.dnsalias.net>).
     [Lutz Jaenicke]
  *) Fix DH_generate_parameters() so that it works for 'non-standard'
     generators, i.e. generators other than 2 and 5.  (Previously, the
     code did not properly initialise the 'add' and 'rem' values to
     BN_generate_prime().)
     In the new general case, we do not insist that 'generator' is
     actually a primitive root: This requirement is rather pointless;
     a generator of the order-q subgroup is just as good, if not
     better.
     [Bodo Moeller]
  *) Map new X509 verification errors to alerts. Discovered and submitted by
     Tom Wu <tom@arcot.com>.
     [Lutz Jaenicke]
  *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
     returning non-zero before the data has been completely received
     when using non-blocking I/O.
     [Bodo Moeller; problem pointed out by John Hughes]
  *) Some of the ciphers missed the strength entry (SSL_LOW etc).
     [Ben Laurie, Lutz Jaenicke]
  *) Fix bug in SSL_clear(): bad sessions were not removed (found by
     Yoram Zahavi <YoramZ@gilian.com>).
     [Lutz Jaenicke]
  *) Add information about CygWin 1.3 and on, and preserve proper
     configuration for the versions before that.
     [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
     check whether we deal with a copy of a session and do not delete from
     the cache in this case. Problem reported by "Izhar Shoshani Levi"
     <izhar@checkpoint.com>.
     [Lutz Jaenicke]
  *) Do not store session data into the internal session cache, if it
     is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
     flag is set). Proposed by Aslam <aslam@funk.com>.
     [Lutz Jaenicke]
  *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
     value is 0.
     [Richard Levitte]
  *) [In 0.9.6c-engine release:]
     Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
  *) Add the configuration target linux-s390x.
     [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
  *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
     ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
     variable as an indication that a ClientHello message has been
     received.  As the flag value will be lost between multiple
     invocations of ssl3_accept when using non-blocking I/O, the
     function may not be aware that a handshake has actually taken
     place, thus preventing a new session from being added to the
     session cache.
     To avoid this problem, we now set s->new_session to 2 instead of
     using a local variable.
     [Lutz Jaenicke, Bodo Moeller]
  *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
     if the SSL_R_LENGTH_MISMATCH error is detected.
     [Geoff Thorpe, Bodo Moeller]
  *) New 'shared_ldflag' column in Configure platform table.
     [Richard Levitte]
  *) Fix EVP_CIPHER_mode macro.
     ["Dan S. Camper" <dan@bti.net>]
  *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
     type, we must throw them away by setting rr->length to 0.
     [D P Chang <dpc@qualys.com>]
 Changes between 0.9.6b and 0.9.6c  [21 dec 2001]
  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
     <Dominikus.Scherkl@biodata.com>.  (The previous implementation
     worked incorrectly for those cases where  range = 10..._2  and
     3*range  is two bits longer than  range.)
     [Bodo Moeller]
  *) Only add signing time to PKCS7 structures if it is not already
     present.
     [Steve Henson]
  *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
     OBJ_ld_ce should be OBJ_id_ce.
     Also some ip-pda OIDs in crypto/objects/objects.txt were
     incorrect (cf. RFC 3039).
     [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
  *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
     returns early because it has nothing to do.
     [Andy Schneider <andy.schneider@bjss.co.uk>]
  *) [In 0.9.6c-engine release:]
     Fix mutex callback return values in crypto/engine/hw_ncipher.c.
     [Andy Schneider <andy.schneider@bjss.co.uk>]
  *) [In 0.9.6c-engine release:]
     Add support for Cryptographic Appliance's keyserver technology.
     (Use engine 'keyclient')
     [Cryptographic Appliances and Geoff Thorpe]
  *) Add a configuration entry for OS/390 Unix.  The C compiler 'c89'
     is called via tools/c89.sh because arguments have to be
     rearranged (all '-L' options must appear before the first object
     modules).
     [Richard Shapiro <rshapiro@abinitio.com>]
  *) [In 0.9.6c-engine release:]
     Add support for Broadcom crypto accelerator cards, backported
     from 0.9.7.
     [Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox]
  *) [In 0.9.6c-engine release:]
     Add support for SureWare crypto accelerator cards from 
     Baltimore Technologies.  (Use engine 'sureware')
     [Baltimore Technologies and Mark Cox]
  *) [In 0.9.6c-engine release:]
     Add support for crypto accelerator cards from Accelerated
     Encryption Processing, www.aep.ie.  (Use engine 'aep')
     [AEP Inc. and Mark Cox]
  *) Add a configuration entry for gcc on UnixWare.
     [Gary Benson <gbenson@redhat.com>]
  *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
     messages are stored in a single piece (fixed-length part and
     variable-length part combined) and fix various bugs found on the way.
     [Bodo Moeller]
  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
     instead.  BIO_gethostbyname() does not know what timeouts are
     appropriate, so entries would stay in cache even when they have
     become invalid.
     [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com>
  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
     faced with a pathologically small ClientHello fragment that does
     not contain client_version: Instead of aborting with an error,
     simply choose the highest available protocol version (i.e.,
     TLS 1.0 unless it is disabled).  In practice, ClientHello
     messages are never sent like this, but this change gives us
     strictly correct behaviour at least for TLS.
     [Bodo Moeller]
  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
     never resets s->method to s->ctx->method when called from within
     one of the SSL handshake functions.
     [Bodo Moeller; problem pointed out by Niko Baric]
  *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
     (sent using the client's version number) if client_version is
     smaller than the protocol version in use.  Also change
     ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
     the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
     the client will at least see that alert.
     [Bodo Moeller]
  *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
     correctly.
     [Bodo Moeller]
  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
     client receives HelloRequest while in a handshake.
     [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
  *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
     should end in 'break', not 'goto end' which circuments various
     cleanups done in state SSL_ST_OK.   But session related stuff
     must be disabled for SSL_ST_OK in the case that we just sent a
     HelloRequest.
     Also avoid some overhead by not calling ssl_init_wbio_buffer()
     before just sending a HelloRequest.
     [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
     reveal whether illegal block cipher padding was found or a MAC
     verification error occured.  (Neither SSLerr() codes nor alerts
     are directly visible to potential attackers, but the information
     may leak via logfiles.)
     Similar changes are not required for the SSL 2.0 implementation
     because the number of padding bytes is sent in clear for SSL 2.0,
     and the extra bytes are just ignored.  However ssl/s2_pkt.c
     failed to verify that the purported number of padding bytes is in
     the legal range.
     [Bodo Moeller]
  *) Add OpenUNIX-8 support including shared libraries
     (Boyd Lynn Gerber <gerberb@zenez.com>).
     [Lutz Jaenicke]
  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
     'wristwatch attack' using huge encoding parameters (cf.
     James H. Manger's CRYPTO 2001 paper).  Note that the
     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
     encoding parameters and hence was not vulnerable.
     [Bodo Moeller]
  *) BN_sqr() bug fix.
     [Ulf M<>ller, reported by Jim Ellis <jim.ellis@cavium.com>]
  *) Rabin-Miller test analyses assume uniformly distributed witnesses,
     so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
     followed by modular reduction.
     [Bodo Moeller; pointed out by Adam Young <AYoung1@NCSUS.JNJ.COM>]
  *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
     equivalent based on BN_pseudo_rand() instead of BN_rand().
     [Bodo Moeller]
  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
     This function was broken, as the check for a new client hello message
     to handle SGC did not allow these large messages.
     (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
     [Lutz Jaenicke]
  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
     [Lutz Jaenicke]
  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
     [Lutz Jaenicke]
  *) Rework the configuration and shared library support for Tru64 Unix.
     The configuration part makes use of modern compiler features and
     still retains old compiler behavior for those that run older versions
     of the OS.  The shared library support part includes a variant that
     uses the RPATH feature, and is available through the special
     configuration target "alpha-cc-rpath", which will never be selected
     automatically.
     [Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
     with the same message size as in ssl3_get_certificate_request().
     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
     messages might inadvertently be reject as too long.
     [Petr Lampa <lampa@fee.vutbr.cz>]
  *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
     [Andy Polyakov]
  *) Modified SSL library such that the verify_callback that has been set
     specificly for an SSL object with SSL_set_verify() is actually being
     used. Before the change, a verify_callback set with this function was
     ignored and the verify_callback() set in the SSL_CTX at the time of
     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
     to allow the necessary settings.
     [Lutz Jaenicke]
  *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
     explicitly to NULL, as at least on Solaris 8 this seems not always to be
     done automatically (in contradiction to the requirements of the C
     standard). This made problems when used from OpenSSH.
     [Lutz Jaenicke]
  *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
     dh->length and always used
          BN_rand_range(priv_key, dh->p).
     BN_rand_range() is not necessary for Diffie-Hellman, and this
     specific range makes Diffie-Hellman unnecessarily inefficient if
     dh->length (recommended exponent length) is much smaller than the
     length of dh->p.  We could use BN_rand_range() if the order of
     the subgroup was stored in the DH structure, but we only have
     dh->length.
     So switch back to
          BN_rand(priv_key, l, ...)
     where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
     otherwise.
     [Bodo Moeller]
  *) In
          RSA_eay_public_encrypt
          RSA_eay_private_decrypt
          RSA_eay_private_encrypt (signing)
          RSA_eay_public_decrypt (signature verification)
     (default implementations for RSA_public_encrypt,
     RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
     always reject numbers >= n.
     [Bodo Moeller]
  *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
     to synchronize access to 'locking_thread'.  This is necessary on
     systems where access to 'locking_thread' (an 'unsigned long'
     variable) is not atomic.
     [Bodo Moeller]
  *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
     *before* setting the 'crypto_lock_rand' flag.  The previous code had
     a race condition if 0 is a valid thread ID.
     [Travis Vitek <vitek@roguewave.com>]
  *) Add support for shared libraries under Irix.
     [Albert Chin-A-Young <china@thewrittenword.com>]
  *) Add configuration option to build on Linux on both big-endian and
     little-endian MIPS.
     [Ralf Baechle <ralf@uni-koblenz.de>]
  *) Add the possibility to create shared libraries on HP-UX.
     [Richard Levitte]
 Changes between 0.9.6a and 0.9.6b  [9 Jul 2001]
  *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
     to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
     Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
     PRNG state recovery was possible based on the output of
     one PRNG request appropriately sized to gain knowledge on
     'md' followed by enough consecutive 1-byte PRNG requests
     to traverse all of 'state'.
     1. When updating 'md_local' (the current thread's copy of 'md')
        during PRNG output generation, hash all of the previous
        'md_local' value, not just the half used for PRNG output.
     2. Make the number of bytes from 'state' included into the hash
        independent from the number of PRNG bytes requested.
     The first measure alone would be sufficient to avoid
     Markku-Juhani's attack.  (Actually it had never occurred
     to me that the half of 'md_local' used for chaining was the
     half from which PRNG output bytes were taken -- I had always
     assumed that the secret half would be used.)  The second
     measure makes sure that additional data from 'state' is never
     mixed into 'md_local' in small portions; this heuristically
     further strengthens the PRNG.
     [Bodo Moeller]
  *) Fix crypto/bn/asm/mips3.s.
     [Andy Polyakov]
  *) When only the key is given to "enc", the IV is undefined. Print out
     an error message in this case.
     [Lutz Jaenicke]
  *) Handle special case when X509_NAME is empty in X509 printing routines.
     [Steve Henson]
  *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
     positive and less than q.
     [Bodo Moeller]
  *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
     used: it isn't thread safe and the add_lock_callback should handle
     that itself.
     [Paul Rose <Paul.Rose@bridge.com>]
  *) Verify that incoming data obeys the block size in
     ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
     [Bodo Moeller]
  *) Fix OAEP check.
     [Ulf M<>ller, Bodo M<>ller]
  *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
     RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
     when fixing the server behaviour for backwards-compatible 'client
     hello' messages.  (Note that the attack is impractical against
     SSL 3.0 and TLS 1.0 anyway because length and version checking
     means that the probability of guessing a valid ciphertext is
     around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
     paper.)
     Before 0.9.5, the countermeasure (hide the error by generating a
     random 'decryption result') did not work properly because
     ERR_clear_error() was missing, meaning that SSL_get_error() would
     detect the supposedly ignored error.
     Both problems are now fixed.
     [Bodo Moeller]
  *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
     (previously it was 1024).
     [Bodo Moeller]
  *) Fix for compatibility mode trust settings: ignore trust settings
     unless some valid trust or reject settings are present.
     [Steve Henson]
  *) Fix for blowfish EVP: its a variable length cipher.
     [Steve Henson]
  *) Fix various bugs related to DSA S/MIME verification. Handle missing
     parameters in DSA public key structures and return an error in the
     DSA routines if parameters are absent.
     [Steve Henson]
  *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
     in the current directory if neither $RANDFILE nor $HOME was set.
     RAND_file_name() in 0.9.6a returned NULL in this case.  This has
     caused some confusion to Windows users who haven't defined $HOME.
     Thus RAND_file_name() is changed again: e_os.h can define a
     DEFAULT_HOME, which will be used if $HOME is not set.
     For Windows, we use "C:"; on other platforms, we still require
     environment variables.
  *) Move 'if (!initialized) RAND_poll()' into regions protected by
     CRYPTO_LOCK_RAND.  This is not strictly necessary, but avoids
     having multiple threads call RAND_poll() concurrently.
     [Bodo Moeller]
  *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
     combination of a flag and a thread ID variable.
     Otherwise while one thread is in ssleay_rand_bytes (which sets the
     flag), *other* threads can enter ssleay_add_bytes without obeying
     the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
     that they do not hold after the first thread unsets add_do_not_lock).
     [Bodo Moeller]
  *) Change bctest again: '-x' expressions are not available in all
     versions of 'test'.
     [Bodo Moeller]
 Changes between 0.9.6 and 0.9.6a  [5 Apr 2001]
  *) Fix a couple of memory leaks in PKCS7_dataDecode()
     [Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>]
  *) Change Configure and Makefiles to provide EXE_EXT, which will contain
     the default extension for executables, if any.  Also, make the perl
     scripts that use symlink() to test if it really exists and use "cp"
     if it doesn't.  All this made OpenSSL compilable and installable in
     CygWin.
     [Richard Levitte]
  *) Fix for asn1_GetSequence() for indefinite length constructed data.
     If SEQUENCE is length is indefinite just set c->slen to the total
@@ -12,6 +494,8 @@
  *) Change bctest to avoid here-documents inside command substitution
     (workaround for FreeBSD /bin/sh bug).
     For compatibility with Ultrix, avoid shell functions (introduced
     in the bctest version that searches along $PATH).
     [Bodo Moeller]
  *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes
@@ -28,6 +512,9 @@
  *) MIPS assembler BIGNUM division bug fix. 
     [Andy Polyakov]
  *) Disabled incorrect Alpha assembler code.
     [Richard Levitte]
  *) Fix PKCS#7 decode routines so they correctly update the length
     after reading an EOC for the EXPLICIT tag.
     [Steve Henson]
@@ -621,7 +1108,7 @@
     default is static libraries only, and the OpenSSL programs
     are always statically linked for now, but there are
     preparations for dynamic linking in place.
-     This has been tested on Linux and True64.
+     This has been tested on Linux and Tru64.
     [Richard Levitte]
  *) Randomness polling function for Win9x, as described in:
@@ -2348,7 +2835,7 @@
                                     copied!)
     [Bodo Moeller]
-  *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode
+  *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
     worked.
  *) Fix problems with no-hmac etc.
--- a/353
+++ b/353
@@ -10,7 +10,7 @@ use strict;
 # see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--test-sanity] os/compiler[:flags]\n";
 # Options:
 #
@@ -23,20 +23,14 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               default).  This needn't be set in advance, you can
 #               just as well use "make INSTALL_PREFIX=/whatever install".
 #
-# no-hw-xxx     do not compile support for specific crypto hardware.
+# --test-sanity Make a number of sanity checks on the data in this file.
-#               Generic OpenSSL-style methods relating to this support
+#               This is a debugging tool for OpenSSL developers.
-#               are always compiled but return NULL if the hardware
+#
 #               support isn't compiled.
 # no-hw         do not compile support for any crypto hardware.
 # rsaref        use RSAref
 # [no-]threads  [don't] try to create a library that is suitable for
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
 # [no-]shared	[don't] try to create shared libraries when supported.
 #               IT IS NOT RECOMMENDED TO USE "shared"!  Since this is a
 #               development branch, the positions of the ENGINE symbols
 #               in the transfer vector are constantly moving, so binary
 #               backward compatibility can't be guaranteed in any way.
 # no-asm        do not use assembler
 # no-dso        do not compile in any native shared-library methods. This
 #               will ensure that all methods just return NULL.
@@ -106,7 +100,7 @@ my $alpha_asm="::::::::";
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
-#config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag
+#config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib
 my %table=(
 # File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -125,10 +119,10 @@ my %table=(
 "debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
+"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
 "dist",		"cc:-O::(unknown):::::",
 # Basic configs that should work on any (32 and less bit) box
@@ -141,32 +135,35 @@ my %table=(
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### Solaris x86 with Sun C setups
 "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### SPARC Linux setups
 "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
@@ -175,7 +172,7 @@ my %table=(
 "linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # !!!Folowing can't be even tested yet!!!
 #    We have to wait till 64-bit glibc for SPARC is operational!!!
 #"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
@@ -186,17 +183,17 @@ my %table=(
 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -228,41 +225,44 @@ my %table=(
 #
 #!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
 # Chris Ruemmler <ruemmler@cup.hp.com>
 # Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
 # egcs.  gcc 2.8.1 is also broken.
-"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
 # please report your OS and compiler version to the openssl-bugs@openssl.org
 # mailing list.
-"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # If hpux-gcc fails, try this one:
-"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # HPUX 9.X on Motorola 68k platforms with gcc
 "hpux-m68k-gcc",  "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL:::",
 # HPUX 10.X config.  Supports threads.
-"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
-"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # If hpux10-gcc fails, try this one:
-"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # HPUX 11.X from www.globus.org.
 # Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
@@ -273,13 +273,43 @@ my %table=(
 #### HP MPE/iX http://jazz.external.hp.com/src/openssl/
 "MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
+#### PARISC Linux setups
-# the new compiler
+"linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
 # Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion
 # from the older DEC C Compiler to the newer compiler.  It's now the
 # same as the preferred entry, alpha-cc.  If you are still using the
 # older compiler (you're at 3.x or earlier, or perhaps very early 4.x)
 # you should use `alphaold-cc'.
 #
 #	"What's in a name? That which we call a rose
 #	 By any other word would smell as sweet."
 #
 # - William Shakespeare, "Romeo & Juliet", Act II, scene II.
 #
 # For OSF/1 3.2b and earlier, and Digital UNIX 3.2c - 3.2g, with the
 # vendor compiler, use alphaold-cc.
 # For Digital UNIX 4.0 - 4.0e, with the vendor compiler, use alpha-cc.
 # For Tru64 UNIX 4.f - current, with the vendor compiler, use alpha-cc.
 #
 # There's also an alternate target available (which `config' will never
 # select) called alpha-cc-rpath.  This target builds an RPATH into the
 # shared libraries, which is very convenient on Tru64 since binaries
 # linked against that shared library will automatically inherit that RPATH,
 # and hence know where to look for the openssl libraries, even if they're in
 # an odd place.
 #
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so",
+#
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
 "alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
 "alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so",
 #
 # This probably belongs in a different section.
 #
 "FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
@@ -294,8 +324,8 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
@@ -304,22 +334,24 @@ my %table=(
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
-"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
+"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
@@ -328,12 +360,15 @@ my %table=(
 # QNX 4
 "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
 # QNX 6
 "qnx6",	"cc:-DL_ENDIAN -DTERMIOS::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
 # Linux on ARM
-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # UnixWare 2.0x fails destest with -O
 "unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium:-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 # UnixWare 2.1
 "unixware-2.1","cc:-O -DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
@@ -341,7 +376,18 @@ my %table=(
 "unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 # UnixWare 7
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 "unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 "unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # OpenUNIX 8
 "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 "OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 "OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 "OpenUNIX-8-shared","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic",
 "OpenUNIX-8-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC",
 # IBM's AIX.
 "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
@@ -350,7 +396,7 @@ my %table=(
 "aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
 #
-# Cray T90 (SDSC)
+# Cray T90 and similar (SDSC)
 # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
 # defined.  The T90 ints and longs are 8 bytes long, and apparently the
 # B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
@@ -360,7 +406,10 @@ my %table=(
 #'Taking the address of a bit field is not allowed. '
 #'An expression with bit field exists as the operand of "sizeof" '
 # (written by Wayne Schroeder <schroede@SDSC.EDU>)
-"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+#
 # j90 is considered the base machine type for unicos machines,
 # so this configuration is now called "cray-j90" ...
 "cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
 #
 # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
@@ -374,17 +423,19 @@ my %table=(
 # DGUX, 88100.
 "dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
 "dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 # SCO 3 - Tim Rice <tim@multitalents.net>
-"sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+"sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
-"sco5-cc",  "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-cc",  "cc:-belf::(unknown):-lsocket -lresolv:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 "sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
 "sco5-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
@@ -395,6 +446,12 @@ my %table=(
 # SIEMENS BS2000/OSD: an EBCDIC-based mainframe
 "BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
 # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
 # You need to compile using the c89.sh wrapper in the tools directory, because the
 # IBM compiler does not like the -L switch after any object modules.
 #
 "OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H  -D_ALL_SOURCE::(unknown)::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
 # Windows NT, Microsoft Visual C++ 4.0
 "VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
@@ -413,8 +470,9 @@ my %table=(
 # and its library files in util/pl/*)
 "Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-# CygWin32
+# Cygwin
-"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
@@ -423,24 +481,52 @@ my %table=(
 ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",
 # Some OpenBSD from Bob Beck <beck@obtuse.com>
-"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-##### MacOS X (a.k.a. Rhapsody) setup
+##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
 "darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 ##### Sony NEWS-OS 4.x
 "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
 ##### VxWorks for various targets
 "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
 );
 my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
 	BC-16 Mingw32);
 my $idx = 0;
 my $idx_cc = $idx++;
 my $idx_cflags = $idx++;
 my $idx_unistd = $idx++;
 my $idx_thread_cflag = $idx++;
 my $idx_lflags = $idx++;
 my $idx_bn_ops = $idx++;
 my $idx_bn_obj = $idx++;
 my $idx_des_obj = $idx++;
 my $idx_bf_obj = $idx++;
 my $idx_md5_obj = $idx++;
 my $idx_sha1_obj = $idx++;
 my $idx_cast_obj = $idx++;
 my $idx_rc4_obj = $idx++;
 my $idx_rmd160_obj = $idx++;
 my $idx_rc5_obj = $idx++;
 my $idx_dso_scheme = $idx++;
 my $idx_shared_target = $idx++;
 my $idx_shared_cflag = $idx++;
 my $idx_shared_ldflag = $idx++;
 my $idx_shared_extension = $idx++;
 my $idx_ranlib = $idx++;
 my $prefix="";
 my $openssldir="";
 my $exe_ext="";
 my $install_prefix="";
 my $no_threads=0;
 my $no_shared=1;
@@ -510,24 +596,16 @@ PROCESS_ARGS:
 	foreach (@argvcopy)
 		{
 		s /^-no-/no-/; # some people just can't read the instructions
-		if (/^no-asm$/)
+		if (/^--test-sanity$/)
 			{
 			exit(&test_sanity());
 			}
 		elsif (/^no-asm$/)
 		 	{
 			$no_asm=1;
 			$flags .= "-DNO_ASM ";
 			$openssl_other_defines .= "#define NO_ASM\n";
 			}
 		elsif (/^no-hw-(.+)$/)
 			{
 			my $hw=$1;
 			$hw =~ tr/[a-z]/[A-Z]/;
 			$flags .= "-DNO_HW_$hw ";
 			$openssl_other_defines .= "#define NO_HW_$hw\n";
 			}
 		elsif (/^no-hw$/)
 			{
 			$flags .= "-DNO_HW ";
 			$openssl_other_defines .= "#define NO_HW\n";
 			}
 		elsif (/^no-dso$/)
 			{ $no_dso=1; }
 		elsif (/^no-threads$/)
@@ -651,12 +729,17 @@ if ($target eq "LIST") {
 	exit 0;
 }
 if ($target =~ m/^CygWin32(-.*)$/) {
 	$target = "Cygwin".$1;
 }
 print "Configuring for $target\n";
 &usage if (!defined($table{$target}));
 my $IsWindows=scalar grep /^$target$/,@WinTargets;
 $exe_ext=".exe" if ($target eq "Cygwin");
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";
@@ -669,9 +752,29 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
 print "IsWindows=$IsWindows\n";
-(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
- $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $shared_extension,my $ranlib)=
+my $cc = $fields[$idx_cc];
-	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+my $cflags = $fields[$idx_cflags];
 my $unistd = $fields[$idx_unistd];
 my $thread_cflag = $fields[$idx_thread_cflag];
 my $lflags = $fields[$idx_lflags];
 my $bn_ops = $fields[$idx_bn_ops];
 my $bn_obj = $fields[$idx_bn_obj];
 my $des_obj = $fields[$idx_des_obj];
 my $bf_obj = $fields[$idx_bf_obj];
 my $md5_obj = $fields[$idx_md5_obj];
 my $sha1_obj = $fields[$idx_sha1_obj];
 my $cast_obj = $fields[$idx_cast_obj];
 my $rc4_obj = $fields[$idx_rc4_obj];
 my $rmd160_obj = $fields[$idx_rmd160_obj];
 my $rc5_obj = $fields[$idx_rc5_obj];
 my $dso_scheme = $fields[$idx_dso_scheme];
 my $shared_target = $fields[$idx_shared_target];
 my $shared_cflag = $fields[$idx_shared_cflag];
 my $shared_ldflag = $fields[$idx_shared_ldflag];
 my $shared_extension = $fields[$idx_shared_extension];
 my $ranlib = $fields[$idx_ranlib];
 $cflags="$flags$cflags" if ($flags ne "");
 # The DSO code currently always implements all functions so that no
@@ -859,6 +962,7 @@ while (<IN>)
 	s/^CFLAG=.*$/CFLAG= $cflags/;
 	s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
 	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
 	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
 	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
@@ -874,7 +978,17 @@ while (<IN>)
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
 	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
-	s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.so.\$(SHLIB_MAJOR) .so/ if ($shared_extension ne "" && $shared_extension !~ /^\.s[ol]$/);
+	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
 		{
 		my $sotmp = $1;
 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/
 		}
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
 		{
 		my $sotmp = $1;
 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
 		}
 	s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
 	print OUT $_."\n";
 	}
 close(IN);
@@ -1162,7 +1276,7 @@ sub print_table_entry
 	my $bn_obj,my $des_obj,my $bf_obj,
 	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
 	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
-	my $shared_extension,my $ranlib)=
+	my $shared_ldflag,my $shared_extension,my $ranlib)=
 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 	print <<EOF
@@ -1186,7 +1300,44 @@ sub print_table_entry
 \$dso_scheme   = $dso_scheme
 \$shared_target= $shared_target
 \$shared_cflag = $shared_cflag
 \$shared_ldflag = $shared_ldflag
 \$shared_extension = $shared_extension
 \$ranlib       = $ranlib
 EOF
 	}
 sub test_sanity
 	{
 	my $errorcnt = 0;
 	print STDERR "=" x 70, "\n";
 	print STDERR "=== SANITY TESTING!\n";
 	print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
 	print STDERR "=" x 70, "\n";
 	foreach $target (sort keys %table)
 		{
 		@fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 		if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/)
 			{
 			$errorcnt++;
 			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
 			print STDERR "              in the previous field\n";
 			}
 		elsif ($fields[$idx_dso_scheme+1] =~ /^(dl|dlfcn|win32|vms)$/)
 			{
 			$errorcnt++;
 			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
 			print STDERR "              in the following field\n";
 			}
 		elsif ($fields[$idx_dso_scheme] !~ /^(dl|dlfcn|win32|vms|)$/)
 			{
 			$errorcnt++;
 			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
 			print STDERR "              valid values are 'dl', 'dlfcn', 'win32' and 'vms'\n";
 			}
 		}
 	print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
 	return $errorcnt;
 	}
--- a/598
+++ b/598
@@ -1,20 +1,24 @@
 OpenSSL  -  Frequently Asked Questions
 --------------------------------------
 [MISC] Miscellaneous questions
 * Which is the current version of OpenSSL?
 * Where is the documentation?
 * How can I contact the OpenSSL developers?
 * Do I need patent licenses to use OpenSSL?
 * Is OpenSSL thread-safe?
 * Why do I get a "PRNG not seeded" error message?
 * Why does the linker complain about undefined symbols?
 * Where can I get a compiled version of OpenSSL?
-* I've compiled a program under Windows and it crashes: why?
+* Why aren't tools like 'autoconf' and 'libtool' used?
-* How do I read or write a DER encoded buffer using the ASN1 functions?
+* What is an 'engine' version?
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
+
-* I've called <some function> and it fails, why?
+[LEGAL] Legal questions
-* I just get a load of numbers for the error output, what do they mean?
+
-* Why do I get errors about unknown algorithms?
+* Do I need patent licenses to use OpenSSL?
 * Can I use OpenSSL with GPL software? 
 [USER] Questions on using the OpenSSL applications
 * Why do I get a "PRNG not seeded" error message?
 * Why do I get an "unable to write 'random state'" error message?
 * How do I create certificates or certificate requests?
 * Why can't I create certificate requests?
 * Why does <SSL program> fail with a certificate verify error?
@@ -22,17 +26,40 @@ OpenSSL  -  Frequently Asked Questions
 * How can I create DSA certificates?
 * Why can't I make an SSL connection using a DSA certificate?
 * How can I remove the passphrase on a private key?
-* Why can't the OpenSSH configure script detect OpenSSL?
+* Why can't I use OpenSSL certificates with SSL client authentication?
 * Why does my browser give a warning about a mismatched hostname?
 * How do I install a CA certificate into a browser?
 [BUILD] Questions about building and testing OpenSSL
 * Why does the linker complain about undefined symbols?
 * Why does the OpenSSL test fail with "bc: command not found"?
 * Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL compilation fail on Alpha True64 Unix?
+* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 * Why does the OpenSSL compilation fail on Win32 with VC++?
 [PROG] Questions about programming with OpenSSL
 * Is OpenSSL thread-safe?
 * I've compiled a program under Windows and it crashes: why?
 * How do I read or write a DER encoded buffer using the ASN1 functions?
 * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
 * I've called <some function> and it fails, why?
 * I just get a load of numbers for the error output, what do they mean?
 * Why do I get errors about unknown algorithms?
 * Why can't the OpenSSH configure script detect OpenSSL?
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 * Why doesn't my server application receive a client certificate?
 ===============================================================================
 [MISC] ========================================================================
 * Which is the current version of OpenSSL?
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6 was released on September 24th, 2000.
+OpenSSL 0.9.6d was released on 9 May, 2002.
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -78,6 +105,33 @@ OpenSSL.  Information on the OpenSSL mailing lists is available from
 <URL: http://www.openssl.org>.
 * Where can I get a compiled version of OpenSSL?
 Some applications that use OpenSSL are distributed in binary form.
 When using such an application, you don't need to install OpenSSL
 yourself; the application will include the required parts (e.g. DLLs).
 If you want to install OpenSSL on a Windows system and you don't have
 a C compiler, read the "Mingw32" section of INSTALL.W32 for information
 on how to obtain and install the free GNU C compiler.
 A number of Linux and *BSD distributions include OpenSSL.
 * Why aren't tools like 'autoconf' and 'libtool' used?
 autoconf will probably be used in future OpenSSL versions. If it was
 less Unix-centric, it might have been used much earlier.
 * What is an 'engine' version?
 With version 0.9.6 OpenSSL was extended to interface to external crypto
 hardware. This was realized in a special release '0.9.6-engine'. With
 version 0.9.7 (not yet released) the changes were merged into the main
 development line, so that the special release is no longer necessary.
 [LEGAL] =======================================================================
 * Do I need patent licenses to use OpenSSL?
 The patents section of the README file lists patents that may apply to
@@ -89,17 +143,25 @@ You can configure OpenSSL so as not to use RC5 and IDEA by using
 ./config no-rc5 no-idea
-* Is OpenSSL thread-safe?
+* Can I use OpenSSL with GPL software?
-Yes (with limitations: an SSL connection may not concurrently be used
+On many systems including the major Linux and BSD distributions, yes (the
-by multiple threads).  On Windows and many Unix systems, OpenSSL
+GPL does not place restrictions on using libraries that are part of the
-automatically uses the multi-threaded versions of the standard
+normal operating system distribution).
 libraries.  If your platform is not one of these, consult the INSTALL
 file.
-Multi-threaded applications must provide two callback functions to
+On other systems, the situation is less clear. Some GPL software copyright
-OpenSSL.  This is described in the threads(3) manpage.
+holders claim that you infringe on their rights if you use OpenSSL with
 their software on operating systems that don't normally include OpenSSL.
 If you develop open source software that uses OpenSSL, you may find it
 useful to choose an other license than the GPL, or state explicitly that
 "This program is released under the GPL with the additional exemption that
 compiling, linking, and/or using OpenSSL is allowed."  If you are using
 GPL software developed by others, you may want to ask the copyright holder
 for permission to use their software with OpenSSL.
 [USER] ========================================================================
 * Why do I get a "PRNG not seeded" error message?
@@ -108,6 +170,7 @@ correctly.  Many open source operating systems provide a "randomness
 device" that serves this purpose.  On other systems, applications have
 to call the RAND_add() or RAND_seed() function with appropriate data
 before generating keys or performing public key encryption.
 (These functions initialize the pseudo-random number generator, PRNG.)
 Some broken applications do not do this.  As of version 0.9.5, the
 OpenSSL functions that need randomness report an error if the random
@@ -117,18 +180,36 @@ application you are using.  It is likely that it never worked
 correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
 to perform potentially insecure encryption.
-On systems without /dev/urandom, it is a good idea to use the Entropy
+On systems without /dev/urandom and /dev/random, it is a good idea to
-Gathering Demon; see the RAND_egd() manpage for details.
+use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
 details.  Starting with version 0.9.7, OpenSSL will automatically look
 for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
 /etc/entropy.
-Most components of the openssl command line tool try to use the
+Most components of the openssl command line utility automatically try
-file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
+to seed the random number generator from a file.  The name of the
-for seeding the PRNG.  If this file does not exist or is too short,
+default seeding file is determined as follows: If environment variable
-the "PRNG not seeded" error message may occur.
+RANDFILE is set, then it names the seeding file.  Otherwise if
 environment variable HOME is set, then the seeding file is $HOME/.rnd.
 If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
 use file .rnd in the current directory while OpenSSL 0.9.6a uses no
 default seeding file at all.  OpenSSL 0.9.6b and later will behave
 similarly to 0.9.6a, but will use a default of "C:\" for HOME on
 Windows systems if the environment variable has not been set.
-[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
+If the default seeding file does not exist or is too short, the "PRNG
-0.9.5 does not do this and will fail on systems without /dev/urandom
+not seeded" error message may occur.
-when trying to password-encrypt an RSA key!  This is a bug in the
+
-library; try a later version instead.]
+The openssl command line utility will write back a new state to the
 default seeding file (and create this file if necessary) unless
 there was no sufficient seeding.
 Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
 Use the "-rand" option of the OpenSSL command line tools instead.
 The $RANDFILE environment variable and $HOME/.rnd are only used by the
 OpenSSL command line tools. Applications using the OpenSSL library
 provide their own configuration options to specify the entropy source,
 please check out the documentation coming the with application.
 For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
 installing the SUNski package from Sun patch 105710-01 (Sparc) which
@@ -138,6 +219,133 @@ versions.  However, be warned that /dev/random is usually a blocking
 device, which may have some effects on OpenSSL.
 * Why do I get an "unable to write 'random state'" error message?
 Sometimes the openssl command line utility does not abort with
 a "PRNG not seeded" error message, but complains that it is
 "unable to write 'random state'".  This message refers to the
 default seeding file (see previous answer).  A possible reason
 is that no default filename is known because neither RANDFILE
 nor HOME is set.  (Versions up to 0.9.6 used file ".rnd" in the
 current directory in this case, but this has changed with 0.9.6a.)
 * How do I create certificates or certificate requests?
 Check out the CA.pl(1) manual page. This provides a simple wrapper round
 the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
 out the manual pages for the individual utilities and the certificate
 extensions documentation (currently in doc/openssl.txt).
 * Why can't I create certificate requests?
 You typically get the error:
 	unable to find 'distinguished_name' in config
 	problems making Certificate Request
 This is because it can't find the configuration file. Check out the
 DIAGNOSTICS section of req(1) for more information.
 * Why does <SSL program> fail with a certificate verify error?
 This problem is usually indicated by log messages saying something like
 "unable to get local issuer certificate" or "self signed certificate".
 When a certificate is verified its root CA must be "trusted" by OpenSSL
 this typically means that the CA certificate must be placed in a directory
 or file and the relevant program configured to read it. The OpenSSL program
 'verify' behaves in a similar way and issues similar error messages: check
 the verify(1) program manual page for more information.
 * Why can I only use weak ciphers when I connect to a server using OpenSSL?
 This is almost certainly because you are using an old "export grade" browser
 which only supports weak encryption. Upgrade your browser to support 128 bit
 ciphers.
 * How can I create DSA certificates?
 Check the CA.pl(1) manual page for a DSA certificate example.
 * Why can't I make an SSL connection to a server using a DSA certificate?
 Typically you'll see a message saying there are no shared ciphers when
 the same setup works fine with an RSA certificate. There are two possible
 causes. The client may not support connections to DSA servers most web
 browsers (including Netscape and MSIE) only support connections to servers
 supporting RSA cipher suites. The other cause is that a set of DH parameters
 has not been supplied to the server. DH parameters can be created with the
 dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
 check the source to s_server in apps/s_server.c for an example.
 * How can I remove the passphrase on a private key?
 Firstly you should be really *really* sure you want to do this. Leaving
 a private key unencrypted is a major security risk. If you decide that
 you do have to do this check the EXAMPLES sections of the rsa(1) and
 dsa(1) manual pages.
 * Why can't I use OpenSSL certificates with SSL client authentication?
 What will typically happen is that when a server requests authentication
 it will either not include your certificate or tell you that you have
 no client certificates (Netscape) or present you with an empty list box
 (MSIE). The reason for this is that when a server requests a client
 certificate it includes a list of CAs names which it will accept. Browsers
 will only let you select certificates from the list on the grounds that
 there is little point presenting a certificate which the server will
 reject.
 The solution is to add the relevant CA certificate to your servers "trusted
 CA list". How you do this depends on the server software in uses. You can
 print out the servers list of acceptable CAs using the OpenSSL s_client tool:
 openssl s_client -connect www.some.host:443 -prexit
 If your server only requests certificates on certain URLs then you may need
 to manually issue an HTTP GET command to get the list when s_client connects:
 GET /some/page/needing/a/certificate.html
 If your CA does not appear in the list then this confirms the problem.
 * Why does my browser give a warning about a mismatched hostname?
 Browsers expect the server's hostname to match the value in the commonName
 (CN) field of the certificate. If it does not then you get a warning.
 * How do I install a CA certificate into a browser?
 The usual way is to send the DER encoded certificate to the browser as
 MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
 link. On MSIE certain extensions such as .der or .cacert may also work, or you
 can import the certificate using the certificate import wizard.
 You can convert a certificate to DER form using the command:
 openssl x509 -in ca.pem -outform DER -out ca.der
 Occasionally someone suggests using a command such as:
 openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
 DO NOT DO THIS! This command will give away your CAs private key and
 reduces its security to zero: allowing anyone to forge certificates in
 whatever name they choose.
 [BUILD] =======================================================================
 * Why does the linker complain about undefined symbols?
 Maybe the compilation was interrupted, and make doesn't notice that
@@ -162,25 +370,140 @@ If none of these helps, you may want to try using the current snapshot.
 If the problem persists, please submit a bug report.
-* Where can I get a compiled version of OpenSSL?
+* Why does the OpenSSL test fail with "bc: command not found"?
-Some applications that use OpenSSL are distributed in binary form.
+You didn't install "bc", the Unix calculator.  If you want to run the
-When using such an application, you don't need to install OpenSSL
+tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
 yourself; the application will include the required parts (e.g. DLLs).
 If you want to install OpenSSL on a Windows system and you don't have
 a C compiler, read the "Mingw32" section of INSTALL.W32 for information
 on how to obtain and install the free GNU C compiler.
-A number of Linux and *BSD distributions include OpenSSL.
+* Why does the OpenSSL test fail with "bc: 1 no implemented"?
 On some SCO installations or versions, bc has a bug that gets triggered
 when you run the test suite (using "make test").  The message returned is
 "bc: 1 not implemented".
 The best way to deal with this is to find another implementation of bc
 and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
 for download instructions) can be safely used, for example.
 * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
 On some Alpha installations running Tru64 Unix and Compaq C, the compilation
 of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
 memory to continue compilation.'  As far as the tests have shown, this may be
 a compiler bug.  What happens is that it eats up a lot of resident memory
 to build something, probably a table.  The problem is clearly in the
 optimization code, because if one eliminates optimization completely (-O0),
 the compilation goes through (and the compiler consumes about 2MB of resident
 memory instead of 240MB or whatever one's limit is currently).
 There are three options to solve this problem:
 1. set your current data segment size soft limit higher.  Experience shows
 that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do
 this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
 kbytes to set the limit to.
 2. If you have a hard limit that is lower than what you need and you can't
 get it changed, you can compile all of OpenSSL with -O0 as optimization
 level.  This is however not a very nice thing to do for those who expect to
 get the best result from OpenSSL.  A bit more complicated solution is the
 following:
 ----- snip:start -----
  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
       sed -e 's/ -O[0-9] / -O0 /'`"
  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
  make
 ----- snip:end -----
 This will only compile sha_dgst.c with -O0, the rest with the optimization
 level chosen by the configuration process.  When the above is done, do the
 test and installation and you're set.
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 Getting this message is quite usual on Solaris 2, because Sun has hidden
 away 'ar' and other development commands in directories that aren't in
 $PATH by default.  One of those directories is '/usr/ccs/bin'.  The
 quickest way to fix this is to do the following (it assumes you use sh
 or any sh-compatible shell):
 ----- snip:start -----
  PATH=${PATH}:/usr/ccs/bin; export PATH
 ----- snip:end -----
 and then redo the compilation.  What you should really do is make sure
 '/usr/ccs/bin' is permanently in your $PATH, for example through your
 '.profile' (again, assuming you use a sh-compatible shell).
 * Why does the OpenSSL compilation fail on Win32 with VC++?
 Sometimes, you may get reports from VC++ command line (cl) that it
 can't find standard include files like stdio.h and other weirdnesses.
 One possible cause is that the environment isn't correctly set up.
 To solve that problem, one should run VCVARS32.BAT which is found in
 the 'bin' subdirectory of the VC++ installation directory (somewhere
 under 'Program Files').  This needs to be done prior to running NMAKE,
 and the changes are only valid for the current DOS session.
 [PROG] ========================================================================
 * Is OpenSSL thread-safe?
 Yes (with limitations: an SSL connection may not concurrently be used
 by multiple threads).  On Windows and many Unix systems, OpenSSL
 automatically uses the multi-threaded versions of the standard
 libraries.  If your platform is not one of these, consult the INSTALL
 file.
 Multi-threaded applications must provide two callback functions to
 OpenSSL.  This is described in the threads(3) manpage.
 * I've compiled a program under Windows and it crashes: why?
-This is usually because you've missed the comment in INSTALL.W32. You
+This is usually because you've missed the comment in INSTALL.W32.
-must link with the multithreaded DLL version of the VC++ runtime library
+Your application must link against the same version of the Win32
-otherwise the conflict will cause a program to crash: typically on the
+C-Runtime against which your openssl libraries were linked.  The
-first BIO related read or write operation.
+default version for OpenSSL is /MD - "Multithreaded DLL".
 If you are using Microsoft Visual C++'s IDE (Visual Studio), in
 many cases, your new project most likely defaulted to "Debug
 Singlethreaded" - /ML.  This is NOT interchangeable with /MD and your
 program will crash, typically on the first BIO related read or write
 operation.
 For each of the six possible link stage configurations within Win32,
 your application must link  against the same by which OpenSSL was
 built.  If you are using MS Visual C++ (Studio) this can be changed
 by:
 1.  Select Settings... from the Project Menu.
 2.  Select the C/C++ Tab.
 3.  Select "Code Generation from the "Category" drop down list box
 4.  Select the Appropriate library (see table below) from the "Use
    run-time library" drop down list box.  Perform this step for both
    your debug and release versions of your application (look at the
    top left of the settings panel to change between the two)
    Single Threaded           /ML        -  MS VC++ often defaults to
                                            this for the release
                                            version of a new project.
    Debug Single Threaded     /MLd       -  MS VC++ often defaults to
                                            this for the debug version
                                            of a new project.
    Multithreaded             /MT
    Debug Multithreaded       /MTd
    Multithreaded DLL         /MD        -  OpenSSL defaults to this.
    Debug Multithreaded DLL   /MDd
 Note that debug and release libraries are NOT interchangeable.  If you
 built OpenSSL with /MD your application must use /MD and cannot use /MDd.
 * How do I read or write a DER encoded buffer using the ASN1 functions?
@@ -259,174 +582,39 @@ is forgetting to load OpenSSL's table of algorithms with
 OpenSSL_add_all_algorithms(). See the manual page for more information.
 * How do I create certificates or certificate requests?
 Check out the CA.pl(1) manual page. This provides a simple wrapper round
 the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
 out the manual pages for the individual utilities and the certificate
 extensions documentation (currently in doc/openssl.txt).
 * Why can't I create certificate requests?
 You typically get the error:
 	unable to find 'distinguished_name' in config
 	problems making Certificate Request
 This is because it can't find the configuration file. Check out the
 DIAGNOSTICS section of req(1) for more information.
 * Why does <SSL program> fail with a certificate verify error?
 This problem is usually indicated by log messages saying something like
 "unable to get local issuer certificate" or "self signed certificate".
 When a certificate is verified its root CA must be "trusted" by OpenSSL
 this typically means that the CA certificate must be placed in a directory
 or file and the relevant program configured to read it. The OpenSSL program
 'verify' behaves in a similar way and issues similar error messages: check
 the verify(1) program manual page for more information.
 * Why can I only use weak ciphers when I connect to a server using OpenSSL?
 This is almost certainly because you are using an old "export grade" browser
 which only supports weak encryption. Upgrade your browser to support 128 bit
 ciphers.
 * How can I create DSA certificates?
 Check the CA.pl(1) manual page for a DSA certificate example.
 * Why can't I make an SSL connection to a server using a DSA certificate?
 Typically you'll see a message saying there are no shared ciphers when
 the same setup works fine with an RSA certificate. There are two possible
 causes. The client may not support connections to DSA servers most web
 browsers (including Netscape and MSIE) only support connections to servers
 supporting RSA cipher suites. The other cause is that a set of DH parameters
 has not been supplied to the server. DH parameters can be created with the
 dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
 check the source to s_server in apps/s_server.c for an example.
 * How can I remove the passphrase on a private key?
 Firstly you should be really *really* sure you want to do this. Leaving
 a private key unencrypted is a major security risk. If you decide that
 you do have to do this check the EXAMPLES sections of the rsa(1) and
 dsa(1) manual pages.
 * Why can't the OpenSSH configure script detect OpenSSL?
-There is a problem with OpenSSH 1.2.2p1, in that the configure script
+Several reasons for problems with the automatic detection exist.
-can't find the installed OpenSSL libraries.  The problem is actually
+OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
-a small glitch that is easily solved with the following patch to be
+Sometimes the distribution has installed an older version in the system
-applied to the OpenSSH distribution:
+locations that is detected instead of a new one installed. The OpenSSL
 library might have been compiled for another CPU or another mode (32/64 bits).
 Permissions might be wrong.
----- snip:start -----
+The general answer is to check the config.log file generated when running
--- openssh-1.2.2p1/configure.in.orig	Thu Mar 23 18:56:58 2000
+the OpenSSH configure script. It should contain the detailed information
-+++ openssh-1.2.2p1/configure.in	Thu Mar 23 18:55:05 2000
+on why the OpenSSL library was not detected or considered incompatible.
-@@ -152,10 +152,10 @@
+
- AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
+* Can I use OpenSSL's SSL library with non-blocking I/O?
- for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+
- 	if test ! -z "$ssldir" ; then
+Yes; make sure to read the SSL_get_error(3) manual page!
-		LIBS="$saved_LIBS -L$ssldir"
+
-+		LIBS="$saved_LIBS -L$ssldir/lib"
+A pitfall to avoid: Don't assume that SSL_read() will just read from
- 		CFLAGS="$CFLAGS -I$ssldir/include"
+the underlying transport or that SSL_write() will just write to it --
- 		if test "x$need_dash_r" = "x1" ; then
+it is also possible that SSL_write() cannot do any useful work until
-			LIBS="$LIBS -R$ssldir"
+there is data to read, or that SSL_read() cannot do anything until it
-+			LIBS="$LIBS -R$ssldir/lib"
+is possible to send data.  One reason for this is that the peer may
- 		fi
+request a new TLS/SSL handshake at any time during the protocol,
- 	fi
+requiring a bi-directional message exchange; both SSL_read() and
- 	LIBS="$LIBS -lcrypto"
+SSL_write() will try to continue any pending handshake.
 --- openssh-1.2.2p1/configure.orig	Thu Mar 23 18:55:02 2000
 +++ openssh-1.2.2p1/configure	Thu Mar 23 18:57:08 2000
@@ -1890,10 +1890,10 @@
 echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5
 for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
 	if test ! -z "$ssldir" ; then
 -		LIBS="$saved_LIBS -L$ssldir"
 +		LIBS="$saved_LIBS -L$ssldir/lib"
 		CFLAGS="$CFLAGS -I$ssldir/include"
 		if test "x$need_dash_r" = "x1" ; then
 -			LIBS="$LIBS -R$ssldir"
 +			LIBS="$LIBS -R$ssldir/lib"
 		fi
 	fi
 	LIBS="$LIBS -lcrypto"
 ----- snip:end -----
-* Why does the OpenSSL test fail with "bc: command not found"?
+* Why doesn't my server application receive a client certificate?
-You didn't install "bc", the Unix calculator.  If you want to run the
+Due to the TLS protocol definition, a client will only send a certificate,
-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
+if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
 SSL_CTX_set_verify() function to enable the use of client certificates.
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+===============================================================================
 On some SCO installations or versions, bc has a bug that gets triggered when
 you run the test suite (using "make test").  The message returned is "bc:
 1 not implemented".  The best way to deal with this is to find another
 implementation of bc and compile/install it.  For example, GNU bc (see
 http://www.gnu.org/software/software.html for download instructions) can
 be safely used.
 * Why does the OpenSSL compilation fail on Alpha True64 Unix?
 On some Alpha installations running True64 Unix and Compaq C, the compilation
 of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
 memory to continue compilation.'  As far as the tests have shown, this may be
 a compiler bug.  What happens is that it eats up a lot of resident memory
 to build something, probably a table.  The problem is clearly in the
 optimization code, because if one eliminates optimization completely (-O0),
 the compilation goes through (and the compiler consumes about 2MB of resident
 memory instead of 240MB or whatever one's limit is currently).
 There are three options to solve this problem:
 1. set your current data segment size soft limit higher.  Experience shows
 that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do
 this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
 kbytes to set the limit to.
 2. If you have a hard limit that is lower than what you need and you can't
 get it changed, you can compile all of OpenSSL with -O0 as optimization
 level.  This is however not a very nice thing to do for those who expect to
 get the best result from OpenSSL.  A bit more complicated solution is the
 following:
 ----- snip:start -----
  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
       sed -e 's/ -O[0-9] / -O0 /'`"
  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
  make
 ----- snip:end -----
 This will only compile sha_dgst.c with -O0, the rest with the optimization
 level chosen by the configuration process.  When the above is done, do the
 test and installation and you're set.
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 Getting this message is quite usual on Solaris 2, because Sun has hidden
 away 'ar' and other development commands in directories that aren't in
 $PATH by default.  One of those directories is '/usr/ccs/bin'.  The
 quickest way to fix this is to do the following (it assumes you use sh
 or any sh-compatible shell):
 ----- snip:start -----
  PATH=${PATH}:/usr/ccs/bin; export PATH
 ----- snip:end -----
 and then redo the compilation.  What you should really do is make sure
 '/usr/ccs/bin' is permanently in your $PATH, for example through your
 '.profile' (again, assuming you use a sh-compatible shell).
--- a/18
+++ b/18
@@ -7,8 +7,11 @@
 To install OpenSSL, you will need:
  * make
  * Perl 5
  * an ANSI C compiler
  * a development environment in form of development libraries and C
    header files
  * a supported Unix operating system
 Quick Start
@@ -43,9 +46,6 @@
  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
                the library files and binaries are also installed there.
  rsaref        Build with RSADSI's RSAREF toolkit (this assumes that
                librsaref.a is in the library search path).
  no-threads    Don't try to build with support for multi-threaded
                applications.
@@ -57,10 +57,7 @@
  shared        In addition to the usual static libraries, create shared
                libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.  THIS IS NOT RECOMMENDED!  Since
+                shared libraries" below.
                this is a development branch, the positions of the ENGINE
                symbols in the transfer vector are constantly moving, so
                binary backward compatibility can't be guaranteed in any way.
  no-asm        Do not use assembler code.
@@ -128,7 +125,7 @@
     directory, and the binary will be in the "apps" directory.
     If "make" fails, look at the output.  There may be reasons for
-     the failure that isn't a problem in OpenSSL itself (like missing
+     the failure that aren't problems in OpenSSL itself (like missing
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
     message will be forwarded to a public mailing list).  Include the
@@ -272,6 +269,11 @@
 Note on shared libraries
 ------------------------
 Shared library is currently an experimental feature.  The only reason to
 have them would be to conserve memory on systems where several program
 are using OpenSSL.  Binary backward compatibility can't be guaranteed
 before OpenSSL version 1.0.
 For some systems, the OpenSSL Configure script knows what is needed to
 build shared libraries for libcrypto and libssl.  On these systems,
 the shared libraries are currently not created by default, but giving
--- a/INSTALL.MacOS
+++ b/INSTALL.MacOS
@@ -1,7 +1,7 @@
-OpenSSL - Port To The Macintosh
+OpenSSL - Port To The Macintosh OS 9 or Earlier
-===============================
+===============================================
-Thanks to Roy Wood <roy@centricsystems.ca> initial support for MacOS (pre
+Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
 X) is now provided. "Initial" means that unlike other platforms where you
 get an SDK and a "swiss army" openssl application, on Macintosh you only
 get one sample application which fetches a page over HTTPS(*) and dumps it
@@ -42,7 +42,7 @@ Installation procedure:
 	BSD sockets and some other POSIX APIs. The GUSI distribution is
 	expected to be found in the same directory as openssl source tree,
 	i.e. in the parent directory to the one where this very file,
-	namely INSTALL.MacOS. For more informations about GUSI, see
+	namely INSTALL.MacOS. For more information about GUSI, see
 	http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
 Finally some essential comments from our generous contributor:-)
--- a/INSTALL.VMS
+++ b/INSTALL.VMS
@@ -8,6 +8,7 @@ Intro:
 This file is divided in the following parts:
  Requirements			- Mandatory reading.
  Checking the distribution	- Mandatory reading.
  Compilation			- Mandatory reading.
  Logical names			- Mandatory reading.
@@ -19,6 +20,15 @@ This file is divided in the following parts:
  TODO				- Things that are to come.
 Requirements:
 =============
 To build and install OpenSSL, you will need:
 * DEC C or some other ANSI C compiler.  VAX C is *not* supported.
   [Note: OpenSSL has only been tested with DEC C.  Compiling with 
    a different ANSI C compiler may require some work]
 Checking the distribution:
 ==========================
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -2,16 +2,19 @@
 INSTALLATION ON THE WIN32 PLATFORM
 ----------------------------------
- Heres a few comments about building OpenSSL in Windows environments. Most of
+ Heres a few comments about building OpenSSL in Windows environments.  Most
- this is tested on Win32 but it may also work in Win 3.1 with some
+ of this is tested on Win32 but it may also work in Win 3.1 with some
 modification.
- You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
+ You need Perl for Win32.  Unless you will build on Cygwin, you will need
 ActiveState Perl, available from http://www.activestate.com/ActivePerl.
 For Cygwin users, there's more info in the Cygwin section.
 and one of the following C compilers:
  * Visual C++
  * Borland C
-  * GNU C (Mingw32 or Cygwin32)
+  * GNU C (Mingw32 or Cygwin)
 If you want to compile in the assembly language routines with Visual C++ then
 you will need an assembler. This is worth doing because it will result in
@@ -78,7 +81,7 @@
 There are various changes you can make to the Win32 compile environment. By
 default the library is not compiled with debugging symbols. If you add 'debug'
- to the mk1mk.pl lines in the do_* batch file then debugging symbols will be
+ to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
 compiled in.
 The default Win32 environment is to leave out any Windows NT specific
@@ -134,28 +137,30 @@
   > cd out
   > ..\ms\test
- GNU C (CygWin32)
+ GNU C (Cygwin)
- ---------------
+ --------------
- CygWin32 provides a bash shell and GNU tools environment running on
+ Cygwin provides a bash shell and GNU tools environment running on
 NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL
- with CygWin is closer to a GNU bash environment such as Linux rather
+ with Cygwin is closer to a GNU bash environment such as Linux rather
 than other W32 makes that are based on a single makefile approach.
- CygWin32 implements Posix/Unix calls through cygwin1.dll, and is
+ Cygwin implements Posix/Unix calls through cygwin1.dll, and is
 contrasted to Mingw32 which links dynamically to msvcrt.dll or
 crtdll.dll.
- To build OpenSSL using CygWin32:
+ To build OpenSSL using Cygwin:
- * Install CygWin32 (see http://sourceware.cygnus.com/cygwin)
+ * Install Cygwin (see http://sourceware.cygnus.com/cygwin)
- * Install Perl and ensure it is in the path
+ * Install Perl and ensure it is in the path (recent Cygwin perl 
   (version 5.6.1-2 of the latter has been reported to work) or
   ActivePerl)
- * Run the CygWin bash shell
+ * Run the Cygwin bash shell
 * $ tar zxvf openssl-x.x.x.tar.gz
   $ cd openssl-x.x.x
-   $ ./Configure no-threads CygWin32
+   $ ./config
   [...]
   $ make
   [...]
@@ -164,27 +169,28 @@
 This will create a default install in /usr/local/ssl.
- CygWin32 Notes:
+ Cygwin Notes:
 "make test" and normal file operations may fail in directories
- mounted as text (i.e. mount -t c:\somewhere /home) due to CygWin
+ mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
 stripping of carriage returns. To avoid this ensure that a binary
 mount is used, e.g. mount -b c:\somewhere /home.
- As of version 1.1.1 CygWin32 is relatively unstable in its handling
+ As of version 1.1.1 Cygwin is relatively unstable in its handling
 of cr/lf issues. These make procedures succeeded with versions 1.1 and
 the snapshot 20000524 (Slow!).
- "bc" is not provided in the CygWin32 distribution.  This causes a
+ "bc" is not provided in the Cygwin distribution.  This causes a
 non-fatal error in "make test" but is otherwise harmless.  If
- desired, GNU bc can be built with CygWin32 without change.
+ desired, GNU bc can be built with Cygwin without change.
 Installation
 ------------
- There's currently no real installation procedure for Win32.  There are,
+ If you used the Cygwin procedure above, you have already installed and
- however, some suggestions:
+ can skip this section.  For all other procedures, there's currently no real
 installation procedure for Win32.  There are, however, some suggestions:
    - do nothing.  The include files are found in the inc32/ subdirectory,
      all binaries are found in out32dll/ or out32/ depending if you built
--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/Makefile.org
+++ b/Makefile.org
@@ -59,6 +59,7 @@ CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD
 DEPFLAG= 
 PEX_LIBS= 
 EX_LIBS= 
 EXE_EXT= 
 AR=ar r
 RANLIB= ranlib
 PERL= perl
@@ -161,7 +162,7 @@ SHLIBDIRS= crypto ssl
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso engine \
+	bn rsa dsa dh dso \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
@@ -182,6 +183,7 @@ SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
 SHARED_LIBS=
 SHARED_LIBS_LINK_EXTS=
 SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
@@ -201,7 +203,7 @@ sub_all:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
@@ -234,49 +236,243 @@ clean-shared:
 			done; \
 		fi; \
 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
 		if [ "$(PLATFORM)" = "Cygwin" ]; then \
 			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
 		fi; \
 	done
 link-shared:
-	@for i in $(SHLIBDIRS); do \
+	@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
-		prev=lib$$i$(SHLIB_EXT); \
+		tmp="$(SHARED_LIBS_LINK_EXTS)"; \
-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+		for i in $(SHLIBDIRS); do \
-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+			prev=lib$$i$(SHLIB_EXT); \
 			for j in $${tmp:-x}; do \
 				( set -x; ln -f -s $$prev lib$$i$$j ); \
 				prev=lib$$i$$j; \
 			done; \
-		fi; \
+		done; \
-	done
+	fi
 build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
-do_bsd-gcc-shared: linux-shared
+do_bsd-gcc-shared: do_gnu-shared
 do_linux-shared: do_gnu-shared
 do_gnu-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+	( set -x; ${CC} ${SHARED_LDFLAGS} \
-		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
 	libs="$$libs -l$$i"; \
 	done
-# This assumes that GNU utilities are *not* used
+DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
-do_tru64-shared:
+	collect2=`gcc -print-prog-name=collect2 2>&1` && \
 	[ -n "$$collect2" ] && \
 	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
 	[ -n "$$my_ld" ] && \
 	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
 # For Darwin AKA Mac OS/X (dyld)
 do_darwin-shared: 
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
+	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
-		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
 		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
 	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
 	echo "" ; \
 	done
 do_cygwin-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -o cyg$$i.dll \
 		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--out-implib,lib$$i.dll.a \
 		-Wl,--no-whole-archive $$libs ) || exit 1; \
 	libs="$$libs -l$$i"; \
 	done
 # This assumes that GNU utilities are *not* used
 do_alpha-osf1-shared:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # This assumes that GNU utilities are *not* used
 # The difference between alpha-osf1-shared and tru64-shared is the `-msym'
 # option passed to the linker.
 do_tru64-shared:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -msym -o lib$$i.so \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # This assumes that GNU utilities are *not* used
 # The difference between tru64-shared and tru64-shared-rpath is the
 # -rpath ${INSTALLTOP}/lib passed to the linker.
 do_tru64-shared-rpath:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -msym -o lib$$i.so \
 			-rpath  ${INSTALLTOP}/lib \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # This assumes that GNU utilities are *not* used
 do_solaris-shared:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
 		  set -x; ${CC} ${SHARED_LDFLAGS} \
 			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # OpenServer 5 native compilers used
 do_svr3-shared:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
 		  find . -name "*.o" -print > allobjs ; \
 		  OBJS= ; export OBJS ; \
 		  for obj in `ar t lib$$i.a` ; do \
 		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
 		  done ; \
 		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # UnixWare 7 and OpenUNIX 8 native compilers used
 do_svr5-shared:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
 		  find . -name "*.o" -print > allobjs ; \
 		  OBJS= ; export OBJS ; \
 		  for obj in `ar t lib$$i.a` ; do \
 		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
 		  done ; \
 		  set -x; ${CC} ${SHARED_LDFLAGS} \
 			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # This assumes that GNU utilities are *not* used
 do_irix-shared:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi
 # This assumes that GNU utilities are *not* used
 do_hpux-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-	  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+vnocompatwarnings \
-		-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
 	libs="$$libs -L. -l$$i"; \
 	done
 # This assumes that GNU utilities are *not* used
 do_hpux64-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
 		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
 	libs="$$libs -L. -l$$i"; \
 	done
 # The following method is said to work on all platforms.  Tests will
 # determine if that's how it's gong to be used.
 # This assumes that for all but GNU systems, GNU utilities are *not* used.
 # ALLSYMSFLAGS would be:
 #  GNU systems: --whole-archive
 #  Tru64 Unix:  -all
 #  Solaris:     -z allextract
 #  Irix:        -all
 #  HP/UX-32bit: -Fl
 #  HP/UX-64bit: +forceload
 #  AIX:		-bnogc
 # SHAREDFLAGS would be:
 #  GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
 #  Tru64 Unix:  -shared \
 #		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
 #  Solaris:     -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
 #  Irix:        -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
 #  HP/UX-32bit: +vnocompatwarnings -b -z +s \
 #		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
 #  HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
 #  AIX:		-G -bE:lib$$i.exp -bM:SRE
 # SHAREDCMD would be:
 #  GNU systems: $(CC)
 #  Tru64 Unix:  $(CC)
 #  Solaris:     $(CC)
 #  Irix:        $(CC)
 #  HP/UX-32bit: /usr/ccs/bin/ld
 #  HP/UX-64bit: /usr/ccs/bin/ld
 #  AIX:		$(CC)
 ALLSYMSFLAG=-bnogc
 SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
 SHAREDCMD=$(CC)
 do_aix-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; \
 	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
 	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
 	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
 		$$libs ${EX_LIBS} ) ) \
 	|| exit 1; \
 	libs="$$libs -l$$i"; \
 	done
@@ -349,7 +545,7 @@ test:   tests
 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' EXE_EXT='${EXE_EXT}' tests );
 	@apps/openssl version -a
 report:
@@ -383,25 +579,25 @@ tags:
 	done;
 errors:
-	perl util/mkerr.pl -recurse -write
+	$(PERL) util/mkerr.pl -recurse -write
 stacks:
-	perl util/mkstack.pl -write
+	$(PERL) util/mkstack.pl -write
 util/libeay.num::
-	perl util/mkdef.pl crypto update
+	$(PERL) util/mkdef.pl crypto update
 util/ssleay.num::
-	perl util/mkdef.pl ssl update
+	$(PERL) util/mkdef.pl ssl update
 crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
-	perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
 crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
-	perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
-	perl Configure TABLE) > TABLE
+	$(PERL) Configure TABLE) > TABLE
 update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
@@ -440,7 +636,7 @@ install: all install_docs
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i; echo "installing $$i..."; \
-		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
+		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
 	fi; \
 	done
 	@for i in $(LIBS) ;\
@@ -450,17 +646,25 @@ install: all install_docs
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
-		fi \
+		fi; \
 	done
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		tmp="$(SHARED_LIBS)"; \
 		for i in $${tmp:-x}; \
 		do \
-			if [ -f "$$i" ]; then \
+			if [ -f "$$i" -o -f "$$i.a" ]; then \
 			(       echo installing $$i; \
-				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+				if [ "$(PLATFORM)" != "Cygwin" ]; then \
-				chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			fi \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
 					c=`echo $$i | sed 's/^lib/cyg/'`; \
 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 				fi ); \
 			fi; \
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
@@ -473,19 +677,19 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
 	@echo installing man 1 and man 5
 	@for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
-		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
+		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
 			 --release=$(VERSION) `basename $$i`) \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
 	@echo installing man 3 and man 7
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
-		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
+		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`) \
--- a/35
+++ b/35
@@ -5,6 +5,41 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
      o Various SSL/TLS library bugfixes.
      o Fix DH parameter generation for 'non-standard' generators.
  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
      o Various SSL/TLS library bugfixes.
      o BIGNUM library fixes.
      o RSA OAEP and random number generation fixes.
      o Object identifiers corrected and added.
      o Add assembler BN routines for IA64.
      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
        MIPS Linux; shared library support for Irix, HP-UX.
      o Add crypto accelerator support for AEP, Baltimore SureWare,
        Broadcom and Cryptographic Appliance's keyserver
        [in 0.9.6c-engine release].
  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
      o Security fix: PRNG improvements.
      o Security fix: RSA OAEP check.
      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
        attack.
      o MIPS bug fix in BIGNUM.
      o Bug fix in "openssl enc".
      o Bug fix in X.509 printing routine.
      o Bug fix in DSA verification routine and DSA S/MIME verification.
      o Bug fix to make PRNG thread-safe.
      o Bug fix in RAND_file_name().
      o Bug fix in compatibility mode trust settings.
      o Bug fix in blowfish EVP.
      o Increase default size for BIO buffering filter.
      o Compatibility fixes in some scripts.
  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
      o Security fix: change behavior of OpenSSL to avoid using
--- a/16
+++ b/16
@@ -1,7 +1,7 @@
- OpenSSL 0.9.6a-beta3 [engine] 30 Mar 2001
+ OpenSSL 0.9.6d 9 May 2002
- Copyright (c) 1998-2000 The OpenSSL Project
+ Copyright (c) 1998-2002 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.
@@ -62,7 +62,7 @@
     X.509v3 certificates
        X509 encoding/decoding into/from binary ASN1 and a PEM
-             based ascii-binary encoding which supports encryption with a
+             based ASCII-binary encoding which supports encryption with a
             private key.  Program to generate RSA and DSA certificate
             requests and to generate RSA and DSA certificates.
@@ -97,7 +97,7 @@
 locations around the world. _YOU_ are responsible for ensuring that your use
 of any algorithms is legal by checking if there are any patents in your
 country.  The file contains some of the patents that we know about or are
- rumoured to exist. This is not a definitive list.
+ rumored to exist. This is not a definitive list.
 RSA Security holds software patents on the RC5 algorithm.  If you
 intend to use this cipher, you must contact RSA Security for
@@ -107,8 +107,8 @@
 only be used with RSA Security's permission. 
 The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
- Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They should
+ Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They
- be contacted if that algorithm is to be used, their web page is
+ should be contacted if that algorithm is to be used; their web page is
 http://www.ascom.ch/.
 INSTALLATION
@@ -119,8 +119,8 @@
 INSTALL.VMS.
 Read the documentation in the doc/ directory.  It is quite rough, but it
- lists the functions, you will probably have to look at the code to work out
+ lists the functions; you will probably have to look at the code to work out
- how to used them. Look at the example programs.
+ how to use them. Look at the example programs.
 SUPPORT 
 -------
--- a/README.ENGINE
+++ b/README.ENGINE
@@ -5,7 +5,7 @@
  With OpenSSL 0.9.6, a new component has been added to support external 
  crypto devices, for example accelerator cards.  The component is called
  ENGINE, and has still a pretty experimental status and almost no
-  documentation.  It's designed to be faily easily extensible by the
+  documentation.  It's designed to be fairly easily extensible by the
  calling programs.
  There's currently built-in support for the following crypto devices:
@@ -48,7 +48,7 @@
  No external crypto device is chosen unless you say so.  You have actively
  tell the openssl utility commands to use it through a new command line
  switch called "-engine".  And if you want to use the ENGINE library to
-  do something similar, you must also explicitely choose an external crypto
+  do something similar, you must also explicitly choose an external crypto
  device, or the built-in crypto routines will be used, just as in the
  default OpenSSL distribution.
@@ -56,7 +56,7 @@
  PROBLEMS
  ========
-  It seems like the ENGINE part doesn't work too well with Cryptoswift on
+  It seems like the ENGINE part doesn't work too well with CryptoSwift on
  Win32.  A quick test done right before the release showed that trying
  "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
  an attempt is made to write at memory address 0x00000002.
--- a/73
+++ b/73
@@ -1,46 +1,14 @@
  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2001/03/26 17:09:12 $
+  ______________                           $Date: 2002/05/05 23:48:29 $
  DEVELOPMENT STATE
-    o  OpenSSL 0.9.6a: Bugfix release -- under development...
+    o  OpenSSL 0.9.7:  Under development...
-                       Beta 1 released on March 13th, 2001
+    o  OpenSSL 0.9.6d: Feature freeze, beta1 April 17th, 2002
-	HP-UX 10.20 (hpux-parisc-cc)		- PASSED [normal+engine]
+    o  OpenSSL 0.9.6c: Released on December  21st, 2001
-	HP-UX 10.20 (hpux-parisc-gcc)		- PASSED [normal+engine]
+    o  OpenSSL 0.9.6b: Released on July       9th, 2001
-	HP-UX 11.00 32bit (hpux-parisc-gcc)	- FAILED [engine]
+    o  OpenSSL 0.9.6a: Released on April      5th, 2001
 		"openssl speed rsa1024 -engine cswift" fails unless
 		libswift.sl is renamed to libswift.so.
 		[CORRECTED]
 	HP MPE/iX				- PASSED [presumed normal]
 	Linux 2.2.17 SMP (linux-elf)		- PASSED [normal+engine]
 	Windows (VC-WIN32)			- FAILED [presumed normal]
 		Missing line in ms/32all.bat:
 			perl util\mkfiles.pl >MINFO
 		[CORRECTED]
 		In randfile.c, line 214, signed and unsigned int are mixed.
 		[CORRECTED]
 		In s_client.c and s_server.c, RAND_status() needs to get
 		declared (#include <openssl/rand.h>)
 		[CORRECTED]
 	OpenVMS (any version)			- FAILED [normal+engine]
 		Missing instructions in building script.
 		[CORRECTED]
 	AIX 4.3					- FAILED [engine]
 		Needs -DDSO_DLFCN and -DHAVE_DLFCN_H to work.
 		[CORRECTED] (but will not be automagically configured)
 	Irix 6.5.11				- FAILED [presumed normal]
 		BN_sqr test fails.
        solaris64-sparcv9-cc (SunOS 5.8)        - PASSED [normal+engine]
 	BSDI 4.0.1 (bsdi-elf-gcc)		- FAILED [engine]
 		Needs -DDSO_DLFCN, -DHAVE_DLFCN_H and -ldl to work.
 		[CORRECTED]
 	mingw32 w/ gcc 2.95.2			- PASSED [presumed normal]
                       Beta 2 released on March 21st, 2001
 	OpenVMS (tested on VMS 7.2-1 for Alpha)	- PASSED [presumed normal]
        solaris64-sparcv9-cc (SunOS 5.8)        - PASSED [normal]
    o  OpenSSL 0.9.6:  Released on September 24th, 2000
    o  OpenSSL 0.9.5a: Released on April      1st, 2000
    o  OpenSSL 0.9.5:  Released on February  28th, 2000
@@ -54,6 +22,8 @@
  AVAILABLE PATCHES
    o 
  IN PROGRESS
    o Steve is currently working on (in no particular order):
@@ -67,31 +37,24 @@
    o Geoff and Richard are currently working on:
 	ENGINE (the new code that gives hardware support among others).
    o Richard is currently working on:
 	UI (User Interface)
 	UTIL (a new set of library functions to support some higher level
 	      functionality that is currently missing).
 	Shared library support for VMS.
 	OCSP
 	Kerberos 5 authentication
 	Constification
 	OCSP
  NEEDS PATCH
    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
    o  OpenSSL_0_9_6-stable:
       #include <openssl/e_os.h> in exported header files is illegal since
       e_os.h is suitable only for library-internal use.
    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
       or an error is reported
-  OPEN ISSUES
+    o  "OpenSSL STATUS" is never up-to-date.
-    o  crypto/ex_data.c is not really thread-safe and so must be used
+  OPEN ISSUES
       with care (e.g., extra locking where necessary, or don't call
       CRYPTO_get_ex_new_index once multiple threads exist).
       The current API is not suitable for everything that it pretends
       to offer.
    o  The Makefile hierarchy and build mechanism is still not a round thing:
@@ -135,4 +98,14 @@
  WISHES
-    o 
+    o  SRP in TLS.
       [wished by:
        Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
        Tom Holroyd <tomh@po.crl.go.jp>]
       See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
       as well as http://www-cs-students.stanford.edu/~tjw/srp/.
       Tom Holroyd tells us there is a SRP patch for OpenSSH at
       http://members.tripod.com/professor_tom/archives/, that could
       be useful.
--- a/875
+++ b/875
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -170,8 +170,6 @@ int str2fmt(char *s)
 		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
 		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
 		return(FORMAT_PKCS12);
 	else if ((*s == 'E') || (*s == 'e'))
 		return(FORMAT_ENGINE);
 	else
 		return(FORMAT_UNDEF);
 	}
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -162,8 +162,6 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 #define FORMAT_NETSCAPE 4
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
 /* Since this is currently inofficial, let's give it a high number */
 #define FORMAT_ENGINE   127
 #define NETSCAPE_CERT_HDR	"certificate"
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -74,7 +74,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #ifndef W_OK
 #  ifdef VMS
@@ -83,7 +82,7 @@
 #    else
 #      include <unixlib.h>
 #    endif
-#  else
+#  elif !defined(VXWORKS)
 #    include <sys/file.h>
 #  endif
 #endif
@@ -168,7 +167,6 @@ static char *ca_usage[]={
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
 " -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
@@ -218,7 +216,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	char *key=NULL,*passargin=NULL;
 	int total=0;
 	int total_done=0;
@@ -271,7 +268,6 @@ int MAIN(int argc, char **argv)
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
 	char *randfile=NULL;
 	char *engine = NULL;
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -423,11 +419,6 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			crl_ext= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else
 			{
 bad:
@@ -448,24 +439,6 @@ bad:
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto err;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto err;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	/*****************************************************************/
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
 	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
@@ -1247,7 +1220,11 @@ bad:
 			X509_free(revcert);
 			strncpy(buf[0],dbfile,BSIZE-4);
 #ifndef VMS
 			strcat(buf[0],".new");
 #else
 			strcat(buf[0],"-new");
 #endif
 			if (BIO_write_filename(out,buf[0]) <= 0)
 				{
 				perror(dbfile);
@@ -1257,7 +1234,11 @@ bad:
 			j=TXT_DB_write(out,db);
 			if (j <= 0) goto err;
 			strncpy(buf[1],dbfile,BSIZE-4);
 #ifndef VMS
 			strcat(buf[1],".old");
 #else
 			strcat(buf[1],"-old");
 #endif
 			if (rename(dbfile,buf[1]) < 0)
 				{
 				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -66,7 +66,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -74,14 +73,13 @@
 #undef PROG
 #define PROG	dgst_main
-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
+void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 		EVP_PKEY *key, unsigned char *sigin, int siglen);
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	unsigned char *buf=NULL;
 	int i,err=0;
 	const EVP_MD *md=NULL,*m;
@@ -89,17 +87,16 @@ int MAIN(int argc, char **argv)
 	BIO *bmd=NULL;
 	BIO *out = NULL;
 	const char *name;
-#define PROG_NAME_SIZE  16
+#define PROG_NAME_SIZE  39
-	char pname[PROG_NAME_SIZE];
+	char pname[PROG_NAME_SIZE+1];
 	int separator=0;
 	int debug=0;
 	const char *outfile = NULL, *keyfile = NULL;
 	const char *sigfile = NULL, *randfile = NULL;
-	char out_bin = -1, want_pub = 0, do_verify = 0;
+	int out_bin = -1, want_pub = 0, do_verify = 0;
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
 	char *engine=NULL;
 	apps_startup();
@@ -157,11 +154,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			sigfile=*(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) break;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-hex") == 0)
 			out_bin = 0;
 		else if (strcmp(*argv,"-binary") == 0)
@@ -198,7 +190,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
@@ -218,24 +209,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)
@@ -365,7 +338,7 @@ end:
 	EXIT(err);
 	}
-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
+void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			EVP_PKEY *key, unsigned char *sigin, int siglen)
 	{
 	int len;
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -69,7 +69,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	dh_main
@@ -88,12 +87,11 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;
 	apps_startup();
@@ -101,7 +99,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -132,11 +129,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -168,30 +160,11 @@ bad:
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -121,7 +121,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #ifndef NO_DSA
 #include <openssl/dsa.h>
@@ -149,7 +148,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 #ifndef NO_DSA
@@ -158,7 +156,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
-	char *inrand=NULL,*engine=NULL;
+	char *inrand=NULL;
 	int num = 0, g = 0;
 	apps_startup();
@@ -197,11 +195,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -247,7 +240,6 @@ bad:
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
@@ -257,24 +249,6 @@ bad:
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (g && !num)
 		num = DEFBITS;
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -68,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	dsa_main
@@ -88,7 +87,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
@@ -96,7 +94,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	int modulus=0;
@@ -107,7 +105,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -148,11 +145,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -184,7 +176,6 @@ bad:
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
@@ -198,24 +189,6 @@ bad:
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -69,7 +69,6 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	dsaparam_main
@@ -91,12 +90,11 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*inrand=NULL,*engine=NULL;
+	char *infile,*outfile,*prog,*inrand=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
@@ -178,7 +176,7 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -text         print the key in text\n");
+		BIO_printf(bio_err," -text         print as text\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -70,7 +70,6 @@
 #include <openssl/md5.h>
 #endif
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -85,7 +84,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	static const char magic[]="Salted__";
 	char mbuf[8];	/* should be 1 smaller than magic */
 	char *strbuf=NULL;
@@ -101,9 +99,8 @@ int MAIN(int argc, char **argv)
 	const EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
-#define PROG_NAME_SIZE  16
+#define PROG_NAME_SIZE  39
-	char pname[PROG_NAME_SIZE];
+	char pname[PROG_NAME_SIZE+1];
 	char *engine = NULL;
 	apps_startup();
@@ -144,11 +141,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
@@ -249,7 +241,6 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
 			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 			BIO_printf(bio_err,"Cipher Types\n");
 			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
@@ -323,24 +314,6 @@ bad:
 		argv++;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -542,6 +515,14 @@ bad:
 			BIO_printf(bio_err,"invalid hex iv value\n");
 			goto end;
 			}
 		if ((hiv == NULL) && (str == NULL))
 			{
 			/* No IV was explicitly set and no IV was generated
 			 * during EVP_BytesToKey. Hence the IV is undefined,
 			 * making correct decryption impossible. */
 			BIO_printf(bio_err, "iv undefined\n");
 			goto end;
 			}
 		if ((hkey != NULL) && !set_hex(hkey,key,24))
 			{
 			BIO_printf(bio_err,"invalid hex key value\n");
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -70,7 +70,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define DEFBITS	512
 #undef PROG
@@ -82,13 +81,11 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
 	char *inrand=NULL;
 	char *engine=NULL;
 	BIO *out=NULL;
 	apps_startup();
@@ -113,11 +110,6 @@ int MAIN(int argc, char **argv)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -133,34 +125,15 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
+		BIO_printf(bio_err," -2    use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
+	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
+		BIO_printf(bio_err," -5    use 5 as the generator value\n");
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -68,7 +68,6 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define DEFBITS	512
 #undef PROG
@@ -78,7 +77,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
@@ -86,7 +84,6 @@ int MAIN(int argc, char **argv)
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
 	EVP_CIPHER *enc=NULL;
 	char *engine=NULL;
 	apps_startup();
@@ -109,11 +106,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -153,7 +145,6 @@ bad:
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
@@ -162,24 +153,6 @@ bad:
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -69,7 +69,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define DEFBITS	512
 #undef PROG
@@ -81,7 +80,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
@@ -90,7 +88,6 @@ int MAIN(int argc, char **argv)
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
 	char *engine=NULL;
 	char *inrand=NULL;
 	BIO *out=NULL;
@@ -119,11 +116,6 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -162,7 +154,6 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
@@ -176,24 +167,6 @@ bad:
 		goto err;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto err;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto err;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -213,8 +186,7 @@ bad:
 			}
 		}
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
 		&& !RAND_status())
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -1133,6 +1133,7 @@ $!
 $! Save directory information
 $!
 $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
 $ __HERE = F$EDIT(__HERE,"UPCASE")
 $ __TOP = __HERE - "APPS]"
 $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
 $!
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -88,8 +88,8 @@ BIO *bio_err=NULL;
 int main(int Argc, char *Argv[])
 	{
 	ARGS arg;
-#define PROG_NAME_SIZE	16
+#define PROG_NAME_SIZE	39
-	char pname[PROG_NAME_SIZE];
+	char pname[PROG_NAME_SIZE+1];
 	FUNCTION f,*fp;
 	MS_STATIC char *prompt,buf[1024],config_name[256];
 	int n,i,ret=0;
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -66,7 +66,6 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
 #include <openssl/engine.h>
 #define PROG pkcs12_main
@@ -93,7 +92,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
    ENGINE *e = NULL;
    char *infile=NULL, *outfile=NULL, *keyname = NULL;	
    char *certfile=NULL;
    BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -120,7 +118,6 @@ int MAIN(int argc, char **argv)
    char *passin = NULL, *passout = NULL;
    char *inrand = NULL;
    char *CApath = NULL, *CAfile = NULL;
    char *engine=NULL;
    apps_startup();
@@ -239,11 +236,6 @@ int MAIN(int argc, char **argv)
 			args++;	
 			CAfile = *args;
 		    } else badarg = 1;
 		} else if (!strcmp(*args,"-engine")) {
 		    if (args[1]) {
 			args++;	
 			engine = *args;
 		    } else badarg = 1;
 		} else badarg = 1;
 	} else badarg = 1;
@@ -287,27 +279,12 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
 	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
    	goto end;
    }
    if (engine != NULL) {
 	if((e = ENGINE_by_id(engine)) == NULL) {
 	    BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
 	    goto end;
 	}
 	if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
 	    BIO_printf(bio_err,"can't use that engine\n");
 	    goto end;
 	}
 	BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 	/* Free our "structural" reference. */
 	ENGINE_free(e);
    }
    if(passarg) {
 	if(export_cert) passargout = passarg;
 	else passargin = passarg;
@@ -772,7 +749,10 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
 				return 0;
-		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) {
 			PKCS8_PRIV_KEY_INFO_free(p8);
 			return 0;
 		}
 		print_attribs (out, p8->attributes, "Key Attributes");
 		PKCS8_PRIV_KEY_INFO_free(p8);
 		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -67,7 +67,6 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	pkcs7_main
@@ -83,7 +82,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -91,7 +89,6 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
 	int ret=0;
 	char *engine=NULL;
 	apps_startup();
@@ -135,11 +132,6 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -162,30 +154,11 @@ bad:
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		EXIT(1);
 		}
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -62,7 +62,6 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
 #include <openssl/engine.h>
 #include "apps.h"
 #define PROG pkcs8_main
@@ -71,7 +70,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
 	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
 	BIO *in = NULL, *out = NULL;
@@ -87,13 +85,9 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey;
 	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
 	char *engine=NULL;
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
@@ -144,11 +138,6 @@ int MAIN(int argc, char **argv)
 			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
 		else if (strcmp(*args,"-engine") == 0)
 			{
 			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
@@ -181,28 +170,9 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
 		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
 		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		return (1);
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			return (1);
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			return (1);
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		return (1);
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -9,7 +9,6 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG rand_main
@@ -24,7 +23,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
@@ -32,7 +30,6 @@ int MAIN(int argc, char **argv)
 	int base64 = 0;
 	BIO *out = NULL;
 	int num = -1;
 	char *engine=NULL;
 	apps_startup();
@@ -51,13 +48,6 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
 		if (strcmp(argv[i], "-engine") == 0)
 			{
 			if ((argv[i+1] != NULL) && (engine == NULL))
 				engine = argv[++i];
 			else
 				badopt = 1;
 			}
 		else if (strcmp(argv[i], "-rand") == 0)
 			{
 			if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -94,31 +84,12 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_printf(bio_err, "Usage: rand [options] num\n");
 		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, "-out file             - write to file\n");
+		BIO_printf(bio_err, "-out file            - write to file\n");
-		BIO_printf(bio_err," -engine e             - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-rand file%cfile%c...  - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err, "-base64              - encode output\n");
 		BIO_printf(bio_err, "-base64               - encode output\n");
 		goto err;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto err;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto err;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
--- a/apps/req.c
+++ b/apps/req.c
@@ -73,7 +73,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define SECTION		"req"
@@ -141,7 +140,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 #ifndef NO_DSA
 	DSA *dsa_params=NULL;
 #endif
@@ -154,7 +152,6 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0,newhdr=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
 	char *engine=NULL;
 	char *extensions = NULL;
 	char *req_exts = NULL;
 	EVP_CIPHER *cipher=NULL;
@@ -198,11 +195,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -291,7 +283,7 @@ int MAIN(int argc, char **argv)
 						goto end;
 						}
-					dtmp=X509_get_pubkey(xtmp);
+					if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
 					if (dtmp->type == EVP_PKEY_DSA)
 						dsa_params=DSAparams_dup(dtmp->pkey.dsa);
 					EVP_PKEY_free(dtmp);
@@ -383,7 +375,6 @@ bad:
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
 		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -key file	use the private key contained in file\n");
 		BIO_printf(bio_err," -keyform arg   key file format\n");
 		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
@@ -392,8 +383,7 @@ bad:
 		BIO_printf(bio_err,"                the random number generator\n");
 		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-
+		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
 		BIO_printf(bio_err," -config file   request template file.\n");
 		BIO_printf(bio_err," -new           new request.\n");
 		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
@@ -531,55 +521,24 @@ bad:
 	if ((in == NULL) || (out == NULL))
 		goto end;
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (keyfile != NULL)
 		{
-		if (keyform == FORMAT_ENGINE)
+		if (BIO_read_filename(in,keyfile) <= 0)
 			{
-			if (!e)
+			perror(keyfile);
-				{
+			goto end;
-				BIO_printf(bio_err,"no engine specified\n");
+			}
-				goto end;
+
-				}
+		if (keyform == FORMAT_ASN1)
-			pkey = ENGINE_load_private_key(e, keyfile, NULL);
+			pkey=d2i_PrivateKey_bio(in,NULL);
 		else if (keyform == FORMAT_PEM)
 			{
 			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
 			}
 		else
 			{
-			if (BIO_read_filename(in,keyfile) <= 0)
+			BIO_printf(bio_err,"bad input format specified for X509 request\n");
-				{
+			goto end;
 				perror(keyfile);
 				goto end;
 				}
 			if (keyform == FORMAT_ASN1)
 				pkey=d2i_PrivateKey_bio(in,NULL);
 			else if (keyform == FORMAT_PEM)
 				{
 				pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
 					passin);
 				}
 			else
 				{
 				BIO_printf(bio_err,"bad input format specified for X509 request\n");
 				goto end;
 				}
 			}
 		if (pkey == NULL)
@@ -759,17 +718,14 @@ loop:
 			/* Set version to V3 */
 			if(!X509_set_version(x509ss, 2)) goto end;
-			ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
+			if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
-			X509_set_issuer_name(x509ss,
+			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
-				X509_REQ_get_subject_name(req));
+			if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
-			X509_gmtime_adj(X509_get_notBefore(x509ss),0);
+			if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
-			X509_gmtime_adj(X509_get_notAfter(x509ss),
+			if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
 				(long)60*60*24*days);
 			X509_set_subject_name(x509ss,
 				X509_REQ_get_subject_name(req));
 			tmppkey = X509_REQ_get_pubkey(req);
-			X509_set_pubkey(x509ss,tmppkey);
+			if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
 			EVP_PKEY_free(tmppkey);
 			/* Set up V3 context struct */
@@ -1000,7 +956,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
 	if(!i) goto err;
-	X509_REQ_set_pubkey(req,pkey);
+	if (!X509_REQ_set_pubkey(req,pkey)) goto err;
 	ret=1;
 err:
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -68,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	rsa_main
@@ -91,7 +90,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0, sgckey=0;
@@ -102,7 +100,6 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	char *engine=NULL;
 	int modulus=0;
 	apps_startup();
@@ -151,11 +148,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-sgckey") == 0)
 			sgckey=1;
 		else if (strcmp(*argv,"-pubin") == 0)
@@ -203,30 +195,11 @@ bad:
 		BIO_printf(bio_err," -check          verify key consistency\n");
 		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -62,7 +62,6 @@
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define RSA_SIGN 	1
 #define RSA_VERIFY 	2
@@ -83,7 +82,6 @@ int MAIN(int argc, char **);
 int MAIN(int argc, char **argv)
 {
 	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
 	char *keyfile = NULL;
@@ -97,7 +95,6 @@ int MAIN(int argc, char **argv)
 	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
 	int rsa_inlen, rsa_outlen = 0;
 	int keysize;
 	char *engine=NULL;
 	int ret = 1;
@@ -120,9 +117,6 @@ int MAIN(int argc, char **argv)
 		} else if(!strcmp(*argv, "-inkey")) {
 			if (--argc < 1) badarg = 1;
 			keyfile = *(++argv);
 		} else if(!strcmp(*argv, "-engine")) {
 			if (--argc < 1) badarg = 1;
 			engine = *(++argv);
 		} else if(!strcmp(*argv, "-pubin")) {
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
@@ -157,24 +151,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
@@ -304,7 +280,6 @@ static void usage()
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
 	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
 	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
 	BIO_printf(bio_err, "-raw            use no padding\n");
 	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -80,7 +80,6 @@ typedef unsigned int u_int;
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 #include "s_apps.h"
 #ifdef WINDOWS
@@ -155,7 +154,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
+
 	}
 int MAIN(int, char **);
@@ -183,8 +182,6 @@ int MAIN(int argc, char **argv)
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
 	char *inrand=NULL;
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
 #ifdef WINDOWS
 	struct timeval tv;
 #endif
@@ -327,11 +324,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 		else if	(strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine_id = *(++argv);
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -372,30 +364,6 @@ bad:
 	OpenSSL_add_ssl_algorithms();
 	SSL_load_error_strings();
 	if (engine_id != NULL)
 		{
 		if((e = ENGINE_by_id(engine_id)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (c_debug)
 			{
 			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
 				0, bio_err, 0);
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
 		ENGINE_free(e);
 		}
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -928,5 +896,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)
 		X509_free(peer);
 	/* flush, or debugging output gets mixed with http response */
 	BIO_flush(bio);
 	}
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -84,7 +84,6 @@ typedef unsigned int u_int;
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 #include "s_apps.h"
 #ifdef WINDOWS
@@ -178,7 +177,6 @@ static int s_debug=0;
 static int s_quiet=0;
 static int hack=0;
 static char *engine_id=NULL;
 #ifdef MONOLITH
 static void s_server_init(void)
@@ -201,7 +199,6 @@ static void s_server_init(void)
 	s_debug=0;
 	s_quiet=0;
 	hack=0;
 	engine_id=NULL;
 	}
 #endif
@@ -247,7 +244,6 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}
 static int local_argc=0;
@@ -418,8 +414,6 @@ int MAIN(int argc, char *argv[])
 	int state=0;
 	SSL_METHOD *meth=NULL;
 	char *inrand=NULL;
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
 #ifndef NO_DH
 	DH *dh=NULL;
 #endif
@@ -579,11 +573,6 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine_id= *(++argv);
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -635,29 +624,6 @@ bad:
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 	if (engine_id != NULL)
 		{
 		if((e = ENGINE_by_id(engine_id)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (s_debug)
 			{
 			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
 				0, bio_err, 0);
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
 		ENGINE_free(e);
 		}
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -1432,9 +1398,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				break;
 				}
 #if 0
 			/* append if a directory lookup */
 			if (e[-1] == '/')
 				strcat(p,"index.html");
 #endif
 			/* if a directory, do the index thang */
 			if (stat(p,&st_buf) < 0)
@@ -1446,7 +1414,13 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				}
 			if (S_ISDIR(st_buf.st_mode))
 				{
 #if 0 /* must check buffer size */
 				strcat(p,"/index.html");
 #else
 				BIO_puts(io,text);
 				BIO_printf(io,"'%s' is a directory\r\n",p);
 				break;
 #endif
 				}
 			if ((file=BIO_new_file(p,"r")) == NULL)
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -82,7 +82,7 @@
 #include "wintext.h"
 #endif
-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#if !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) || defined (_DARWIN)
 #define TIMES
 #endif
@@ -102,7 +102,7 @@
 #undef TIMES
 #endif
-#ifndef TIMES
+#if !defined(TIMES) && !defined(VXWORKS)
 #include <sys/timeb.h>
 #endif
@@ -139,6 +139,8 @@
 #undef BUFSIZZ
 #define BUFSIZZ 1024*10
 #undef min
 #undef max
 #define min(a,b) (((a) < (b)) ? (a) : (b))
 #define max(a,b) (((a) > (b)) ? (a) : (b))
@@ -368,6 +370,22 @@ static double tm_Time_F(int s)
 		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
 		return((ret == 0.0)?1e-6:ret);
 	}
 #elif defined(VXWORKS)
        {
 	static unsigned long tick_start, tick_end;
 	if( s == START )
 		{
 		tick_start = tickGet();
 		return 0;
 		}
 	else
 		{
 		tick_end = tickGet();
 		ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
 		return((ret == 0.0)?1e-6:ret);
 		}
        }
 #else /* !times() */
 	static struct timeb tstart,tend;
 	long i;
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -64,7 +64,6 @@
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG smime_main
@@ -82,7 +81,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
 	ENGINE *e = NULL;
 	int operation = 0;
 	int ret = 0;
 	char **args;
@@ -105,9 +103,8 @@ int MAIN(int argc, char **argv)
 	char *inrand = NULL;
 	int need_rand = 0;
 	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
 	char *engine=NULL;
 	args = argv + 1;
 	ret = 1;
 	while (!badarg && *args && *args[0] == '-') {
@@ -156,11 +153,6 @@ int MAIN(int argc, char **argv)
 				inrand = *args;
 			} else badarg = 1;
 			need_rand = 1;
 		} else if (!strcmp(*args,"-engine")) {
 			if (args[1]) {
 				args++;
 				engine = *args;
 			} else badarg = 1;
 		} else if (!strcmp(*args,"-passin")) {
 			if (args[1]) {
 				args++;
@@ -298,7 +290,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
-		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
+		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,  "               the random number generator\n");
@@ -306,24 +298,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -440,7 +414,10 @@ int MAIN(int argc, char **argv)
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
 	} else if(operation == SMIME_SIGN) {
 		p7 = PKCS7_sign(signer, key, other, in, flags);
-		BIO_reset(in);
+		if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
 		  BIO_printf(bio_err, "Can't rewind input file\n");
 		  goto end;
 		}
 	} else {
 		if(informat == FORMAT_SMIME) 
 			p7 = SMIME_read_PKCS7(in, &indata);
@@ -480,9 +457,9 @@ int MAIN(int argc, char **argv)
 	} else if(operation == SMIME_VERIFY) {
 		STACK_OF(X509) *signers;
 		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
-			BIO_printf(bio_err, "Verification Successful\n");
+			BIO_printf(bio_err, "Verification successful\n");
 		} else {
-			BIO_printf(bio_err, "Verification Failure\n");
+			BIO_printf(bio_err, "Verification failure\n");
 			goto end;
 		}
 		signers = PKCS7_get0_signers(p7, other, flags);
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -81,14 +81,13 @@
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
 #include <openssl/engine.h>
-#if defined(__FreeBSD__)
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN)
 # define USE_TOD
-#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#elif !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC))
 # define TIMES
 #endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) && !defined(_DARWIN) && !defined(VXWORKS)
 # define TIMEB
 #endif
@@ -116,7 +115,7 @@
 #include <sys/timeb.h>
 #endif
-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD)
+#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(VXWORKS)
 #error "It seems neither struct tms nor struct timeb is supported in this platform!"
 #endif
@@ -225,7 +224,7 @@ static double Time_F(int s, int usertime)
 #ifdef USE_TOD
 	if(usertime)
-	    {
+		{
 		static struct rusage tstart,tend;
 		if (s == START)
@@ -285,7 +284,23 @@ static double Time_F(int s, int usertime)
 # if defined(TIMES) && defined(TIMEB)
 	else
 # endif
-# ifdef TIMEB
+# ifdef VXWORKS
 		{
 		static unsigned long tick_start, tick_end;
 		if( s == START )
 			{
 			tick_start = tickGet();
 			return 0;
 			}
 		else
 			{
 			tick_end = tickGet();
 			ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
 			return((ret < 0.001)?0.001:ret);
 			}
                }
 # elif defined(TIMEB)
 		{
 		static struct timeb tstart,tend;
 		long i;
@@ -304,6 +319,7 @@ static double Time_F(int s, int usertime)
 			}
 		}
 # endif
 #endif
 	}
@@ -311,7 +327,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e;
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
 #define ALGOR_NUM	15
@@ -320,7 +335,9 @@ int MAIN(int argc, char **argv)
 #define DSA_NUM		3
 	long count,rsa_count;
 	int i,j,k;
 #ifndef NO_RSA
 	unsigned rsa_num;
 #endif
 #ifndef NO_MD2
 	unsigned char md2[MD2_DIGEST_LENGTH];
 #endif
@@ -472,37 +489,6 @@ int MAIN(int argc, char **argv)
 		{
 		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
 			usertime = 0;
 		else
 		if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
 			{
 			argc--;
 			argv++;
 			if(argc == 0)
 				{
 				BIO_printf(bio_err,"no engine given\n");
 				goto end;
 				}
 			if((e = ENGINE_by_id(*argv)) == NULL)
 				{
 				BIO_printf(bio_err,"invalid engine \"%s\"\n",
 					*argv);
 				goto end;
 				}
 			if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 				{
 				BIO_printf(bio_err,"can't use that engine\n");
 				goto end;
 				}
 			BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
 			/* Free our "structural" reference. */
 			ENGINE_free(e);
 			/* It will be increased again further down.  We just
 			   don't want speed to confuse an engine with an
 			   algorithm, especially when none is given (which
 			   means all of them should be run) */
 			j--;
 			}
 		else
 #ifndef NO_MD2
 		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
 		else
@@ -550,7 +536,7 @@ int MAIN(int argc, char **argv)
 #ifdef RSAref
 			if (strcmp(*argv,"rsaref") == 0) 
 			{
-			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
+			RSA_set_default_method(RSA_PKCS1_RSAref());
 			j--;
 			}
 		else
@@ -558,7 +544,7 @@ int MAIN(int argc, char **argv)
 #ifndef RSA_NULL
 			if (strcmp(*argv,"openssl") == 0) 
 			{
-			RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
+			RSA_set_default_method(RSA_PKCS1_SSLeay());
 			j--;
 			}
 		else
@@ -703,12 +689,11 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"\n");
 #endif
 #ifdef TIMES
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"Available options:\n");
 #ifdef TIMES
 			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
 			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 			goto end;
 			}
 		argc--;
@@ -1415,7 +1400,6 @@ int MAIN(int argc, char **argv)
 #endif
 	mret=0;
 end:
 	ERR_print_errors(bio_err);
 	if (buf != NULL) OPENSSL_free(buf);
 	if (buf2 != NULL) OPENSSL_free(buf2);
 #ifndef NO_RSA
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -69,7 +69,6 @@
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	spkac_main
@@ -82,7 +81,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i,badops=0, ret = 1;
 	BIO *in = NULL,*out = NULL, *key = NULL;
 	int verify=0,noout=0,pubkey=0;
@@ -93,7 +91,6 @@ int MAIN(int argc, char **argv)
 	LHASH *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
 	char *engine=NULL;
 	apps_startup();
@@ -139,11 +136,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -169,7 +161,6 @@ bad:
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
 		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		goto end;
 		}
@@ -179,24 +170,6 @@ bad:
 		goto end;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(keyfile) {
 		if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
 		else key = BIO_new_fp(stdin, BIO_NOCLOSE);
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -65,7 +65,6 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	verify_main
@@ -79,7 +78,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i,ret=1;
 	int purpose = -1;
 	char *CApath=NULL,*CAfile=NULL;
@@ -87,7 +85,6 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
 	char *engine=NULL;
 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
@@ -140,11 +137,6 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				trustfile= *(++argv);
 				}
 			else if (strcmp(*argv,"-engine") == 0)
 				{
 				if (--argc < 1) goto end;
 				engine= *(++argv);
 				}
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
 			else if (strcmp(*argv,"-issuer_checks") == 0)
@@ -162,24 +154,6 @@ int MAIN(int argc, char **argv)
 			break;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
 	if (CAfile) {
@@ -227,7 +201,7 @@ int MAIN(int argc, char **argv)
 	ret=0;
 end:
 	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -73,7 +73,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG x509_main
@@ -130,7 +129,6 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
 " -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
@@ -147,7 +145,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	X509_REQ *req=NULL;
 	X509 *x=NULL,*xca=NULL;
@@ -178,7 +175,6 @@ int MAIN(int argc, char **argv)
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
 	unsigned long nmflag = 0;
 	char *engine=NULL;
 	reqfile=0;
@@ -341,11 +337,6 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-C") == 0)
 			C= ++num;
 		else if (strcmp(*argv,"-email") == 0)
@@ -429,24 +420,6 @@ bad:
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (need_rand)
 		app_RAND_load_file(NULL, bio_err, 0);
--- a/129
+++ b/129
@@ -68,6 +68,11 @@ if [ "x$XREL" != "x" ]; then
 	    4.2)
 		echo "whatever-whatever-unixware1"; exit 0
 		;;
     OpenUNIX)
 		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
 		    echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
 		fi
 		;;
 	    5)
 		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
 		    echo "${MACHINE}-sco-unixware7"; exit 0
@@ -195,15 +200,33 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-openbsd"; exit 0
 	;;
    OpenUNIX:*)
 	echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
 	;;
    OSF1:*:*:*alpha*)
-	echo "${MACHINE}-dec-osf"; exit 0
+	OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
 	case "$OSFMAJOR" in
 	    4|5)
 		echo "${MACHINE}-dec-tru64"; exit 0
 		;;
 	    1|2|3)
 		echo "${MACHINE}-dec-osf"; exit 0
 		;;
 	    *)
 		echo "${MACHINE}-dec-osf"; exit 0
 		;;
 	esac
 	;;
    QNX:*)
-	case "$VERSION" in
+	case "$RELEASE" in
 	    4*)
 		echo "${MACHINE}-whatever-qnx4"
 		;;
 	    6*)
 		echo "${MACHINE}-whatever-qnx6"
 		;;
 	    *)
 		echo "${MACHINE}-whatever-qnx"
 		;;
@@ -219,6 +242,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "ppc-apple-rhapsody"; exit 0
 	;;
    Darwin:*)
 	echo "ppc-apple-darwin"; exit 0
 	;;
    SunOS:5.*)
 	echo "${MACHINE}-whatever-solaris2"; exit 0
 	;;
@@ -271,6 +298,25 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "mips-sony-newsos4"; exit 0;
 	;;
    CYGWIN*)
 	case "$RELEASE" in
 	    [bB]*|1.0|1.[12].*)
 		echo "${MACHINE}-whatever-cygwin_pre1.3"
 		;;
 	    *)
 		echo "${MACHINE}-whatever-cygwin"
 		;;
 	esac
 	exit 0
 	;;
    *"CRAY T3E")
       echo "t3e-cray-unicosmk"; exit 0;
       ;;
    *CRAY*)
       echo "j90-cray-unicos"; exit 0;
       ;;
 esac
 #
@@ -435,11 +481,27 @@ case "$GUESSOS" in
 	    esac
 	fi
 	;;
-  mips-*-linux?) OUT="linux-mips" ;;
+  mips-*-linux?)
          cat >dummy.c <<EOF
 #include <stdio.h>  /* for printf() prototype */
        int main (argc, argv) int argc; char *argv[]; {
 #ifdef __MIPSEB__
  printf ("linux-%s\n", argv[1]);
 #endif
 #ifdef __MIPSEL__
  printf ("linux-%sel\n", argv[1]);
 #endif
  return 0;
 }
 EOF
 	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
 	rm dummy dummy.c
 	;;
  ppc-*-linux2) OUT="linux-ppc" ;;
  m68k-*-linux*) OUT="linux-m68k" ;;
  ia64-*-linux?) OUT="linux-ia64" ;;
  ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
  ppc-apple-darwin) OUT="darwin-ppc-cc" ;;
  sparc64-*-linux2)
 	#Before we can uncomment following lines we have to wait at least
 	#till 64-bit glibc for SPARC is operational:-(
@@ -456,8 +518,29 @@ case "$GUESSOS" in
 	sun4d)	OUT="linux-sparcv8" ;;
 	*)	OUT="linux-sparcv7" ;;
 	esac ;;
  parisc-*-linux2)
        CPUARCH=`awk '/cpu family/{print substr($5,1,3)}' /proc/cpuinfo`
 	CPUSCHEDULE=`awk '/^cpu.[ 	]: PA/{print substr($3,3)}' /proc/cpuinfo`
 	# ??TODO ??  Model transformations
 	# 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
 	#    assuming no further arch. identification will ever be used by GCC.
 	# 1. I'm most concerned about whether is a 7300LC is closer to a 7100 versus a 7100LC.
 	# 2. The variant 64-bit processors cause concern should GCC support explicit schedulers
 	#    for these chips in the future.
 	#         PA7300LC -> 7100LC (1.1)
 	#         PA8200   -> 8000   (2.0)
 	#         PA8500   -> 8000   (2.0)
 	#         PA8600   -> 8000   (2.0)
 	CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'`
 	# Finish Model transformations
 	options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH"
 	OUT="linux-parisc" ;;
  arm*-*-linux2) OUT="linux-elf-arm" ;;
  s390-*-linux2) OUT="linux-s390" ;;
  s390x-*-linux?) OUT="linux-s390x" ;;
  *-*-linux2) OUT="linux-elf" ;;
  *-*-linux1) OUT="linux-aout" ;;
  sun4u*-*-solaris2)
@@ -485,7 +568,15 @@ case "$GUESSOS" in
  pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
  *-*-openbsd) OUT="OpenBSD" ;;
  *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
-  *-*-osf) OUT="alpha-cc" ;;
+  *-*-osf) OUT="alphaold-cc" ;;
  *-*-tru64) OUT="alpha-cc" ;;
  *-*-OpenUNIX*)
 	if [ "$CC" = "gcc" ]; then
 	  OUT="OpenUNIX-8-gcc" 
 	else    
 	  OUT="OpenUNIX-8" 
 	fi
 	;;
  *-*-unixware7) OUT="unixware-7" ;;
  *-*-UnixWare7) OUT="unixware-7" ;;
  *-*-Unixware7) OUT="unixware-7" ;;
@@ -505,30 +596,18 @@ case "$GUESSOS" in
  # *-aix) OUT="aix-$CC" ;;
  # *-dgux) OUT="dgux" ;;
  mips-sony-newsos4) OUT="newsos4-gcc" ;;
  *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
  *-*-cygwin) OUT="Cygwin" ;;
  t3e-cray-unicosmk) OUT="cray-t3e" ;;
  j90-cray-unicos) OUT="cray-j90" ;;
  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 # NB: This atalla support has been superceded by the ENGINE support
 # That contains its own header and definitions anyway. Support can
 # be enabled or disabled on any supported platform without external
 # headers, eg. by adding the "hw-atalla" switch to ./config or
 # perl Configure
 #
 # See whether we can compile Atalla support
-#if [ -f /usr/include/atasi.h ]
+if [ -f /usr/include/atasi.h ]
-#then
+then
-#  options="$options -DATALLA"
+  options="$options -DATALLA"
-#fi
+fi
 #get some basic shared lib support (behnke@trustcenter.de)
 case "$OUT" in
   solaris-*-gcc)
 	if  [ "$SHARED" = "true" ] 
 	 then
 	  options="$options -DPIC -fPIC"
        fi
     ;;
 esac
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
@@ -549,7 +628,7 @@ case "$GUESSOS" in
  i386-*) options="$options 386" ;;
 esac
-for i in bf cast des dh dsa hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+for i in bf cast des dh dsa hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
 do
  if [ ! -d crypto/$i ]
  then
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -6,7 +6,7 @@ DIR=		crypto
 TOP=		..
 CC=		cc
 INCLUDE=	-I. -I../include
-INCLUDES=	-I.. -I../../include
+INCLUDES=	-I.. -I../.. -I../../include
 CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
@@ -27,7 +27,7 @@ LIBS=
 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso engine \
+	bn rsa dsa dh dso \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
@@ -54,7 +54,7 @@ buildinf.h: ../Makefile.ssl
 	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
 	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
 	echo "  #define PLATFORM \"$(PLATFORM)\""; \
-	echo "  #define DATE \"`date`\""; \
+	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
 	echo "#endif" ) >buildinf.h
 testapps:
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -936,40 +936,40 @@ t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
+t_bitst.o: ../cryptlib.h
 t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_crl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
+t_crl.o: ../cryptlib.h
 t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
@@ -985,20 +985,20 @@ t_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h
+t_req.o: ../cryptlib.h
 t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1024,20 +1024,20 @@ t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
+t_x509.o: ../cryptlib.h
 t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1310,21 +1310,20 @@ x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
 x_x509.o: ../cryptlib.h
 x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -224,6 +224,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 	w=n/8;
 	v=1<<(7-(n&0x07));
 	iv= ~v;
 	if (!value) v=0;
 	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -203,7 +203,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	if (s == NULL)
 		return(NULL);
-#if defined(THREADS) && !defined(WIN32)
+#if defined(THREADS) && !defined(WIN32) && ! defined(_DARWIN)
 	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
 	ts=&data;
 #else
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <time.h>
@@ -87,7 +140,14 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 		else
 			a=algor2;
 		if (a == NULL) continue;
-		if (	(a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
 			{
 			/* special case: RFC 2459 tells us to omit 'parameters'
 			 * with id-dsa-with-sha1 */
 			ASN1_TYPE_free(a->parameter);
 			a->parameter = NULL;
 			}
 		else if ((a->parameter == NULL) || 
 			(a->parameter->type != V_ASN1_NULL))
 			{
 			ASN1_TYPE_free(a->parameter);
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -105,9 +105,9 @@ int ASN1_STRING_set_default_mask_asc(char *p)
 		mask = strtoul(p + 5, &end, 0);
 		if(*end) return 0;
 	} else if(!strcmp(p, "nombstr"))
-			 mask = ~(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING);
+		mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
 	else if(!strcmp(p, "pkix"))
-			mask = ~B_ASN1_T61STRING;
+			mask = ~((unsigned long)B_ASN1_T61STRING);
 	else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
 	else if(!strcmp(p, "default"))
 	    mask = 0xFFFFFFFFL;
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -113,7 +113,7 @@ ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 	{
 	struct tm *ts;
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
 	struct tm data;
 	gmtime_r(&t,&data);
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -203,7 +203,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	if (s == NULL)
 		return(NULL);
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
 	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
 	ts=&data;
 #else
@@ -286,7 +286,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	t -= offset*60; /* FIXME: may overflow in extreme cases */
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
 	{ struct tm data; gmtime_r(&t, &data); tm = &data; }
 #else
 	tm = gmtime(&t);
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -834,8 +834,6 @@ void ASN1_HEADER_free(ASN1_HEADER *a);
 int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
 void ERR_load_ASN1_strings(void);
 /* Not used that much at this point, except for the first two */
 ASN1_METHOD *X509_asn1_meth(void);
 ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
@@ -877,6 +875,7 @@ void ASN1_STRING_TABLE_cleanup(void);
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_ASN1_strings(void);
 /* Error codes for the ASN1 functions. */
@@ -1148,4 +1147,3 @@ void ASN1_STRING_TABLE_cleanup(void);
 }
 #endif
 #endif
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -349,6 +349,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 	ll=80-2-obase;
 	s=X509_NAME_oneline(name,buf,256);
 	if (!*s)
 		return 1;
 	s++; /* skip the first slash */
 	l=ll;
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -234,7 +234,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	a=key->algor;
 	if (ret->type == EVP_PKEY_DSA)
 		{
-		if (a->parameter->type == V_ASN1_SEQUENCE)
+		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
 			{
 			ret->pkey.dsa->write_params=0;
 			p=a->parameter->value.sequence->data;
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -109,7 +109,11 @@
 #endif
 #if HAVE_LONG_LONG
-#define LLONG long long
+# if defined(WIN32) && !defined(__GNUC__)
 # define LLONG _int64
 # else
 # define LLONG long long
 # endif
 #else
 #define LLONG long
 #endif
@@ -152,7 +156,7 @@ static void _dopr(char **sbuffer, char **buffer,
 /* some handy macros */
 #define char_to_int(p) (p - '0')
-#define MAX(p,q) ((p >= q) ? p : q)
+#define OSSL_MAX(p,q) ((p >= q) ? p : q)
 static void
 _dopr(
@@ -503,13 +507,13 @@ fmtint(
    convert[place] = 0;
    zpadlen = max - place;
-    spadlen = min - MAX(max, place) - (signvalue ? 1 : 0);
+    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
    if (zpadlen < 0)
        zpadlen = 0;
    if (spadlen < 0)
        spadlen = 0;
    if (flags & DP_F_ZERO) {
-        zpadlen = MAX(zpadlen, spadlen);
+        zpadlen = OSSL_MAX(zpadlen, spadlen);
        spadlen = 0;
    }
    if (flags & DP_F_MINUS)
@@ -565,7 +569,7 @@ pow10(int exp)
 }
 static long
-round(LDOUBLE value)
+roundv(LDOUBLE value)
 {
    long intpart;
    intpart = (long) value;
@@ -617,7 +621,7 @@ fmtfp(
    /* we "cheat" by converting the fractional part to integer by
       multiplying by a factor of 10 */
-    fracpart = round((pow10(max)) * (ufvalue - intpart));
+    fracpart = roundv((pow10(max)) * (ufvalue - intpart));
    if (fracpart >= pow10(max)) {
        intpart++;
@@ -641,7 +645,7 @@ fmtfp(
            (caps ? "0123456789ABCDEF"
              : "0123456789abcdef")[fracpart % 10];
        fracpart = (fracpart / 10);
-    } while (fracpart && (fplace < 20));
+    } while (fplace < max);
    if (fplace == 20)
        fplace--;
    fconvert[fplace] = 0;
@@ -712,12 +716,13 @@ doapr_outch(
    if (buffer) {
 	while (*currlen >= *maxlen) {
 	    if (*buffer == NULL) {
 		assert(*sbuffer != NULL);
 		if (*maxlen == 0)
 		    *maxlen = 1024;
 		*buffer = OPENSSL_malloc(*maxlen);
-		if (*currlen > 0)
+		if (*currlen > 0) {
 		    assert(*sbuffer != NULL);
 		    memcpy(*buffer, *sbuffer, *currlen);
 		}
 		*sbuffer = NULL;
 	    } else {
 		*maxlen += 1024;
@@ -757,7 +762,9 @@ int BIO_vprintf (BIO *bio, const char *format, va_list args)
 	{
 	int ret;
 	size_t retlen;
-	MS_STATIC char hugebuf[1024*10];
+	char hugebuf[1024*2];	/* Was previously 10k, which is unreasonable
 				   in small-stack environments, like threads
 				   or DOS programs. */
 	char *hugebufp = hugebuf;
 	size_t hugebufsize = sizeof(hugebuf);
 	char *dynbuf = NULL;
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -72,9 +72,9 @@
 #endif
 #ifdef SO_MAXCONN
 #define MAX_LISTEN  SOMAXCONN
 #elif defined(SO_MAXCONN)
 #define MAX_LISTEN  SO_MAXCONN
 #elif defined(SOMAXCONN)
 #define MAX_LISTEN  SOMAXCONN
 #else
 #define MAX_LISTEN  32
 #endif
@@ -95,8 +95,10 @@ static struct ghbn_cache_st
 	} ghbn_cache[GHBN_NUM];
 static int get_ip(const char *str,unsigned char *ip);
 #if 0
 static void ghbn_free(struct hostent *a);
 static struct hostent *ghbn_dup(struct hostent *a);
 #endif
 int BIO_get_host_ip(const char *str, unsigned char *ip)
 	{
 	int i;
@@ -266,6 +268,7 @@ long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
 	return(1);
 	}
 #if 0
 static struct hostent *ghbn_dup(struct hostent *a)
 	{
 	struct hostent *ret;
@@ -342,21 +345,27 @@ static void ghbn_free(struct hostent *a)
 	if (a->h_name != NULL) OPENSSL_free(a->h_name);
 	OPENSSL_free(a);
 	}
 #endif
 struct hostent *BIO_gethostbyname(const char *name)
 	{
 #if 1
 	/* Caching gethostbyname() results forever is wrong,
 	 * so we have to let the true gethostbyname() worry about this */
 	return gethostbyname(name);
 #else
 	struct hostent *ret;
 	int i,lowi=0,j;
 	unsigned long low= (unsigned long)-1;
 /*	return(gethostbyname(name)); */
-#if 0 /* It doesn't make sense to use locking here: The function interface
+#  if 0
-	   * is not thread-safe, because threads can never be sure when
+	/* It doesn't make sense to use locking here: The function interface
-	   * some other thread destroys the data they were given a pointer to.
+	 * is not thread-safe, because threads can never be sure when
-	   */
+	 * some other thread destroys the data they were given a pointer to.
 	 */
 	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
-#endif
+#  endif
 	j=strlen(name);
 	if (j < 128)
 		{
@@ -384,20 +393,21 @@ struct hostent *BIO_gethostbyname(const char *name)
 		 * parameter is 'char *', instead of 'const char *'
 		 */
 		ret=gethostbyname(
-#ifndef CONST_STRICT
+#  ifndef CONST_STRICT
 		    (char *)
-#endif
+#  endif
 		    name);
 		if (ret == NULL)
 			goto end;
 		if (j > 128) /* too big to cache */
 			{
-#if 0 /* If we were trying to make this function thread-safe (which
+#  if 0
-	   * is bound to fail), we'd have to give up in this case
+			/* If we were trying to make this function thread-safe (which
-	   * (or allocate more memory). */
+			 * is bound to fail), we'd have to give up in this case
 			 * (or allocate more memory). */
 			ret = NULL;
-#endif
+#  endif
 			goto end;
 			}
@@ -421,12 +431,14 @@ struct hostent *BIO_gethostbyname(const char *name)
 		ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
 		}
 end:
-#if 0
+#  if 0
 	CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
-#endif
+#  endif
 	return(ret);
 #endif
 	}
 int BIO_sock_init(void)
 	{
 #ifdef WINDOWS
--- a/crypto/bio/bf_buff.c
+++ b/crypto/bio/bf_buff.c
@@ -70,7 +70,7 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int buffer_new(BIO *h);
 static int buffer_free(BIO *data);
 static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-#define DEFAULT_BUFFER_SIZE	1024
+#define DEFAULT_BUFFER_SIZE	4096
 static BIO_METHOD methods_buffer=
 	{
--- a/crypto/bio/bf_lbuf.c
+++ b/crypto/bio/bf_lbuf.c
@@ -200,7 +200,7 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
 					}
 				}
-#ifdef DEBUG
+#if 0
 BIO_write(b->next_bio, "<*<", 3);
 #endif
 			i=BIO_write(b->next_bio,
@@ -210,13 +210,13 @@ BIO_write(b->next_bio, "<*<", 3);
 				ctx->obuf_len = orig_olen;
 				BIO_copy_next_retry(b);
-#ifdef DEBUG
+#if 0
 BIO_write(b->next_bio, ">*>", 3);
 #endif
 				if (i < 0) return((num > 0)?num:i);
 				if (i == 0) return(num);
 				}
-#ifdef DEBUG
+#if 0
 BIO_write(b->next_bio, ">*>", 3);
 #endif
 			if (i < ctx->obuf_len)
@@ -229,20 +229,20 @@ BIO_write(b->next_bio, ">*>", 3);
 		   buffer if a NL was found and there is anything to write. */
 		if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
 			{
-#ifdef DEBUG
+#if 0
 BIO_write(b->next_bio, "<*<", 3);
 #endif
 			i=BIO_write(b->next_bio,in,p - in);
 			if (i <= 0)
 				{
 				BIO_copy_next_retry(b);
-#ifdef DEBUG
+#if 0
 BIO_write(b->next_bio, ">*>", 3);
 #endif
 				if (i < 0) return((num > 0)?num:i);
 				if (i == 0) return(num);
 				}
-#ifdef DEBUG
+#if 0
 BIO_write(b->next_bio, ">*>", 3);
 #endif
 			num+=i;
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -356,8 +356,8 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
 #define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 #define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
-#define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
+#define BIO_get_conn_ip(b) 		 BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-#define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
+#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)
 #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
@@ -431,7 +431,7 @@ int BIO_read_filename(BIO *b,const char *name);
 #define BIO_set_ssl_renegotiate_bytes(b,num) \
 	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
 #define BIO_get_num_renegotiates(b) \
-	BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
+	BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
 #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
 	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
@@ -588,8 +588,6 @@ int BIO_sock_init(void );
 void BIO_sock_cleanup(void);
 int BIO_set_tcp_ndelay(int sock,int turn_on);
 void ERR_load_BIO_strings(void );
 BIO *BIO_new_socket(int sock, int close_flag);
 BIO *BIO_new_fd(int fd, int close_flag);
 BIO *BIO_new_connect(char *host_port);
@@ -615,6 +613,7 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args);
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_BIO_strings(void);
 /* Error codes for the BIO functions. */
@@ -684,4 +683,3 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args);
 }
 #endif
 #endif
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -23,7 +23,12 @@
 #include <openssl/crypto.h>
 #include "openssl/e_os.h"
-#ifndef SSIZE_MAX
+
 /* VxWorks defines SSiZE_MAX with an empty value causing compile errors */
 #if defined(VXWORKS)
 # undef SSIZE_MAX
 # define SSIZE_MAX INT_MAX
 #elif !defined(SSIZE_MAX)
 # define SSIZE_MAX INT_MAX
 #endif
@@ -474,7 +479,8 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
 		break;
 	case BIO_C_GET_WRITE_BUF_SIZE:
-		num = (long) b->size;
+		ret = (long) b->size;
 		break;
 	case BIO_C_MAKE_BIO_PAIR:
 		{
--- a/crypto/bio/bss_log.c
+++ b/crypto/bio/bss_log.c
@@ -75,7 +75,7 @@
 #  include <starlet.h>
 #elif defined(__ultrix)
 #  include <sys/syslog.h>
-#elif !defined(MSDOS) /* Unix */
+#elif !defined(MSDOS) && !defined(VXWORKS) /* Unix */
 #  include <syslog.h>
 #endif
--- a/crypto/bn/Makefile.ssl
+++ b/crypto/bn/Makefile.ssl
@@ -124,6 +124,8 @@ asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S
 	$(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
 		/usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
 asm/ia64.o: asm/ia64.S
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
--- a/crypto/bn/asm/ia64.S
+++ b/crypto/bn/asm/ia64.S
--- a/crypto/bn/asm/mips3.s
+++ b/crypto/bn/asm/mips3.s
@@ -1,5 +1,5 @@
 .rdata
-.asciiz "mips3.s, Version 1.0"
+.asciiz	"mips3.s, Version 1.1"
 .asciiz	"MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
 /*
@@ -849,6 +849,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
 	sltu	c_3,c_2,t_2
 	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -856,7 +857,8 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
+	sltu	AT,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -884,6 +886,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -891,7 +894,8 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
+	sltu	AT,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -928,6 +932,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
 	sltu	c_2,c_1,t_2
 	dmultu	a_1,b_4		/* mul_add_c(a[1],b[4],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -935,7 +940,8 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
+	sltu	AT,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -981,6 +987,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
 	sltu	c_3,c_2,t_2
 	dmultu	a_5,b_1		/* mul_add_c(a[5],b[1],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -988,7 +995,8 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
+	sltu	AT,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_4,b_2		/* mul_add_c(a[4],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1043,6 +1051,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	dmultu	a_1,b_6		/* mul_add_c(a[1],b[6],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1050,7 +1059,8 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
+	sltu	AT,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_2,b_5		/* mul_add_c(a[2],b[5],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1114,6 +1124,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
 	sltu	c_2,c_1,t_2
 	dmultu	a_6,b_2		/* mul_add_c(a[6],b[2],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1121,7 +1132,8 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
+	sltu	AT,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_5,b_3		/* mul_add_c(a[5],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1176,6 +1188,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
 	sltu	c_3,c_2,t_2
 	dmultu	a_3,b_6		/* mul_add_c(a[3],b[6],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1183,7 +1196,8 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
+	sltu	AT,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_4,b_5		/* mul_add_c(a[4],b[5],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1229,6 +1243,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	dmultu	a_6,b_4		/* mul_add_c(a[6],b[4],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1236,7 +1251,8 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
+	sltu	AT,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_5,b_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1273,6 +1289,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
 	sltu	c_2,c_1,t_2
 	dmultu	a_5,b_6		/* mul_add_c(a[5],b[6],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1280,7 +1297,8 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
+	sltu	AT,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_6,b_5		/* mul_add_c(a[6],b[5],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1308,6 +1326,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
 	sltu	c_3,c_2,t_2
 	dmultu	a_6,b_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1315,7 +1334,8 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
+	sltu	AT,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_5,b_7		/* mul_add_c(a[5],b[7],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1334,6 +1354,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	dmultu	a_7,b_6		/* mul_add_c(a[7],b[6],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1341,7 +1362,8 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
+	sltu	AT,c_3,t_2
 	daddu	c_1,AT
 	sd	c_2,104(a0)	/* r[13]=c2; */
 	dmultu	a_7,b_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -1430,6 +1452,7 @@ LEAF(bn_mul_comba4)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
 	sltu	c_3,c_2,t_2
 	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1437,7 +1460,8 @@ LEAF(bn_mul_comba4)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
+	sltu	AT,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1465,6 +1489,7 @@ LEAF(bn_mul_comba4)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1472,7 +1497,8 @@ LEAF(bn_mul_comba4)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
+	sltu	AT,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1491,6 +1517,7 @@ LEAF(bn_mul_comba4)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
 	sltu	c_2,c_1,t_2
 	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1498,7 +1525,8 @@ LEAF(bn_mul_comba4)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
+	sltu	AT,c_1,t_2
 	daddu	c_2,AT
 	sd	c_3,40(a0)
 	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
@@ -1543,28 +1571,30 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
 	slt	c_1,t_2,zero
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	c_3,t_2,AT
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	sd	c_2,8(a0)
 	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_3,t_1
+	slt	c_2,t_2,zero
-	sltu	AT,c_3,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_1,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
+	sltu	AT,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1579,24 +1609,26 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_1,t_1
+	slt	c_3,t_2,zero
-	sltu	AT,c_1,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_2,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
+	sltu	AT,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_1,a_2		/* mul_add_c2(a[1],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_1,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_1,t_1
 	daddu	a2,t_2,AT
 	daddu	c_2,a2
 	sltu	AT,c_2,a2
 	daddu	c_3,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
@@ -1608,24 +1640,26 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_4,a_0		/* mul_add_c2(a[4],b[0],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_2,t_1
+	slt	c_1,t_2,zero
-	sltu	AT,c_2,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_3,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
+	sltu	AT,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_2,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_2,t_1
 	daddu	a2,t_2,AT
 	daddu	c_3,a2
 	sltu	AT,c_3,a2
 	daddu	c_1,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
@@ -1646,24 +1680,26 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_0,a_5		/* mul_add_c2(a[0],b[5],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_3,t_1
+	slt	c_2,t_2,zero
-	sltu	AT,c_3,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_1,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
+	sltu	AT,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_1,a_4		/* mul_add_c2(a[1],b[4],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_3,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_3,t_1
 	daddu	a2,t_2,AT
 	daddu	c_1,a2
 	sltu	AT,c_1,a2
 	daddu	c_2,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
@@ -1673,12 +1709,12 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_3,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_3,t_1
 	daddu	a2,t_2,AT
 	daddu	c_1,a2
 	sltu	AT,c_1,a2
 	daddu	c_2,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
@@ -1690,24 +1726,26 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_6,a_0		/* mul_add_c2(a[6],b[0],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_1,t_1
+	slt	c_3,t_2,zero
-	sltu	AT,c_1,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_2,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
+	sltu	AT,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_5,a_1		/* mul_add_c2(a[5],b[1],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_1,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_1,t_1
 	daddu	a2,t_2,AT
 	daddu	c_2,a2
 	sltu	AT,c_2,a2
 	daddu	c_3,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
@@ -1717,12 +1755,12 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_4,a_2		/* mul_add_c2(a[4],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_1,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_1,t_1
 	daddu	a2,t_2,AT
 	daddu	c_2,a2
 	sltu	AT,c_2,a2
 	daddu	c_3,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
@@ -1743,24 +1781,26 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_0,a_7		/* mul_add_c2(a[0],b[7],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_2,t_1
+	slt	c_1,t_2,zero
-	sltu	AT,c_2,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_3,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
+	sltu	AT,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_1,a_6		/* mul_add_c2(a[1],b[6],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_2,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_2,t_1
 	daddu	a2,t_2,AT
 	daddu	c_3,a2
 	sltu	AT,c_3,a2
 	daddu	c_1,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
@@ -1770,12 +1810,12 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_2,a_5		/* mul_add_c2(a[2],b[5],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_2,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_2,t_1
 	daddu	a2,t_2,AT
 	daddu	c_3,a2
 	sltu	AT,c_3,a2
 	daddu	c_1,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
@@ -1785,12 +1825,12 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_3,a_4		/* mul_add_c2(a[3],b[4],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_2,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_2,t_1
 	daddu	a2,t_2,AT
 	daddu	c_3,a2
 	sltu	AT,c_3,a2
 	daddu	c_1,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
@@ -1802,24 +1842,26 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_7,a_1		/* mul_add_c2(a[7],b[1],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_3,t_1
+	slt	c_2,t_2,zero
-	sltu	AT,c_3,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_1,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
+	sltu	AT,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_6,a_2		/* mul_add_c2(a[6],b[2],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_3,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_3,t_1
 	daddu	a2,t_2,AT
 	daddu	c_1,a2
 	sltu	AT,c_1,a2
 	daddu	c_2,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
@@ -1829,12 +1871,12 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_5,a_3		/* mul_add_c2(a[5],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_3,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_3,t_1
 	daddu	a2,t_2,AT
 	daddu	c_1,a2
 	sltu	AT,c_1,a2
 	daddu	c_2,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
@@ -1855,24 +1897,26 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_2,a_7		/* mul_add_c2(a[2],b[7],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_1,t_1
+	slt	c_3,t_2,zero
-	sltu	AT,c_1,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_2,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
+	sltu	AT,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_3,a_6		/* mul_add_c2(a[3],b[6],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_1,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_1,t_1
 	daddu	a2,t_2,AT
 	daddu	c_2,a2
 	sltu	AT,c_2,a2
 	daddu	c_3,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
@@ -1882,12 +1926,12 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_4,a_5		/* mul_add_c2(a[4],b[5],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_1,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_1,t_1
 	daddu	a2,t_2,AT
 	daddu	c_2,a2
 	sltu	AT,c_2,a2
 	daddu	c_3,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
@@ -1899,24 +1943,26 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_7,a_3		/* mul_add_c2(a[7],b[3],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_2,t_1
+	slt	c_1,t_2,zero
-	sltu	AT,c_2,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_3,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
+	sltu	AT,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_6,a_4		/* mul_add_c2(a[6],b[4],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_2,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_2,t_1
 	daddu	a2,t_2,AT
 	daddu	c_3,a2
 	sltu	AT,c_3,a2
 	daddu	c_1,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
@@ -1937,24 +1983,26 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_4,a_7		/* mul_add_c2(a[4],b[7],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_3,t_1
+	slt	c_2,t_2,zero
-	sltu	AT,c_3,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_1,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
+	sltu	AT,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_5,a_6		/* mul_add_c2(a[5],b[6],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_3,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_3,t_1
 	daddu	a2,t_2,AT
 	daddu	c_1,a2
 	sltu	AT,c_1,a2
 	daddu	c_2,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
@@ -1966,15 +2014,17 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_7,a_5		/* mul_add_c2(a[7],b[5],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_1,t_1
+	slt	c_3,t_2,zero
-	sltu	AT,c_1,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_2,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
+	sltu	AT,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_6,a_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1989,15 +2039,17 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_6,a_7		/* mul_add_c2(a[6],b[7],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_2,t_1
+	slt	c_1,t_2,zero
-	sltu	AT,c_2,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_3,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
+	sltu	AT,c_3,t_2
 	daddu	c_1,AT
 	sd	c_2,104(a0)
 	dmultu	a_7,a_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -2028,28 +2080,30 @@ LEAF(bn_sqr_comba4)
 	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
 	slt	c_1,t_2,zero
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	c_3,t_2,AT
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	sd	c_2,8(a0)
 	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_3,t_1
+	slt	c_2,t_2,zero
-	sltu	AT,c_3,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_1,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
+	sltu	AT,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -2064,24 +2118,26 @@ LEAF(bn_sqr_comba4)
 	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_1,t_1
+	slt	c_3,t_2,zero
-	sltu	AT,c_1,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_2,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
+	sltu	AT,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_1,a_2		/* mul_add_c(a2[1],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_1,t_1
+	slt	AT,t_2,zero
 	sltu	AT,c_1,t_1
 	daddu	a2,t_2,AT
 	daddu	c_2,a2
 	sltu	AT,c_2,a2
 	daddu	c_3,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
@@ -2093,15 +2149,17 @@ LEAF(bn_sqr_comba4)
 	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_2,t_1
+	slt	c_1,t_2,zero
-	sltu	AT,c_2,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_3,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
+	sltu	AT,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -2116,15 +2174,17 @@ LEAF(bn_sqr_comba4)
 	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	daddu	c_3,t_1
+	slt	c_2,t_2,zero
-	sltu	AT,c_3,t_1
+	dsll	t_2,1
-	daddu	a2,t_2,AT
+	slt	a2,t_1,zero
-	daddu	c_1,a2
+	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
+	sltu	AT,c_1,t_2
 	daddu	c_2,AT
 	sd	c_3,40(a0)
 	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -90,7 +90,9 @@ extern "C" {
 * be on.  Again this in only really a problem on machines
 * using "long long's", are 32bit, and are not using my assembler code. */
 #if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux)
-#define BN_DIV2W
+# ifndef BN_DIV2W
 #  define BN_DIV2W
 # endif
 #endif
 /* assuming long is 64bit - this is the DEC Alpha
@@ -329,6 +331,7 @@ void	BN_CTX_end(BN_CTX *ctx);
 int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
 int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
 int	BN_rand_range(BIGNUM *rnd, BIGNUM *range);
 int	BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
 int	BN_num_bits(const BIGNUM *a);
 int	BN_num_bits_word(BN_ULONG);
 BIGNUM *BN_new(void);
@@ -403,7 +406,6 @@ int	BN_is_prime(const BIGNUM *p,int nchecks,
 int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
 		void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
 		int do_trial_division);
 void	ERR_load_BN_strings(void );
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
@@ -474,6 +476,7 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_BN_strings(void);
 /* Error codes for the BN functions. */
@@ -517,4 +520,3 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
 }
 #endif
 #endif
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -128,7 +128,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 #if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) && !defined(BN_DIV3W)
 # if defined(__GNUC__) && __GNUC__>=2
-#  if defined(__i386)
+#  if defined(__i386) || defined (__i386__)
   /*
    * There were two reasons for implementing this template:
    * - GNU C generates a call to a function (__udivdi3 to be exact)
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -113,6 +113,13 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 #ifdef ATALLA
 # include <alloca.h>
 # include <atasi.h>
 # include <assert.h>
 # include <dlfcn.h>
 #endif
 #define TABLE_SIZE	32
@@ -176,6 +183,174 @@ err:
 	}
 #ifdef ATALLA
 /*
 * This routine will dynamically check for the existance of an Atalla AXL-200
 * SSL accelerator module.  If one is found, the variable
 * asi_accelerator_present is set to 1 and the function pointers
 * ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
 */
 typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
 					    unsigned int *ret_buf);
 typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
 typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
 				     unsigned char *output,
 				     unsigned char *input,
 				     unsigned int modulus_len);
 static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
 static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
 static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
 static int asi_accelerator_present;
 static int tried_atalla;
 void atalla_initialize_accelerator_handle(void)
 	{
 	void *dl_handle;
 	int status;
 	unsigned int config_buf[1024]; 
 	static int tested;
 	if(tested)
 		return;
 	tested=1;
 	bzero((void *)config_buf, 1024);
 	/*
 	 * Check to see if the library is present on the system
 	 */
 	dl_handle = dlopen("atasi.so", RTLD_NOW);
 	if (dl_handle == (void *) NULL)
 		{
 /*		printf("atasi.so library is not present on the system\n");
 		printf("No HW acceleration available\n");*/
 		return;
 	        }
 	/*
 	 * The library is present.  Now we'll check to insure that the
 	 * LDM is up and running. First we'll get the address of the
 	 * function in the atasi library that we need to see if the
 	 * LDM is operating.
 	 */
 	ptr_ASI_GetHardwareConfig =
 	  (tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
 	if (ptr_ASI_GetHardwareConfig)
 		{
 		/*
 		 * We found the call, now we'll get our config
 		 * status.  If we get a non 0 result, the LDM is not
 		 * running and we cannot use the Atalla ASI *
 		 * library.
 		 */
 		status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
 		if (status != 0)
 			{
 			printf("atasi.so library is present but not initialized\n");
 			printf("No HW acceleration available\n");
 			return;
 			}    
 	        }
 	else
 		{
 /*		printf("We found the library, but not the function. Very Strange!\n");*/
 		return ;
 	      	}
 	/* 
 	 * It looks like we have acceleration capabilities.  Load up the
 	 * pointers to our ASI API calls.
 	 */
 	ptr_ASI_RSAPrivateKeyOpFn=
 	  (tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
 	if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
 		{
 /*		printf("We found the library, but no RSA function. Very Strange!\n");*/
 		return;
 	        }
 	ptr_ASI_GetPerformanceStatistics =
 	  (tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
 	if (ptr_ASI_GetPerformanceStatistics == NULL)
 		{
 /*		printf("We found the library, but no stat function. Very Strange!\n");*/
 		return;
 	      }
 	/*
 	 * Indicate that acceleration is available
 	 */
 	asi_accelerator_present = 1;
 /*	printf("This system has acceleration!\n");*/
 	return;
 	}
 /* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
 int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
 	{
 	unsigned char *abin;
 	unsigned char *pbin;
 	unsigned char *mbin;
 	unsigned char *rbin;
 	int an,pn,mn,ret;
 	RSAPrivateKey keydata;
 	atalla_initialize_accelerator_handle();
 	if(!asi_accelerator_present)
 		return 0;
 /* We should be able to run without size testing */
 # define ASIZE	128
 	an=BN_num_bytes(a);
 	pn=BN_num_bytes(p);
 	mn=BN_num_bytes(m);
 	if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
 	    {
 	    int size=mn;
 	    assert(an <= mn);
 	    abin=alloca(size);
 	    memset(abin,'\0',mn);
 	    BN_bn2bin(a,abin+size-an);
 	    pbin=alloca(pn);
 	    BN_bn2bin(p,pbin);
 	    mbin=alloca(size);
 	    memset(mbin,'\0',mn);
 	    BN_bn2bin(m,mbin+size-mn);
 	    rbin=alloca(size);
 	    memset(&keydata,'\0',sizeof keydata);
 	    keydata.privateExponent.data=pbin;
 	    keydata.privateExponent.len=pn;
 	    keydata.modulus.data=mbin;
 	    keydata.modulus.len=size;
 	    ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
 /*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
 	    if(!ret)
 	        {
 		BN_bin2bn(rbin,keydata.modulus.len,r);
 /*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
 		return 1;
 	        }
 	    }
 	return 0;
        }
 #endif /* def ATALLA */
 int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	       BN_CTX *ctx)
 	{
@@ -185,6 +360,13 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	bn_check_top(p);
 	bn_check_top(m);
 #ifdef ATALLA
 	if(BN_mod_exp_atalla(r,a,p,m))
 	    return 1;
 /* If it fails, try the other methods (but don't try atalla again) */
 	tried_atalla=1;
 #endif
 #ifdef MONT_MUL_MOD
 	/* I have finally been able to take out this pre-condition of
 	 * the top bit being set.  It was caused by an error in BN_div
@@ -210,6 +392,10 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 		{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
 #endif
 #ifdef ATALLA
 	tried_atalla=0;
 #endif
 	return(ret);
 	}
@@ -339,6 +525,12 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
 	bn_check_top(p);
 	bn_check_top(m);
 #ifdef ATALLA
 	if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
 	    return 1;
 /* If it fails, try the other methods */
 #endif
 	if (!(m->d[0] & 1))
 		{
 		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -501,6 +693,19 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
 	t = BN_CTX_get(ctx);
 	if (d == NULL || r == NULL || t == NULL) goto err;
 #ifdef ATALLA
 	if (!tried_atalla)
 		{
 		BN_set_word(t, a);
 		if (BN_mod_exp_atalla(rr, t, p, m))
 			{
 			BN_CTX_end(ctx);
 			return 1;
 			}
 		}
 /* If it fails, try the other methods */
 #endif
 	if (in_mont != NULL)
 		mont=in_mont;
 	else
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -225,12 +225,15 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks,
 	BN_MONT_CTX *mont = NULL;
 	const BIGNUM *A = NULL;
 	if (BN_cmp(a, BN_value_one()) <= 0)
 		return 0;
 	if (checks == BN_prime_checks)
 		checks = BN_prime_checks_for_size(BN_num_bits(a));
 	/* first look for small factors */
 	if (!BN_is_odd(a))
-		return(0);
+		return 0;
 	if (do_trial_division)
 		{
 		for (i = 1; i < NUMPRIMES; i++)
@@ -289,11 +292,8 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks,
 	for (i = 0; i < checks; i++)
 		{
-		if (!BN_pseudo_rand(check, BN_num_bits(A1), 0, 0))
+		if (!BN_pseudo_rand_range(check, A1))
 			goto err;
 		if (BN_cmp(check, A1) >= 0)
 			if (!BN_sub(check, check, A1))
 				goto err;
 		if (!BN_add_word(check, 1))
 			goto err;
 		/* now 1 <= check < A */
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <time.h>
@@ -172,8 +225,9 @@ int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
 #endif
 /* random number r:  0 <= r < range */
-int	BN_rand_range(BIGNUM *r, BIGNUM *range)
+static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
 	{
 	int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
 	int n;
 	if (range->neg || BN_is_zero(range))
@@ -184,26 +238,19 @@ int	BN_rand_range(BIGNUM *r, BIGNUM *range)
 	n = BN_num_bits(range); /* n > 0 */
 	/* BN_is_bit_set(range, n - 1) always holds */
 	if (n == 1)
 		{
 		if (!BN_zero(r)) return 0;
 		}
-	else if (BN_is_bit_set(range, n - 2))
+	else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
 		{
-		do
+		/* range = 100..._2,
 			{
 			/* range = 11..._2, so each iteration succeeds with probability >= .75 */
 			if (!BN_rand(r, n, -1, 0)) return 0;
 			}
 		while (BN_cmp(r, range) >= 0);
 		}
 	else
 		{
 		/* range = 10..._2,
 		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
 		do
 			{
-			if (!BN_rand(r, n + 1, -1, 0)) return 0;
+			if (!bn_rand(r, n + 1, -1, 0)) return 0;
 			/* If  r < 3*range,  use  r := r MOD range
 			 * (which is either  r, r - range,  or  r - 2*range).
 			 * Otherwise, iterate once more.
@@ -218,6 +265,26 @@ int	BN_rand_range(BIGNUM *r, BIGNUM *range)
 			}
 		while (BN_cmp(r, range) >= 0);
 		}
 	else
 		{
 		do
 			{
 			/* range = 11..._2  or  range = 101..._2 */
 			if (!bn_rand(r, n, -1, 0)) return 0;
 			}
 		while (BN_cmp(r, range) >= 0);
 		}
 	return 1;
 	}
 int	BN_rand_range(BIGNUM *r, BIGNUM *range)
 	{
 	return bn_rand_range(0, r, range);
 	}
 int	BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
 	{
 	return bn_rand_range(1, r, range);
 	}
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
@@ -245,7 +245,7 @@ printf(" bn_sqr_recursive %d * %d\n",n2,n2);
 	if (!zero)
 		bn_sqr_recursive(&(t[n2]),t,n,p);
 	else
-		memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+		memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
 	bn_sqr_recursive(r,a,n,p);
 	bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
--- a/crypto/buffer/buffer.h
+++ b/crypto/buffer/buffer.h
@@ -75,12 +75,11 @@ void	BUF_MEM_free(BUF_MEM *a);
 int	BUF_MEM_grow(BUF_MEM *str, int len);
 char *	BUF_strdup(const char *str);
 void ERR_load_BUF_strings(void );
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_BUF_strings(void);
 /* Error codes for the BUF functions. */
@@ -95,4 +94,3 @@ void ERR_load_BUF_strings(void );
 }
 #endif
 #endif
--- a/crypto/comp/Makefile.ssl
+++ b/crypto/comp/Makefile.ssl
@@ -22,10 +22,10 @@ TEST=
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= comp_lib.c \
+LIBSRC= comp_lib.c comp_err.c \
 	c_rle.c c_zlib.c
-LIBOBJ=	comp_lib.o \
+LIBOBJ=	comp_lib.o comp_err.o \
 	c_rle.o c_zlib.o
 SRC= $(LIBSRC)
@@ -94,6 +94,11 @@ c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/obj_mac.h
 c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
 comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
 comp_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
 comp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 comp_err.o: ../../include/openssl/symhacks.h
 comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
 comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/obj_mac.h
--- a/crypto/comp/comp.h
+++ b/crypto/comp/comp.h
@@ -47,6 +47,7 @@ COMP_METHOD *COMP_zlib(void );
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_COMP_strings(void);
 /* Error codes for the COMP functions. */
@@ -58,4 +59,3 @@ COMP_METHOD *COMP_zlib(void );
 }
 #endif
 #endif
--- a/crypto/conf/Makefile.ssl
+++ b/crypto/conf/Makefile.ssl
@@ -88,22 +88,17 @@ conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 conf_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 conf_def.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
-conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
-conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
-conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_def.o: ../../include/openssl/symhacks.h conf_def.h
 conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 conf_def.o: conf_def.h
 conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
-conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
-conf_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
-conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_err.o: ../../include/openssl/symhacks.h
 conf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
 conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
 conf_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 conf_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 conf_lib.o: ../../include/openssl/opensslconf.h
 conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -56,14 +56,13 @@
 * [including the GNU Public Licence.]
 */
-#ifndef  HEADER_CONF_H
+#ifndef HEADER_CONF_H
 #define HEADER_CONF_H
 #include <openssl/bio.h>
 #include <openssl/lhash.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 #include <openssl/e_os.h>
 #ifdef  __cplusplus
 extern "C" {
@@ -86,14 +85,14 @@ typedef struct conf_method_st CONF_METHOD;
 struct conf_method_st
 	{
 	const char *name;
-	CONF *(MS_FAR *create)(CONF_METHOD *meth);
+	CONF *(*create)(CONF_METHOD *meth);
-	int (MS_FAR *init)(CONF *conf);
+	int (*init)(CONF *conf);
-	int (MS_FAR *destroy)(CONF *conf);
+	int (*destroy)(CONF *conf);
-	int (MS_FAR *destroy_data)(CONF *conf);
+	int (*destroy_data)(CONF *conf);
-	int (MS_FAR *load)(CONF *conf, BIO *bp, long *eline);
+	int (*load)(CONF *conf, BIO *bp, long *eline);
-	int (MS_FAR *dump)(CONF *conf, BIO *bp);
+	int (*dump)(CONF *conf, BIO *bp);
-	int (MS_FAR *is_number)(CONF *conf, char c);
+	int (*is_number)(CONF *conf, char c);
-	int (MS_FAR *to_int)(CONF *conf, char c);
+	int (*to_int)(CONF *conf, char c);
 	};
 int CONF_set_default_method(CONF_METHOD *meth);
@@ -108,7 +107,6 @@ long CONF_get_number(LHASH *conf,char *group,char *name);
 void CONF_free(LHASH *conf);
 int CONF_dump_fp(LHASH *conf, FILE *out);
 int CONF_dump_bio(LHASH *conf, BIO *out);
 void ERR_load_CONF_strings(void );
 /* New conf code.  The semantics are different from the functions above.
   If that wasn't the case, the above functions would have been replaced */
@@ -145,6 +143,7 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_CONF_strings(void);
 /* Error codes for the CONF functions. */
@@ -176,4 +175,3 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
 }
 #endif
 #endif
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -67,6 +67,7 @@
 #include <string.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
 #include "openssl/e_os.h"
 static void value_free_hash(CONF_VALUE *a, LHASH *conf);
 static void value_free_stack(CONF_VALUE *a,LHASH *conf);
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -71,6 +71,7 @@
 #define CONF_COMMENT		128
 #define CONF_FCOMMENT		2048
 #define CONF_EOF		8
 #define CONF_HIGHBIT		4096
 #define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
 #define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
 #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
@@ -78,68 +79,102 @@
 #define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
 #ifndef CHARSET_EBCDIC
-#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_COMMENT)
+#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_FCOMMENT)
+#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_EOF)
+#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_ESC)
+#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_NUMBER)
+#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_WS)
+#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
 #define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-				(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_QUOTE)
+#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_DQUOTE)
+#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
 #define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
 #else /*CHARSET_EBCDIC*/
-#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_COMMENT)
+#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_FCOMMENT)
+#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_EOF)
+#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
-#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ESC)
+#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_NUMBER)
+#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_WS)
+#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
 #define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-				(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_QUOTE)
+#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_DQUOTE)
+#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
 #define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
 #endif /*CHARSET_EBCDIC*/
-static unsigned short CONF_type_default[128]={
+static unsigned short CONF_type_default[256]={
-	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
-	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x010,0x200,0x040,0x080,0x000,0x200,0x200,0x040,
+	0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040,
-	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
-	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
-	0x001,0x001,0x000,0x200,0x000,0x000,0x000,0x200,
+	0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200,
-	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x002,0x002,0x002,0x000,0x020,0x000,0x200,0x100,
+	0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100,
-	0x040,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
+	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	};
-static unsigned short CONF_type_win32[128]={
+static unsigned short CONF_type_win32[256]={
-	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
-	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x010,0x200,0x400,0x000,0x000,0x200,0x200,0x000,
+	0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000,
-	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
-	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
-	0x001,0x001,0x000,0xA00,0x000,0x000,0x000,0x200,
+	0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200,
-	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x002,0x002,0x002,0x000,0x000,0x000,0x200,0x100,
+	0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100,
-	0x000,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
+	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
 	};
--- a/crypto/conf/keysets.pl
+++ b/crypto/conf/keysets.pl
@@ -12,8 +12,9 @@ $DQUOTE=0x400;
 $COMMENT=0x80;
 $FCOMMENT=0x800;
 $EOF=0x08;
 $HIGHBIT=0x1000;
-foreach (0 .. 127)
+foreach (0 .. 255)
 	{
 	$v=0;
 	$c=sprintf("%c",$_);
@@ -27,11 +28,12 @@ foreach (0 .. 127)
 	$v|=$QUOTE	if ($c =~ /['`"]/); # for emacs: "`'}/)
 	$v|=$COMMENT	if ($c =~ /\#/);
 	$v|=$EOF	if ($c =~ /\0/);
 	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
 	push(@V_def,$v);
 	}
-foreach (0 .. 127)
+foreach (0 .. 255)
 	{
 	$v=0;
 	$c=sprintf("%c",$_);
@@ -44,6 +46,7 @@ foreach (0 .. 127)
 	$v|=$DQUOTE	if ($c =~ /["]/); # for emacs: "}/)
 	$v|=$FCOMMENT	if ($c =~ /;/);
 	$v|=$EOF	if ($c =~ /\0/);
 	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
 	push(@V_w32,$v);
 	}
@@ -122,6 +125,7 @@ print <<"EOF";
 #define CONF_COMMENT		$COMMENT
 #define CONF_FCOMMENT		$FCOMMENT
 #define CONF_EOF		$EOF
 #define CONF_HIGHBIT		$HIGHBIT
 #define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
 #define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
 #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
@@ -129,51 +133,53 @@ print <<"EOF";
 #define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
 #ifndef CHARSET_EBCDIC
-#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_COMMENT)
+#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_FCOMMENT)
+#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_EOF)
+#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_ESC)
+#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_NUMBER)
+#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_WS)
+#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
 #define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
-				(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_QUOTE)
+#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_DQUOTE)
+#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
 #define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
 #else /*CHARSET_EBCDIC*/
-#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_COMMENT)
+#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_FCOMMENT)
+#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_EOF)
+#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
-#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ESC)
+#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_NUMBER)
+#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_WS)
+#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
 #define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
-				(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_QUOTE)
+#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_DQUOTE)
+#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
 #define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
 #endif /*CHARSET_EBCDIC*/
 EOF
-print "static unsigned short CONF_type_default[128]={";
+print "static unsigned short CONF_type_default[256]={";
-for ($i=0; $i<128; $i++)
+for ($i=0; $i<256; $i++)
 	{
 	print "\n\t" if ($i % 8) == 0;
-	printf "0x%03X,",$V_def[$i];
+	printf "0x%04X,",$V_def[$i];
 	}
 print "\n\t};\n\n";
-print "static unsigned short CONF_type_win32[128]={";
+print "static unsigned short CONF_type_win32[256]={";
-for ($i=0; $i<128; $i++)
+for ($i=0; $i<256; $i++)
 	{
 	print "\n\t" if ($i % 8) == 0;
-	printf "0x%03X,",$V_w32[$i];
+	printf "0x%04X,",$V_w32[$i];
 	}
 print "\n\t};\n\n";
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -90,6 +90,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"ssl_sess_cert",
 	"ssl",
 	"rand",
 	"rand2",
 	"debug_malloc",
 	"BIO",
 	"gethostbyname",
@@ -100,7 +101,6 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"debug_malloc2",
 	"dso",
 	"dynlock",
 	"engine",
 #if CRYPTO_NUM_LOCKS != 29
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
@@ -228,7 +228,10 @@ void CRYPTO_destroy_dynlockid(int i)
 	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
 	if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
 		{
 		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
 		return;
 		}
 	pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
 	if (pointer != NULL)
 		{
@@ -241,7 +244,7 @@ void CRYPTO_destroy_dynlockid(int i)
 			}
 		else
 #endif
-			if (--(pointer->references) <= 0)
+			if (pointer->references <= 0)
 				{
 				sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
 				}
@@ -400,7 +403,7 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
 		struct CRYPTO_dynlock_value *pointer
 			= CRYPTO_get_dynlock_value(i);
-		if (pointer)
+		if (pointer && dynlock_lock_callback)
 			{
 			dynlock_lock_callback(mode, pointer, file, line);
 			}
@@ -431,7 +434,6 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
 			CRYPTO_get_lock_name(type),
 			file,line);
 #endif
 		*pointer=ret;
 		}
 	else
 		{
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -88,7 +88,7 @@ $! Define The Different Encryption Types.
 $!
 $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
 		  "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
-		  "BN,RSA,DSA,DH,DSO,ENGINE,"+ -
+		  "BN,RSA,DSA,DH,DSO,"+ -
 		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
 		  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
 		  "CONF,TXT_DB,PKCS7,PKCS12,COMP"
@@ -206,8 +206,6 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
 $ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err"
 $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
 	"dso_openssl,dso_win32,dso_vms"
 $ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
 	"hw_atalla,hw_cswift,hw_ncipher"
 $ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
 	"bss_mem,bss_null,bss_fd,"+ -
@@ -1196,9 +1194,7 @@ $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + -
+           "/NOLIST/PREFIX=ALL/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
 	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
 	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -1230,8 +1226,7 @@ $	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
 $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST/INCLUDE=SYS$DISK:[]" + -
 	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
 	   CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1263,8 +1258,7 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+	   "/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
 	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -1462,6 +1456,7 @@ $!
 $! Save directory information
 $!
 $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
 $ __HERE = F$EDIT(__HERE,"UPCASE")
 $ __TOP = __HERE - "CRYPTO]"
 $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
 $!
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -112,17 +112,17 @@ extern "C" {
 #define	CRYPTO_LOCK_SSL_SESS_CERT	15
 #define	CRYPTO_LOCK_SSL			16
 #define	CRYPTO_LOCK_RAND		17
-#define	CRYPTO_LOCK_MALLOC		18
+#define	CRYPTO_LOCK_RAND2		18
-#define	CRYPTO_LOCK_BIO			19
+#define	CRYPTO_LOCK_MALLOC		19
-#define	CRYPTO_LOCK_GETHOSTBYNAME	20
+#define	CRYPTO_LOCK_BIO			20
-#define	CRYPTO_LOCK_GETSERVBYNAME	21
+#define	CRYPTO_LOCK_GETHOSTBYNAME	21
-#define	CRYPTO_LOCK_READDIR		22
+#define	CRYPTO_LOCK_GETSERVBYNAME	22
-#define	CRYPTO_LOCK_RSA_BLINDING	23
+#define	CRYPTO_LOCK_READDIR		23
-#define	CRYPTO_LOCK_DH			24
+#define	CRYPTO_LOCK_RSA_BLINDING	24
-#define	CRYPTO_LOCK_MALLOC2		25
+#define	CRYPTO_LOCK_DH			25
-#define	CRYPTO_LOCK_DSO			26
+#define	CRYPTO_LOCK_MALLOC2		26
-#define	CRYPTO_LOCK_DYNLOCK		27
+#define	CRYPTO_LOCK_DSO			27
-#define	CRYPTO_LOCK_ENGINE		28
+#define	CRYPTO_LOCK_DYNLOCK		28
 #define	CRYPTO_NUM_LOCKS		29
 #define CRYPTO_LOCK		1
@@ -351,6 +351,9 @@ int CRYPTO_push_info_(const char *info, const char *file, int line);
 int CRYPTO_pop_info(void);
 int CRYPTO_remove_all_info(void);
 /* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
 * used as default in CRYPTO_MDEBUG compilations): */
 /* The last argument has the following significance:
 *
 * 0:	called before the actual memory allocation has taken place
@@ -359,18 +362,18 @@ int CRYPTO_remove_all_info(void);
 void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
 void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
 void CRYPTO_dbg_free(void *addr,int before_p);
 /* Tell the debugging code about options.  By default, the following values
 * apply:
 *
- * 0:	Clear all options.
+ * 0:                           Clear all options.
- * 1:	Set the "Show Time" option.
+ * V_CRYPTO_MDEBUG_TIME (1):    Set the "Show Time" option.
- * 2:	Set the "Show Thread Number" option.
+ * V_CRYPTO_MDEBUG_THREAD (2):  Set the "Show Thread Number" option.
- * 3:	1 + 2
+ * V_CRYPTO_MDEBUG_ALL (3):     1 + 2
 */
 void CRYPTO_dbg_set_options(long bits);
 long CRYPTO_dbg_get_options(void);
 #ifndef NO_FP_API
 void CRYPTO_mem_leaks_fp(FILE *);
 #endif
@@ -378,12 +381,11 @@ void CRYPTO_mem_leaks(struct bio_st *bio);
 /* unsigned long order, char *file, int line, int num_bytes, char *addr */
 void CRYPTO_mem_leaks_cb(void (*cb)(unsigned long, const char *, int, int, void *));
 void ERR_load_CRYPTO_strings(void);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_CRYPTO_strings(void);
 /* Error codes for the CRYPTO functions. */
@@ -400,4 +402,3 @@ void ERR_load_CRYPTO_strings(void);
 }
 #endif
 #endif
--- a/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
@@ -61,7 +61,7 @@ static unsigned const char cov_2char[64]={
 void fcrypt_body(DES_LONG *out,des_key_schedule ks,
 	DES_LONG Eswap0, DES_LONG Eswap1);
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_DARWIN)
 char *crypt(const char *buf, const char *salt)
 	{
 	return(des_crypt(buf, salt));
--- a/crypto/des/read_pwd.c
+++ b/crypto/des/read_pwd.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
-#if !defined(MSDOS) && !defined(VMS) && !defined(WIN32)
+#if !defined(MSDOS) && !defined(VMS) && !defined(WIN32) && !defined(VXWORKS)
 #include <openssl/opensslconf.h>
 #ifdef OPENSSL_UNISTD
 # include OPENSSL_UNISTD
@@ -133,6 +133,12 @@
 #define SGTTY
 #endif
 #if defined(VXWORKS)
 #undef TERMIOS
 #undef TERMIO
 #undef SGTTY
 #endif
 #ifdef TERMIOS
 #include <termios.h>
 #define TTY_STRUCT		struct termios
@@ -240,7 +246,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 	long status;
 	unsigned short channel = 0;
 #else
-#ifndef MSDOS
+#if !defined(MSDOS) && !defined(VXWORKS)
 	TTY_STRUCT tty_orig,tty_new;
 #endif
 #endif
@@ -268,7 +274,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 #ifdef MSDOS
 	if ((tty=fopen("con","r")) == NULL)
 		tty=stdin;
-#elif defined(MAC_OS_pre_X)
+#elif defined(MAC_OS_pre_X) || defined(VXWORKS)
 	tty=stdin;
 #else
 #ifndef MPE
@@ -366,7 +372,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 error:
 	fprintf(stderr,"\n");
-#ifdef DEBUG
+#if 0
 	perror("fgets(tty)");
 #endif
 	/* What can we do if there is an error? */
--- a/crypto/dh/Makefile.ssl
+++ b/crypto/dh/Makefile.ssl
@@ -101,39 +101,19 @@ dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dh_gen.o: ../cryptlib.h
-dh_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dh_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dh_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dh_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 dh_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 dh_key.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 dh_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
-dh_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dh_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
-dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dh_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dh_lib.o: ../cryptlib.h
 dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 dh_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 dh_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -115,11 +115,7 @@ struct dh_st
 	int references;
 	CRYPTO_EX_DATA ex_data;
 #if 0
 	DH_METHOD *meth;
 #else
 	struct engine_st *engine;
 #endif
 	};
 #define DH_GENERATOR_2		2
@@ -154,15 +150,10 @@ struct dh_st
 DH_METHOD *DH_OpenSSL(void);
-void DH_set_default_openssl_method(DH_METHOD *meth);
+void DH_set_default_method(DH_METHOD *meth);
-DH_METHOD *DH_get_default_openssl_method(void);
+DH_METHOD *DH_get_default_method(void);
 #if 0
 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
 DH *DH_new_method(DH_METHOD *meth);
 #else
 int DH_set_method(DH *dh, struct engine_st *engine);
 DH *DH_new_method(struct engine_st *engine);
 #endif
 DH *	DH_new(void);
 void	DH_free(DH *dh);
@@ -186,12 +177,12 @@ int	DHparams_print(BIO *bp, DH *x);
 #else
 int	DHparams_print(char *bp, DH *x);
 #endif
 void	ERR_load_DH_strings(void );
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_DH_strings(void);
 /* Error codes for the DH functions. */
@@ -204,10 +195,10 @@ void	ERR_load_DH_strings(void );
 #define DH_F_DH_NEW					 105
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR				 101
 #define DH_R_NO_PRIVATE_VALUE				 100
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -1,6 +1,6 @@
 /* crypto/dh/dh_err.c */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -77,6 +77,7 @@ static ERR_STRING_DATA DH_str_functs[]=
 static ERR_STRING_DATA DH_str_reasons[]=
 	{
 {DH_R_BAD_GENERATOR                      ,"bad generator"},
 {DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
 {0,NULL}
 	};
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -82,7 +82,10 @@
 * Since DH should be using a safe prime (both p and q are prime),
 * this generator function can take a very very long time to run.
 */
-
+/* Actually there is no reason to insist that 'generator' be a generator.
 * It's just as OK (and in some sense better) to use a generator of the
 * order-q subgroup.
 */
 DH *DH_generate_parameters(int prime_len, int generator,
 	     void (*callback)(int,int,void *), void *cb_arg)
 	{
@@ -100,30 +103,43 @@ DH *DH_generate_parameters(int prime_len, int generator,
 	t2 = BN_CTX_get(ctx);
 	if (t1 == NULL || t2 == NULL) goto err;
 	if (generator <= 1)
 		{
 		DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
 		goto err;
 		}
 	if (generator == DH_GENERATOR_2)
 		{
-		BN_set_word(t1,24);
+		if (!BN_set_word(t1,24)) goto err;
-		BN_set_word(t2,11);
+		if (!BN_set_word(t2,11)) goto err;
 		g=2;
 		}
-#ifdef undef  /* does not work for safe primes */
+#if 0 /* does not work for safe primes */
 	else if (generator == DH_GENERATOR_3)
 		{
-		BN_set_word(t1,12);
+		if (!BN_set_word(t1,12)) goto err;
-		BN_set_word(t2,5);
+		if (!BN_set_word(t2,5)) goto err;
 		g=3;
 		}
 #endif
 	else if (generator == DH_GENERATOR_5)
 		{
-		BN_set_word(t1,10);
+		if (!BN_set_word(t1,10)) goto err;
-		BN_set_word(t2,3);
+		if (!BN_set_word(t2,3)) goto err;
 		/* BN_set_word(t3,7); just have to miss
 		 * out on these ones :-( */
 		g=5;
 		}
 	else
 		{
 		/* in the general case, don't worry if 'generator' is a
 		 * generator or not: since we are using safe primes,
 		 * it will generate either an order-q or an order-2q group,
 		 * which both is OK */
 		if (!BN_set_word(t1,2)) goto err;
 		if (!BN_set_word(t2,1)) goto err;
 		g=generator;
 		}
 	p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
 	if (p == NULL) goto err;
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -61,7 +61,6 @@
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/dh.h>
 #include <openssl/engine.h>
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
@@ -73,12 +72,12 @@ static int dh_finish(DH *dh);
 int DH_generate_key(DH *dh)
 	{
-	return ENGINE_get_DH(dh->engine)->generate_key(dh);
+	return dh->meth->generate_key(dh);
 	}
 int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
 	{
-	return ENGINE_get_DH(dh->engine)->compute_key(key, pub_key, dh);
+	return dh->meth->compute_key(key, pub_key, dh);
 	}
 static DH_METHOD dh_ossl = {
@@ -100,6 +99,8 @@ DH_METHOD *DH_OpenSSL(void)
 static int generate_key(DH *dh)
 	{
 	int ok=0;
 	int generate_new_key=0;
 	unsigned l;
 	BN_CTX ctx;
 	BN_MONT_CTX *mont;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
@@ -110,9 +111,7 @@ static int generate_key(DH *dh)
 		{
 		priv_key=BN_new();
 		if (priv_key == NULL) goto err;
-		do
+		generate_new_key=1;
 			if (!BN_rand_range(priv_key, dh->p)) goto err;
 		while (BN_is_zero(priv_key));
 		}
 	else
 		priv_key=dh->priv_key;
@@ -133,9 +132,12 @@ static int generate_key(DH *dh)
 		}
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
-	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
+	if (generate_new_key)
-				priv_key,dh->p,&ctx,mont))
+		{
-		goto err;
+		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 		if (!BN_rand(priv_key, l, 0, 0)) goto err;
 		}
 	if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
@@ -174,8 +176,7 @@ static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
 		}
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
-	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
+	if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
 				dh->priv_key,dh->p,&ctx,mont))
 		{
 		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
 		goto err;
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -60,40 +60,24 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 #include <openssl/engine.h>
 const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
-static DH_METHOD *default_DH_method;
+static DH_METHOD *default_DH_method = NULL;
 static int dh_meth_num = 0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
-void DH_set_default_openssl_method(DH_METHOD *meth)
+void DH_set_default_method(DH_METHOD *meth)
 {
-	ENGINE *e;
+	default_DH_method = meth;
 	/* We'll need to notify the "openssl" ENGINE of this
 	 * change too. We won't bother locking things down at
 	 * our end as there was never any locking in these
 	 * functions! */
 	if(default_DH_method != meth)
 		{
 		default_DH_method = meth;
 		e = ENGINE_by_id("openssl");
 		if(e)
 			{
 			ENGINE_set_DH(e, meth);
 			ENGINE_free(e);
 			}
 		}
 }
-DH_METHOD *DH_get_default_openssl_method(void)
+DH_METHOD *DH_get_default_method(void)
 {
 	if(!default_DH_method) default_DH_method = DH_OpenSSL();
 	return default_DH_method;
 }
 #if 0
 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
 {
        DH_METHOD *mtmp;
@@ -103,37 +87,14 @@ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
        if (meth->init) meth->init(dh);
        return mtmp;
 }
 #else
 int DH_set_method(DH *dh, ENGINE *engine)
 {
 	ENGINE *mtmp;
 	DH_METHOD *meth;
 	mtmp = dh->engine;
 	meth = ENGINE_get_DH(mtmp);
 	if (!ENGINE_init(engine))
 		return 0;
 	if (meth->finish) meth->finish(dh);
 	dh->engine= engine;
 	meth = ENGINE_get_DH(engine);
 	if (meth->init) meth->init(dh);
 	/* SHOULD ERROR CHECK THIS!!! */
 	ENGINE_finish(mtmp);
 	return 1;
 }
 #endif
 DH *DH_new(void)
 {
 	return DH_new_method(NULL);
 }
 #if 0
 DH *DH_new_method(DH_METHOD *meth)
 #else
 DH *DH_new_method(ENGINE *engine)
 #endif
 	{
 	DH_METHOD *meth;
 	DH *ret;
 	ret=(DH *)OPENSSL_malloc(sizeof(DH));
@@ -142,17 +103,8 @@ DH *DH_new_method(ENGINE *engine)
 		DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
-	if(engine)
+	if(meth) ret->meth = meth;
-		ret->engine = engine;
+	else ret->meth = DH_get_default_method();
 	else
 		{
 		if((ret->engine=ENGINE_get_default_DH()) == NULL)
 			{
 			OPENSSL_free(ret);
 			return NULL;
 			}
 		}
 	meth = ENGINE_get_DH(ret->engine);
 	ret->pad=0;
 	ret->version=0;
 	ret->p=NULL;
@@ -167,9 +119,9 @@ DH *DH_new_method(ENGINE *engine)
 	ret->counter = NULL;
 	ret->method_mont_p=NULL;
 	ret->references = 1;
-	ret->flags=meth->flags;
+	ret->flags=ret->meth->flags;
 	CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
-	if ((meth->init != NULL) && !meth->init(ret))
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
 		CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
 		OPENSSL_free(ret);
@@ -180,7 +132,6 @@ DH *DH_new_method(ENGINE *engine)
 void DH_free(DH *r)
 	{
 	DH_METHOD *meth;
 	int i;
 	if(r == NULL) return;
 	i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
@@ -196,9 +147,7 @@ void DH_free(DH *r)
 	}
 #endif
-	meth = ENGINE_get_DH(r->engine);
+	if(r->meth->finish) r->meth->finish(r);
 	if(meth->finish) meth->finish(r);
 	ENGINE_finish(r->engine);
 	CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -66,6 +66,7 @@
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
 #ifdef NO_DH
 int main(int argc, char *argv[])
@@ -112,6 +113,16 @@ int main(int argc, char *argv[])
 	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
 	if (a == NULL) goto err;
 	if (!DH_check(a, &i)) goto err;
 	if (i & DH_CHECK_P_NOT_PRIME)
 		BIO_puts(out, "p value is not prime\n");
 	if (i & DH_CHECK_P_NOT_SAFE_PRIME)
 		BIO_puts(out, "p value is not a safe prime\n");
 	if (i & DH_UNABLE_TO_CHECK_GENERATOR)
 		BIO_puts(out, "unable to check the generator value\n");
 	if (i & DH_NOT_SUITABLE_GENERATOR)
 		BIO_puts(out, "the g value is not a generator\n");
 	BIO_puts(out,"\np    =");
 	BN_print(out,a->p);
 	BIO_puts(out,"\ng    =");
@@ -170,6 +181,8 @@ int main(int argc, char *argv[])
 	else
 		ret=0;
 err:
 	ERR_print_errors_fp(stderr);
 	if (abuf != NULL) OPENSSL_free(abuf);
 	if (bbuf != NULL) OPENSSL_free(bbuf);
 	if(b != NULL) DH_free(b);
--- a/crypto/dsa/Makefile.ssl
+++ b/crypto/dsa/Makefile.ssl
@@ -116,75 +116,39 @@ dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+dsa_lib.o: ../cryptlib.h
 dsa_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 dsa_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 dsa_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
 dsa_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dsa_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_ossl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_ossl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 dsa_ossl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 dsa_ossl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dsa_ossl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_ossl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 dsa_ossl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-dsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 dsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
 dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 dsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
 dsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-dsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 dsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dsa_sign.o: ../../include/openssl/symhacks.h ../cryptlib.h
 dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_vrf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_vrf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
 dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 dsa_vrf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
 dsa_vrf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
 dsa_vrf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 dsa_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_vrf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 dsa_vrf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dsa_vrf.o: ../cryptlib.h
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -133,11 +133,7 @@ struct dsa_st
 	char *method_mont_p;
 	int references;
 	CRYPTO_EX_DATA ex_data;
 #if 0
 	DSA_METHOD *meth;
 #else
 	struct engine_st *engine;
 #endif
 	};
 #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
@@ -163,20 +159,12 @@ int	DSA_do_verify(const unsigned char *dgst,int dgst_len,
 DSA_METHOD *DSA_OpenSSL(void);
-void        DSA_set_default_openssl_method(DSA_METHOD *);
+void        DSA_set_default_method(DSA_METHOD *);
-DSA_METHOD *DSA_get_default_openssl_method(void);
+DSA_METHOD *DSA_get_default_method(void);
 #if 0
 DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
 #else
 int DSA_set_method(DSA *dsa, struct engine_st *engine);
 #endif
 DSA *	DSA_new(void);
 #if 0
 DSA *	DSA_new_method(DSA_METHOD *meth);
 #else
 DSA *	DSA_new_method(struct engine_st *engine);
 #endif
 int	DSA_size(DSA *);
 	/* next 4 return -1 on error */
 int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
@@ -190,8 +178,6 @@ int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 int DSA_set_ex_data(DSA *d, int idx, void *arg);
 void *DSA_get_ex_data(DSA *d, int idx);
 void	ERR_load_DSA_strings(void );
 DSA *	d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
 DSA *	d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
 DSA * 	d2i_DSAparams(DSA **a, unsigned char **pp, long length);
@@ -228,6 +214,7 @@ DH *DSA_dup_DH(DSA *r);
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_DSA_strings(void);
 /* Error codes for the DSA functions. */
@@ -248,9 +235,9 @@ DH *DSA_dup_DH(DSA *r);
 /* Reason codes. */
 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
 #define DSA_R_MISSING_PARAMETERS			 101
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -85,6 +85,7 @@ static ERR_STRING_DATA DSA_str_functs[]=
 static ERR_STRING_DATA DSA_str_reasons[]=
 	{
 {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
 {DSA_R_MISSING_PARAMETERS                ,"missing parameters"},
 {0,NULL}
 	};
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -63,34 +63,19 @@
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
 const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
-static DSA_METHOD *default_DSA_method;
+static DSA_METHOD *default_DSA_method = NULL;
 static int dsa_meth_num = 0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
-void DSA_set_default_openssl_method(DSA_METHOD *meth)
+void DSA_set_default_method(DSA_METHOD *meth)
 {
-	ENGINE *e;
+	default_DSA_method = meth;
 	/* We'll need to notify the "openssl" ENGINE of this
 	 * change too. We won't bother locking things down at
 	 * our end as there was never any locking in these
 	 * functions! */
 	if(default_DSA_method != meth)
 		{
 		default_DSA_method = meth;
 		e = ENGINE_by_id("openssl");
 		if(e)
 			{
 			ENGINE_set_DSA(e, meth);
 			ENGINE_free(e);
 			}
 		}
 }
-DSA_METHOD *DSA_get_default_openssl_method(void)
+DSA_METHOD *DSA_get_default_method(void)
 {
 	if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
 	return default_DSA_method;
@@ -101,7 +86,6 @@ DSA *DSA_new(void)
 	return DSA_new_method(NULL);
 }
 #if 0
 DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
 {
        DSA_METHOD *mtmp;
@@ -111,33 +95,10 @@ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
        if (meth->init) meth->init(dsa);
        return mtmp;
 }
 #else
 int DSA_set_method(DSA *dsa, ENGINE *engine)
 	{
 	ENGINE *mtmp;
 	DSA_METHOD *meth;
 	mtmp = dsa->engine;
 	meth = ENGINE_get_DSA(mtmp);
 	if (!ENGINE_init(engine))
 		return 0;
 	if (meth->finish) meth->finish(dsa);
 	dsa->engine = engine;
 	meth = ENGINE_get_DSA(engine);
 	if (meth->init) meth->init(dsa);
 	/* SHOULD ERROR CHECK THIS!!! */
 	ENGINE_finish(mtmp);
 	return 1;
 	}
 #endif
 #if 0
 DSA *DSA_new_method(DSA_METHOD *meth)
 #else
 DSA *DSA_new_method(ENGINE *engine)
 #endif
 	{
 	DSA_METHOD *meth;
 	DSA *ret;
 	ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
@@ -146,17 +107,8 @@ DSA *DSA_new_method(ENGINE *engine)
 		DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
-	if(engine)
+	if(meth) ret->meth = meth;
-		ret->engine = engine;
+	else ret->meth = DSA_get_default_method();
 	else
 		{
 		if((ret->engine=ENGINE_get_default_DSA()) == NULL)
 			{
 			OPENSSL_free(ret);
 			return NULL;
 			}
 		}
 	meth = ENGINE_get_DSA(ret->engine);
 	ret->pad=0;
 	ret->version=0;
 	ret->write_params=1;
@@ -172,9 +124,9 @@ DSA *DSA_new_method(ENGINE *engine)
 	ret->method_mont_p=NULL;
 	ret->references=1;
-	ret->flags=meth->flags;
+	ret->flags=ret->meth->flags;
 	CRYPTO_new_ex_data(dsa_meth,ret,&ret->ex_data);
-	if ((meth->init != NULL) && !meth->init(ret))
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
 		CRYPTO_free_ex_data(dsa_meth,ret,&ret->ex_data);
 		OPENSSL_free(ret);
@@ -186,7 +138,6 @@ DSA *DSA_new_method(ENGINE *engine)
 void DSA_free(DSA *r)
 	{
 	DSA_METHOD *meth;
 	int i;
 	if (r == NULL) return;
@@ -204,9 +155,7 @@ void DSA_free(DSA *r)
 		}
 #endif
-	meth = ENGINE_get_DSA(r->engine);
+	if(r->meth->finish) r->meth->finish(r);
 	if(meth->finish) meth->finish(r);
 	ENGINE_finish(r->engine);
 	CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -64,7 +64,6 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -106,6 +105,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	int i,reason=ERR_R_BN_LIB;
 	DSA_SIG *ret=NULL;
 	if (!dsa->p || !dsa->q || !dsa->g)
 		{
 		reason=DSA_R_MISSING_PARAMETERS;
 		goto err;
 		}
 	BN_init(&m);
 	BN_init(&xr);
 	s=BN_new();
@@ -168,6 +172,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	BIGNUM k,*kinv=NULL,*r=NULL;
 	int ret=0;
 	if (!dsa->p || !dsa->q || !dsa->g)
 		{
 		DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
 		return 0;
 		}
 	if (ctx_in == NULL)
 		{
 		if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -192,7 +201,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}
 	/* Compute r = (g^k mod p) mod q */
-	if (!ENGINE_get_DSA(dsa->engine)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
 		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
 	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
@@ -231,6 +240,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 	BN_init(&u2);
 	BN_init(&t1);
 	if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
 		{
 		ret = 0;
 		goto err;
 		}
 	if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
 		{
 		ret = 0;
 		goto err;
 		}
 	/* Calculate W = inv(S) mod Q
 	 * save W in u2 */
 	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
@@ -270,7 +290,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 	if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
 #else
 	{
-	if (!ENGINE_get_DSA(dsa->engine)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+	if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
 						dsa->p,ctx,mont)) goto err;
 	/* BN_copy(&u1,&t1); */
 	/* let u1 = u1 mod q */
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -64,11 +64,10 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
-	return ENGINE_get_DSA(dsa->engine)->dsa_do_sign(dgst, dlen, dsa);
+	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
 	}
 int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
@@ -88,6 +87,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
-	return ENGINE_get_DSA(dsa->engine)->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
 	}
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -65,12 +65,11 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
 #include <openssl/engine.h>
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 		  DSA *dsa)
 	{
-	return ENGINE_get_DSA(dsa->engine)->dsa_do_verify(dgst, dgst_len, sig, dsa);
+	return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
 	}
 /* data has already been hashed (probably with SHA or SHA-1). */
--- a/crypto/dso/dso.h
+++ b/crypto/dso/dso.h
@@ -194,12 +194,11 @@ DSO_METHOD *DSO_METHOD_win32(void);
 /* If VMS is defined, use shared images. If not, return NULL. */
 DSO_METHOD *DSO_METHOD_vms(void);
 void ERR_load_DSO_strings(void);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_DSO_strings(void);
 /* Error codes for the DSO functions. */
@@ -247,4 +246,3 @@ void ERR_load_DSO_strings(void);
 }
 #endif
 #endif
--- a/Show More
+++ b/Show More