This commit was manufactured by cvs2svn to create tag 'SSLeay_0_8_1b'.

1998-12-21 10:52:48 +00:00
1572 changed files with 75270 additions and 219425 deletions
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,15 +0,0 @@
-Makefile.ssl
-MINFO
-makefile.one
-tmp
-out
-outinc
-rehash.time
-testlog
-make.log
-maketest.log
-cctest
-cctest.c
-cctest.a
-libcrypto.so.*
-libssl.so.*
--- a/3812
+++ b/3812
--- a/64
+++ b/64
@@ -0,0 +1,64 @@
+Copyright (C) 1997 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+
+This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
+The implementation was written so as to conform with Netscapes SSL.
+
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution, be it the RC4, RSA,
+lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+included with this distribution is covered by the same copyright terms
+except that the holder is Tim Hudson (tjh@cryptsoft.com).
+
+Please note that MD2, MD5 and IDEA are publically available standards
+that contain sample implementations, I have re-coded them in my own
+way but there is nothing special about those implementations.  The DES
+library is another mater :-).
+
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+If this package is used in a product, Eric Young should be given attribution
+as the author of the parts of the library used.
+This can be in the form of a textual message at program startup or
+in documentation (online or textual) provided with the package.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   "This product includes cryptographic software written by
+    Eric Young (eay@cryptsoft.com)"
+   The word 'cryptographic' can be left out if the rouines from the library
+   being used are not cryptographic related :-).
+4. If you include any Windows specific code (or a derivative thereof) from 
+   the apps directory (application code) you must include an acknowledgement:
+   "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+The licence and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distribution licence
+[including the GNU Public Licence.]
+
+The reason behind this being stated in this direct manner is past
+experience in code simply being copied and the attribution removed
+from it and then being distributed as part of other packages. This
+implementation was a non-trivial and unpaid effort.
--- a/1348
+++ b/1348
--- a/547
+++ b/547
@@ -1,547 +0,0 @@
-OpenSSL  -  Frequently Asked Questions
--------------------------------------
-
-[MISC] Miscellaneous questions
-
-* Which is the current version of OpenSSL?
-* Where is the documentation?
-* How can I contact the OpenSSL developers?
-* Where can I get a compiled version of OpenSSL?
-* Why aren't tools like 'autoconf' and 'libtool' used?
-
-[LEGAL] Legal questions
-
-* Do I need patent licenses to use OpenSSL?
-* Can I use OpenSSL with GPL software? 
-
-[USER] Questions on using the OpenSSL applications
-
-* Why do I get a "PRNG not seeded" error message?
-* How do I create certificates or certificate requests?
-* Why can't I create certificate requests?
-* Why does <SSL program> fail with a certificate verify error?
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-* How can I create DSA certificates?
-* Why can't I make an SSL connection using a DSA certificate?
-* How can I remove the passphrase on a private key?
-* Why can't I use OpenSSL certificates with SSL client authentication?
-* Why does my browser give a warning about a mismatched hostname?
-
-[BUILD] Questions about building and testing OpenSSL
-
-* Why does the linker complain about undefined symbols?
-* Why does the OpenSSL test fail with "bc: command not found"?
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL compilation fail on Alpha True64 Unix?
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-
-[PROG] Questions about programming with OpenSSL
-
-* Is OpenSSL thread-safe?
-* I've compiled a program under Windows and it crashes: why?
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-* I've called <some function> and it fails, why?
-* I just get a load of numbers for the error output, what do they mean?
-* Why do I get errors about unknown algorithms?
-* Why can't the OpenSSH configure script detect OpenSSL?
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-
-===============================================================================
-
-[MISC] ========================================================================
-
-* Which is the current version of OpenSSL?
-
-The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6a was released on April 5th, 2001.
-
-In addition to the current stable release, you can also access daily
-snapshots of the OpenSSL development version at <URL:
-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.
-
-
-* Where is the documentation?
-
-OpenSSL is a library that provides cryptographic functionality to
-applications such as secure web servers.  Be sure to read the
-documentation of the application you want to use.  The INSTALL file
-explains how to install this library.
-
-OpenSSL includes a command line utility that can be used to perform a
-variety of cryptographic functions.  It is described in the openssl(1)
-manpage.  Documentation for developers is currently being written.  A
-few manual pages already are available; overviews over libcrypto and
-libssl are given in the crypto(3) and ssl(3) manpages.
-
-The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
-different directory if you specified one as described in INSTALL).
-In addition, you can read the most current versions at
-<URL: http://www.openssl.org/docs/>.
-
-For information on parts of libcrypto that are not yet documented, you
-might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
-predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>.  Much
-of this still applies to OpenSSL.
-
-There is some documentation about certificate extensions and PKCS#12
-in doc/openssl.txt
-
-The original SSLeay documentation is included in OpenSSL as
-doc/ssleay.txt.  It may be useful when none of the other resources
-help, but please note that it reflects the obsolete version SSLeay
-0.6.6.
-
-
-* How can I contact the OpenSSL developers?
-
-The README file describes how to submit bug reports and patches to
-OpenSSL.  Information on the OpenSSL mailing lists is available from
-<URL: http://www.openssl.org>.
-
-
-* Where can I get a compiled version of OpenSSL?
-
-Some applications that use OpenSSL are distributed in binary form.
-When using such an application, you don't need to install OpenSSL
-yourself; the application will include the required parts (e.g. DLLs).
-
-If you want to install OpenSSL on a Windows system and you don't have
-a C compiler, read the "Mingw32" section of INSTALL.W32 for information
-on how to obtain and install the free GNU C compiler.
-
-A number of Linux and *BSD distributions include OpenSSL.
-
-
-* Why aren't tools like 'autoconf' and 'libtool' used?
-
-autoconf will probably be used in future OpenSSL versions. If it was
-less Unix-centric, it might have been used much earlier.
-
-
-[LEGAL] =======================================================================
-
-* Do I need patent licenses to use OpenSSL?
-
-The patents section of the README file lists patents that may apply to
-you if you want to use OpenSSL.  For information on intellectual
-property rights, please consult a lawyer.  The OpenSSL team does not
-offer legal advice.
-
-You can configure OpenSSL so as not to use RC5 and IDEA by using
- ./config no-rc5 no-idea
-
-
-* Can I use OpenSSL with GPL software?
-
-On many systems including the major Linux and BSD distributions, yes (the
-GPL does not place restrictions on using libraries that are part of the
-normal operating system distribution).
-
-On other systems, the situation is less clear. Some GPL software copyright
-holders claim that you infringe on their rights if you use OpenSSL with
-their software on operating systems that don't normally include OpenSSL.
-
-If you develop open source software that uses OpenSSL, you may find it
-useful to choose an other license than the GPL, or state explicitely that
-"This program is released under the GPL with the additional exemption that
-compiling, linking, and/or using OpenSSL is allowed."  If you are using
-GPL software developed by others, you may want to ask the copyright holder
-for permission to use their software with OpenSSL.
-
-
-[USER] ========================================================================
-
-* Why do I get a "PRNG not seeded" error message?
-
-Cryptographic software needs a source of unpredictable data to work
-correctly.  Many open source operating systems provide a "randomness
-device" that serves this purpose.  On other systems, applications have
-to call the RAND_add() or RAND_seed() function with appropriate data
-before generating keys or performing public key encryption.
-
-Some broken applications do not do this.  As of version 0.9.5, the
-OpenSSL functions that need randomness report an error if the random
-number generator has not been seeded with at least 128 bits of
-randomness.  If this error occurs, please contact the author of the
-application you are using.  It is likely that it never worked
-correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
-to perform potentially insecure encryption.
-
-On systems without /dev/urandom, it is a good idea to use the Entropy
-Gathering Demon; see the RAND_egd() manpage for details.
-
-Most components of the openssl command line tool try to use the
-file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
-for seeding the PRNG.  If this file does not exist or is too short,
-the "PRNG not seeded" error message may occur.
-
-[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
-0.9.5 does not do this and will fail on systems without /dev/urandom
-when trying to password-encrypt an RSA key!  This is a bug in the
-library; try a later version instead.]
-
-For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
-installing the SUNski package from Sun patch 105710-01 (Sparc) which
-adds a /dev/random device and make sure it gets used, usually through
-$RANDFILE.  There are probably similar patches for the other Solaris
-versions.  However, be warned that /dev/random is usually a blocking
-device, which may have some effects on OpenSSL.
-
-
-* How do I create certificates or certificate requests?
-
-Check out the CA.pl(1) manual page. This provides a simple wrapper round
-the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
-out the manual pages for the individual utilities and the certificate
-extensions documentation (currently in doc/openssl.txt).
-
-
-* Why can't I create certificate requests?
-
-You typically get the error:
-
-	unable to find 'distinguished_name' in config
-	problems making Certificate Request
-
-This is because it can't find the configuration file. Check out the
-DIAGNOSTICS section of req(1) for more information.
-
-
-* Why does <SSL program> fail with a certificate verify error?
-
-This problem is usually indicated by log messages saying something like
-"unable to get local issuer certificate" or "self signed certificate".
-When a certificate is verified its root CA must be "trusted" by OpenSSL
-this typically means that the CA certificate must be placed in a directory
-or file and the relevant program configured to read it. The OpenSSL program
-'verify' behaves in a similar way and issues similar error messages: check
-the verify(1) program manual page for more information.
-
-
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-
-This is almost certainly because you are using an old "export grade" browser
-which only supports weak encryption. Upgrade your browser to support 128 bit
-ciphers.
-
-
-* How can I create DSA certificates?
-
-Check the CA.pl(1) manual page for a DSA certificate example.
-
-
-* Why can't I make an SSL connection to a server using a DSA certificate?
-
-Typically you'll see a message saying there are no shared ciphers when
-the same setup works fine with an RSA certificate. There are two possible
-causes. The client may not support connections to DSA servers most web
-browsers (including Netscape and MSIE) only support connections to servers
-supporting RSA cipher suites. The other cause is that a set of DH parameters
-has not been supplied to the server. DH parameters can be created with the
-dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
-check the source to s_server in apps/s_server.c for an example.
-
-
-* How can I remove the passphrase on a private key?
-
-Firstly you should be really *really* sure you want to do this. Leaving
-a private key unencrypted is a major security risk. If you decide that
-you do have to do this check the EXAMPLES sections of the rsa(1) and
-dsa(1) manual pages.
-
-
-* Why can't I use OpenSSL certificates with SSL client authentication?
-
-What will typically happen is that when a server requests authentication
-it will either not include your certificate or tell you that you have
-no client certificates (Netscape) or present you with an empty list box
-(MSIE). The reason for this is that when a server requests a client
-certificate it includes a list of CAs names which it will accept. Browsers
-will only let you select certificates from the list on the grounds that
-there is little point presenting a certificate which the server will
-reject.
-
-The solution is to add the relevant CA certificate to your servers "trusted
-CA list". How you do this depends on the server sofware in uses. You can
-print out the servers list of acceptable CAs using the OpenSSL s_client tool:
-
-openssl s_client -connect www.some.host:443 -prexit
-
-If your server only requests certificates on certain URLs then you may need
-to manually issue an HTTP GET command to get the list when s_client connects:
-
-GET /some/page/needing/a/certificate.html
-
-If your CA does not appear in the list then this confirms the problem.
-
-
-* Why does my browser give a warning about a mismatched hostname?
-
-Browsers expect the server's hostname to match the value in the commonName
-(CN) field of the certificate. If it does not then you get a warning.
-
-
-[BUILD] =======================================================================
-
-* Why does the linker complain about undefined symbols?
-
-Maybe the compilation was interrupted, and make doesn't notice that
-something is missing.  Run "make clean; make".
-
-If you used ./Configure instead of ./config, make sure that you
-selected the right target.  File formats may differ slightly between
-OS versions (for example sparcv8/sparcv9, or a.out/elf).
-
-In case you get errors about the following symbols, use the config
-option "no-asm", as described in INSTALL:
-
- BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
- CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
- RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
- bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
- bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
- des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
- des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
-
-If none of these helps, you may want to try using the current snapshot.
-If the problem persists, please submit a bug report.
-
-
-* Why does the OpenSSL test fail with "bc: command not found"?
-
-You didn't install "bc", the Unix calculator.  If you want to run the
-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
-
-
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-
-On some SCO installations or versions, bc has a bug that gets triggered
-when you run the test suite (using "make test").  The message returned is
-"bc: 1 not implemented".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL compilation fail on Alpha True64 Unix?
-
-On some Alpha installations running True64 Unix and Compaq C, the compilation
-of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
-memory to continue compilation.'  As far as the tests have shown, this may be
-a compiler bug.  What happens is that it eats up a lot of resident memory
-to build something, probably a table.  The problem is clearly in the
-optimization code, because if one eliminates optimization completely (-O0),
-the compilation goes through (and the compiler consumes about 2MB of resident
-memory instead of 240MB or whatever one's limit is currently).
-
-There are three options to solve this problem:
-
-1. set your current data segment size soft limit higher.  Experience shows
-that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do
-this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
-kbytes to set the limit to.
-
-2. If you have a hard limit that is lower than what you need and you can't
-get it changed, you can compile all of OpenSSL with -O0 as optimization
-level.  This is however not a very nice thing to do for those who expect to
-get the best result from OpenSSL.  A bit more complicated solution is the
-following:
-
----- snip:start -----
-  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
-       sed -e 's/ -O[0-9] / -O0 /'`"
-  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
-  make
----- snip:end -----
-
-This will only compile sha_dgst.c with -O0, the rest with the optimization
-level chosen by the configuration process.  When the above is done, do the
-test and installation and you're set.
-
-
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-
-Getting this message is quite usual on Solaris 2, because Sun has hidden
-away 'ar' and other development commands in directories that aren't in
-$PATH by default.  One of those directories is '/usr/ccs/bin'.  The
-quickest way to fix this is to do the following (it assumes you use sh
-or any sh-compatible shell):
-
----- snip:start -----
-  PATH=${PATH}:/usr/ccs/bin; export PATH
----- snip:end -----
-
-and then redo the compilation.  What you should really do is make sure
-'/usr/ccs/bin' is permanently in your $PATH, for example through your
-'.profile' (again, assuming you use a sh-compatible shell).
-
-
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-
-Sometimes, you may get reports from VC++ command line (cl) that it
-can't find standard include files like stdio.h and other weirdnesses.
-One possible cause is that the environment isn't correctly set up.
-To solve that problem, one should run VCVARS32.BAT which is found in
-the 'bin' subdirectory of the VC++ installation directory (somewhere
-under 'Program Files').  This needs to be done prior to running NMAKE,
-and the changes are only valid for the current DOS session.
-
-
-[PROG] ========================================================================
-
-* Is OpenSSL thread-safe?
-
-Yes (with limitations: an SSL connection may not concurrently be used
-by multiple threads).  On Windows and many Unix systems, OpenSSL
-automatically uses the multi-threaded versions of the standard
-libraries.  If your platform is not one of these, consult the INSTALL
-file.
-
-Multi-threaded applications must provide two callback functions to
-OpenSSL.  This is described in the threads(3) manpage.
-
-
-* I've compiled a program under Windows and it crashes: why?
-
-This is usually because you've missed the comment in INSTALL.W32. You
-must link with the multithreaded DLL version of the VC++ runtime library
-otherwise the conflict will cause a program to crash: typically on the
-first BIO related read or write operation.
-
-
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-
-You have two options. You can either use a memory BIO in conjunction
-with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
-i2d_XXX(), d2i_XXX() functions directly. Since these are often the
-cause of grief here are some code fragments using PKCS7 as an example:
-
-unsigned char *buf, *p;
-int len;
-
-len = i2d_PKCS7(p7, NULL);
-buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
-p = buf;
-i2d_PKCS7(p7, &p);
-
-At this point buf contains the len bytes of the DER encoding of
-p7.
-
-The opposite assumes we already have len bytes in buf:
-
-unsigned char *p;
-p = buf;
-p7 = d2i_PKCS7(NULL, &p, len);
-
-At this point p7 contains a valid PKCS7 structure of NULL if an error
-occurred. If an error occurred ERR_print_errors(bio) should give more
-information.
-
-The reason for the temporary variable 'p' is that the ASN1 functions
-increment the passed pointer so it is ready to read or write the next
-structure. This is often a cause of problems: without the temporary
-variable the buffer pointer is changed to point just after the data
-that has been read or written. This may well be uninitialized data
-and attempts to free the buffer will have unpredictable results
-because it no longer points to the same address.
-
-
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-
-This usually happens when you try compiling something using the PKCS#12
-macros with a C++ compiler. There is hardly ever any need to use the
-PKCS#12 macros in a program, it is much easier to parse and create
-PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
-documented in doc/openssl.txt and with examples in demos/pkcs12. The
-'pkcs12' application has to use the macros because it prints out 
-debugging information.
-
-
-* I've called <some function> and it fails, why?
-
-Before submitting a report or asking in one of the mailing lists, you
-should try to determine the cause. In particular, you should call
-ERR_print_errors() or ERR_print_errors_fp() after the failed call
-and see if the message helps. Note that the problem may occur earlier
-than you think -- you should check for errors after every call where
-it is possible, otherwise the actual problem may be hidden because
-some OpenSSL functions clear the error state.
-
-
-* I just get a load of numbers for the error output, what do they mean?
-
-The actual format is described in the ERR_print_errors() manual page.
-You should call the function ERR_load_crypto_strings() before hand and
-the message will be output in text form. If you can't do this (for example
-it is a pre-compiled binary) you can use the errstr utility on the error
-code itself (the hex digits after the second colon).
-
-
-* Why do I get errors about unknown algorithms?
-
-This can happen under several circumstances such as reading in an
-encrypted private key or attempting to decrypt a PKCS#12 file. The cause
-is forgetting to load OpenSSL's table of algorithms with
-OpenSSL_add_all_algorithms(). See the manual page for more information.
-
-
-* Why can't the OpenSSH configure script detect OpenSSL?
-
-There is a problem with OpenSSH 1.2.2p1, in that the configure script
-can't find the installed OpenSSL libraries.  The problem is actually
-a small glitch that is easily solved with the following patch to be
-applied to the OpenSSH distribution:
-
----- snip:start -----
--- openssh-1.2.2p1/configure.in.orig	Thu Mar 23 18:56:58 2000
-+++ openssh-1.2.2p1/configure.in	Thu Mar 23 18:55:05 2000
-@@ -152,10 +152,10 @@
- AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
- for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
- 	if test ! -z "$ssldir" ; then
-		LIBS="$saved_LIBS -L$ssldir"
-+		LIBS="$saved_LIBS -L$ssldir/lib"
- 		CFLAGS="$CFLAGS -I$ssldir/include"
- 		if test "x$need_dash_r" = "x1" ; then
-			LIBS="$LIBS -R$ssldir"
-+			LIBS="$LIBS -R$ssldir/lib"
- 		fi
- 	fi
- 	LIBS="$LIBS -lcrypto"
--- openssh-1.2.2p1/configure.orig	Thu Mar 23 18:55:02 2000
-+++ openssh-1.2.2p1/configure	Thu Mar 23 18:57:08 2000
-@@ -1890,10 +1890,10 @@
- echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5
- for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
- 	if test ! -z "$ssldir" ; then
-		LIBS="$saved_LIBS -L$ssldir"
-+		LIBS="$saved_LIBS -L$ssldir/lib"
- 		CFLAGS="$CFLAGS -I$ssldir/include"
- 		if test "x$need_dash_r" = "x1" ; then
-			LIBS="$LIBS -R$ssldir"
-+			LIBS="$LIBS -R$ssldir/lib"
- 		fi
- 	fi
- 	LIBS="$LIBS -lcrypto"
----- snip:end -----
-
-
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-
-Yes; make sure to read the SSL_get_error(3) manual page!
-
-A pitfall to avoid: Don't assume that SSL_read() will just read from
-the underlying transport or that SSL_write() will just write to it --
-it is also possible that SSL_write() cannot do any useful work until
-there is data to read, or that SSL_read() cannot do anything until it
-is possible to send data.  One reason for this is that the peer may
-request a new TLS/SSL handshake at any time during the protocol,
-requiring a bi-directional message exchange; both SSL_read() and
-SSL_write() will try to continue any pending handshake.
-
-
-===============================================================================
-
--- a/126
+++ b/126
@@ -0,0 +1,126 @@
+SSLeay 0.8.1 released.
+
+19-Jul-97
+	- Server side initated dynamic renegotiation is broken.  I will fix
+	  it when I get back from holidays.
+
+15-Jul-97
+	- Quite a few small changes.
+	- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
+
+09-Jul-97
+	- Added 2 new values to the SSL info callback.
+	  SSL_CB_START which is passed when the SSL protocol is started
+	  and SSL_CB_DONE when it has finished sucsessfully.
+
+08-Jul-97
+	- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
+	  that related to DSA public/private keys.
+	- Added all the relevent PEM and normal IO functions to support
+	  reading and writing RSAPublic keys.
+	- Changed makefiles to use ${AR} instead of 'ar r'
+
+07-Jul-97
+	- Error in ERR_remove_state() that would leave a dangling reference
+	  to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
+	- s_client now prints the X509_NAMEs passed from the server
+	  when requesting a client cert.
+	- Added a ssl->type, which is one of SSL_ST_CONNECT or
+	  SSL_ST_ACCEPT.  I had to add it so I could tell if I was
+	  a connect or an accept after the handshake had finished.
+	- SSL_get_client_CA_list(SSL *s) now returns the CA names
+	  passed by the server if called by a client side SSL.
+
+05-Jul-97
+	- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
+	  0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
+
+04-Jul-97
+	- Fixed some things in X509_NAME_add_entry(), thanks to
+	  Matthew Donald <matthew@world.net>.
+	- I had a look at the cipher section and though that it was a
+	  bit confused, so I've changed it.
+	- I was not setting up the RC4-64-MD5 cipher correctly.  It is
+	  a MS special that appears in exported MS Money.
+	- Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
+	  spec.  I was missing the two byte length header for the
+	  ClientDiffieHellmanPublic value.  This is a packet sent from
+	  the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+	  option will enable SSLeay server side SSLv3 accept either
+	  the correct or my 080 packet format.
+	- Fixed a few typos in crypto/pem.org.
+
+02-Jul-97
+	- Alias mapping for EVP_get_(digest|cipher)byname is now
+	  performed before a lookup for actual cipher.  This means
+	  that an alias can be used to 're-direct' a cipher or a
+	  digest.
+	- ASN1_read_bio() had a bug that only showed up when using a
+	  memory BIO.  When EOF is reached in the memory BIO, it is
+	  reported as a -1 with BIO_should_retry() set to true.
+
+01-Jul-97
+	- Fixed an error in X509_verify_cert() caused by my
+	  miss-understanding how 'do { contine } while(0);' works.
+	  Thanks to Emil Sit <sit@mit.edu> for educating me :-)
+
+30-Jun-97
+	- Base64 decoding error.  If the last data line did not end with
+	  a '=', sometimes extra data would be returned.
+	- Another 'cut and paste' bug in x509.c related to setting up the
+	  STDout BIO.
+
+27-Jun-97
+	- apps/ciphers.c was not printing due to an editing error.
+	- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
+	  a library build error in util/mk1mf.pl
+
+26-Jun-97
+	- Still did not have the auto 'experimental' code removal
+	  script correct.
+	- A few header tweaks for Watcom 11.0 under Win32 from
+	  Rolf Lindemann <Lindemann@maz-hh.de>
+	- 0 length OCTET_STRING bug in asn1_parse
+	- A minor fix with an non-existent function in the MS .def files.
+	- A few changes to the PKCS7 stuff.
+
+25-Jun-97
+	SSLeay 0.8.0 finally it gets released.
+
+24-Jun-97
+	Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
+	use a temporary RSA key.  This is experimental and needs some more work.
+	Fixed a few Win16 build problems.
+
+23-Jun-97
+	SSLv3 bug. I was not doing the 'lookup' of the CERT structure
+	correctly. I was taking the SSL->ctx->default_cert when I should
+	have been using SSL->cert. The bug was in ssl/s3_srvr.c
+
+20-Jun-97
+	X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
+	rest of the library. Even though I had the code required to do
+	it correctly, apps/req.c was doing the wrong thing.  I have fixed
+	and tested everything.
+
+	Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
+
+19-Jun-97
+	Fixed a bug in the SSLv2 server side first packet handling. When
+	using the non-blocking test BIO, the ssl->s2->first_packet flag
+	was being reset when a would-block failure occurred when reading
+	the first 5 bytes of the first packet. This caused the checking
+	logic to run at the wrong time and cause an error.
+
+	Fixed a problem with specifying cipher. If RC4-MD5 were used,
+	only the SSLv3 version would be picked up.  Now this will pick
+	up both SSLv2 and SSLv3 versions. This required changing the
+	SSL_CIPHER->mask values so that they only mask the ciphers,
+	digests, authentication, export type and key-exchange algorithms.
+
+	I found that when a SSLv23 session is established, a reused
+	session, of type SSLv3 was attempting to write the SSLv2 
+	ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
+	method has been modified so it will only write out cipher which
+	that method knows about.  
+
--- a/CHANGES.SSLeay
+++ b/CHANGES.SSLeay
@@ -1,529 +1,4 @@
-This file contains the changes for the SSLeay library up to version
-0.9.0b. For later changes, see the file "CHANGES".
-
-  SSLeay CHANGES
-  ______________
-
-Changes between 0.8.x and 0.9.0b
-
-10-Apr-1998
-
-I said the next version would go out at easter, and so it shall.
-I expect a 0.9.1 will follow with portability fixes in the next few weeks.
-
-This is a quick, meet the deadline.  Look to ssl-users for comments on what
-is new etc.
-
-eric (about to go bushwalking for the 4 day easter break :-)
-
-16-Mar-98
-    - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
-    - Lots and lots of changes
-
-29-Jan-98
-    - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
-      Goetz Babin-Ebell <babinebell@trustcenter.de>.
-    - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
-      TLS1_VERSION.
-
-7-Jan-98
-    - Finally reworked the cipher string to ciphers again, so it
-      works correctly
-    - All the app_data stuff is now ex_data with funcion calls to access.
-      The index is supplied by a function and 'methods' can be setup
-      for the types that are called on XXX_new/XXX_free.  This lets
-      applications get notified on creation and destruction.  Some of
-      the RSA methods could be implemented this way and I may do so.
-    - Oh yes, SSL under perl5 is working at the basic level.
-
-15-Dec-97
-    - Warning - the gethostbyname cache is not fully thread safe,
-      but it should work well enough.
-    - Major internal reworking of the app_data stuff.  More functions
-      but if you were accessing ->app_data directly, things will
-      stop working.
-    - The perlv5 stuff is working.  Currently on message digests,
-      ciphers and the bignum library.
-
-9-Dec-97
-    - Modified re-negotiation so that server initated re-neg
-      will cause a SSL_read() to return -1 should retry.
-      The danger otherwise was that the server and the
-      client could end up both trying to read when using non-blocking
-      sockets.
-
-4-Dec-97
-    - Lots of small changes
-    - Fix for binaray mode in Windows for the FILE BIO, thanks to
-      Bob Denny <rdenny@dc3.com>
-
-17-Nov-97
-    - Quite a few internal cleanups, (removal of errno, and using macros
-      defined in e_os.h).
-    - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
-      the automactic naming out output files was being stuffed up.
-
-29-Oct-97
-    - The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
-      for x86.
-
-21-Oct-97
-    - Fixed a bug in the BIO_gethostbyname() cache.
-
-15-Oct-97
-    - cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
-      has also been improved.  At this point in time, on the pentium,
-      md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
-      des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
-      is %62 faster.
-
-12-Oct-97
-    - MEM_BUF_grow() has been fixed so that it always sets the buf->length
-      to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
-      way to set the length value correctly.
-
-10-Oct-97
-    - I now hash for certificate lookup on the raw DER encoded RDN (md5).
-      This breaks things again :-(.  This is efficent since I cache
-      the DER encoding of the RDN.
-    - The text DN now puts in the numeric OID instead of UNKNOWN.
-    - req can now process arbitary OIDs in the config file.
-    - I've been implementing md5 in x86 asm, much faster :-).
-    - Started sha1 in x86 asm, needs more work.
-    - Quite a few speedups in the BN stuff.  RSA public operation
-      has been made faster by caching the BN_MONT_CTX structure.
-      The calulating of the Ai where A*Ai === 1 mod m was rather
-      expensive.  Basically a 40-50% speedup on public operations.
-      The RSA speedup is now 15% on pentiums and %20 on pentium
-      pro.
-
-30-Sep-97
-    - After doing some profiling, I added x86 adm for bn_add_words(),
-      which just adds 2 arrays of longs together.  A %10 speedup
-      for 512 and 1024 bit RSA on the pentium pro.
-
-29-Sep-97
-    - Converted the x86 bignum assembler to us the perl scripts
-      for generation.
-
-23-Sep-97
-    - If SSL_set_session() is passed a NULL session, it now clears the
-      current session-id.
-
-22-Sep-97
-    - Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
-      certificates.
-    - Bug in crypto/evp/encode.c where by decoding of 65 base64
-      encoded lines, one line at a time (via a memory BIO) would report
-      EOF after the first line was decoded.
-    - Fix in X509_find_by_issuer_and_serial() from
-      Dr Stephen Henson <shenson@bigfoot.com>
-
-19-Sep-97
-    - NO_FP_API and NO_STDIO added.
-    - Put in sh config command.  It auto runs Configure with the correct
-      parameters.
-
-18-Sep-97
-    - Fix x509.c so if a DSA cert has different parameters to its parent,
-      they are left in place.  Not tested yet.
-
-16-Sep-97
-    - ssl_create_cipher_list() had some bugs, fixes from
-      Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
-    - Fixed a bug in the Base64 BIO, where it would return 1 instead
-      of -1 when end of input was encountered but should retry.
-      Basically a Base64/Memory BIO interaction problem.
-    - Added a HMAC set of functions in preporarion for TLS work.
-
-15-Sep-97
-    - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
-    - Prime generation spead up %25 (512 bit prime, pentium pro linux)
-      by using montgomery multiplication in the prime number test.
-
-11-Sep-97
-    - Ugly bug in ssl3_write_bytes().  Basically if application land
-      does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
-      did not check the size and tried to copy the entire buffer.
-      This would tend to cause memory overwrites since SSLv3 has
-      a maximum packet size of 16k.  If your program uses
-      buffers <= 16k, you would probably never see this problem.
-    - Fixed a new errors that were cause by malloc() not returning
-      0 initialised memory..
-    - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
-      SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
-      since this flags stops SSLeay being able to handle client
-      cert requests correctly.
-
-08-Sep-97
-    - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
-      on, the SSL server routines will not use a SSL_SESSION that is
-      held in it's cache.  This in intended to be used with the session-id
-      callbacks so that while the session-ids are still stored in the
-      cache, the decision to use them and how to look them up can be
-      done by the callbacks.  The are the 'new', 'get' and 'remove'
-      callbacks.  This can be used to determine the session-id
-      to use depending on information like which port/host the connection
-      is coming from.  Since the are also SSL_SESSION_set_app_data() and
-      SSL_SESSION_get_app_data() functions, the application can hold
-      information against the session-id as well.
-
-03-Sep-97
-    - Added lookup of CRLs to the by_dir method,
-      X509_load_crl_file() also added.  Basically it means you can
-      lookup CRLs via the same system used to lookup certificates.
-    - Changed things so that the X509_NAME structure can contain
-      ASN.1 BIT_STRINGS which is required for the unique
-      identifier OID.
-    - Fixed some problems with the auto flushing of the session-id
-      cache.  It was not occuring on the server side.
-
-02-Sep-97
-    - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
-      which is the maximum number of entries allowed in the
-      session-id cache.  This is enforced with a simple FIFO list.
-      The default size is 20*1024 entries which is rather large :-).
-      The Timeout code is still always operating.
-
-01-Sep-97
-    - Added an argument to all the 'generate private key/prime`
-      callbacks.  It is the last parameter so this should not
-      break existing code but it is needed for C++.
-    - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
-      BIO.  This lets the BIO read and write base64 encoded data
-      without inserting or looking for '\n' characters.  The '-A'
-      flag turns this on when using apps/enc.c.
-    - RSA_NO_PADDING added to help BSAFE functionality.  This is a
-      very dangerous thing to use, since RSA private key
-      operations without random padding bytes (as PKCS#1 adds) can
-      be attacked such that the private key can be revealed.
-    - ASN.1 bug and rc2-40-cbc and rc4-40 added by
-      Dr Stephen Henson <shenson@bigfoot.com>
-
-31-Aug-97 (stuff added while I was away)    
-    - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
-    - RSA_flags() added allowing bypass of pub/priv match check
-      in ssl/ssl_rsa.c - Tim Hudson.
-    - A few minor bugs.
-
-SSLeay 0.8.1 released.
-
-19-Jul-97
-    - Server side initated dynamic renegotiation is broken.  I will fix
-      it when I get back from holidays.
-
-15-Jul-97
-    - Quite a few small changes.
-    - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
-
-09-Jul-97
-    - Added 2 new values to the SSL info callback.
-      SSL_CB_START which is passed when the SSL protocol is started
-      and SSL_CB_DONE when it has finished sucsessfully.
-
-08-Jul-97
-    - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
-      that related to DSA public/private keys.
-    - Added all the relevent PEM and normal IO functions to support
-      reading and writing RSAPublic keys.
-    - Changed makefiles to use ${AR} instead of 'ar r'
-
-07-Jul-97
-    - Error in ERR_remove_state() that would leave a dangling reference
-      to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
-    - s_client now prints the X509_NAMEs passed from the server
-      when requesting a client cert.
-    - Added a ssl->type, which is one of SSL_ST_CONNECT or
-      SSL_ST_ACCEPT.  I had to add it so I could tell if I was
-      a connect or an accept after the handshake had finished.
-    - SSL_get_client_CA_list(SSL *s) now returns the CA names
-      passed by the server if called by a client side SSL.
-
-05-Jul-97
-    - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
-      0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
-
-04-Jul-97
-    - Fixed some things in X509_NAME_add_entry(), thanks to
-      Matthew Donald <matthew@world.net>.
-    - I had a look at the cipher section and though that it was a
-      bit confused, so I've changed it.
-    - I was not setting up the RC4-64-MD5 cipher correctly.  It is
-      a MS special that appears in exported MS Money.
-    - Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
-      spec.  I was missing the two byte length header for the
-      ClientDiffieHellmanPublic value.  This is a packet sent from
-      the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-      option will enable SSLeay server side SSLv3 accept either
-      the correct or my 080 packet format.
-    - Fixed a few typos in crypto/pem.org.
-
-02-Jul-97
-    - Alias mapping for EVP_get_(digest|cipher)byname is now
-      performed before a lookup for actual cipher.  This means
-      that an alias can be used to 're-direct' a cipher or a
-      digest.
-    - ASN1_read_bio() had a bug that only showed up when using a
-      memory BIO.  When EOF is reached in the memory BIO, it is
-      reported as a -1 with BIO_should_retry() set to true.
-
-01-Jul-97
-    - Fixed an error in X509_verify_cert() caused by my
-      miss-understanding how 'do { contine } while(0);' works.
-      Thanks to Emil Sit <sit@mit.edu> for educating me :-)
-
-30-Jun-97
-    - Base64 decoding error.  If the last data line did not end with
-      a '=', sometimes extra data would be returned.
-    - Another 'cut and paste' bug in x509.c related to setting up the
-      STDout BIO.
-
-27-Jun-97
-    - apps/ciphers.c was not printing due to an editing error.
-    - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
-      a library build error in util/mk1mf.pl
-
-26-Jun-97
-    - Still did not have the auto 'experimental' code removal
-      script correct.
-    - A few header tweaks for Watcom 11.0 under Win32 from
-      Rolf Lindemann <Lindemann@maz-hh.de>
-    - 0 length OCTET_STRING bug in asn1_parse
-    - A minor fix with an non-existent function in the MS .def files.
-    - A few changes to the PKCS7 stuff.
-
-25-Jun-97
-    SSLeay 0.8.0 finally it gets released.
-
-24-Jun-97
-    Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
-    use a temporary RSA key.  This is experimental and needs some more work.
-    Fixed a few Win16 build problems.
-
-23-Jun-97
-    SSLv3 bug. I was not doing the 'lookup' of the CERT structure
-    correctly. I was taking the SSL->ctx->default_cert when I should
-    have been using SSL->cert. The bug was in ssl/s3_srvr.c
-
-20-Jun-97
-    X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
-    rest of the library. Even though I had the code required to do
-    it correctly, apps/req.c was doing the wrong thing.  I have fixed
-    and tested everything.
-
-    Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
-
-19-Jun-97
-    Fixed a bug in the SSLv2 server side first packet handling. When
-    using the non-blocking test BIO, the ssl->s2->first_packet flag
-    was being reset when a would-block failure occurred when reading
-    the first 5 bytes of the first packet. This caused the checking
-    logic to run at the wrong time and cause an error.
-
-    Fixed a problem with specifying cipher. If RC4-MD5 were used,
-    only the SSLv3 version would be picked up.  Now this will pick
-    up both SSLv2 and SSLv3 versions. This required changing the
-    SSL_CIPHER->mask values so that they only mask the ciphers,
-    digests, authentication, export type and key-exchange algorithms.
-
-    I found that when a SSLv23 session is established, a reused
-    session, of type SSLv3 was attempting to write the SSLv2 
-    ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
-    method has been modified so it will only write out cipher which
-    that method knows about.  
-
-
- Changes between 0.8.0 and 0.8.1
-
-  *) Mostly bug fixes. 
-     There is an Ephemeral DH cipher problem which is fixed.
-
- SSLeay 0.8.0
-
-This version of SSLeay has quite a lot of things different from the
-previous version.
-
-Basically check all callback parameters, I will be producing documentation
-about how to use things in th future.  Currently I'm just getting 080 out
-the door.  Please not that there are several ways to do everything, and
-most of the applications in the apps directory are hybrids, some using old
-methods and some using new methods.
-
-Have a look in demos/bio for some very simple programs and
-apps/s_client.c and apps/s_server.c for some more advanced versions.
-Notes are definitly needed but they are a week or so away.
-
-Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
---
-Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
-get those people that want to move to using the new code base off to
-a quick start.
-
-Note that Eric has tidied up a lot of the areas of the API that were
-less than desirable and renamed quite a few things (as he had to break
-the API in lots of places anyrate). There are a whole pile of additional
-functions for making dealing with (and creating) certificates a lot
-cleaner.
-
-01-Jul-97
-Tim Hudson
-tjh@cryptsoft.com
-
---8<---
-
-To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
-use something like the following (assuming you #include "crypto.h" which
-is something that you really should be doing).
-
-#if SSLEAY_VERSION_NUMBER >= 0x0800
-#define SSLEAY8
-#endif
-
-buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
-            too if you are working with BIO internal stuff (as distinct
-        from simply using the interface in an opaque manner)
-
-#include "bio.h"    - required along with "buffer.h" if you write
-              your own BIO routines as the buffer and bio
-              stuff that was intermixed has been separated
-              out 
-            
-envelope.h -> evp.h  (which should have been done ages ago)
-
-Initialisation ... don't forget these or you end up with code that
-is missing the bits required to do useful things (like ciphers):
-
-SSLeay_add_ssl_algorithms()
-(probably also want SSL_load_error_strings() too but you should have
- already had that call in place)
-
-SSL_CTX_new()   - requires an extra method parameter
-              SSL_CTX_new(SSLv23_method()) 
-              SSL_CTX_new(SSLv2_method()) 
-              SSL_CTX_new(SSLv3_method()) 
-
-          OR to only have the server or the client code
-              SSL_CTX_new(SSLv23_server_method()) 
-              SSL_CTX_new(SSLv2_server_method()) 
-              SSL_CTX_new(SSLv3_server_method()) 
-          or  
-              SSL_CTX_new(SSLv23_client_method()) 
-              SSL_CTX_new(SSLv2_client_method()) 
-              SSL_CTX_new(SSLv3_client_method()) 
-
-SSL_set_default_verify_paths() ... renamed to the more appropriate
-SSL_CTX_set_default_verify_paths()
-
-If you want to use client certificates then you have to add in a bit
-of extra stuff in that a SSLv3 server sends a list of those CAs that
-it will accept certificates from ... so you have to provide a list to
-SSLeay otherwise certain browsers will not send client certs.
-
-SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
-
-
-X509_NAME_oneline(X)    -> X509_NAME_oneline(X,NULL,0)  
-               or provide a buffer and size to copy the
-               result into
-
-X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
-          notes on X509_NAME structure changes too)
-
-
-VERIFICATION CODE
-=================
-
-The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
-more accurately reflect things.
-
-The verification callback args are now packaged differently so that
-extra fields for verification can be added easily in future without
-having to break things by adding extra parameters each release :-)
-
-X509_cert_verify_error_string -> X509_verify_cert_error_string
-
-
-BIO INTERNALS
-=============
-
-Eric has fixed things so that extra flags can be introduced in
-the BIO layer in future without having to play with all the BIO
-modules by adding in some macros.
-
-The ugly stuff using 
-    b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
-becomes
-    BIO_clear_retry_flags(b)
-
-    b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
-becomes
-    BIO_set_retry_read(b)
-
-Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
-
-
-
-OTHER THINGS
-============
-
-X509_NAME has been altered so that it isn't just a STACK ... the STACK
-is now in the "entries" field ... and there are a pile of nice functions
-for getting at the details in a much cleaner manner.
-
-SSL_CTX has been altered ... "cert" is no longer a direct member of this
-structure ... things are now down under "cert_store" (see x509_vfy.h) and
-things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
-If your code "knows" about this level of detail then it will need some 
-surgery.
-
-If you depending on the incorrect spelling of a number of the error codes
-then you will have to change your code as these have been fixed.
-
-ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
-has been all along so this makes things clearer.
-ify_cert_error_string(ctx->error));
-
-SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
-            and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
-
-
-
- Changes between 0.7.x and 0.8.0
-  
-  *) There have been lots of changes, mostly the addition of SSLv3.
-     There have been many additions from people and amongst
-     others, C2Net has assisted greatly.
- 
- Changes between 0.7.x and 0.7.x
-
-  *) Internal development version only
-
-SSLeay 0.6.6 13-Jan-1997
-
-The main additions are
-
- assember for x86 DES improvments.
-  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
-  loop and the IP/FP modifications are from
-  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
-  contribution.
- The 'DES macros' introduced in 0.6.5 now have 3 types.
-  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
-  is best and there is a summery of mine in crypto/des/options.txt
- A few bug fixes.
- Added blowfish.  It is not used by SSL but all the other stuff that
-  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
-  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
-  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
-  the 'Configure' script.
- There is now a 'get client certificate' callback which can be
-  'non-blocking'.  If more details are required, let me know.  It will
-  documented more in SSLv3 when I finish it.
- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
-  now tests the ca program.
- Lots of little things modified and tweaked.
-
- SSLeay 0.6.5
+SSLeay 0.6.5

 After quite some time (3 months), the new release.  I have been very busy
 for the last few months and so this is mostly bug fixes and improvments.
@@ -582,7 +57,7 @@ The main changes in this release
 - 'ssleay ciphers' added, lists the default cipher list for SSLeay.
 - RC2 key setup is now compatable with Netscape.
 - Modifed server side of SSL implementation, big performance difference when
-      using session-id reuse.
+	  using session-id reuse.

 0.6.3

@@ -711,16 +186,16 @@ The wrappers are easy to write

 function_fp(fp,x)
 FILE *fp;
-    {
-    BIO *b;
-    int ret;
+	{
+	BIO *b;
+	int ret;

-    if ((b=BIO_new(BIO_s_file())) == NULL) error.....
-    BIO_set_fp(b,fp,BIO_NOCLOSE);
-    ret=function_bio(b,x);
-    BIO_free(b);
-    return(ret);
-    }
+	if ((b=BIO_new(BIO_s_file())) == NULL) error.....
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	ret=function_bio(b,x);
+	BIO_free(b);
+	return(ret);
+	}
 Remember, there are no functions that take FILE * in SSLeay when
 compiled for Windows 3.1 DLL's.

@@ -761,8 +236,8 @@ The list of things to read and do

 dgst -d
 s_client -state (this uses a callback placed in the SSL state loop and
-        will be used else-where to help debug/monitor what
-        is happening.)
+		will be used else-where to help debug/monitor what
+		is happening.)

 doc/why.doc
 doc/bio.doc <- hmmm, needs lots of work.
--- a/409
+++ b/409
@@ -1,281 +1,128 @@
-
- INSTALLATION ON THE UNIX PLATFORM
- ---------------------------------
-
- [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
-  in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
-
- To install OpenSSL, you will need:
-
-  * Perl 5
-  * an ANSI C compiler
-  * a supported Unix operating system
-
- Quick Start
- -----------
-
- If you want to just get on with it, do:
-
-  $ ./config
-  $ make
-  $ make test
-  $ make install
-
- [If any of these steps fails, see section Installation in Detail below.]
-
- This will build and install OpenSSL in the default location, which is (for
- historical reasons) /usr/local/ssl. If you want to install it anywhere else,
- run config like this:
-
-  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
-
-
- Configuration Options
- ---------------------
-
- There are several options to ./config (or ./Configure) to customize
- the build:
-
-  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
-	        Configuration files used by OpenSSL will be in DIR/ssl
-                or the directory specified by --openssldir.
-
-  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
-                the library files and binaries are also installed there.
-
-  rsaref        Build with RSADSI's RSAREF toolkit (this assumes that
-                librsaref.a is in the library search path).
-
-  no-threads    Don't try to build with support for multi-threaded
-                applications.
-
-  threads       Build with support for multi-threaded applications.
-                This will usually require additional system-dependent options!
-                See "Note on multi-threading" below.
-
-  no-shared     Don't try to create shared libraries.
-
-  shared        In addition to the usual static libraries, create shared
-                libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.  THIS IS NOT RECOMMENDED!  Since
-                this is a development branch, the positions of the ENGINE
-                symbols in the transfer vector are constantly moving, so
-                binary backward compatibility can't be guaranteed in any way.
-
-  no-asm        Do not use assembler code.
-
-  386           Use the 80386 instruction set only (the default x86 code is
-                more efficient, but requires at least a 486).
-
-  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
-                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
-                The crypto/<cipher> directory can be removed after running
-                "make depend".
-
-  -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
-                be passed through to the compiler to allow you to
-                define preprocessor symbols, specify additional libraries,
-                library directories or other compiler options.
-
-
- Installation in Detail
- ----------------------
-
- 1a. Configure OpenSSL for your operation system automatically:
-
-       $ ./config [options]
-
-     This guesses at your operating system (and compiler, if necessary) and
-     configures OpenSSL based on this guess. Run ./config -t to see
-     if it guessed correctly. If you want to use a different compiler, you
-     are cross-compiling for another platform, or the ./config guess was
-     wrong for other reasons, go to step 1b. Otherwise go to step 2.
-
-     On some systems, you can include debugging information as follows:
-
-       $ ./config -d [options]
-
- 1b. Configure OpenSSL for your operating system manually
-
-     OpenSSL knows about a range of different operating system, hardware and
-     compiler combinations. To see the ones it knows about, run
-
-       $ ./Configure
-
-     Pick a suitable name from the list that matches your system. For most
-     operating systems there is a choice between using "cc" or "gcc".  When
-     you have identified your system (and if necessary compiler) use this name
-     as the argument to ./Configure. For example, a "linux-elf" user would
-     run:
-
-       $ ./Configure linux-elf [options]
-
-     If your system is not available, you will have to edit the Configure
-     program and add the correct configuration for your system. The
-     generic configurations "cc" or "gcc" should usually work on 32 bit
-     systems.
-
-     Configure creates the file Makefile.ssl from Makefile.org and
-     defines various macros in crypto/opensslconf.h (generated from
-     crypto/opensslconf.h.in).
-
-  2. Build OpenSSL by running:
-
-       $ make
-
-     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
-     OpenSSL binary ("openssl"). The libraries will be built in the top-level
-     directory, and the binary will be in the "apps" directory.
-
-     If "make" fails, look at the output.  There may be reasons for
-     the failure that isn't a problem in OpenSSL itself (like missing
-     standard headers).  If it is a problem with OpenSSL itself, please
-     report the problem to <openssl-bugs@openssl.org> (note that your
-     message will be forwarded to a public mailing list).  Include the
-     output of "make report" in your message.
-
-     [If you encounter assembler error messages, try the "no-asm"
-     configuration option as an immediate fix.]
-
-     Compiling parts of OpenSSL with gcc and others with the system
-     compiler will result in unresolved symbols on some systems.
-
-  3. After a successful build, the libraries should be tested. Run:
-
-       $ make test
-
-     If a test fails, look at the output.  There may be reasons for
-     the failure that isn't a problem in OpenSSL itself (like a missing
-     or malfunctioning bc).  If it is a problem with OpenSSL itself,
-     try removing any compiler optimization flags from the CFLAGS line
-     in Makefile.ssl and run "make clean; make". Please send a bug
-     report to <openssl-bugs@openssl.org>, including the output of
-     "make report".
-
-  4. If everything tests ok, install OpenSSL with
-
-       $ make install
-
-     This will create the installation directory (if it does not exist) and
-     then the following subdirectories:
-
-       certs           Initially empty, this is the default location
-                       for certificate files.
-       man/man1        Manual pages for the 'openssl' command line tool
-       man/man3        Manual pages for the libraries (very incomplete)
-       misc            Various scripts.
-       private         Initially empty, this is the default location
-                       for private key files.
-
-     If you didn't choose a different installation prefix, the
-     following additional subdirectories will be created:
-
-       bin             Contains the openssl binary and a few other 
-                       utility programs. 
-       include/openssl Contains the header files needed if you want to
-                       compile programs with libcrypto or libssl.
-       lib             Contains the OpenSSL library files themselves.
-
-     Package builders who want to configure the library for standard
-     locations, but have the package installed somewhere else so that
-     it can easily be packaged, can use
-
-       $ make INSTALL_PREFIX=/tmp/package-root install
-
-     (or specify "--install_prefix=/tmp/package-root" as a configure
-     option).  The specified prefix will be prepended to all
-     installation target filenames.
-
-
-  NOTE: The header files used to reside directly in the include
-  directory, but have now been moved to include/openssl so that
-  OpenSSL can co-exist with other libraries which use some of the
-  same filenames.  This means that applications that use OpenSSL
-  should now use C preprocessor directives of the form
-
-       #include <openssl/ssl.h>
-
-  instead of "#include <ssl.h>", which was used with library versions
-  up to OpenSSL 0.9.2b.
-
-  If you install a new version of OpenSSL over an old library version,
-  you should delete the old header files in the include directory.
-
-  Compatibility issues:
-
-  *  COMPILING existing applications
-
-     To compile an application that uses old filenames -- e.g.
-     "#include <ssl.h>" --, it will usually be enough to find
-     the CFLAGS definition in the application's Makefile and
-     add a C option such as
-
-          -I/usr/local/ssl/include/openssl
-
-     to it.
-
-     But don't delete the existing -I option that points to
-     the ..../include directory!  Otherwise, OpenSSL header files
-     could not #include each other.
-
-  *  WRITING applications
-
-     To write an application that is able to handle both the new
-     and the old directory layout, so that it can still be compiled
-     with library versions up to OpenSSL 0.9.2b without bothering
-     the user, you can proceed as follows:
-
-     -  Always use the new filename of OpenSSL header files,
-        e.g. #include <openssl/ssl.h>.
-
-     -  Create a directory "incl" that contains only a symbolic
-        link named "openssl", which points to the "include" directory
-        of OpenSSL.
-        For example, your application's Makefile might contain the
-        following rule, if OPENSSLDIR is a pathname (absolute or
-        relative) of the directory where OpenSSL resides:
-
-        incl/openssl:
-        	-mkdir incl
-        	cd $(OPENSSLDIR) # Check whether the directory really exists
-        	-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
-
-        You will have to add "incl/openssl" to the dependencies
-        of those C files that include some OpenSSL header file.
-
-     -  Add "-Iincl" to your CFLAGS.
-
-     With these additions, the OpenSSL header files will be available
-     under both name variants if an old library version is used:
-     Your application can reach them under names like <openssl/foo.h>,
-     while the header files still are able to #include each other
-     with names of the form <foo.h>.
-
-
- Note on multi-threading
- -----------------------
-
- For some systems, the OpenSSL Configure script knows what compiler options
- are needed to generate a library that is suitable for multi-threaded
- applications.  On these systems, support for multi-threading is enabled
- by default; use the "no-threads" option to disable (this should never be
- necessary).
-
- On other systems, to enable support for multi-threading, you will have
- to specify at least two options: "threads", and a system-dependent option.
- (The latter is "-D_REENTRANT" on various systems.)  The default in this
- case, obviously, is not to include support for multi-threading (but
- you can still use "no-threads" to suppress an annoying warning message
- from the Configure script.)
-
-
- Note on shared libraries
- ------------------------
-
- For some systems, the OpenSSL Configure script knows what is needed to
- build shared libraries for libcrypto and libssl.  On these systems,
- the shared libraries are currently not created by default, but giving
- the option "shared" will get them created.  This method supports Makefile
- targets for shared library creation, like linux-shared.  Those targets
- can currently be used on their own just as well, but this is expected
- to change in future versions of OpenSSL.
+# Installation of SSLeay.
+# It depends on perl for a few bits but those steps can be skipped and
+# the top level makefile edited by hand
+
+# When bringing the SSLeay distribution back from the evil intel world
+# of Windows NT, do the following to make it nice again under unix :-)
+# You don't normally need to run this.
+sh util/fixNT.sh	# This only works for NT now - eay - 21-Jun-1996
+
+# If you have perl, and it is not in /usr/local/bin, you can run
+perl util/perlpath.pl /new/path
+# and this will fix the paths in all the scripts.  DO NOT put
+# /new/path/perl, just /new/path. The build
+# environment always run scripts as 'perl perlscript.pl' but some of the
+# 'applications' are easier to usr with the path fixed.
+
+# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
+# to set the install locations if you don't like
+# the default location of /usr/local/ssl
+# Do this by running
+perl util/ssldir.pl /new/ssl/home
+# if you have perl, or by hand if not.
+
+# If things have been stuffed up with the sym links, run
+make -f Makefile.ssl links
+# This will re-populate lib/include with symlinks and for each
+# directory, link Makefile to Makefile.ssl
+
+# Setup the machine dependent stuff for the top level makefile
+# and some select .h files
+# If you don't have perl, this will bomb, in which case just edit the
+# top level Makefile.ssl
+./Configure 'system type'
+
+# The 'Configure' command contains default configuration parameters
+# for lots of machines.  Configure edits 5 lines in the top level Makefile
+# It modifies the following values in the following files
+Makefile.ssl		CC CFLAG EX_LIBS BN_MULW
+crypto/des/des.h	DES_LONG
+crypto/des/des_locl.h	DES_PTR
+crypto/md/md2.h		MD2_INT
+crypto/rc4/rc4.h	RC4_INT
+crypto/rc4/rc4_enc.c	RC4_INDEX
+crypto/rc2/rc2.h	RC2_INT
+crypto/bf/bf_locl.h	BF_INT
+crypto/idea/idea.h	IDEA_INT
+crypto/bn/bn.h		BN_LLONG (and defines one of SIXTY_FOUR_BIT,
+				  SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
+				  SIXTEEN_BIT or EIGHT_BIT)
+Please remember that all these files are actually copies of the file with
+a .org extention.  So if you change crypto/des/des.h, the next time
+you run Configure, it will be runover by a 'configured' version of
+crypto/des/des.org.  So to make the changer the default, change the .org
+files.  The reason these files have to be edited is because most of
+these modifications change the size of fundamental data types.
+While in theory this stuff is optional, it often makes a big
+difference in performance and when using assember, it is importaint
+for the 'Bignum bits' match those required by the assember code.
+A warning for people using gcc with sparc cpu's.  Gcc needs the -mv8
+flag to use the hardware multiply instruction which was not present in
+earlier versions of the sparc CPU.  I define it by default.  If you
+have an old sparc, and it crashes, try rebuilding with this flag
+removed.  I am leaving this flag on by default because it makes
+things run 4 times faster :-)
+
+# clean out all the old stuff
+make clean
+
+# Do a make depend only if you have the makedepend command installed
+# This is not needed but it does make things nice when developing.
+make depend
+
+# make should build everything
+make
+
+# fix up the demo certificate hash directory if it has been stuffed up.
+make rehash
+
+# test everything
+make test
+
+# install the lot
+make install
+
+# It is worth noting that all the applications are built into the one
+# program, ssleay, which is then has links from the other programs
+# names to it.
+# The applicatons can be built by themselves, just don't define the
+# 'MONOLITH' flag.  So to build the 'enc' program stand alone,
+gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
+
+# Other useful make options are
+make makefile.one
+# which generate a 'makefile.one' file which will build the complete
+# SSLeay distribution with temp. files in './tmp' and 'installable' files
+# in './out'
+
+# Have a look at running
+perl util/mk1mf.pl help
+# this can be used to generate a single makefile and is about the only
+# way to generate makefiles for windows.
+
+# There is actually a final way of building SSLeay.
+gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
+gcc -O2 -c -Issl -Iinclude ssl/ssl.c
+# and you now have the 2 libraries as single object files :-).
+# If you want to use the assember code for your particular platform
+# (DEC alpha/x86 are the main ones, the other assember is just the
+# output from gcc) you will need to link the assember with the above generated
+# object file and also do the above compile as
+gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
+
+This last option is probably the best way to go when porting to another
+platform or building shared libraries.  It is not good for development so
+I don't normally use it.
+
+To build shared libararies under unix, have a look in shlib, basically 
+you are on your own, but it is quite easy and all you have to do
+is compile 2 (or 3) files.
+
+For mult-threading, have a read of doc/threads.doc.  Again it is quite
+easy and normally only requires some extra callbacks to be defined
+by the application.
+The examples for solaris and windows NT/95 are in the mt directory.
+
+have fun
+
+eric 25-Jun-1997
--- a/INSTALL.MacOS
+++ b/INSTALL.MacOS
@@ -1,72 +0,0 @@
-OpenSSL - Port To The Macintosh
-===============================
-
-Thanks to Roy Wood <roy@centricsystems.ca> initial support for MacOS (pre
-X) is now provided. "Initial" means that unlike other platforms where you
-get an SDK and a "swiss army" openssl application, on Macintosh you only
-get one sample application which fetches a page over HTTPS(*) and dumps it
-in a window. We don't even build the test applications so that we can't
-guarantee that all algorithms are operational.
-
-Required software:
-
- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar;
- Scriptable Finder;
- CodeWarrior Pro 5;
-
-Installation procedure:
-
- fetch the source at ftp://ftp.openssl.org/ (well, you probably already
-  did, huh?)
- unpack the .tar.gz file:
-	- if you have StuffIt Expander then just drag it over it;
-	- otherwise uncompress it with MacGzip and then unpack with SUNtar;
- locate MacOS folder in OpenSSL source tree and open it;
- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it
-  "in-place", i.e. unpacked files should end-up in the very same folder;
- execute mklinks.as;
- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****);
- that's it for now;
-
-(*)	URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40
-        to 42, change appropriately.
-(**)	If you use SUNtar, then it might have already unbinhexed the files
-	in question.
-(***)	The project file was saved with CW Pro 5.3. If you have earlier
-	version and it refuses to open it, then download
-	http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it
-	overwriting the original OpenSSL.mcp.
-(****)	Other targets are work in progress. If you feel like giving 'em a
-	shot, then you should know that OpenSSL* and Lib* targets are
-	supposed to be built with the GUSI, MacOS library which mimics
-	BSD sockets and some other POSIX APIs. The GUSI distribution is
-	expected to be found in the same directory as openssl source tree,
-	i.e. in the parent directory to the one where this very file,
-	namely INSTALL.MacOS. For more informations about GUSI, see
-	http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
-
-Finally some essential comments from our generous contributor:-)
-
-"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a
-hack, but it works for what I'm doing. If you don't like the way I've done
-it, then feel free to change what I've done. I freely admit that I've done
-some less-than-ideal things in my port, and if you don't like the way I've
-done something, then feel free to change it-- I won't be offended!
-
-... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket"
-library I wrote. My MacSocket library is a wrapper around OpenTransport,
-handling stuff like endpoint creation, reading, writing, etc. It is not
-designed as a high-performance package such as you'd use in a webserver,
-but is fine for lots of other applications. MacSocket also uses some other
-code libraries I've written to deal with string manipulations and error
-handling. Feel free to use these things in your own code, but give me
-credit and/or send me free stuff in appreciation! :-)
-
-...
-
-If you have any questions, feel free to email me as the following:
-
-roy@centricsystems.ca
-
-Roy Wood"
-
--- a/INSTALL.VMS
+++ b/INSTALL.VMS
@@ -1,289 +0,0 @@
-			VMS Installation instructions
-			written by Richard Levitte
-			<richard@levitte.org>
-
-
-Intro:
-======
-
-This file is divided in the following parts:
-
-  Checking the distribution	- Mandatory reading.
-  Compilation			- Mandatory reading.
-  Logical names			- Mandatory reading.
-  Test				- Mandatory reading.
-  Installation			- Mandatory reading.
-  Backward portability		- Read if it's an issue.
-  Possible bugs or quirks	- A few warnings on things that
-				  may go wrong or may surprise you.
-  TODO				- Things that are to come.
-
-
-Checking the distribution:
-==========================
-
-There have been reports of places where the distribution didn't quite get
-through, for example if you've copied the tree from a NFS-mounted unix
-mount point.
-
-The easiest way to check if everything got through as it should is to check
-for oen of the following files:
-
-	[.CRYPTO]OPENSSLCONF.H_IN
-	[.CRYPTO]OPENSSLCONF_H.IN
-
-They should never exist both at once, but one of them should (preferably
-the first variant).  If you can't find any of those two, something went
-wrong.
-
-The best way to get a correct distribution is to download the gzipped tar
-file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
-use VMSTAR to unpack the resulting tar file.
-
-GUNZIP is available in many places on the net.  One of the distribution
-points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
-
-VMSTAR is also available in many places on the net.  The recommended place
-to find information about it is http://www.free.lp.se/vmstar/ .
-
-
-Compilation:
-============
-
-I've used the very good command procedures written by Robert Byer
-<byer@mail.all-net.net>, and just slightly modified them, making
-them slightly more general and easier to maintain.
-
-You can actually compile in almost any directory separately.  Look
-for a command procedure name xxx-LIB.COM (in the library directories)
-or MAKExxx.COM (in the program directories) and read the comments at
-the top to understand how to use them.  However, if you want to
-compile all you can get, the simplest is to use MAKEVMS.COM in the top
-directory.  The syntax is trhe following:
-
-  @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
-
-<option> must be one of the following:
-
-      ALL       Just build "everything".
-      CONFIG    Just build the "[.CRYPTO]OPENSSLCONF.H" file.
-      BUILDINF  Just build the "[.INCLUDE]BUILDINF.H" file.
-      SOFTLINKS Just copies some files, to simulate Unix soft links.
-      BUILDALL  Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done.
-      RSAREF    Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
-      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
-      SSL       Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
-      SSL_TASK  Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
-      TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
-      APPS      Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
-
-<rsaref-p> must be one of the following:
-
-      RSAREF    compile using the RSAREF Library
-      NORSAREF  compile without using RSAREF
-
-Note 0: The RASREF library IS NO LONGER NEEDED.  The RSA patent
-        expires September 20, 2000, and RSA Security chose to make
-        the algorithm public domain two weeks before that.
-
-Note 1: If you still want to use RSAREF, the library is NOT INCLUDED
-        and you have to download it.  RSA Security doesn't carry it
-        any more, but there are a number of places where you can find
-        it.  You have to get the ".tar-Z" file as the ".zip" file
-        doesn't have the directory structure stored.  You have to
-        extract the file into the [.RSAREF] directory as that is where
-        the scripts will look for the files.
-
-Note 2: I have never done this, so I've no idea if it works or not.
-
-<debug-p> must be one of the following:
-
-      DEBUG     compile with debugging info (will not optimize)
-      NODEBUG   compile without debugging info (will optimize)
-
-<compiler> must be one of the following:
-
-      DECC      For DEC C.
-      GNUC      For GNU C.
-
-
-You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
-where xxx is VAX or AXP.  You will find the SSL library in [.xxx.EXE.SSL],
-named LIBSSL.OLB, and you will find a bunch of useful programs in
-[.xxx.EXE.APPS].  However, these shouldn't be used right off unless it's
-just to test them.  For production use, make sure you install first, see
-Installation below.
-
-Note 1: Some programs in this package require a TCP/IP library.
-
-Note 2: if you want to compile the crypto library only, please make sure
-        you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
-        a @MAKEVMS SOFTLINKS.  A lot of things will break if you don't.
-
-
-Logical names:
-==============
-
-There are a few things that can't currently be given through the command
-line.  Instead, logical names are used.
-
-Currently, the logical names supported are:
-
-      OPENSSL_NO_ASM    with value YES, the assembler parts of OpenSSL will
-                        not be used.  Instead, plain C implementations are
-                        used.  This is good to try if something doesn't work.
-      OPENSSL_NO_'alg'  with value YES, the corresponding crypto algorithm
-                        will not be implemented.  Supported algorithms to
-                        do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
-                        SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
-                        SSL2.  So, for example, having the logical name
-                        OPENSSL_NO_RSA with the value YES means that the
-                        LIBCRYPTO.OLB library will not contain an RSA
-                        implementation.
-
-
-Test:
-=====
-
-Testing is very simple, just do the following:
-
-  @[.TEST]TESTS
-
-If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
-it's an ugly hack!) and rebuild. Please send a bug report to
-<openssl-bugs@openssl.org>, including the output of "openssl version -a"
-and of the failed test.
-
-
-Installation:
-=============
-
-Installation is easy, just do the following:
-
-  @INSTALL <root>
-
-<root> is the directory in which everything will be installed,
-subdirectories, libraries, header files, programs and startup command
-procedures.
-
-N.B.: INSTALL.COM builds a new directory structure, different from
-the directory tree where you have now build OpenSSL.
-
-In the [.VMS] subdirectory of the installation, you will find the
-following command procedures:
-
-  OPENSSL_STARTUP.COM
-
-        defines all needed logical names.  Takes one argument that
-        tells it in what logical name table to insert the logical
-        names.  If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
-        call should look like this: 
-
-          @openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
-
-  OPENSSL_UTILS.COM
-
-        sets up the symbols to the applications.  Should be called
-        from for example SYS$MANAGER:SYLOGIN.COM 
-
-The logical names that are set up are the following:
-
-  SSLROOT       a dotted concealed logical name pointing at the
-                root directory.
-
-  SSLCERTS      Initially an empty directory, this is the default
-		location for certificate files.
-  SSLMISC	Various scripts.
-  SSLPRIVATE	Initially an empty directory, this is the default
-		location for private key files.
-
-  SSLEXE        Contains the openssl binary and a few other utility
-		programs.
-  SSLINCLUDE    Contains the header files needed if you want to
-		compile programs with libcrypto or libssl.
-  SSLLIB        Contains the OpenSSL library files (LIBCRYPTO.OLB
-		and LIBSSL.OLB) themselves.
-
-  OPENSSL	Same as SSLINCLUDE.  This is because the standard
-		way to include OpenSSL header files from version
-		0.9.3 and on is:
-
-			#include <openssl/header.h>
-
-		For more info on this issue, see the INSTALL. file
-		(the NOTE in section 4 of "Installation in Detail").
-		You don't need to "deleting old header files"!!!
-
-
-Backward portability:
-=====================
-
-One great problem when you build a library is making sure it will work
-on as many versions of VMS as possible.  Especially, code compiled on
-OpenVMS version 7.x and above tend to be unusable in version 6.x or
-lower, because some C library routines have changed names internally
-(the C programmer won't usually see it, because the old name is
-maintained through C macros).  One obvious solution is to make sure
-you have a development machine with an old enough version of OpenVMS.
-However, if you are stuck with a bunch of Alphas running OpenVMS version
-7.1, you seem to be out of luck.  Fortunately, the DEC C header files
-are cluttered with conditionals that make some declarations and definitions
-dependent on the OpenVMS version or the C library version, *and* you
-can use those macros to simulate older OpenVMS or C library versions,
-by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
-correct values.  In the compilation scripts, I've provided the possibility
-for the user to influence the creation of such macros, through a bunch of
-symbols, all having names starting with USER_.  Here's the list of them:
-
-  USER_CCFLAGS		 - Used to give additional qualifiers to the
-			   compiler.  It can't be used to define macros
-			   since the scripts will do such things as well.
-			   To do such things, use USER_CCDEFS.
-  USER_CCDEFS		 - Used to define macros on the command line.  The
-			   value of this symbol will be inserted inside a
-			   /DEFINE=(...).
-  USER_CCDISABLEWARNINGS - Used to disable some warnings.  The value is
-			   inserted inside a /DISABLE=WARNING=(...).
-
-So, to maintain backward compatibility with older VMS versions, do the
-following before you start compiling:
-
-  $ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
-  $ USER_CCDISABLEWARNINGS := PREOPTW
-
-The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
-that those macros have been changed.
-
-Note: Currently, this is only usefull for library compilation.  The
-      programs will still be linked with the current version of the
-      C library shareable image, and will thus complain if they are
-      faced with an older version of the same C library shareable image.
-      This will probably be fixed in a future revision of OpenSSL.
-
-
-Possible bugs or quirks:
-========================
-
-I'm not perfectly sure all the programs will use the SSLCERTS:
-directory by default, it may very well be that you have to give them
-extra arguments.  Please experiment.
-
-
-TODO:
-=====
-
-There are a few things that need to be worked out in the VMS version of
-OpenSSL, still:
-
- Description files. ("Makefile's" :-))
- Script code to link an already compiled build tree.
- A VMSINSTALlable version (way in the future, unless someone else hacks).
- shareable images (DLL for you Windows folks).
-
-There may be other things that I have missed and that may be desirable.
-Please send mail to <openssl-users@openssl.org> or to me directly if you
-have any ideas.
-
--
-Richard Levitte <richard@levitte.org>
-2000-02-27
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -1,260 +0,0 @@
- 
- INSTALLATION ON THE WIN32 PLATFORM
- ----------------------------------
-
- Heres a few comments about building OpenSSL in Windows environments. Most of
- this is tested on Win32 but it may also work in Win 3.1 with some
- modification.
-
- You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
- and one of the following C compilers:
-
-  * Visual C++
-  * Borland C
-  * GNU C (Mingw32 or Cygwin32)
-
- If you want to compile in the assembly language routines with Visual C++ then
- you will need an assembler. This is worth doing because it will result in
- faster code: for example it will typically result in a 2 times speedup in the
- RSA routines. Currently the following assemblers are supported:
-
-  * Microsoft MASM (aka "ml")
-  * Free Netwide Assembler NASM.
-
- MASM was at one point distributed with VC++. It is now distributed with some
- Microsoft DDKs, for example the Windows NT 4.0 DDK and the Windows 98 DDK. If
- you do not have either of these DDKs then you can just download the binaries
- for the Windows 98 DDK and extract and rename the two files XXXXXml.exe and
- XXXXXml.err, to ml.exe and ml.err and install somewhere on your PATH. Both
- DDKs can be downloaded from the Microsoft developers site www.msdn.com.
-
- NASM is freely available. Version 0.98 was used during testing: other versions
- may also work. It is available from many places, see for example:
- http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
- The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
-
- If you are compiling from a tarball or a CVS snapshot then the Win32 files
- may well be not up to date. This may mean that some "tweaking" is required to
- get it all to work. See the trouble shooting section later on for if (when?)
- it goes wrong.
-
- Visual C++
- ----------
-
- Firstly you should run Configure:
-
- > perl Configure VC-WIN32
-
- Next you need to build the Makefiles and optionally the assembly language
- files:
-
- - If you are using MASM then run:
-
-   > ms\do_masm
-
- - If you are using NASM then run:
-
-   > ms\do_nasm
-
- - If you don't want to use the assembly language files at all then run:
-
-   > ms\do_ms
-
- If you get errors about things not having numbers assigned then check the
- troubleshooting section: you probably won't be able to compile it as it
- stands.
-
- Then from the VC++ environment at a prompt do:
-
- > nmake -f ms\ntdll.mak
-
- If all is well it should compile and you will have some DLLs and executables
- in out32dll. If you want to try the tests then do:
- 
- > cd out32dll
- > ..\ms\test
-
- Tweaks:
-
- There are various changes you can make to the Win32 compile environment. By
- default the library is not compiled with debugging symbols. If you add 'debug'
- to the mk1mk.pl lines in the do_* batch file then debugging symbols will be
- compiled in.
-
- The default Win32 environment is to leave out any Windows NT specific
- features.
-
- If you want to enable the NT specific features of OpenSSL (currently only the
- logging BIO) follow the instructions above but call the batch file do_nt.bat
- instead of do_ms.bat.
-
- You can also build a static version of the library using the Makefile
- ms\nt.mak
-
- Borland C++ builder 3 and 4
- ---------------------------
-
- * Setup PATH. First must be GNU make then bcb4/bin 
-
- * Run ms\bcb4.bat
-
- * Run make:
-   > make -f bcb.mak
-
- GNU C (Mingw32)
- ---------------
-
- To build OpenSSL, you need the Mingw32 package and GNU make.
-
- * Compiler installation:
-
-   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
-   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at
-   <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
-   make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
-   C:\egcs-1.1.2\mingw32.bat to set the PATH.
-
- * Compile OpenSSL:
-
-   > ms\mingw32
-
-   This will create the library and binaries in out. In case any problems
-   occur, try
-   > ms\mingw32 no-asm
-   instead.
-
-   libcrypto.a and libssl.a are the static libraries. To use the DLLs,
-   link with libeay32.a and libssl32.a instead.
-
-   See troubleshooting if you get error messages about functions not having
-   a number assigned.
-
- * You can now try the tests:
-
-   > cd out
-   > ..\ms\test
-
- GNU C (CygWin32)
- ---------------
-
- CygWin32 provides a bash shell and GNU tools environment running on
- NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL
- with CygWin is closer to a GNU bash environment such as Linux rather
- than other W32 makes that are based on a single makefile approach.
- CygWin32 implements Posix/Unix calls through cygwin1.dll, and is
- contrasted to Mingw32 which links dynamically to msvcrt.dll or
- crtdll.dll.
-
- To build OpenSSL using CygWin32:
-
- * Install CygWin32 (see http://sourceware.cygnus.com/cygwin)
-
- * Install Perl and ensure it is in the path
-
- * Run the CygWin bash shell
-
- * $ tar zxvf openssl-x.x.x.tar.gz
-   $ cd openssl-x.x.x
-   $ ./Configure no-threads CygWin32
-   [...]
-   $ make
-   [...]
-   $ make test
-   $ make install
-
- This will create a default install in /usr/local/ssl.
-
- CygWin32 Notes:
-
- "make test" and normal file operations may fail in directories
- mounted as text (i.e. mount -t c:\somewhere /home) due to CygWin
- stripping of carriage returns. To avoid this ensure that a binary
- mount is used, e.g. mount -b c:\somewhere /home.
-
- As of version 1.1.1 CygWin32 is relatively unstable in its handling
- of cr/lf issues. These make procedures succeeded with versions 1.1 and
- the snapshot 20000524 (Slow!).
-
- "bc" is not provided in the CygWin32 distribution.  This causes a
- non-fatal error in "make test" but is otherwise harmless.  If
- desired, GNU bc can be built with CygWin32 without change.
-
-
- Installation
- ------------
-
- There's currently no real installation procedure for Win32.  There are,
- however, some suggestions:
-
-    - do nothing.  The include files are found in the inc32/ subdirectory,
-      all binaries are found in out32dll/ or out32/ depending if you built
-      dynamic or static libraries.
-
-    - do as is written in INSTALL.Win32 that comes with modssl:
-
-	$ md c:\openssl 
-	$ md c:\openssl\bin
-	$ md c:\openssl\lib
-	$ md c:\openssl\include
-	$ md c:\openssl\include\openssl
-	$ copy /b inc32\*               c:\openssl\include\openssl
-	$ copy /b out32dll\ssleay32.lib c:\openssl\lib
-	$ copy /b out32dll\libeay32.lib c:\openssl\lib
-	$ copy /b out32dll\ssleay32.dll c:\openssl\bin
-	$ copy /b out32dll\libeay32.dll c:\openssl\bin
-	$ copy /b out32dll\openssl.exe  c:\openssl\bin
-
-      Of course, you can choose another device than c:.  C: is used here
-      because that's usually the first (and often only) harddisk device.
-      Note: in the modssl INSTALL.Win32, p: is used rather than c:.
-
-
- Troubleshooting
- ---------------
-
- Since the Win32 build is only occasionally tested it may not always compile
- cleanly.  If you get an error about functions not having numbers assigned
- when you run ms\do_ms then this means the Win32 ordinal files are not up to
- date. You can do:
-
- > perl util\mkdef.pl crypto ssl update
-
- then ms\do_XXX should not give a warning any more. However the numbers that
- get assigned by this technique may not match those that eventually get
- assigned in the CVS tree: so anything linked against this version of the
- library may need to be recompiled.
-
- If you get errors about unresolved symbols there are several possible
- causes.
-
- If this happens when the DLL is being linked and you have disabled some
- ciphers then it is possible the DEF file generator hasn't removed all
- the disabled symbols: the easiest solution is to edit the DEF files manually
- to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def.
-
- Another cause is if you missed or ignored the errors about missing numbers
- mentioned above.
-
- If you get warnings in the code then the compilation will halt.
-
- The default Makefile for Win32 halts whenever any warnings occur. Since VC++
- has its own ideas about warnings which don't always match up to other
- environments this can happen. The best fix is to edit the file with the
- warning in and fix it. Alternatively you can turn off the halt on warnings by
- editing the CFLAG line in the Makefile and deleting the /WX option.
-
- You might get compilation errors. Again you will have to fix these or report
- them.
-
- One final comment about compiling applications linked to the OpenSSL library.
- If you don't use the multithreaded DLL runtime library (/MD option) your
- program will almost certainly crash because malloc gets confused -- the
- OpenSSL DLLs are statically linked to one version, the application must
- not use a different one.  You might be able to work around such problems
- by adding CRYPTO_malloc_init() to your program before any calls to the
- OpenSSL libraries: This tells the OpenSSL libraries to use the same
- malloc(), free() and realloc() as the application.  However there are many
- standard library functions used by OpenSSL that call malloc() internally
- (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
- rely on CYRPTO_malloc_init() solving your problem, and you should
- consistently use the multithreaded library.
--- a/127
+++ b/127
@@ -1,127 +0,0 @@
-
-  LICENSE ISSUES
-  ==============
-
-  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
-  the OpenSSL License and the original SSLeay license apply to the toolkit.
-  See below for the actual license texts. Actually both licenses are BSD-style
-  Open Source licenses. In case of any license issues related to OpenSSL
-  please contact openssl-core@openssl.org.
-
-  OpenSSL License
-  ---------------
-
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
- Original SSLeay License
- -----------------------
-
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
--- a/146
+++ b/146
@@ -0,0 +1,146 @@
+The Microsoft World.
+
+The good news, to build SSLeay for the Microsft World
+
+Windows 3.1 DLL's
+perl Configure VC-WIN16
+nmake -f ms\w31dll.mak
+
+Windows NT/95 DLL's
+perl Configure VC-WIN32
+nmake -f ms\ntdll.mak
+
+Now the bad news
+All builds were done using Microsofts Visual C++ 1.52c and [45].x.
+If you are a borland person, you are probably going to have to help me
+finish the stuff in util/pl/BC*pl
+
+All builds were made under Windows NT - this means long filenames, so
+you may have problems under Windows 3.1 but probably not under 95.
+
+Because file pointers don't work in DLL's under Windows 3.1 (well at
+least stdin/stdout don't and I don't like having to differentiate
+between these and other file pointers), I now use the BIO file-pointer
+module, which needs to be linked into your application.  You can either
+use the memory buffer BIO for IO, or compile bss_file.c into your
+application, it is in the apps directory and is just a copy of
+crypto/buffer/bss_file.c with #define APPS_WIN16 added.
+I have not yet automated the makefile to automatically copy it into 'out'
+for a win 3.1 build....
+
+All callbacks passed into SSLeay for Windows 3.1 need to be of type
+_far _loadds.
+
+I don't support building with the pascal calling convention.
+
+The DLL and static builds are large memory model.
+
+To build static libraries for NT/95 or win 3.1
+
+perl util/mk1mf.pl VC-WIN32 > mf-stat.nt
+perl util/mk1mf.pl VC-WIN16 > mf-stat.w31
+for DLL's
+perl util/mk1mf.pl dll VC-WIN32	> mf-dll.nt
+perl util/mk1mf.pl dll VC-WIN16 > mf-dll.w31
+
+Again you will notice that if you dont have perl, you cannot do this.
+
+Now the next importaint issue.  Running Configure!
+I have small assember code files for critical big number library operation
+in crypto/bn/asm.  There is, asm code, object files and uuencode
+object files.  They are
+x86nt32.asm	- 32bit flat memory model assember - suitable Win32
+x86w16.asm	- 16bit assember - used in the msdos build.
+x86w32.asm	- 32bit assember, win 3.1 segments, used for win16 build.
+
+If you feel compelled to build the 16bit maths routines in the windows 3.1
+build,
+perl Configure VC-W31-16
+perl util/mk1mf.pl dll VC-W31-16 > mf-dll.w31
+
+If you hate assember and don't want anything to do with it,
+perl util/mk1mf.pl no-asm VC-WIN16 > mf-dll.w31
+will work for any of the makefile generations.
+
+There are more options to mk1mf.pl but these all leave the temporary
+files in 'tmp' and the output files in 'out' by default.
+
+The NT build is done for console mode.
+
+The Windows 3.1 version of SSLeay uses quickwin, the interface is ugly
+but it is better than nothing.  If you want ugly, try doing anything
+that involves getting a password.  I decided to be ugly instead of
+echoing characters.  For Windows 3.1 I would just sugest using the
+msdos version of the ssleay application for command line work.
+The QuickWin build is primarily for testing.
+
+For both NT and Windows 3.1, I have not written the code so that
+s_client, s_server can take input from the keyboard.  You can happily
+start applications up in separate windows, watch them handshake, and then sit
+there for-ever.  I have not had the time to get this working, and I've
+been able to test things from a unix box to the NT box :-).
+Try running ssleay s_server on the windows box
+(with either -cert ../apps/server.pem -www)
+and run ssleay s_time from another window.
+This often stuffs up on Windows 3.1, but I'm not worried since this is
+probably a problem with my demo applications, not the libraries.
+
+After a build of one of the version of microsoft SSLeay,
+'cd ms' and then run 'test'.  This should check everything out and
+even does a trial run of generating certificates.
+'test.bat' requires that perl be install, you be in the ms directory
+(not the test directory, thats for unix so stay out :-) and that the
+build output directory be ../out 
+
+On a last note, you will probably get division by zero errors and
+stuff after a build.  This is due to your own inability to follow
+instructions :-).
+
+The reasons for the problem is probably one of the following.
+
+1)	You did not run Configure.  This is critical for windows 3.1 when
+	using assember.  The values in crypto/bn/bn.h must match the
+	ones requred for the assember code.  (remember that if you
+	edit crypto/bn/bn.h by hand, it will be clobered the next time
+	you run Configure by the contents of crypto/bn/bn.org).
+	SSLeay version -o will list the compile options.
+	For VC-WIN32 you need bn(64,32) or bn(32,32)
+	For VC-W31-32/VC-WIN16 you need bn(32,32)
+	For VC-W31-16 you need bn(32,16) or bn(16,16)
+	For VC-MSDOS you need bn(32,16) or bn(16,16).
+
+	The first number will be 2 times bigger than the second if
+	BN_LLONG is defined in bn.h and the size of the second number
+	depends on the 'bits' defined at the start of bn.h.  Have a
+	look, it's all reasonably clear.
+	If you want to start messing with 8 bit builds and things like
+	that, build without the assember by re-generating a makefile
+	via 'perl util/mk1mf.pl no-asm'.
+2)	You tried to build under MS-DOS or Windows 3.1 using the /G3
+	option.  Don't.  It is buggy (thats why you just got that
+	error) and unless you want to work out which optimising flag
+	to turn off, I'm not going to help you :-).  I also noticed
+	that code often ran slower when compiled with /G3.
+3)	Under NT/95, malloc goes stupid.  You are probably linking with
+	the wrong library, there are problems if you mix the threaded
+	and non-threaded libraries (due to the DLL being staticly
+	linked with one and the applicaion using another.
+
+Well hopefully thats most of the MS issues handled, see you in ssl-users :-).
+
+eric 30-Aug-1996
+
+SSLeay 0.6.5
+For Windows 95/NT, add CRYPTO_malloc_init() to your program before any
+calls to the SSLeay libraries.  This function will insert callbacks so that
+the SSLeay libraries will use the same malloc(), free() and realloc() as
+your application so 'problem 3)' mentioned above will go away.
+
+There is now DES assember for Windows NT/95.  The file is
+crypto/des/asm/win32.asm and replaces crypto/des/des_enc.c in the build.
+
+There is also Blowfish assember for Windows NT/95.  The file is
+crypto/bf/asm/win32.asm and replaces crypto/bf/bf_enc.c in the build.
+
+eric 25-Jun-1997
+
--- a/831
+++ b/831
@@ -0,0 +1,831 @@
+RELATIVE_DIRECTORY=.
+AR=ar r
+BASENAME=SSLeay
+BF_ENC=bf_enc.o
+BN_MULW=bn_mulw.o
+CC=cc
+CFLAG=-O -DNOPROTO
+DES_ENC=des_enc.o fcrypt_b.o
+DIRS=crypto ssl rsaref apps test tools
+EDIRS=times doc bugs util include certs ms shlib mt demos
+EX_HEADER=
+EX_LIBS=
+GENERAL=Makefile
+HEADER=e_os.h
+INSTALLTOP=/usr/local/ssl
+LIBS=libcrypto.a libssl.a
+MAKE=make -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+MAN1=1
+MAN3=3
+MISC=COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile README TODO HISTORY README.066 README.080 VERSION PROBLEMS MINFO makefile.one e_os.h MICROSOFT makevms.com
+NAME=SSLeay-0.8.1
+ONEDIRS=out tmp
+PEX_LIBS=-L. -L.. -L../.. -L../../..
+SDIRS=md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh buffer bio stack lhash rand err objects evp pem asn1 x509 conf txt_db pkcs7
+SHELL=/bin/sh
+TARFILE=SSLeay-0.8.1.tar
+TOP=.
+VERSION=0.8.1
+WDIRS=windows
+WTARFILE=SSLeay-0.8.1-win.tar
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto
+ALL=Makefile README cryptlib.c mem.c cversion.c cryptlib.h date.h crypto.h cryptall.h
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I. -I../include -g -DCFLAGS=" \"cc -g\" "
+DIR=crypto
+EXHEADER=crypto.h cryptall.h
+EX_LIBS=
+GENERAL=Makefile README
+HEADER=cryptlib.h date.h crypto.h cryptall.h
+INCLUDE=-I. -I../include
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../libcrypto.a
+LIBOBJ=cryptlib.o mem.o cversion.o
+LIBS=
+LIBSRC=cryptlib.c mem.c cversion.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+PEX_LIBS=
+RM=/bin/rm -f
+SDIRS=md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh buffer bio stack lhash rand err objects evp pem x509 asn1 conf txt_db pkcs7
+SRC=cryptlib.c mem.c cversion.c
+TOP=..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/md
+ALL=Makefile md2_dgst.c md5_dgst.c md2_one.c md5_one.c md5_locl.h md2.h md5.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=md
+EXHEADER=md2.h md5.h
+GENERAL=Makefile
+HEADER=md5_locl.h md2.h md5.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=md2_dgst.o md5_dgst.o md2_one.o md5_one.o
+LIBSRC=md2_dgst.c md5_dgst.c md2_one.c md5_one.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=md2_dgst.c md5_dgst.c md2_one.c md5_one.c
+TEST=md2test.c md5test.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/sha
+ALL=Makefile sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha_locl.h sha.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=sha
+EXHEADER=sha.h
+GENERAL=Makefile
+HEADER=sha_locl.h sha.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o
+LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
+TEST=shatest.c sha1test.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/mdc2
+ALL=Makefile mdc2dgst.c mdc2_one.c mdc2.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=mdc2
+EXHEADER=mdc2.h
+GENERAL=Makefile
+HEADER=mdc2.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=mdc2dgst.o mdc2_one.o
+LIBSRC=mdc2dgst.c mdc2_one.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=mdc2dgst.c mdc2_one.c
+TEST=mdc2test.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/des
+ALL=Makefile des.org des_locl.org cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+CPP=cc -E
+DES_ENC=des_enc.o fcrypt_b.o
+DIR=des
+EXHEADER=des.h
+GENERAL=Makefile des.org des_locl.org
+HEADER=des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=set_key.o ecb_enc.o ede_enc.o cbc_enc.o cbc3_enc.o ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o enc_read.o enc_writ.o ncbc_enc.o ofb64enc.o ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o des_enc.o fcrypt_b.o read2pwd.o fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o cbc_cksm.o supp.o
+LIBSRC=cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
+TEST=destest.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/rc4
+ALL=Makefile rc4_enc.c rc4.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=rc4
+EXHEADER=rc4.h
+GENERAL=Makefile
+HEADER=rc4.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=rc4_enc.o
+LIBSRC=rc4_enc.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=rc4_enc.c
+TEST=rc4test.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/rc2
+ALL=Makefile rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c rc2_locl.h rc2.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=rc2
+EXHEADER=rc2.h
+GENERAL=Makefile
+HEADER=rc2_locl.h rc2.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
+LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+TEST=rc2test.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/idea
+ALL=Makefile i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c idea_lcl.h idea.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=idea
+EXHEADER=idea.h
+GENERAL=Makefile
+HEADER=idea_lcl.h idea.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
+LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+TEST=ideatest.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/bf
+ALL=Makefile bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c bf_pi.h bf_locl.h blowfish.h
+APPS=
+AR=ar r
+BF_ENC=bf_enc.o
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+CPP=cc -E
+DIR=bf
+EXHEADER=blowfish.h
+GENERAL=Makefile
+HEADER=bf_pi.h bf_locl.h blowfish.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=bf_skey.o bf_ecb.o bf_enc.o bf_cbc.o bf_cfb64.o bf_ofb64.o
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c bf_cfb64.c bf_ofb64.c
+TEST=bftest.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/bn
+ALL=Makefile bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c bn_lcl.h bn_prime.h bn.h
+APPS=
+AR=ar r
+BN_MULW=bn_mulw.o
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=bn
+ERR=bn
+ERRC=bn_err
+EXHEADER=bn.h
+GENERAL=Makefile
+HEADER=bn_lcl.h bn_prime.h bn.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mod.o bn_mul.o bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o bn_mulw.o bn_recp.o bn_mont.o
+LIBSRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c
+TEST=bntest.c exptest.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/rsa
+ALL=Makefile rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=rsa
+ERR=rsa
+ERRC=rsa_err
+EXHEADER=rsa.h
+GENERAL=Makefile
+HEADER=rsa.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=rsa_enc.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o
+LIBSRC=rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/dsa
+ALL=Makefile dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c dsa.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=dsa
+ERR=dsa
+ERRC=dsa_err
+EXHEADER=dsa.h
+GENERAL=Makefile
+HEADER=dsa.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o dsa_err.o
+LIBSRC=dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c
+TEST=dsatest.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/dh
+ALL=Makefile dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=dh
+ERR=dh
+ERRC=dh_err
+EXHEADER=dh.h
+GENERAL=Makefile
+HEADER=dh.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
+LIBSRC=dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+TEST=dhtest.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/buffer
+ALL=Makefile buffer.c buf_err.c buffer.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=buffer
+ERR=buffer
+ERRC=buf_err
+EXHEADER=buffer.h
+GENERAL=Makefile
+HEADER=buffer.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=buffer.o buf_err.o
+LIBSRC=buffer.c buf_err.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=buffer.c buf_err.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/bio
+ALL=Makefile bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bio.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=bio
+ERR=bio
+ERRC=bio_err
+EXHEADER=bio.h
+GENERAL=Makefile
+HEADER=bio.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=bio_lib.o bio_cb.o bio_err.o bss_mem.o bss_null.o bss_fd.o bss_file.o bss_sock.o bss_conn.o bf_null.o bf_buff.o b_print.o b_dump.o b_sock.o bss_acpt.o bf_nbio.o
+LIBSRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/stack
+ALL=Makefile stack.c stack.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=stack
+EXHEADER=stack.h
+GENERAL=Makefile
+HEADER=stack.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=stack.o
+LIBSRC=stack.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=stack.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/lhash
+ALL=Makefile lhash.c lh_stats.c lhash.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=lhash
+EXHEADER=lhash.h
+GENERAL=Makefile
+HEADER=lhash.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=lhash.o lh_stats.o
+LIBSRC=lhash.c lh_stats.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=lhash.c lh_stats.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/rand
+ALL=Makefile md_rand.c randfile.c rand.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=rand
+EXHEADER=rand.h
+GENERAL=Makefile
+HEADER=rand.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=md_rand.o randfile.o
+LIBSRC=md_rand.c randfile.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=md_rand.c randfile.c
+TEST=randtest.c
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/err
+ALL=Makefile err.c err_all.c err_prn.c err.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=error
+EXHEADER=err.h
+GENERAL=Makefile
+HEADER=err.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=err.o err_all.o err_prn.o
+LIBSRC=err.c err_all.c err_prn.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=err.c err_all.c err_prn.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/objects
+ALL=Makefile README obj_dat.c obj_lib.c obj_err.c objects.h obj_dat.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=objects
+ERR=objects
+ERRC=obj_err
+EXHEADER=objects.h
+GENERAL=Makefile README
+HEADER=objects.h obj_dat.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=obj_dat.o obj_lib.o obj_err.o
+LIBSRC=obj_dat.c obj_lib.c obj_err.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=obj_dat.c obj_lib.c obj_err.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/evp
+ALL=Makefile encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=evp
+ERR=evp
+ERRC=evp_err
+EXHEADER=evp.h
+GENERAL=Makefile
+HEADER=evp.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=encode.o digest.o evp_enc.o evp_key.o e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o p_open.o p_seal.o p_sign.o p_verify.o p_lib.o bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o c_all.o
+LIBSRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/pem
+ALL=Makefile pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c pem.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+CTX_SIZE=ctx_size
+DIR=pem
+ERR=pem
+ERRC=pem_err
+EXHEADER=pem.h
+GENERAL=Makefile
+HEADER=pem.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o
+LIBSRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/asn1
+ALL=Makefile README a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c asn1.h asn1_mac.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=asn1
+ERR=asn1
+ERRC=asn1_err
+EXHEADER=asn1.h asn1_mac.h
+GENERAL=Makefile README
+HEADER=asn1.h asn1_mac.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_sign.o a_digest.o a_verify.o x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o t_req.o t_x509.o t_pkey.o p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o
+LIBSRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/x509
+ALL=Makefile README x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c x509.h x509_vfy.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=x509
+ERR=x509
+ERRC=x509_err
+EXHEADER=x509.h x509_vfy.h
+GENERAL=Makefile README
+HEADER=x509.h x509_vfy.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=x509_def.o x509_d2.o x509_r2x.o x509_cmp.o x509_obj.o x509_req.o x509_vfy.o x509_set.o x509rset.o x509_err.o x509name.o x509_v3.o x509_ext.o x509pack.o x509type.o x509_lu.o x_all.o x509_txt.o by_file.o by_dir.o v3_net.o v3_x509.o
+LIBSRC=x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/conf
+ALL=Makefile conf.c conf_err.c conf_lcl.h conf.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=conf
+ERR=conf
+ERRC=conf_err
+EXHEADER=conf.h
+GENERAL=Makefile
+HEADER=conf_lcl.h conf.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=conf.o conf_err.o
+LIBSRC=conf.c conf_err.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=conf.c conf_err.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/txt_db
+ALL=Makefile txt_db.c txt_db.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS= -g
+DIR=txt_db
+EXHEADER=txt_db.h
+GENERAL=Makefile
+HEADER=txt_db.h
+INCLUDES=
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=txt_db.o
+LIBSRC=txt_db.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=txt_db.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=crypto/pkcs7
+ALL=Makefile README pk7_lib.c pkcs7err.c pk7_doit.c pkcs7.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=pkcs7
+ERR=pkcs7
+ERRC=pkcs7err
+EXHEADER=pkcs7.h
+GENERAL=Makefile README
+HEADER=pkcs7.h
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+LIB=../../libcrypto.a
+LIBOBJ=pk7_lib.o pkcs7err.o pk7_doit.o
+LIBSRC=pk7_lib.c pkcs7err.c pk7_doit.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=pk7_lib.c pkcs7err.c pk7_doit.c
+TEST=
+TOP=../..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=ssl
+ALL=Makefile README s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c ssl.h ssl2.h ssl3.h ssl23.h ssl_locl.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I../crypto -I../include -g
+DIR=ssl
+ERR=ssl
+ERRC=ssl_err
+EXHEADER=ssl.h ssl2.h ssl3.h ssl23.h
+GENERAL=Makefile README
+HEADER=ssl.h ssl2.h ssl3.h ssl23.h ssl_locl.h
+INCLUDES=-I../crypto -I../include
+INSTALLTOP=/usr/local/ssl
+LIB=../libssl.a
+LIBOBJ=s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_pkt.o s2_enc.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_pkt.o s3_enc.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o
+LIBSRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_pkt.c s2_enc.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_pkt.c s3_enc.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
+TEST=ssltest.c
+TOP=..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=rsaref
+ALL=Makefile rsaref.c rsar_err.c  rsaref.h
+APPS=
+AR=ar r
+CC=cc
+CFLAG=-g
+CFLAGS=-I../crypto -I../include -g
+DIR=rsaref
+ERR=rsaref
+ERRC=rsar_err
+EXHEADER=
+GENERAL=Makefile
+HEADER= rsaref.h
+INCLUDES=-I../crypto -I../include
+INSTALLTOP=/usr/local/ssl
+LIB=../libRSAglue.a
+LIBOBJ=rsaref.o rsar_err.o
+LIBSRC=rsaref.c rsar_err.c
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+SRC=rsaref.c rsar_err.c
+TEST=
+TOP=..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=apps
+ALL=Makefile verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c apps.h progs.h s_apps.h testdsa.h testrsa.h 
+A_OBJ=apps.o
+A_SRC=apps.c
+CC=cc
+CFLAG=-g -static
+CFLAGS=-DMONOLITH -I../include -g -static
+DIR=apps
+DLIBCRYPTO=../libcrypto.a
+DLIBSSL=../libssl.a
+EXE=ssleay
+EXHEADER=
+EX_LIBS=
+E_EXE=verify asn1pars req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers
+E_OBJ=verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o gendsa.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o ciphers.o
+E_SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
+GENERAL=Makefile
+HEADER=apps.h progs.h s_apps.h testdsa.h testrsa.h 
+INCLUDES=-I../include
+INSTALLTOP=/usr/local/ssl
+LIBCRYPTO=-L.. -lcrypto
+LIBSSL=-L.. -lssl
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+PEX_LIBS=
+PROGS=ssleay.c
+RM=/bin/rm -f
+SCRIPTS=CA.sh der_chop
+SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c gendsa.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
+SSLEAY=ssleay
+S_OBJ=s_cb.o s_socket.o
+S_SRC=s_cb.c s_socket.c
+TOP=..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=test
+ALL=Makefile.ssl bntest.c ideatest.c md2test.c md5test.c rc4test.c destest.c shatest.c sha1test.c mdc2test.c randtest.c dhtest.c rc2test.c bftest.c ssltest.c dsatest.c exptest.c 
+BFTEST=bftest
+BNTEST=bntest
+CC=cc
+CFLAG=-g
+CFLAGS=-I../include -g
+DESTEST=destest
+DHTEST=dhtest
+DIR=test
+DLIBCRYPTO=../libcrypto.a
+DLIBSSL=../libssl.a
+DSATEST=dsatest
+EXE=bntest ideatest md2test md5test rc4test destest shatest sha1test mdc2test randtest dhtest rc2test bftest ssltest exptest dsatest
+EXHEADER=
+EXPTEST=exptest
+EX_LIBS=-lnsl -lsocket
+GENERAL=Makefile.ssl
+HEADER=
+IDEATEST=ideatest
+INCLUDES=-I../include
+INSTALLTOP=/usr/local/ssl
+LIBCRYPTO=-L.. -lcrypto
+LIBSSL=-L.. -lssl
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -fMakefile.ssl
+MAKEFILE=Makefile.ssl
+MD2TEST=md2test
+MD5TEST=md5test
+MDC2TEST=mdc2test
+METHTEST=methtest
+OBJ=bntest.o ideatest.o md2test.o md5test.o rc4test.o destest.o shatest.o sha1test.o mdc2test.o randtest.o dhtest.o rc2test.o bftest.o ssltest.o dsatest.o exptest.o
+PEX_LIBS=
+RANDTEST=randtest
+RC2TEST=rc2test
+RC4TEST=rc4test
+SHA1TEST=sha1test
+SHATEST=shatest
+SRC=bntest.c ideatest.c md2test.c md5test.c rc4test.c destest.c shatest.c sha1test.c mdc2test.c randtest.c dhtest.c rc2test.c bftest.c ssltest.c dsatest.c exptest.c
+SSLTEST=ssltest
+TOP=..
+RELATIVE_DIRECTORY=
+RELATIVE_DIRECTORY=tools
+APPS=c_hash c_info c_issuer c_name c_rehash
+CC=cc
+CFLAG=-g
+CFLAGS=-I.. -I../../include -g
+DIR=tools
+GENERAL=Makefile.ssl
+INCLUDES=-I.. -I../../include
+INSTALLTOP=/usr/local/ssl
+MAKE=make -f Makefile.ssl
+MAKEDEPEND=makedepend -f Makefile.ssl
+MAKEFILE=Makefile.ssl
+TEST=
+TOP=..
+RELATIVE_DIRECTORY=
--- a/MacOS/GUSI_Init.cpp
+++ b/MacOS/GUSI_Init.cpp
@@ -1,62 +0,0 @@
-/**************** BEGIN GUSI CONFIGURATION ****************************
- *
- * GUSI Configuration section generated by GUSI Configurator
- * last modified: Wed Jan  5 20:33:51 2000
- *
- * This section will be overwritten by the next run of Configurator.
- */
-
-#define GUSI_SOURCE
-#include <GUSIConfig.h>
-#include <sys/cdefs.h>
-
-/* Declarations of Socket Factories */
-
-__BEGIN_DECLS
-void GUSIwithInetSockets();
-void GUSIwithLocalSockets();
-void GUSIwithMTInetSockets();
-void GUSIwithMTTcpSockets();
-void GUSIwithMTUdpSockets();
-void GUSIwithOTInetSockets();
-void GUSIwithOTTcpSockets();
-void GUSIwithOTUdpSockets();
-void GUSIwithPPCSockets();
-void GUSISetupFactories();
-__END_DECLS
-
-/* Configure Socket Factories */
-
-void GUSISetupFactories()
-{
-#ifdef GUSISetupFactories_BeginHook
-	GUSISetupFactories_BeginHook
-#endif
-	GUSIwithInetSockets();
-#ifdef GUSISetupFactories_EndHook
-	GUSISetupFactories_EndHook
-#endif
-}
-
-/* Declarations of File Devices */
-
-__BEGIN_DECLS
-void GUSIwithDConSockets();
-void GUSIwithNullSockets();
-void GUSISetupDevices();
-__END_DECLS
-
-/* Configure File Devices */
-
-void GUSISetupDevices()
-{
-#ifdef GUSISetupDevices_BeginHook
-	GUSISetupDevices_BeginHook
-#endif
-	GUSIwithNullSockets();
-#ifdef GUSISetupDevices_EndHook
-	GUSISetupDevices_EndHook
-#endif
-}
-
-/**************** END GUSI CONFIGURATION *************************/
--- a/MacOS/GetHTTPS.src/CPStringUtils.cpp
+++ b/MacOS/GetHTTPS.src/CPStringUtils.cpp
--- a/MacOS/GetHTTPS.src/CPStringUtils.hpp
+++ b/MacOS/GetHTTPS.src/CPStringUtils.hpp
@@ -1,104 +0,0 @@
-#pragma once
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
-void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
-void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength);
-void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
-void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
-void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
-void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
-void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength);
-
-void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength);
-void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength);
-
-int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase = true);
-int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
-int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase = true);
-
-Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
-Boolean PStrsAreEqual(const unsigned char *theFirstCStr,const unsigned char *theSecondCStr,const Boolean ignoreCase = true);
-
-void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
-void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength);
-void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
-void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
-
-void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
-void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
-
-long CStrLength(const char *theCString);
-long PStrLength(const unsigned char *thePString);
-
-OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle);
-OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle);
-
-OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle);
-OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle);
-OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle);
-
-OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
-OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
-OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength = nil);
-OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength = nil);
-
-void ZeroMem(void *theMemPtr,const unsigned long numBytes);
-
-char *FindCharInCStr(const char theChar,const char *theCString);
-long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase = false);
-long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase = false);
-
-void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength);
-void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength);
-
-void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
-void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
-OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset);
-
-void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength);
-
-void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength);
-
-void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
-void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength);
-void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength);
-
-void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
-OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle);
-
-
-OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength);
-OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle);
-
-OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength);
-OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle);
-
-OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces = true);
-OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces = true);
-
-
-void ConvertCStrToUpperCase(char *theSrcCStr);
-
-
-int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr);
-int CountWordsInCStr(const char *inSrcCStr);
-
-OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits);
-
-void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
-OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
-
-
-OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat);
-OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits = -1,const int inMaxNumFractDigits = -1);
-
-void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL = false);
-
-
-#ifdef __cplusplus
-}
-#endif
--- a/MacOS/GetHTTPS.src/ErrorHandling.cpp
+++ b/MacOS/GetHTTPS.src/ErrorHandling.cpp
@@ -1,170 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
- 
- 
- 
- #include "ErrorHandling.hpp"
-#include "CPStringUtils.hpp"
-
-#ifdef __EXCEPTIONS_ENABLED__
-	#include "CMyException.hpp"
-#endif
-
-
-static char					gErrorMessageBuffer[512];
-
-char 						*gErrorMessage = gErrorMessageBuffer;
-int							gErrorMessageMaxLength = sizeof(gErrorMessageBuffer);
-
-
-
-void SetErrorMessage(const char *theErrorMessage)
-{
-	if (theErrorMessage != nil)
-	{
-		CopyCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
-	}
-}
-
-
-void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt)
-{
-	if (theErrorMessage != nil)
-	{
-		CopyCStrAndConcatLongIntToCStr(theErrorMessage,theLongInt,gErrorMessage,gErrorMessageMaxLength);
-	}
-}
-
-void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt)
-{
-	if (theErrorMessage != nil)
-	{
-		CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,theLongInt,gErrorMessage,gErrorMessageMaxLength);
-	}
-
-}
-
-void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr)
-{
-	if (theErrorMessage != nil)
-	{
-		CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,-1,gErrorMessage,gErrorMessageMaxLength);
-	}
-}
-
-
-void AppendCStrToErrorMessage(const char *theErrorMessage)
-{
-	if (theErrorMessage != nil)
-	{
-		ConcatCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
-	}
-}
-
-
-void AppendLongIntToErrorMessage(const long theLongInt)
-{
-	ConcatLongIntToCStr(theLongInt,gErrorMessage,gErrorMessageMaxLength);
-}
-
-
-
-char *GetErrorMessage(void)
-{
-	return gErrorMessage;
-}
-
-
-OSErr GetErrorMessageInNewHandle(Handle *inoutHandle)
-{
-OSErr		errCode;
-
-
-	errCode = CopyCStrToNewHandle(gErrorMessage,inoutHandle);
-	
-	return(errCode);
-}
-
-
-OSErr GetErrorMessageInExistingHandle(Handle inoutHandle)
-{
-OSErr		errCode;
-
-
-	errCode = CopyCStrToExistingHandle(gErrorMessage,inoutHandle);
-	
-	return(errCode);
-}
-
-
-
-OSErr AppendErrorMessageToHandle(Handle inoutHandle)
-{
-OSErr		errCode;
-
-
-	errCode = AppendCStrToHandle(gErrorMessage,inoutHandle,nil);
-	
-	return(errCode);
-}
-
-
-#ifdef __EXCEPTIONS_ENABLED__
-
-void ThrowErrorMessageException(void)
-{
-	ThrowDescriptiveException(gErrorMessage);
-}
-
-#endif
--- a/MacOS/GetHTTPS.src/ErrorHandling.hpp
+++ b/MacOS/GetHTTPS.src/ErrorHandling.hpp
@@ -1,147 +0,0 @@
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef kGenericError
-	#define kGenericError		-1
-#endif
-
-extern char	*gErrorMessage;
-
-
-void SetErrorMessage(const char *theErrorMessage);
-void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt);
-void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt);
-void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr);
-void AppendCStrToErrorMessage(const char *theErrorMessage);
-void AppendLongIntToErrorMessage(const long theLongInt);
-
-
-char *GetErrorMessage(void);
-OSErr GetErrorMessageInNewHandle(Handle *inoutHandle);
-OSErr GetErrorMessageInExistingHandle(Handle inoutHandle);
-OSErr AppendErrorMessageToHandle(Handle inoutHandle);
-
-
-#ifdef __EXCEPTIONS_ENABLED__
-	void ThrowErrorMessageException(void);
-#endif
-
-
-
-//	A bunch of evil macros that would be uneccessary if I were always using C++ !
-
-#define SetErrorMessageAndBailIfNil(theArg,theMessage)								\
-{																					\
-	if (theArg == nil)																\
-	{																				\
-		SetErrorMessage(theMessage);												\
-		errCode = kGenericError;													\
-		goto EXITPOINT;																\
-	}																				\
-}
-
-
-#define SetErrorMessageAndBail(theMessage)											\
-{																					\
-		SetErrorMessage(theMessage);												\
-		errCode = kGenericError;													\
-		goto EXITPOINT;																\
-}
-
-
-#define SetErrorMessageAndLongIntAndBail(theMessage,theLongInt)						\
-{																					\
-		SetErrorMessageAndAppendLongInt(theMessage,theLongInt);						\
-		errCode = kGenericError;													\
-		goto EXITPOINT;																\
-}
-
-
-#define SetErrorMessageAndLongIntAndBailIfError(theErrCode,theMessage,theLongInt)	\
-{																					\
-	if (theErrCode != noErr)														\
-	{																				\
-		SetErrorMessageAndAppendLongInt(theMessage,theLongInt);						\
-		errCode = theErrCode;														\
-		goto EXITPOINT;																\
-	}																				\
-}
-
-
-#define SetErrorMessageCStrLongIntAndBailIfError(theErrCode,theMessage,theCStr,theLongInt)	\
-{																					\
-	if (theErrCode != noErr)														\
-	{																				\
-		SetErrorMessageAndCStrAndLongInt(theMessage,theCStr,theLongInt);			\
-		errCode = theErrCode;														\
-		goto EXITPOINT;																\
-	}																				\
-}
-
-
-#define SetErrorMessageAndCStrAndBail(theMessage,theCStr)							\
-{																					\
-	SetErrorMessageAndCStr(theMessage,theCStr);										\
-	errCode = kGenericError;														\
-	goto EXITPOINT;																	\
-}
-
-
-#define SetErrorMessageAndBailIfError(theErrCode,theMessage)						\
-{																					\
-	if (theErrCode != noErr)														\
-	{																				\
-		SetErrorMessage(theMessage);												\
-		errCode = theErrCode;														\
-		goto EXITPOINT;																\
-	}																				\
-}
-
-
-#define SetErrorMessageAndLongIntAndBailIfNil(theArg,theMessage,theLongInt)			\
-{																					\
-	if (theArg == nil)																\
-	{																				\
-		SetErrorMessageAndAppendLongInt(theMessage,theLongInt);						\
-		errCode = kGenericError;													\
-		goto EXITPOINT;																\
-	}																				\
-}
-
-
-#define BailIfError(theErrCode)														\
-{																					\
-	if ((theErrCode) != noErr)														\
-	{																				\
-		goto EXITPOINT;																\
-	}																				\
-}
-
-
-#define SetErrCodeAndBail(theErrCode)												\
-{																					\
-	errCode = theErrCode;															\
-																					\
-	goto EXITPOINT;																	\
-}
-
-
-#define SetErrorCodeAndMessageAndBail(theErrCode,theMessage)						\
-{																					\
-	SetErrorMessage(theMessage);													\
-	errCode = theErrCode;															\
-	goto EXITPOINT;																	\
-}
-
-
-#define BailNow()																	\
-{																					\
-	errCode = kGenericError;														\
-	goto EXITPOINT;																	\
-}
-
-
-#ifdef __cplusplus
-}
-#endif
--- a/MacOS/GetHTTPS.src/GetHTTPS.cpp
+++ b/MacOS/GetHTTPS.src/GetHTTPS.cpp
@@ -1,209 +0,0 @@
-/*
- *	An demo illustrating how to retrieve a URI from a secure HTTP server.
- *
- *	Author: 	Roy Wood
- *	Date:		September 7, 1999
- *	Comments:	This relies heavily on my MacSockets library.
- *				This project is also set up so that it expects the OpenSSL source folder (0.9.4 as I write this)
- *				to live in a folder called "OpenSSL-0.9.4" in this project's parent folder.  For example:
- *
- *					Macintosh HD:
- *						Development:
- *							OpenSSL-0.9.4:
- *								(OpenSSL sources here)
- *							OpenSSL Example:
- *								(OpenSSL example junk here)
- *
- *
- *				Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl" 
- *				are installed!  Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
- */
-/* modified to seed the PRNG */
-/* modified to use CRandomizer for seeding */
-
-
-//	Include some funky libs I've developed over time
-
-#include "CPStringUtils.hpp"
-#include "ErrorHandling.hpp"
-#include "MacSocket.h"
-#include "Randomizer.h"
-
-//	We use the OpenSSL implementation of SSL....
-//	This was a lot of work to finally get going, though you wouldn't know it by the results!
-
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-#include <timer.h>
-
-//	Let's try grabbing some data from here:
-
-#define kHTTPS_DNS		"www.apache-ssl.org"
-#define kHTTPS_Port		443
-#define kHTTPS_URI		"/"
-
-
-//	Forward-declare this
-
-OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr);
-
-//	My idle-wait callback.  Doesn't do much, does it?  Silly cooperative multitasking.
-
-OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
-{
-#pragma unused(inUserRefPtr)
-
-EventRecord		theEvent;
-	::EventAvail(everyEvent,&theEvent);
-	
-	CRandomizer *randomizer = (CRandomizer*)inUserRefPtr;
-	if (randomizer)
-		randomizer->PeriodicAction();
-
-	return(noErr);
-}
-
-
-//	Finally!
-
-void main(void)
-{
-	OSErr				errCode;
-	int					theSocket = -1;
-	int					theTimeout = 30;
-
-	SSL_CTX				*ssl_ctx = nil;
-	SSL					*ssl = nil;
-
-	char				tempString[256];
-	UnsignedWide		microTickCount;
-
-
-	CRandomizer randomizer;
-	
-	printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
-	
-	BailIfError(errCode = MacSocket_Startup());
-
-
-
-	//	Create a socket-like object
-	
-	BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,&randomizer));
-
-	
-	//	Set up the connect string and try to connect
-	
-	CopyCStrAndInsertCStrLongIntIntoCStr("%s:%ld",kHTTPS_DNS,kHTTPS_Port,tempString,sizeof(tempString));
-	
-	printf("Connecting to %s....\n",tempString);
-
-	BailIfError(errCode = MacSocket_connect(theSocket,tempString));
-	
-	
-	//	Init SSL stuff
-	
-	SSL_load_error_strings();
-	
-	SSLeay_add_ssl_algorithms();
-	
-	
-	//	Pick the SSL method
-	
-//	ssl_ctx = SSL_CTX_new(SSLv2_client_method());
-	ssl_ctx = SSL_CTX_new(SSLv23_client_method());
-//	ssl_ctx = SSL_CTX_new(SSLv3_client_method());
-			
-
-	//	Create an SSL thingey and try to negotiate the connection
-	
-	ssl = SSL_new(ssl_ctx);
-	
-	SSL_set_fd(ssl,theSocket);
-	
-	errCode = SSL_connect(ssl);
-	
-	if (errCode < 0)
-	{
-		SetErrorMessageAndLongIntAndBail("OpenSSL: Can't initiate SSL connection, SSL_connect() = ",errCode);
-	}
-	
-	//	Request the URI from the host
-	
-	CopyCStrToCStr("GET ",tempString,sizeof(tempString));
-	ConcatCStrToCStr(kHTTPS_URI,tempString,sizeof(tempString));
-	ConcatCStrToCStr(" HTTP/1.0\r\n\r\n",tempString,sizeof(tempString));
-
-	
-	errCode = SSL_write(ssl,tempString,CStrLength(tempString));
-	
-	if (errCode < 0)
-	{
-		SetErrorMessageAndLongIntAndBail("OpenSSL: Error writing data via ssl, SSL_write() = ",errCode);
-	}
-	
-
-	for (;;)
-	{
-	char	tempString[256];
-	int		bytesRead;
-		
-
-		//	Read some bytes and dump them to the console
-		
-		bytesRead = SSL_read(ssl,tempString,sizeof(tempString) - 1);
-		
-		if (bytesRead == 0 && MacSocket_RemoteEndIsClosing(theSocket))
-		{
-			break;
-		}
-		
-		else if (bytesRead < 0)
-		{
-			SetErrorMessageAndLongIntAndBail("OpenSSL: Error reading data via ssl, SSL_read() = ",bytesRead);
-		}
-		
-		
-		tempString[bytesRead] = '\0';
-		
-		printf(tempString);
-	}
-	
-	printf("\n\n\n");
-	
-	//	All done!
-	
-	errCode = noErr;
-	
-	
-EXITPOINT:
-
-	//	Clean up and go home
-	
-	if (theSocket >= 0)
-	{
-		MacSocket_close(theSocket);
-	}
-	
-	if (ssl != nil)
-	{
-		SSL_free(ssl);
-	}
-	
-	if (ssl_ctx != nil)
-	{
-		SSL_CTX_free(ssl_ctx);
-	}
-	
-	
-	if (errCode != noErr)
-	{
-		printf("An error occurred:\n");
-		
-		printf(GetErrorMessage());
-	}
-	
-	
-	MacSocket_Shutdown();
-}
--- a/MacOS/GetHTTPS.src/MacSocket.cpp
+++ b/MacOS/GetHTTPS.src/MacSocket.cpp
--- a/MacOS/GetHTTPS.src/MacSocket.h
+++ b/MacOS/GetHTTPS.src/MacSocket.h
@@ -1,103 +0,0 @@
-#pragma once
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-
-enum
-{
-	kMacSocket_TimeoutErr = -2
-};
-
-
-//	Since MacSocket does busy waiting, I do a callback while waiting
-
-typedef OSErr (*MacSocket_IdleWaitCallback)(void *);
-
-
-//	Call this before anything else!
-
-OSErr MacSocket_Startup(void);
-
-
-//	Call this to cleanup before quitting
-
-OSErr MacSocket_Shutdown(void);
-
-
-//	Call this to allocate a "socket" (reference number is returned in outSocketNum)
-//	Note that inDoThreadSwitching is pretty much irrelevant right now, since I ignore it
-//	The inTimeoutTicks parameter is applied during reads/writes of data
-//	The inIdleWaitCallback parameter specifies a callback which is called during busy-waiting periods
-//	The inUserRefPtr parameter is passed back to the idle-wait callback
-
-OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr);
-
-
-//	Call this to connect to an IP/DNS address
-//	Note that inTargetAddressAndPort is in "IP:port" format-- e.g. 10.1.1.1:123
-
-OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort);
-
-
-//	Call this to listen on a port
-//	Since this a low-performance implementation, I allow a maximum of 1 (one!) incoming request when I listen
-
-OSErr MacSocket_listen(const int inSocketNum,const int inPortNum);
-
-
-//	Call this to close a socket
-
-OSErr MacSocket_close(const int inSocketNum);
-
-
-//	Call this to receive data on a socket
-//	Most parameters' purpose are obvious-- except maybe "inBlock" which controls whether I wait for data or return immediately
-
-int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock);
-
-
-//	Call this to send data on a socket
-
-int MacSocket_send(const int inSocketNum,void *inBuff,int inBuffLength);
-
-
-//	If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close
-//	This function will let you check whether that's true or not
-
-Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum);
-
-
-//	Call this to see if the listen has completed after a call to MacSocket_listen()
-
-Boolean MacSocket_ListenCompleted(const int inSocketNum);
-
-
-//	These really aren't very useful anymore
-
-Boolean MacSocket_LocalEndIsOpen(const int inSocketNum);
-Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum);
-
-
-//	You may wish to change the userRefPtr for a socket callback-- use this to do it
-
-void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr);
-
-
-//	Call these to get the socket's IP:port descriptor
-
-void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
-void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
-
-
-//	Call this to get error info from a socket
-
-void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength);
-
-
-#ifdef __cplusplus
-}
-#endif
--- a/MacOS/OpenSSL.mcp.hqx
+++ b/MacOS/OpenSSL.mcp.hqx
--- a/MacOS/Randomizer.cpp
+++ b/MacOS/Randomizer.cpp
@@ -1,476 +0,0 @@
-/* 
------- Strong random data generation on a Macintosh (pre - OS X) ------
-		
--	GENERAL: We aim to generate unpredictable bits without explicit
-	user interaction. A general review of the problem may be found
-	in RFC 1750, "Randomness Recommendations for Security", and some
-	more discussion, of general and Mac-specific issues has appeared
-	in "Using and Creating Cryptographic- Quality Random Numbers" by
-	Jon Callas (www.merrymeet.com/jon/usingrandom.html).
-
-	The data and entropy estimates provided below are based on my
-	limited experimentation and estimates, rather than by any
-	rigorous study, and the entropy estimates tend to be optimistic.
-	They should not be considered absolute.
-
-	Some of the information being collected may be correlated in
-	subtle ways. That includes mouse positions, timings, and disk
-	size measurements. Some obvious correlations will be eliminated
-	by the programmer, but other, weaker ones may remain. The
-	reliability of the code depends on such correlations being
-	poorly understood, both by us and by potential interceptors.
-
-	This package has been planned to be used with OpenSSL, v. 0.9.5.
-	It requires the OpenSSL function RAND_add. 
-
--	OTHER WORK: Some source code and other details have been
-	published elsewhere, but I haven't found any to be satisfactory
-	for the Mac per se:
-
-	* The Linux random number generator (by Theodore Ts'o, in
-	  drivers/char/random.c), is a carefully designed open-source
-	  crypto random number package. It collects data from a variety
-	  of sources, including mouse, keyboard and other interrupts.
-	  One nice feature is that it explicitly estimates the entropy
-	  of the data it collects. Some of its features (e.g. interrupt
-	  timing) cannot be reliably exported to the Mac without using
-	  undocumented APIs.
-
-	* Truerand by Don P. Mitchell and Matt Blaze uses variations
-	  between different timing mechanisms on the same system. This
-	  has not been tested on the Mac, but requires preemptive
-	  multitasking, and is hardware-dependent, and can't be relied
-	  on to work well if only one oscillator is present.
-
-	* Cryptlib's RNG for the Mac (RNDMAC.C by Peter Gutmann),
-	  gathers a lot of information about the machine and system
-	  environment. Unfortunately, much of it is constant from one
-	  startup to the next. In other words, the random seed could be
-	  the same from one day to the next. Some of the APIs are
-	  hardware-dependent, and not all are compatible with Carbon (OS
-	  X). Incidentally, the EGD library is based on the UNIX entropy
-	  gathering methods in cryptlib, and isn't suitable for MacOS
-	  either.
-
-	* Mozilla (and perhaps earlier versions of Netscape) uses the
-	  time of day (in seconds) and an uninitialized local variable
-	  to seed the random number generator. The time of day is known
-	  to an outside interceptor (to within the accuracy of the
-	  system clock). The uninitialized variable could easily be
-	  identical between subsequent launches of an application, if it
-	  is reached through the same path.
-
-	* OpenSSL provides the function RAND_screen(), by G. van
-	  Oosten, which hashes the contents of the screen to generate a
-	  seed. This is not useful for an extension or for an
-	  application which launches at startup time, since the screen
-	  is likely to look identical from one launch to the next. This
-	  method is also rather slow.
-
-	* Using variations in disk drive seek times has been proposed
-	  (Davis, Ihaka and Fenstermacher, world.std.com/~dtd/;
-	  Jakobsson, Shriver, Hillyer and Juels,
-	  www.bell-labs.com/user/shriver/random.html). These variations
-	  appear to be due to air turbulence inside the disk drive
-	  mechanism, and are very strongly unpredictable. Unfortunately
-	  this technique is slow, and some implementations of it may be
-	  patented (see Shriver's page above.) It of course cannot be
-	  used with a RAM disk.
-
--	TIMING: On the 601 PowerPC the time base register is guaranteed
-	to change at least once every 10 addi instructions, i.e. 10
-	cycles. On a 60 MHz machine (slowest PowerPC) this translates to
-	a resolution of 1/6 usec. Newer machines seem to be using a 10
-	cycle resolution as well.
-	
-	For 68K Macs, the Microseconds() call may be used. See Develop
-	issue 29 on the Apple developer site
-	(developer.apple.com/dev/techsupport/develop/issue29/minow.html)
-	for information on its accuracy and resolution. The code below
-	has been tested only on PowerPC based machines.
-
-	The time from machine startup to the launch of an application in
-	the startup folder has a variance of about 1.6 msec on a new G4
-	machine with a defragmented and optimized disk, most extensions
-	off and no icons on the desktop. This can be reasonably taken as
-	a lower bound on the variance. Most of this variation is likely
-	due to disk seek time variability. The distribution of startup
-	times is probably not entirely even or uncorrelated. This needs
-	to be investigated, but I am guessing that it not a majpor
-	problem. Entropy = log2 (1600/0.166) ~= 13 bits on a 60 MHz
-	machine, ~16 bits for a 450 MHz machine.
-
-	User-launched application startup times will have a variance of
-	a second or more relative to machine startup time. Entropy >~22
-	bits.
-
-	Machine startup time is available with a 1-second resolution. It
-	is predictable to no better a minute or two, in the case of
-	people who show up punctually to work at the same time and
-	immediately start their computer. Using the scheduled startup
-	feature (when available) will cause the machine to start up at
-	the same time every day, making the value predictable. Entropy
-	>~7 bits, or 0 bits with scheduled startup.
-
-	The time of day is of course known to an outsider and thus has 0
-	entropy if the system clock is regularly calibrated.
-
--	KEY TIMING: A  very fast typist (120 wpm) will have a typical
-	inter-key timing interval of 100 msec. We can assume a variance
-	of no less than 2 msec -- maybe. Do good typists have a constant
-	rhythm, like drummers? Since what we measure is not the
-	key-generated interrupt but the time at which the key event was
-	taken off the event queue, our resolution is roughly the time
-	between process switches, at best 1 tick (17 msec). I  therefore
-	consider this technique questionable and not very useful for
-	obtaining high entropy data on the Mac.
-
--	MOUSE POSITION AND TIMING: The high bits of the mouse position
-	are far from arbitrary, since the mouse tends to stay in a few
-	limited areas of the screen. I am guessing that the position of
-	the mouse is arbitrary within a 6 pixel square. Since the mouse
-	stays still for long periods of time, it should be sampled only
-	after it was moved, to avoid correlated data. This gives an
-	entropy of log2(6*6) ~= 5 bits per measurement.
-
-	The time during which the mouse stays still can vary from zero
-	to, say, 5 seconds (occasionally longer). If the still time is
-	measured by sampling the mouse during null events, and null
-	events are received once per tick, its resolution is 1/60th of a
-	second, giving an entropy of log2 (60*5) ~= 8 bits per
-	measurement. Since the distribution of still times is uneven,
-	this estimate is on the high side.
-
-	For simplicity and compatibility across system versions, the
-	mouse is to be sampled explicitly (e.g. in the event loop),
-	rather than in a time manager task.
-
--	STARTUP DISK TOTAL FILE SIZE: Varies typically by at least 20k
-	from one startup to the next, with 'minimal' computer use. Won't
-	vary at all if machine is started again immediately after
-	startup (unless virtual memory is on), but any application which
-	uses the web and caches information to disk is likely to cause
-	this much variation or more. The variation is probably not
-	random, but I don't know in what way. File sizes tend to be
-	divisible by 4 bytes since file format fields are often
-	long-aligned. Entropy > log2 (20000/4) ~= 12 bits.
-	
--	STARTUP DISK FIRST AVAILABLE ALLOCATION BLOCK: As the volume
-	gets fragmented this could be anywhere in principle. In a
-	perfectly unfragmented volume this will be strongly correlated
-	with the total file size on the disk. With more fragmentation
-	comes less certainty. I took the variation in this value to be
-	1/8 of the total file size on the volume.
-
--	SYSTEM REQUIREMENTS: The code here requires System 7.0 and above
-	(for Gestalt and Microseconds calls). All the calls used are
-	Carbon-compatible.
-*/
-
-/*------------------------------ Includes ----------------------------*/
-
-#include "Randomizer.h"
-
-// Mac OS API
-#include <Files.h>
-#include <Folders.h>
-#include <Events.h>
-#include <Processes.h>
-#include <Gestalt.h>
-#include <Resources.h>
-#include <LowMem.h>
-
-// Standard C library
-#include <stdlib.h>
-#include <math.h>
-
-/*---------------------- Function declarations -----------------------*/
-
-// declared in OpenSSL/crypto/rand/rand.h
-extern "C" void RAND_add (const void *buf, int num, double entropy);
-
-unsigned long GetPPCTimer (bool is601);	// Make it global if needed
-					// elsewhere
-
-/*---------------------------- Constants -----------------------------*/
-
-#define kMouseResolution 6		// Mouse position has to differ
-					// from the last one by this
-					// much to be entered
-#define kMousePositionEntropy 5.16	// log2 (kMouseResolution**2)
-#define kTypicalMouseIdleTicks 300.0	// I am guessing that a typical
-					// amount of time between mouse
-					// moves is 5 seconds
-#define kVolumeBytesEntropy 12.0	// about log2 (20000/4),
-					// assuming a variation of 20K
-					// in total file size and
-					// long-aligned file formats.
-#define kApplicationUpTimeEntropy 6.0	// Variance > 1 second, uptime
-					// in ticks  
-#define kSysStartupEntropy 7.0		// Entropy for machine startup
-					// time
-
-
-/*------------------------ Function definitions ----------------------*/
-
-CRandomizer::CRandomizer (void)
-{
-	long	result;
-	
-	mSupportsLargeVolumes =
-		(Gestalt(gestaltFSAttr, &result) == noErr) &&
-		((result & (1L << gestaltFSSupports2TBVols)) != 0);
-	
-	if (Gestalt (gestaltNativeCPUtype, &result) != noErr)
-	{
-		mIsPowerPC = false;
-		mIs601 = false;
-	}
-	else
-	{
-		mIs601 = (result == gestaltCPU601);
-		mIsPowerPC = (result >= gestaltCPU601);
-	}
-	mLastMouse.h = mLastMouse.v = -10;	// First mouse will
-						// always be recorded
-	mLastPeriodicTicks = TickCount();
-	GetTimeBaseResolution ();
-	
-	// Add initial entropy
-	AddTimeSinceMachineStartup ();
-	AddAbsoluteSystemStartupTime ();
-	AddStartupVolumeInfo ();
-	AddFiller ();
-}
-
-void CRandomizer::PeriodicAction (void)
-{
-	AddCurrentMouse ();
-	AddNow (0.0);	// Should have a better entropy estimate here
-	mLastPeriodicTicks = TickCount();
-}
-
-/*------------------------- Private Methods --------------------------*/
-
-void CRandomizer::AddCurrentMouse (void)
-{
-	Point mouseLoc;
-	unsigned long lastCheck;	// Ticks since mouse was last
-					// sampled
-
-#if TARGET_API_MAC_CARBON
-	GetGlobalMouse (&mouseLoc);
-#else
-	mouseLoc = LMGetMouseLocation();
-#endif
-	
-	if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
-	    labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
-		AddBytes (&mouseLoc, sizeof (mouseLoc),
-				kMousePositionEntropy);
-	
-	if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
-		mMouseStill ++;
-	else
-	{
-		double entropy;
-		
-		// Mouse has moved. Add the number of measurements for
-		// which it's been still. If the resolution is too
-		// coarse, assume the entropy is 0.
-
-		lastCheck = TickCount() - mLastPeriodicTicks;
-		if (lastCheck <= 0)
-			lastCheck = 1;
-		entropy = log2l
-			(kTypicalMouseIdleTicks/(double)lastCheck);
-		if (entropy < 0.0)
-			entropy = 0.0;
-		AddBytes (&mMouseStill, sizeof (mMouseStill), entropy);
-		mMouseStill = 0;
-	}
-	mLastMouse = mouseLoc;
-}
-
-void CRandomizer::AddAbsoluteSystemStartupTime (void)
-{
-	unsigned long	now;		// Time in seconds since
-					// 1/1/1904
-	GetDateTime (&now);
-	now -= TickCount() / 60;	// Time in ticks since machine
-					// startup
-	AddBytes (&now, sizeof (now), kSysStartupEntropy);
-}
-
-void CRandomizer::AddTimeSinceMachineStartup (void)
-{
-	AddNow (1.5);			// Uncertainty in app startup
-					// time is > 1.5 msec (for
-					// automated app startup).
-}
-
-void CRandomizer::AddAppRunningTime (void)
-{
-	ProcessSerialNumber PSN;
-	ProcessInfoRec		ProcessInfo;
-	
-	ProcessInfo.processInfoLength = sizeof (ProcessInfoRec);
-	ProcessInfo.processName = nil;
-	ProcessInfo.processAppSpec = nil;
-	
-	GetCurrentProcess (&PSN);
-	GetProcessInformation (&PSN, &ProcessInfo);
-
-	// Now add the amount of time in ticks that the current process
-	// has been active
-
-	AddBytes (&ProcessInfo, sizeof (ProcessInfoRec),
-			kApplicationUpTimeEntropy);
-}
-
-void CRandomizer::AddStartupVolumeInfo (void)
-{
-	short			vRefNum;
-	long			dirID;
-	XVolumeParam	pb;
-	OSErr			err;
-	
-	if (!mSupportsLargeVolumes)
-		return;
-		
-	FindFolder (kOnSystemDisk, kSystemFolderType, kDontCreateFolder,
-			&vRefNum, &dirID);
-	pb.ioVRefNum = vRefNum;
-	pb.ioCompletion = 0;
-	pb.ioNamePtr = 0;
-	pb.ioVolIndex = 0;
-	err = PBXGetVolInfoSync (&pb);
-	if (err != noErr)
-		return;
-		
-	// Base the entropy on the amount of space used on the disk and
-	// on the next available allocation block. A lot else might be
-	// unpredictable, so might as well toss the whole block in. See
-	// comments for entropy estimate justifications.
-
-	AddBytes (&pb, sizeof (pb),
-		kVolumeBytesEntropy +
-		log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
-				* 4294967296.0D +
-			(pb.ioVTotalBytes.lo - pb.ioVFreeBytes.lo))
-				/ pb.ioVAlBlkSiz - 3.0));
-}
-
-/*
-	On a typical startup CRandomizer will come up with about 60
-	bits of good, unpredictable data. Assuming no more input will
-	be available, we'll need some more lower-quality data to give
-	OpenSSL the 128 bits of entropy it desires. AddFiller adds some
-	relatively predictable data into the soup.
-*/
-
-void CRandomizer::AddFiller (void)
-{
-	struct
-	{
-		ProcessSerialNumber psn;	// Front process serial
-						// number
-		RGBColor	hiliteRGBValue;	// User-selected
-						// highlight color
-		long		processCount;	// Number of active
-						// processes
-		long		cpuSpeed;	// Processor speed
-		long		totalMemory;	// Total logical memory
-						// (incl. virtual one)
-		long		systemVersion;	// OS version
-		short		resFile;	// Current resource file
-	} data;
-	
-	GetNextProcess ((ProcessSerialNumber*) kNoProcess);
-	while (GetNextProcess (&data.psn) == noErr)
-		data.processCount++;
-	GetFrontProcess (&data.psn);
-	LMGetHiliteRGB (&data.hiliteRGBValue);
-	Gestalt (gestaltProcClkSpeed, &data.cpuSpeed);
-	Gestalt (gestaltLogicalRAMSize, &data.totalMemory);
-	Gestalt (gestaltSystemVersion, &data.systemVersion);
-	data.resFile = CurResFile ();
-	
-	// Here we pretend to feed the PRNG completely random data. This
-	// is of course false, as much of the above data is predictable
-	// by an outsider. At this point we don't have any more
-	// randomness to add, but with OpenSSL we must have a 128 bit
-	// seed before we can start. We just add what we can, without a
-	// real entropy estimate, and hope for the best.
-
-	AddBytes (&data, sizeof(data), 8.0 * sizeof(data));
-	AddCurrentMouse ();
-	AddNow (1.0);
-}
-
-//-------------------  LOW LEVEL ---------------------
-
-void CRandomizer::AddBytes (void *data, long size, double entropy)
-{
-	RAND_add (data, size, entropy * 0.125);	// Convert entropy bits
-						// to bytes
-}
-
-void CRandomizer::AddNow (double millisecondUncertainty)
-{
-	long time = SysTimer();
-	AddBytes (&time, sizeof (time), log2l (millisecondUncertainty *
-			mTimebaseTicksPerMillisec));
-}
-
-//----------------- TIMING SUPPORT ------------------
-
-void CRandomizer::GetTimeBaseResolution (void)
-{	
-#ifdef __powerc
-	long speed;
-	
-	// gestaltProcClkSpeed available on System 7.5.2 and above
-	if (Gestalt (gestaltProcClkSpeed, &speed) != noErr)
-		// Only PowerPCs running pre-7.5.2 are 60-80 MHz
-		// machines.
-		mTimebaseTicksPerMillisec =  6000.0D;
-	// Assume 10 cycles per clock update, as in 601 spec. Seems true
-	// for later chips as well.
-	mTimebaseTicksPerMillisec = speed / 1.0e4D;
-#else
-	// 68K VIA-based machines (see Develop Magazine no. 29)
-	mTimebaseTicksPerMillisec = 783.360D;
-#endif
-}
-
-unsigned long CRandomizer::SysTimer (void)	// returns the lower 32
-						// bit of the chip timer
-{
-#ifdef __powerc
-	return GetPPCTimer (mIs601);
-#else
-	UnsignedWide usec;
-	Microseconds (&usec);
-	return usec.lo;
-#endif
-}
-
-#ifdef __powerc
-// The timebase is available through mfspr on 601, mftb on later chips.
-// Motorola recommends that an 601 implementation map mftb to mfspr
-// through an exception, but I haven't tested to see if MacOS actually
-// does this. We only sample the lower 32 bits of the timer (i.e. a
-// few minutes of resolution)
-
-asm unsigned long GetPPCTimer (register bool is601)
-{
-	cmplwi	is601, 0	// Check if 601
-	bne	_601		// if non-zero goto _601
-	mftb  	r3		// Available on 603 and later.
-	blr			// return with result in r3
-_601:
-	mfspr r3, spr5  	// Available on 601 only.
-				// blr inserted automatically
-}
-#endif
--- a/MacOS/Randomizer.h
+++ b/MacOS/Randomizer.h
@@ -1,43 +0,0 @@
-
-//	Gathers unpredictable system data to be used for generating
-//	random bits
-
-#include <MacTypes.h>
-
-class CRandomizer
-{
-public:
-	CRandomizer (void);
-	void PeriodicAction (void);
-	
-private:
-
-	// Private calls
-
-	void		AddTimeSinceMachineStartup (void);
-	void		AddAbsoluteSystemStartupTime (void);
-	void		AddAppRunningTime (void);
-	void		AddStartupVolumeInfo (void);
-	void		AddFiller (void);
-
-	void		AddCurrentMouse (void);
-	void		AddNow (double millisecondUncertainty);
-	void		AddBytes (void *data, long size, double entropy);
-	
-	void		GetTimeBaseResolution (void);
-	unsigned long	SysTimer (void);
-
-	// System Info	
-	bool		mSupportsLargeVolumes;
-	bool		mIsPowerPC;
-	bool		mIs601;
-	
-	// Time info
-	double		mTimebaseTicksPerMillisec;
-	unsigned long	mLastPeriodicTicks;
-	
-	// Mouse info
-	long		mSamplePeriod;
-	Point		mLastMouse;
-	long		mMouseStill;
-};
--- a/MacOS/TODO
+++ b/MacOS/TODO
@@ -1,18 +0,0 @@
-------------------------------------------------------------------
-Verify server certificate
-------------------------------------------------------------------
-Currently omitted from the project:
-
-	crypto/tmdiff.c
-	crypto/bio/bss_conn.c
-	crypto/bio/b_sock.c
-	crypto/bio/bss_acpt.c
-	crypto/bio/bss_log.h
-
-------------------------------------------------------------------
-Build libraries to link with...
-------------------------------------------------------------------
-Port openssl application.
-------------------------------------------------------------------
-BN optimizations (currently PPC version is compiled with BN_LLONG)
-------------------------------------------------------------------
--- a/MacOS/_MWERKS_GUSI_prefix.h
+++ b/MacOS/_MWERKS_GUSI_prefix.h
@@ -1,9 +0,0 @@
-#include <MacHeaders.h>
-#define B_ENDIAN
-#ifdef __POWERPC__
-#pragma longlong on
-#endif
-#if 1
-#define MAC_OS_GUSI_SOURCE
-#endif
-#define MONOLITH
--- a/MacOS/_MWERKS_prefix.h
+++ b/MacOS/_MWERKS_prefix.h
@@ -1,9 +0,0 @@
-#include <MacHeaders.h>
-#define B_ENDIAN
-#ifdef __POWERPC__
-#pragma longlong on
-#endif
-#if 0
-#define MAC_OS_GUSI_SOURCE
-#endif
-#define MONOLITH
--- a/MacOS/buildinf.h
+++ b/MacOS/buildinf.h
@@ -1,5 +0,0 @@
-#ifndef MK1MF_BUILD
-#  define CFLAGS	"-DB_ENDIAN"
-#  define PLATFORM	"macos"
-#  define DATE		"Sun Feb 27 19:44:16 MET 2000"
-#endif
--- a/MacOS/mklinks.as.hqx
+++ b/MacOS/mklinks.as.hqx
@@ -1,820 +0,0 @@
-(This file must be converted with BinHex 4.0)
-
-:#QeVE'PZDh-ZBA-!39"36'&`E(3J!!!!!!!!!*LiI6m!!!!!!3!!!*G#!!#@3J!
-!!AChFQPd!!!!K3)"!3m(Fh9`F'pbG!!!!)B#!3%$"(0eFQ8!!!#(!J-%"!3("3C
-cGfPdBfJ!!!#)!J%"#39cH@jMD!!!!)N#"J%$!`-&"3-'FhPcG'9Y!!!!LJ)&"3)
-%!J8("!-#!`4dB@*X!!!!L`))!3-$!`-$!`-$"(4PE'`!!!#-!J)"#38$G'KP!!!
-!M3))(J)@!Ki#!J))!K)#!`)B!Kd%G'KPE3!!!)i#!J%&#`4dD'9j!!!!M`)#!J)
-#$3TdD(*[G@GSEh9d!!!!N!!#!3%&"(4TCQB!!!#4!J%"!`4dD@eP!!!!NJ)"!JS
-#!h4T!!!!'N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H!!!!!!!#!!!!!!
-!!!!!!!!!!!!!rrrrr`!!!$3!!!!N!!!!!#"[!!5JAb"[!!5K++!M6R9$9'mJFR9
-Z)(4SDA-JFf0bDA"d)'&`F'aTBf&dD@pZ,#"jEh8JEA9cG#"QDA*cG#"TER0dB@a
-X)%&`F'aP8f0bDA"d,J!!!)C8D'Pc)(0MFQP`G#"MFQ9KG'9c)#iZ,fPZBfaeC'8
-[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@aTBA0PFbi0$8P
-d)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9KFf8JBQ8JF'&
-dD@9ZG$SY+3!!!#S!!J!!!!!!$3!+!"!!!!!-!!!!!!!!!!!!63!0!!S!%!%!!!`
-!!!!!!!!!!!!B!!!!+!!!!!!!!!!)!!!!)!#N2c`!!DR`!!!!l!!!!!&19[ri,`0
-f!#m$-$bKVDG'*KmY52ri,`-`2+LITdBQ(b!ZrrLa`'FJ,`-J2'0`ER4"l[rm)NL
-KV5+)*Kp+3'B)5Ulrr'F#GJ%3!bBZrr41ANje6PB!!#m-@Bm[2%j29%Nr2!#!U"m
-SAb!-CJK`!cm!UFKJ+#m-UC)J9#!)d+J!'#&!!"JJ9#!)d+J!(#&!!"a9Mbm8)&q
-JAMk!9%mSE[rm6Pj1G8j@!!![$%kkre4+!'FU@Bm[2'&`E(3[2(0MF(4`)DJU+&m
-J$'F5@Bm[$#mm!!!!!A!!U#UTp&K26VVrG#KZrra1ANje!!!!('&`E(3!!!!"4P*
-&4J!!!!!!J%P$6L-!!!!!!*B!!!!"!!!!!!G"8&"-!!!!!!!"!!!"!!!!!S!!!!4
-!!!"i)!!!K"!!!3))!!)#"!!%"!)!#!J"!"!8!)!J)J"!3%%!)2#!J"#*!%!)KJ!
-J")3!)!*!!"!")!!3!K!!%!3)!"!)"!!J%!)!3#!"!)"!!S%!J!5#!3!)4!)!#%J
-%!!KB#!!%C"!!!m)J!!!"3!!!!)!!!!%!!!!$J!!!"m!!!(rJ!!$rm!!"rrJ!!rr
-m!!IrrJ!2rrm!(rrrJ$rrrm"rrrrJrrrrm2rrrrMrrrrmrrrrrRrrrrmrrrrq(rr
-rr!rrrrJ(rrr`!rrri!(rrm!$rrq!"rrr!!rrrJ!2rr`!$rri!!IRm!!$`q!!!!(
-!!!!!J!!!!!)!!!!!!!!!!!m!!!!!!!!!!!!!!!!!!!$`m!!!!!!!!!!!!!!!!!!
-2!!m!!!!!!!!!!!!!!!rrm!!!m!!!!!!!!!!!!!$`c0m!!!m!!!!!!!!!!!!2!!c
-m!!!m!!!!!!!!!!!m!$-cI!!!!m!!!!!!!!!$`!-c0m!!!!!m!!!!!!!!2!!c-h
-`!!!!!!m!!!!!!!m!$-cIh`!!!!!!m!!!!!$`!-c0rGh`!!!!!!m!!!!2!!c-hph
-h`!!!!!!m!!!rrr-cIhF`-h`!!!!!!m!!2lFr0rGc!`-h`!!!!!!m!$pc-rph-$
-!`-h`!!!!!!m!r-`2cF`-$!!-r3!!!!!!m!m!`-c!`-!!$0m!!!!!$-m!m!`-$!`
-!!-cI!!!!!-c`!!m!`-$!!!`-h`!!!!c2!!!!m!`-!!$!c0m!!!$-m!!!!!m!`!!
-$-hm!!!-c`!!!!!!m!!!`-cIc!!!c2!!!!!!!!m!$!c0r-`!$-m!!!!!!!$pm-$
-hmc!!-c`!!!!!!!2hI`-cIc-!!c2!!!!!!!!rGc2c0r-`!$-m!!!!!!!!2h-cmh
-mc!!-c`!!!!!!!!$mc!rIr-!!c2!!!!!!!!!!$m$2m!r-$-m!!!!!!!!!!!$rr`!
-!r-c`!!!!!!!!!!!!!!!!!!r2!!!!!!!!!!!!!!!!!!!!m!!!!!!!!!!!!!"!!B!
-13"%J)4"##18%Q)+3!%&!)5!L%%3BL#83*L!G3!#!!B!2`"rJ2r"rq2rmrrlrrhr
-r2riIr"ri2r!ri"h!!)!!!!#!!!!!$r!!!!!!!2r`$`!!!!!2$!m!m!!!!2$!c`!
-2!!!2$!c`!!$`!2r`cpm!!!m!rGrpc2!!!2$p$p`-c`!!$`m!`-$0m!$2!2!-$-h
-`$2!!$`$-hm$2!!!2m-hm$2!!!2h2hm$2!!!!r-rm$2!!!!!2r`r2!!!!!!!!!2!
-!!!!!!!#D8f0bDA"d)%&`F'aTBf&dD@pZ$3e8D'Pc)(0MFQP`G#"MFQ9KG'9c)#i
-Z,fPZBfaeC'8[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@a
-TBA0PFbi0$8Pd)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9
-KFf8JBQ8JF'&dD@9ZG$SY+3!!!")!!J!!!!!!!!!!!!%!"J!'%iN!!!!+@1!!!b!
-!!!-J!!!!!"3!+`!(!Cm#@!!V!!F"f!*B!!!!!3!!M`C'BA0N98&6)$%Z-6!a,M%
-`$J!!!!32rrm!!3!#!!-"rrm!!!d!!3!"D`!!!!!!!!!%!J!%!!)!"3!'$3!&!!*
-X!!)!!!U`!!IrrJd!"`!#6`!!!!!+X!!)!!N0!!J!!@X!!!!%#Um!#J)!#J!#!!X
-!$!d!#`!#E!!#!!3!"2rprr`"rrd!!!(rr!!!!J!-!!)!$3!1$3!0!!*X!!%!"!!
-%rrX!$`(rq`!!$!!2!&N!8b"(CA3JF'&dD#"dEb"dD'Pc)%&`F'aP8f0bDA"d)'&
-`F'aPG$XJGA0P)'Pd)(4[)'C[FQdJG'KP)("KG'JJG'mJG'KP)'PZBfaeC'8JCQp
-XC'9b!!)!!!)!$J!#!"!!%3d!%!!#E!!"!!3!"2rk!")"rrS!!!`!%J!Q!#!JB@j
-N)(4SC5"[G'KPFL"bC@aPGQ&ZG#"QEfaNCA*c,J!#!!!#!"%!!J!6!"30!"-!!R-
-!!!!%!"%!&3!@$3!9!!*M!!!!"!!1!"F!'!d!&`!#E!!&!!3!$!!CrrN0!"N!!Qi
-!!!!%!!`!'J!E$3!D!!)d!!!!"3!-rrJ!(!Vrq!!%#Q0[BQS0!"`!!Q`!"3!'!!X
-!(Irh$3!G!!0*!!)!"J!,rrB!([re#[rf!"JZC@&bFfCQC(*KE'Pc!!!!!!!!)!"
-KCQ4b$3!H!!"Q!!!!"J!(![re!!!"rrF!!!d!'`!"E3!!!!3!"3!I$`!I!6J)ER9
-XE!!!!!!!!Gq!rrm!!!!A"NCTEQ4PFJ!!(`*[Me!!ASfm!Qq,i!"HA[!!I&M!!!!
-!!!!!'mi!!JN#!Qq-1!!!Kb%#Ei`J!!!!!%C14&*038e"3e-!!"%!B@aTF`!!!!!
-!fJ!#!!!-6@&MD@jdEh0S)%K%!!!!!!!!!!!!!!!!!!!!XSA5h%*%!!!!!!!A"NC
-TEQ4PFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!3rLc#@a!4Nj%8Ne"3e2rrrrr!!!!!!!!!!!!!!!!!!!
-!!!!!!!e6HA0dC@dJ4QpXC'9b!!!"!!3!!!!A!!)!)8eKBfPZG'pcD#")4$T6HA0
-dC@dJ4QpXC'9b1NCTEQ4PFJ$rr`!!!Irj!!!0!"J!!@d!!!!-!!hrp!Vrp!!%#Q0
-dH(30!"B!!@m!!!!!!!$rm`[rm`!5-!!(G'KPF'&dD!!(G'KP8'&dD!)!&!!#!#!
-!)3d!)!!#E!!#!")!%[rbrr%"rr)!!!(rm3!!!J!K!!)!)J!M$3!L!!*b!!!!%J!
-A!#3!*3d!*!!#EJ!$!")!&3!Q!#F0!#B!!6%!!!!6!"Arm!Vrm!!%#R4iC'`0!#F
-!!6%!!!!5!"2rl`Vrl`!%#Q&cBh)0!#8!!@m!!!!!!!$rlJ[rlJ!F-!!-G'KPEfa
-NC'9XD@ec!!adD'92E'4%C@aTEA-#!#-!!J!S!#N0!#J!!R)!!!!B!"d!+J!V$3!
-U!!&Y!!!!'!!C!#`-!#`!"`!"1J!#!!!0!#X!!Qi!!`!!!!!!,3!Z$3!Y!!%a!!!
-!'J!Frqd+rqd!"!TdH'4X$3!Z!!%a!!!!'3!Drq`+rq`!"!TKFf0b!J!T!!)!,`!
-`$3![!!*X!!)!(J!Hrq[rkJ(rk`!!!IrU!!!#!$!!!J!a!$)0!$%!!R)!!!!H!#X
-!-`!d$3!c!!*X!!8!(J!T!$Ark3d!03!#EJ!!!"i!+3!f!$F0!$B!!cF"!!!I!#R
-rk!!i!$N+rqJ!"!TMDA4Y$3!i!!&Y!!!!)`!PrqF$rqF!!3d!13!"E3!!!#B!+2r
-Q!rrQrrd0!$F!!@m!!!!H!"rrj3[rj3!5-!!(G'KPF'&dD!!(G'KP8'&dD!(rk3!
-!$3!d!!&[!!!!!!!!rq3,rq3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0
-d8'&dD!)!-J!#!$S!1`d!1J!#FJ!!!#`!1`!m!$d0!$`!!Q-!!!!X!$N!2J!r$3!
-q!!*X!!8!,!!h!%$ri`d!3!!#EJ!!!#`!0`""!%)0!%%!!cF"!!!Y!$IriJ"$!%3
-+rq)!"!TMDA4Y$3"$!!&Y!!!!-3!crq%$rq%!!3d!4!!"E3!!!$3!0[rJ!rrJrri
-0!%)!!@m!!!!X!#hrh`[rh`!5-!!(G'KPF'&dD!!(G'KP8'&dD!(ri`!!$3!r!!&
-Y!!!!0`!irpi+rpi!"!T849K8$3!p!!&[!!!!!!!!rpd,rpd!&M!!#A4SC@ePF'&
-dD!!*G'KP6@93BA4S!J!l!!)!43"'$3"&!!*X!!)!2!!mrpcrf`(rh!!!!IrE!!!
-#!%B!!J"(!%J0!%F!!R)!!!!m!%8!53"+$3"*!!*M!!!!2!""!%X!6!d!5`!#BJ!
-!!$`!2`"0!%i0!%d!!@m!!!!m!$hrfJ[rfJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4
-SC9"bEfTPBh43BA4S$3"1!!&Y!!!!23!q!%m-!%m!$3!(D@jME(9NC3!#!!!0!%`
-!!@d!!!!r!%$rf3Vrf3!%#P4&@&30!%S!!@m!!!!!!!$rf![rf!!Q-!!4D@jME(9
-NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S!J")!!)!8!"4$3"3!!*b!!!
-!4J"9!&)!8`d!8J!#B`!!!%B!83"8!&80!&3!!Q)!!!"'!%m!9J"A$3"@!!*L!!!
-!4J",!&J!@3d!@!!"E`!!!%B!4rrA#rrA!#!`!!jdD'9`FQpUC@0dF'&dD!!1G'K
-P8(*[DQ9MG&"KG'J0!&N!!@d!!!"(!%S!@J`!@J!0!!GTEQ0XG@4P!!)!!!d!9`!
-"E3!!!%X!6J"E$!"E!!d!"fp`C@jcFf`!!J!!$3"9!!&Y!!!!6`"3rpB+rpB!"!T
-849K8$3"6!!&[!!!!!!!!rp8,rp8!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
-dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S!J"4!!)!A!"G$3"F!!*b!!!!9J"
-K!&i!A`d!AJ!#B`!!!&B!A3"J!'%0!'!!!Q)!!!"@!&X!BJ"M$3"L!!&[!!!!9J"
-Arp3,rp3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0d8'&dD!d!B`!"E3!
-!!&F!@J"N$!"N!!`!"Q0bHA"dE`!#!!!0!'%!!@d!!!"E!&crd`Vrd`!%#P4&@&3
-0!&m!!@m!!!!!!!$rdJ[rdJ!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
-XC'9b8'&dD!)!A3!#!'8!CJd!C3!#FJ!!!')!E3"R!'J0!'F!!Q-!!!"L!'N!D3"
-U$3"T!!*L!!!!BJ"R!'X!E!d!D`!"E`!!!')!Brr4#rr4!#!`!!jdD'9`FQpUC@0
-dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!'`!!@d!!!"M!'B!E3`!E3!*!!0cFf`!!J!
-!$3"U!!&Y!!!!C`"Srp!+rp!!"!T849K8$3"S!!&[!!!!!!!!rmm,rmm!(M!!$A0
-cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J#!'B!!J"Z!'m0!'i!!R)!!!"Z!(8
-!F!"a$3"`!!*M!!!!EJ"a!()!F`d!FJ!"E`!!!'i!Err1#rr1!#!`!!jdD'9`FQp
-UC@0dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!(-!!@d!!!"[!($rc3Vrc3!%#P4&@&3
-0!(%!!@m!!!!!!!$rc![rc!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p`C@jcFfa
-'EfaNCA*3BA4S!J"[!!)!G!"e$3"d!!*X!!)!GJ"frm[rbJ(rb`!!!Ir+!!!#!(8
-!!J"f!(F0!(B!!R)!!!"f!(X!H!"j$3"i!!&[!!!!GJ"hrmN,rmN!($!!$(4SC@p
-XC'4PE'PYF`!-G'KP6faN4'9XD@ec$3"j!!*Z!!-!!!!!!(S!H`d!HJ!"-3!!!(J
-!H[r)#[r)!!3+G(KNE!d!H`!"-3!!!(F!H2r(#[r(!!3+BA0MFJ)!G`!#!(`!I3d
-!I!!#E!!#!(`!I2r'rm8"rmB!!!(ra3!!!J"p!!)!IJ"r$3"q!!*X!!%!I!"mrm3
-!J!(ra!!!$!#!!%!!1L"NC@aPG'8JEfaN)'PZBfaeC'8kEh"PER0cE#"QEfaNCA)
-JB@jN)(*PBh*PBA4P)'Pd)'0XC@&ZE(N!!J!!!J"r!!)!J3##$3#"!!*X!!)!I!"
-mrm2r`J(r``!!!Ir#!!!#!))!!J#$!)30!)-!!e%!!!"m!+8!K3#'!)F0!)8!!@X
-!!!"r!*`!L!)!L!!#!)N!LJd!L3!$53!#!(m!N[r"!)[r`!Vr`3!B,QeTFf0cE'0
-d+LSU+J!!!!!!!*!!!#SU+LS0!)X!!Qi!!!"r!)i!M!#0$3#-!!)d!!!!K`#1rlm
-!MJVr[`!%#Q0QEf`0!)i!!@d!!!#+!)d!M``!M`!0!!G[F'9ZFh0X!!)!!!d!M3!
-#0!!!!(m!Krqq!*!!#[qq!!3+BfC[E!d!N!!!!@m!!!#$!)Er[3[r[3!Q-!!4D@j
-ME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S![r!!!!#!)S!!J#4rl`
-0!*%!!dN!!J#6!*crZ`#5rlS+rlX!'#jMEh*PC'9XEbSU+LS!!!!!!!#3!!!U+LS
-U$3#5!!%a!!!!N`#BrlN+rlN!"!TcC@aP![qk!!!#rl`!!!d!KJ!$8J!!!!!!!2q
-irlIrYJVrZ!!B,Q&cBh*PFR)J+LSU+J!!!!!!!*!!!#SU+LS"rlF!!!,rYJ!!$3#
-(!!*X!!%!T!#Nrl8!N`(rY3!!$!#6!"-!$5"TCfj[FQ8JCA*bEh)!!J!!!J#%!!)
-!P!#9$3#8!!*X!!)!TJ#Qrl6rX`(rY!!!!Iqc!!!#!*8!!J#@!*F0!*B!!dN!!J#
-Q!,lrX[qa!*J+rl)!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Iqa!!!'!*J
-!!rq`!*N!QJVrX!!%#QY[Bf`0!*N!!@d!!!#U!+hrV`VrV`!%#Q0QEf`'!*S!!rq
-Z!*[rV3VrVJ!%#QPZFfJ0!*X!!M3!!!#`!,MrV!#F#[qX!!3+BfC[E!d!R!!"E`!
-!!,3!YrqV#rqV!#B`!"&TEQ0XG@4PCQpXC'9bF'&dD!!4D@jME(9NC8C[E'4PFP"
-KG'J'rkd!!!)!P`!#!*d!RJd!R3!#FJ!!!,m!aJ#I!+!0!*m!!Q`"!!#r!-)!SIq
-U$3#K!!%a!!!![`$#rkN+rkN!"!TbFfad!IqU!!!0!+!!!@m!!!!!!!$rU![rU!!
-Z-!!9G'KPEQ9hCQpXC'9bFQ9QCA*PEQ0P!"9dD'91CAG'EfaNCA*5C@CPFQ9ZBf8
-#!*i!!J#L!+-0!+)!!dN!!J$(!-lrT`#NrkB+rkF!'#jYDA0MFfaMG#SU+LS!!!!
-!!!#3!!!U+LSU$3#N!!&[!!!!a`$+rk8,rk8!,M!!&A4SC@jPGfC[E'4PFR*PCQ9
-bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P![qQ!!!#!+-!!J#P!+B0!+8!!R)
-!!!$2!0`!T`#S$3#R!!&Y!!!!c`$5!+N-!+N!$3!(Eh"PER0cE!!#!!!0!+J!!Qi
-!!!!!!!!!UJ#V$3#U!!%a!!!!e`$Erk3+rk3!"!T`EQ&Y$3#V!!%a!!!!dJ$Ark-
-+rk-!"!TcC@aP!J#Q!!)!V!#Y$3#X!!*X!!)!h3$Grk,rS3(rSJ!!!IqK!!!#!+d
-!!J#Z!+m0!+i!!Q`!!3$G!0hrS!#`!IqJ!!!-!,!!(`!C)&0dBA*d)'eKDfPZCb"
-dD'8JB@aTBA0PF`!#!!!#!+m!!J#a!,)0!,%!!dN!!J$G!3ArRrqH!,-+rjm!'#j
-MEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!IqH!!!'!,-!!rqG!,3!Y3VrR3!%#QY
-[Bf`0!,3!!@d!!!$K!16rR!VrR!!%#Q&XD@%'!,8!!rqE!,B!Y`VrQ`!%#QPZFfJ
-0!,B!!M3!!!$R!1rrQJ#i#[qD!!3+BfC[E!d!Z!!"E`!!!1X!l[qC#rqC!$3`!"K
-[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
-dD!B!Y`!$rjJ!ZIqA#[qB!!3+G'mJ)!d!Z3!#EJ!!!2)!r`#k!,X0!,S!!M3!!!$
-i!2rrPJ#m#[q@!!3+CQPXC3d![!!"E3!!!2X!rJ#p$!#p!"-!$@p`C@jcFfaMEfj
-Q,QJ!!J!!$3#l!!)d!!!!mJ$irj8![JVrP3!%#Q0QEf`0!,i!!@m!!!$f!2IrP![
-rP!!@-!!*G'KPE@9`BA4S!!PdD'90C9"KG'J'rjF!!!)!XJ!#!,m!`!d![`!#E!!
-#!3B""[q6rj)"rj-!!!(rNJ!!!J$!!!)!`3$#$3$"!!*b!!!""J%4!--!a!d!``!
-#BJ!!!3B"$3$&!-B0!-8!!@m!!!%'!3RrN3[rN3!N-!!3Bh*jF(4[CQpXC'9bF'&
-dD!!3Bh*jF(4[4QpXC'9b8'&dD!d!aJ!"E3!!!3N"$!$($!$(!!X!"6TKFfia!!)
-!!!d!a!!"E`!!!!!!!2q3!![rN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!`J!
-#!-J!b3d!b!!$53!#!4)"22q2rii!bJVrM`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!
-!!'jeE'`"rii!!!B!bJ!$rid!b`$-#[q0!!3+DfpME!d!b`!"E3!!!4B"'Iq-#[q
-!!3+B@aTB3B!c!!$riX!c3$1#[q,!!3+D@jcD!d!c3!#0!!!!4`"*2q+!-m+riS
-!"!TMCQpX$3$2!!&[!!!")!%MriN,riN!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9
-bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J$1!!2rL!$3riF+riJ!"!T
-dEb!J$3$3!!*Z!!!"*`%f!0%!dJd!d3!#0!!!!5m"0[q'!0-+riB!"!TQD@aP$3$
-6!!&Y!!!"-J%e!03-!03!$!!'BA0Z-5jS!!)!!!d!dJ!#0!!!!5F",rq&!08+ri8
-!"!TMCQpX$3$9!!&[!!!"+`%Zri3,ri3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!E
-rK`!!!J$*!!)!eJ$A$3$@!!0*!!)"23&Rri2rJJ$B#[q$!"JZBfpbC@0bC@`U+LS
-U!!!!!!!!N!!!ER9XE!(rJJ!!"J$B!!2rJ3$C!0S+ri%!"!TVEf0X$3$C!!&Y!!!
-"33&%ri!+ri!!"!TKE'PK"J$D!!2rI`$E!0`+rhm!"!TTER0S$3$E!!)d!!!"4`&
-2rhi!h3VrIJ!%#Q0QEf`0!0d!!@m!!!&,!8lrI3[rI3!d-!!BEh"PER0cE'PZBfa
-eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!0`!!rpm!0l
-rH`VrI!!%#R4[)#!0!0i!!Qi!!!&5!@%!h`$J$3$I!!)d!!!"@J&KrhS!i3VrHJ!
-%#QCTE'80!1%!!@d!!!&G!@!!iJ`!iJ!3!!TKFfiaAfeKBbjS!!)!!!d!i!!#0!!
-!!9)"@[pj!1-+rhN!"!TMCQpX$3$M!!&[!!!"9J&CrhJ,rhJ!&$!!#(4PEA"`BA4
-S!!KdC@e`8'&dD!ErH`!!!J$A!!)!j!$P$3$N!!*X!!)"D!&SrhIrGJ(rG`!!!Ip
-f!!!#!18!!J$Q!1F0!1B!!R)!!!&S!A-!k!$T$3$S!!*L!!!"D!&[!1S!k`d!kJ!
-"E`!!!@J"Drpe#rpe!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*
-3BA4S$3$V!!&Y!!!"D`&Z!1`-!1`!#J!%1Q*TE`!#!!!0!1N!!@m!!!!!!!$rG![
-rG!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J$R!!)!l3$Z$3$Y!!0*!!)"G!'Hrh2
-rFJ$[#[pc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(rFJ!!"J$[!!2rF3$
-`!2%+rh%!"!TVEf0X$3$`!!&Y!!!"H!&lrh!+rh!!"!TKE'PK"J$a!!2rE`$b!2-
-+rfm!"!TTER0S$3$b!!)d!!!"IJ''rfi!p!VrEJ!%#Q0QEf`0!23!!@m!!!'#!BA
-rE3[rE3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
-NC8C[E'4PFP"KG'J'!2-!!rpX!2ArD`VrE!!%#R4[)#!0!28!!Qi!!!'*!CJ!pJ$
-h$3$f!!)d!!!"N3'BrfS!q!VrDJ!%#QCTE'80!2J!!@d!!!'8!CF!q3`!q3!,!!9
-LD@mZD!!#!!!0!2F!!M3!!!'*!C(rD3$k#[pT!!3+BfC[E!d!qJ!"E`!!!Bd"N!$
-rD![rD!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[pV!!!#!1i!!J$l!2`0!2X!!Q`
-!!J'I!CrrCrpQ!IpR!!!"rfB!!!)!r!!#!2d!rJd!r3!#FJ!!!Cm"UJ$r!3!0!2m
-!!Q)!!!'I!DB"!3%#$3%"!!&[!!!"R`'Lrf8,rf8!*$!!%'0bHA"dEfC[E'4PFR"
-KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!3)!!@d!!!'L!D8"!``"!`!*!!-kBQB!!J!
-!$3%!!!&[!!!!!!!!rf3,rf3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!rJ!#!33
-""3d""!!$53!#!DX"eIpMrf)""JVrB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
-eE'`"rf)!!!B""J!$rf%""`%)#[pK!!3+DfpME!d""`!"E3!!!Dm"X[pJ#[pJ!!3
-+B@aTB3B"#!!$rem"#3%+#[pI!!3+D@jcD!d"#3!#0!!!!E8"[IpH!3X+rei!"!T
-MCQpX$3%,!!&[!!!"Z3'mred,red!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
-dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J%+!!2rA!%-reX+re`!"!TdEb!
-J$3%-!!*Z!!!"`!(2!3d"$Jd"$3!#0!!!!FJ"crpD!3m+reS!"!TQD@aP$3%2!!&
-Y!!!"b`(1!4!-!4!!%!!+BQa[GfCTFfJZD!!#!!!0!3i!!M3!!!(!!FMr@3%4#[p
-C!!3+BfC[E!d"%3!"E`!!!F3"arpB#rpB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J
-'reX!!!)""3!#!4)"%`d"%J!#E!!#!GB"e[pAreB"reF!!!(r9J!!!J%6!!)"&!%
-9$3%8!!*b!!!"eJ(K!4B"&`d"&J!#BJ!!!GB"h3%B!4N0!4J!!@m!!!(@!GRr93[
-r93!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"'3!"E3!
-!!GN"h!%D$!%D!!N!!cTLEJ!#!!!0!4F!!@m!!!!!!!$r9![r9!!8-!!)G'9YF("
-KG'J!#(4PEA"3BA4S!J%9!!)"'`%F$3%E!!0*!!)"iJ)-re2r8J%G#[p6!"JZBfp
-bC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r8J!!"J%G!!2r83%H!4m+re%!"!TVEf0
-X$3%H!!&Y!!!"jJ(Tre!+re!!"!TKE'PK"J%I!!2r6`%J!5%+rdm!"!TTER0S$3%
-J!!)d!!!"l!(drdi")JVr6J!%#Q0QEf`0!5)!!@m!!!(`!I2r63[r63!d-!!BEh"
-PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J
-'!5%!!rp-!52r5`Vr6!!%#R4[)#!0!5-!!Qi!!!(h!JB"*!%P$3%N!!)d!!!"r`)
-'rdS"*JVr5J!%#QCTE'80!5B!!@d!!!)#!J8"*``"*`!+!!4LELjS!!)!!!d"*3!
-#0!!!!IF"rrp*!5J+rdN!"!TMCQpX$3%S!!&[!!!"q`(qrdJ,rdJ!&$!!#(4PEA"
-`BA4S!!KdC@e`8'&dD!Er5`!!!J%F!!)"+3%U$3%T!!*X!!)#$3)0rdIr4J(r4`!
-!!Ip'!!!#!5S!!J%V!5`0!5X!!R)!!!)0!KJ",3%Z$3%Y!!*L!!!#$3)8!5m"-!d
-",`!"E`!!!Jd#%2p&#rp&!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
-NCA*3BA4S$3%`!!&Y!!!#%!)6!6%-!6%!$3!(1Q*eCQCPFJ!#!!!0!5i!!@m!!!!
-!!!$r4![r4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J%X!!)"-J%c$3%b!!0*!!)
-#'3*$rd2r3J%d#[p$!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r3J!!"J%
-d!!2r33%e!6B+rd%!"!TVEf0X$3%e!!&Y!!!#(3)Jrd!+rd!!"!TKE'PK"J%f!!2
-r2`%h!6J+rcm!"!TTER0S$3%h!!)d!!!#)`)Vrci"13Vr2J!%#Q0QEf`0!6N!!@m
-!!!)R!LVr23[r23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
-5@jME(9NC8C[E'4PFP"KG'J'!6J!!rmm!6Vr1`Vr2!!%#R4[)#!0!6S!!Qi!!!)
-Z!Md"1`%m$3%l!!)d!!!#0J)prcS"23Vr1J!%#QCTE'80!6d!!@d!!!)j!M`"2J`
-"2J!1!!KLG@CQCA)ZD!!#!!!0!6`!!M3!!!)Z!MEr13%r#[mj!!3+BfC[E!d"2`!
-"E`!!!M)#0Imi#rmi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rcX!!!)"-`!#!8!
-"33d"3!!#E!!#!N3#42mhrcB"rcF!!!(r0J!!!J&"!!)"3J&$$3&#!!*b!!!#4!*
-2!83"43d"4!!#BJ!!!N3#5`&'!8F0!8B!!@m!!!*%!NIr03[r03!N-!!3Bh*jF(4
-[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"4`!"E3!!!NF#5J&)$!&)!!X
-!"6TMBA0d!!)!!!d"43!"E`!!!!!!!2md#rmd!"3`!!KdC@e`F'&dD!!)G'9YF&"
-KG'J#!8-!!J&*!8S0!8N!!dN!!J*3!RVr-rmb!8X+rc-!'#jMEh*PBh*PE#SU+LS
-!!!!!!!#3!!"ZG@aX!Imb!!!'!8X!!rma!8`"63Vr-3!%#QY[Bf`0!8`!!@d!!!*
-8!PIr-!Vr-!!%#Q&XD@%'!8d!!rm[!8i"6`Vr,`!%#QPZFfJ0!8i!!M3!!!*D!Q,
-r,J&3#[mZ!!3+BfC[E!d"8!!"E`!!!Pi#BImY#rmY!$3`!"K[F'9ZFh0XD@jME(9
-NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"6`!$rb`"8Im
-V#[mX!!3+G'mJ)!d"83!#EJ!!!Q8#G!&5!9-0!9)!!M3!!!*Y!R6r+J&8#[mU!!3
-+CQPXC3d"9!!"E3!!!R!#F`&9$!&9!!`!"Q0KFh3ZD!!#!!!0!9-!!M3!!!*P!Qh
-r+3&@#[mT!!3+BfC[E!d"9J!"E`!!!QN#E2mS#rmS!"3`!!KdC@e`F'&dD!!)G'9
-YF&"KG'J'rbX!!!)"5J!#!9F"@!d"9`!#E!!#!RX#HrmRrbB"rbF!!!(r*J!!!J&
-B!!)"@3&D$3&C!!*b!!!#H`+'!9X"A!d"@`!#BJ!!!RX#JJ&G!9i0!9d!!@m!!!*
-l!Rlr*3[r*3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
-"AJ!"E3!!!Ri#J3&I$!&I!!X!"6TMEfe`!!)!!!d"A!!"E`!!!!!!!2mN#rmN!"3
-`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!9S!!J&J!@%0!@!!!dN!!J+(!V(r)rmL!@)
-+rb-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!ImL!!!'!@)!!rmK!@-"C!V
-r)3!%#QY[Bf`0!@-!!@d!!!+,!Slr)!Vr)!!%#Q&XD@%'!@3!!rmI!@8"CJVr(`!
-%#QPZFfJ0!@8!!M3!!!+4!TRr(J&R#[mH!!3+BfC[E!d"C`!"E`!!!T8#Q2mG#rm
-G!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4Qp
-XC'9b8'&dD!B"CJ!$ra`"D2mE#[mF!!3+G'mJ)!d"D!!#EJ!!!T`#U`&T!@S0!@N
-!!M3!!!+N!U[r'J&V#[mD!!3+CQPXC3d"D`!"E3!!!UF#UJ&X$!&X!!`!"Q0[EA!
-ZD!!#!!!0!@S!!M3!!!+F!U6r'3&Y#[mC!!3+BfC[E!d"E3!"E`!!!U!#SrmB#rm
-B!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'raX!!!)"B3!#!@i"E`d"EJ!#E!!#!V)
-#X[mAraB"raF!!!(r&J!!!J&[!!)"F!&a$3&`!!*b!!!#XJ+p!A)"F`d"FJ!#BJ!
-!!V)#Z3&d!A80!A3!!@m!!!+b!VAr&3[r&3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!
-3Bh*jF(4[4QpXC'9b8'&dD!d"G3!"E3!!!V8#Z!&f$!&f!!X!"6TMEfjQ!!)!!!d
-"F`!"E`!!!!!!!2m8#rm8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!A%!!J&h!AJ
-0!AF!!dN!!J+q!ZMr%rm5!AN+ra-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@a
-X!Im5!!!'!AN!!rm4!AS"H`Vr%3!%#QY[Bf`0!AS!!@d!!!,#!XAr%!Vr%!!%#Q&
-XD@%'!AX!!rm2!A`"I3Vr$`!%#QPZFfJ0!A`!!M3!!!,)!Y$r$J&q#[m1!!3+BfC
-[E!d"IJ!"E`!!!X`#crm0#rm0!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J
-!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"I3!$r``"Irm,#[m-!!3+G'mJ)!d
-"I`!#EJ!!!Y-#iJ'!!B%0!B!!!M3!!!,E!Z,r#J'##[m+!!3+CQPXC3d"JJ!"E3!
-!!Yi#i3'$$!'$!!`!"Q0[EQBZD!!#!!!0!B%!!M3!!!,6!Y[r#3'%#[m*!!3+BfC
-[E!d"K!!"E`!!!YF#f[m)#rm)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r`X!!!)
-"H!!#!B8"KJd"K3!#E!!#!ZN#kIm(r`B"r`F!!!(r"J!!!J''!!)"K`')$3'(!!*
-b!!!#k3,d!BN"LJd"L3!#BJ!!!ZN#m!',!B`0!BX!!@m!!!,T!Zcr"3[r"3!N-!!
-3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"M!!"E3!!!Z`#l`'
-0$!'0!!S!"$TNCA-!!J!!$3'+!!&[!!!!!!!!r`3,r`3!&$!!#(4PEA"`BA4S!!K
-dC@e`8'&dD!)"L!!#!Bi"M`d"MJ!$53!#![8$(rm$r`)"N!!+r`-!'#jMEh*PBh*
-PE#SU+LS!!!!!!!#3!!"ZG@aX!Im#!!!'!C!!!!2r!3'4!C)+r`%!"!TVEf0X$3'
-4!!&Y!!!#q3,mr`!+r`!!"!TKE'PK"J'5!!2qr`'6!C3+r[m!"!TTER0S$3'6!!)
-d!!!#r`-(r[i"P3VqrJ!%#Q0QEf`0!C8!!@m!!!-$!`Eqr3[qr3!d-!!BEh"PER0
-cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!C3
-!!rlm!CEqq`Vqr!!%#R4[)#!0!CB!!Qi!!!-+!aN"P`'B$3'A!!)d!!!$%J-Cr[S
-"Q3VqqJ!%#QCTE'80!CN!!@d!!!-9!aJ"QJ`"QJ!,!!9NCA-ZD!!#!!!0!CJ!!M3
-!!!-+!a,qq3'E#[lj!!3+BfC[E!d"Q`!"E`!!!`i$%Ili#rli!"3`!!KdC@e`F'&
-dD!!)G'9YF&"KG'J'r[X!!!)"M`!#!C`"R3d"R!!#E!!#!b!$)2lhr[B"r[F!!!(
-qpJ!!!J'G!!)"RJ'I$3'H!!*b!!!$)!-V!D!"S3d"S!!#BJ!!!b!$*`'L!D-0!D)
-!!@m!!!-J!b2qp3[qp3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9
-b8'&dD!d"S`!"E3!!!b-$*J'N$!'N!!N!!cTND!!#!!!0!D%!!@m!!!!!!!$qp![
-qp!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'I!!)"T3'Q$3'P!!0*!!)$,!0@r[2
-qmJ'R#[lc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(qmJ!!"J'R!!2qm3'
-S!DN+r[%!"!TVEf0X$3'S!!&Y!!!$-!-cr[!+r[!!"!TKE'PK"J'T!!2ql`'U!DX
-+rZm!"!TTER0S$3'U!!)d!!!$0J-qrZi"V!VqlJ!%#Q0QEf`0!D`!!@m!!!-k!ch
-ql3[ql3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
-NC8C[E'4PFP"KG'J'!DX!!rlX!Dhqk`Vql!!%#R4[)#!0!Dd!!Qi!!!0"!e!"VJ'
-[$3'Z!!)d!!!$5303rZS"X!VqkJ!%#QCTE'80!E!!!@d!!!0-!dm"X3`"X3!+!!4
-ND#jS!!)!!!d"V`!#0!!!!d%$5IlT!E)+rZN!"!TMCQpX$3'b!!&[!!!$430)rZJ
-,rZJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eqk`!!!J'Q!!)"X`'d$3'c!!*X!!)
-$9`0ArZIqjJ(qj`!!!IlQ!!!#!E3!!J'e!EB0!E8!!R)!!!0A!f)"Y`'i$3'h!!*
-L!!!$9`0H!EN"ZJd"Z3!"E`!!!eF$@[lP#rlP!#3`!""MFRP`G'pQEfaNCA*`BA4
-S!""MFRP`G'p'EfaNCA*3BA4S$3'k!!&Y!!!$@J0G!EX-!EX!#J!%1Q4cB3!#!!!
-0!EJ!!@m!!!!!!!$qj![qj!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'f!!)"[!'
-p$3'm!!0*!!)$B`10rZ2qiJ'q#[lM!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
-XE!(qiJ!!"J'q!!2qi3'r!F!+rZ%!"!TVEf0X$3'r!!&Y!!!$C`0UrZ!+rZ!!"!T
-KE'PK"J(!!!2qh`("!F)+rYm!"!TTER0S$3("!!)d!!!$E30erYi"``VqhJ!%#Q0
-QEf`0!F-!!@m!!!0a!h6qh3[qh3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
-S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!F)!!rlF!F6qf`Vqh!!%#R4[)#!
-0!F3!!Qi!!!0i!iF"a3('$3(&!!)d!!!$J!1(rYS"a`VqfJ!%#QCTE'80!FF!!@d
-!!!1$!iB"b!`"b!!,!!9NFf%ZD!!#!!!0!FB!!M3!!!0i!i$qf3(*#[lC!!3+BfC
-[E!d"b3!"E`!!!h`$IrlB#rlB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rYX!!!)
-"[3!#!FS"b`d"bJ!#E!!#!ii$M[lArYB"rYF!!!(qeJ!!!J(,!!)"c!(0$3(-!!*
-b!!!$MJ1C!Fi"c`d"cJ!#BJ!!!ii$P3(3!G%0!G!!!@m!!!11!j(qe3[qe3!N-!!
-3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"d3!"E3!!!j%$P!(
-5$!(5!!S!"$TPFR)!!J!!$3(2!!&[!!!!!!!!rY3,rY3!&$!!#(4PEA"`BA4S!!K
-dC@e`8'&dD!)"c3!#!G-"e!d"d`!$53!#!jS$a2l6rY)"e3Vqd`!B,Q0[FQ9MFQ9
-X+LSU+J!!!!!!!*!!!'jeE'`"rY)!!!B"e3!$rY%"eJ(A#[l4!!3+DfpME!d"eJ!
-"E3!!!ji$SIl3#[l3!!3+B@aTB3B"e`!$rXm"f!(C#[l2!!3+D@jcD!d"f!!#0!!
-!!k3$V2l1!GS+rXi!"!TMCQpX$3(D!!&[!!!$U!1VrXd,rXd!0$!!''p`C@jcFfa
-TEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J(C!!2
-qc!(ErXX+rX`!"!TdEb!J$3(E!!*Z!!!$V`1q!G`"h3d"h!!#0!!!!lF$[[l+!Gi
-+rXS!"!TQD@aP$3(H!!&Y!!!$ZJ1p!Gm-!Gm!#`!&CA*b,QJ!!J!!$3(G!!)d!!!
-$V`1hrXN"i!Vqb3!%#Q0QEf`0!H!!!@m!!!1c!lEqb![qb!!8-!!)G'9YF("KG'J
-!#(4PEA"3BA4S"[l,!!!#!G3!!J(K!H)0!H%!!Q`!!J2&!mAqarl'!Il(!!!"rXB
-!!!)"iJ!#!H-"j!d"i`!#FJ!!!m8$d!(P!HB0!H8!!Q)!!!2&!m`"j`(S$3(R!!&
-[!!!$a32)rX8,rX8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"
-KG'J0!HJ!!@d!!!2)!mX"k3`"k3!+!!3kCAC`!!)!!!d"jJ!"E`!!!!!!!2l%#rl
-%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!H3!!J(U!HX0!HS!!dN!!J24!r[q`rl
-#!H`+rX-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Il#!!!'!H`!!rl"!Hd
-"lJVq`3!%#QY[Bf`0!Hd!!@d!!!29!pMq`!Vq`!!%#Q&XD@%'!Hi!!rkr!Hm"m!V
-q[`!%#QPZFfJ0!Hm!!M3!!!2E!q2q[J(a#[kq!!3+BfC[E!d"m3!"E`!!!pm$i[k
-p#rkp!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4
-P4QpXC'9b8'&dD!B"m!!$rV`"m[kl#[km!!3+G'mJ)!d"mJ!#EJ!!!qB$p3(c!I3
-0!I-!!M3!!!2Z!rAqZJ(e#[kk!!3+CQPXC3d"p3!"E3!!!r%$p!(f$!(f!!X!"@9
-fF#jS!!)!!!d"p!!#0!!!!qB$l[kj!IF+rVN!"!TMCQpX$3(h!!&[!!!$kJ2YrVJ
-,rVJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqZ`!!!J(V!!)"q!(j$3(i!!*X!!)
-$r!2mrVIqYJ(qY`!!!Ikf!!!#!IN!!J(k!IX0!IS!!R)!!!2m"!F"r!(p$3(m!!*
-L!!!$r!3$!Ii"r`d"rJ!"E`!!!r`$rrke#rke!#3`!""MFRP`G'pQEfaNCA*`BA4
-S!""MFRP`G'p'EfaNCA*3BA4S$3(r!!&Y!!!$r`3#!J!-!J!!#`!&1QKYB@-!!J!
-!$3(p!!&[!!!!!!!!rV3,rV3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)"q`!#!J%
-#!Jd#!3!$53!#"!J%-[kcrV)#!`VqX`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
-eE'`"rV)!!!B#!`!$rV%#"!)&#[ka!!3+DfpME!d#"!!"E3!!"!`%$rk`#[k`!!3
-+B@aTB3B#"3!$rUm#"J)(#[k[!!3+D@jcD!d#"J!#0!!!"")%'[kZ!JJ+rUi!"!T
-MCQpX$3))!!&[!!!%&J3CrUd,rUd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
-dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)(!!2qV!)*rUX+rU`!"!TdEb!
-J$3)*!!*Z!!!%(33X!JS##`d##J!#0!!!"#8%,2kU!J`+rUS!"!TQD@aP$3)-!!&
-Y!!!%+!3V!Jd-!Jd!$!!'D'eKBbjS!!)!!!d##`!#0!!!""d%*IkT!Ji+rUN!"!T
-MCQpX$3)1!!&[!!!%)33NrUJ,rUJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqU`!
-!!J)#!!)#$`)3$3)2!!*X!!)%-`3crUIqTJ(qT`!!!IkQ!!!#!K!!!J)4!K)0!K%
-!!R)!!!3c"$i#%`)8$3)6!!*L!!!%-`3k!K8#&Jd#&3!"E`!!"$-%0[kP#rkP!#3
-`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3)@!!&Y!!!%0J3
-j!KF-!KF!#`!&1QPNC@%!!J!!$3)8!!&[!!!!!!!!rU3,rU3!&$!!#(4PEA"`BA4
-S!!KdC@e`8'&dD!)#%J!#!KJ#'3d#'!!$53!#"$m%DIkMrU)#'JVqS`!B,Q0[FQ9
-MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rU)!!!B#'J!$rU%#'`)F#[kK!!3+DfpME!d
-#'`!"E3!!"%-%4[kJ#[kJ!!3+B@aTB3B#(!!$rTm#(3)H#[kI!!3+D@jcD!d#(3!
-#0!!!"%N%8IkH!Km+rTi!"!TMCQpX$3)I!!&[!!!%6343rTd,rTd!0$!!''p`C@j
-cFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)
-H!!2qR!)JrTX+rT`!"!TdEb!J$3)J!!*Z!!!%9!4M!L%#)Jd#)3!#0!!!"&`%Brk
-D!L-+rTS!"!TQD@aP$3)M!!&Y!!!%A`4L!L3-!L3!$!!'D@4PB5jS!!)!!!d#)J!
-#0!!!"&3%A2kC!L8+rTN!"!TMCQpX$3)P!!&[!!!%@!4ErTJ,rTJ!&$!!#(4PEA"
-`BA4S!!KdC@e`8'&dD!EqQ`!!!J)C!!)#*J)R$3)Q!!*X!!)%DJ4UrTIqPJ(qP`!
-!!Ik@!!!#!LF!!J)S!LN0!LJ!!R)!!!4U"(8#+J)V$3)U!!*L!!!%DJ4a!L`#,3d
-#,!!"E`!!"'S%EIk9#rk9!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
-NCA*3BA4S$3)Y!!&Y!!!%E34`!Li-!Li!$!!'1QaSBA0S!!)!!!d#+`!"E`!!!!!
-!!2k8#rk8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!LN!!J)[!M!0!Lm!!dN!!J4
-f"+$qNrk5!M%+rT-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ik5!!!'!M%
-!!rk4!M)#-`VqN3!%#QY[Bf`0!M)!!@d!!!4k"(hqN!!+rT!!!!3+B@aTB3B#-`!
-$rSm#0!)e#[k2!!3+D@jcD!d#0!!#0!!!")!%L2k1!MB+rSi!"!TMCQpX$3)f!!&
-[!!!%K!5(rSd,rSd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP0
-66%PZBfaeC'9'EfaNCA*3BA4S"J)e!!2qM!)hrSX+rS`!"!TdEb!J$3)h!!*Z!!!
-%L`5D!MJ#13d#1!!#0!!!"*-%Q[k+!MS+rSS!"!TQD@aP$3)k!!&Y!!!%PJ5C!MX
-!MX!$3!(E'KKFfJZD!!#!!!0!MN!!M3!!!5,"*2qL3)m#[k*!!3+BfC[E!d#2!!
-"E`!!")m%N[k)#rk)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rSX!!!)#-!!#!Md
-#2Jd#23!#E!!#"+%%SIk(rSB"rSF!!!(qKJ!!!J)q!!)#2`*!$3)r!!*b!!!%S35
-X!N%#3Jd#33!#BJ!!"+%%U!*$!N30!N-!!@m!!!5K"+6qK3[qK3!N-!!3Bh*jF(4
-[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d#4!!"E3!!"+3%T`*&$!*&!!S
-!"$TYC$)!!J!!$3*#!!&[!!!!!!!!rS3,rS3!&$!!#(4PEA"`BA4S!!KdC@e`8'&
-dD!)#3!!#!NB#4`d#4J!$53!#"+d%erk$rS)#5!VqJ`!B,Q0[FQ9MFQ9X+LSU+J!
-!!!!!!*!!!'jeE'`"rS)!!!B#5!!$rS%#53*+#[k"!!3+DfpME!d#53!"E3!!",%
-%Y2k!#[k!!!3+B@aTB3B#5J!$rRm#5`*-#[jr!!3+D@jcD!d#5`!#0!!!",F%[rj
-q!Nd+rRi!"!TMCQpX$3*0!!&[!!!%Z`5qrRd,rRd!0$!!''p`C@jcFfaTEQ0XG@4
-PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*-!!2qI!*1rRX
-+rR`!"!TdEb!J$3*1!!*Z!!!%`J64!Nm#8!d#6`!#0!!!"-S%dIjk!P%+rRS!"!T
-QD@aP$3*4!!&Y!!!%c363!P)-!P)!#`!&E@3b,QJ!!J!!$3*3!!)d!!!%`J6+rRN
-#8`VqH3!%#Q0QEf`0!P-!!@m!!!6'"-RqH![qH!!8-!!)G'9YF("KG'J!#(4PEA"
-3BA4S"[jl!!!#!NF!!J*8!P80!P3!!Q`!!J6B"0MqGrjf!Ijh!!!"rRB!!!)#93!
-#!PB#9`d#9J!#FJ!!"0J%i`*B!PN0!PJ!!Q)!!!6B"0m#@J*E$3*D!!&[!!!%f!6
-ErR8,rR8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!PX
-!!@d!!!6E"0i#A!`#A!!+!!3kE@3e!!)!!!d#@3!"E`!!!!!!!2jd#rjd!"3`!!K
-dC@e`F'&dD!!)G'9YF&"KG'J#!PF!!J*G!Pi0!Pd!!dN!!J6N"3lqFrjb!Pm+rR-
-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ijb!!!'!Pm!!rja!Q!#B3VqF3!
-%#QY[Bf`0!Q!!!@d!!!6S"1[qF!VqF!!%#Q&XD@%'!Q%!!rj[!Q)#B`VqE`!%#QP
-ZFfJ0!Q)!!M3!!!6Z"2EqEJ*N#[jZ!!3+BfC[E!d#C!!"E`!!"2)%pIjY#rjY!$3
-`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9
-b8'&dD!B#B`!$rQ`#CIjV#[jX!!3+G'mJ)!d#C3!#EJ!!"2N&#!*Q!QF0!QB!!M3
-!!!8""3MqDJ*S#[jU!!3+CQPXC3d#D!!"E3!!"33&"`*T$!*T!!X!"@eN05jS!!)
-!!!d#C`!#0!!!"2N&!IjT!QS+rQN!"!TMCQpX$3*U!!&[!!!%r38!rQJ,rQJ!&$!
-!#(4PEA"`BA4S!!KdC@e`8'&dD!EqD`!!!J*H!!)#D`*X$3*V!!*X!!)&$`82rQI
-qCJ(qC`!!!IjQ!!!#!Q`!!J*Y!Qi0!Qd!!R)!!!82"4S#E`*`$3*[!!*L!!!&$`8
-@!R%#FJd#F3!"E`!!"3m&%[jP#rjP!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP
-`G'p'EfaNCA*3BA4S$3*b!!&Y!!!&%J89!R--!R-!#`!&1QeNBc)!!J!!$3*`!!&
-[!!!!!!!!rQ3,rQ3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)#EJ!#!R3#G3d#G!!
-$53!#"4X&4IjMrQ)#GJVqB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rQ)
-!!!B#GJ!$rQ%#G`*i#[jK!!3+DfpME!d#G`!"E3!!"4m&)[jJ#[jJ!!3+B@aTB3B
-#H!!$rPm#H3*k#[jI!!3+D@jcD!d#H3!#0!!!"58&,IjH!RX+rPi!"!TMCQpX$3*
-l!!&[!!!&+38XrPd,rPd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"
-PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*k!!2qA!*mrPX+rP`!"!TdEb!J$3*m!!*
-Z!!!&-!8r!Rd#IJd#I3!#0!!!"6J&2rjD!Rm+rPS!"!TQD@aP$3*r!!&Y!!!&1`8
-q!S!-!S!!$!!'E@4M-LjS!!)!!!d#IJ!#0!!!"6!&12jC!S%+rPN!"!TMCQpX$3+
-"!!&[!!!&0!8hrPJ,rPJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq@`!!!J*e!!)
-#JJ+$$3+#!!*X!!)&4J9'rPIq9J(q9`!!!Ij@!!!#!S-!!J+%!S80!S3!!R)!!!9
-'"9%#KJ+($3+'!!*L!!!&4J90!SJ#L3d#L!!"E`!!"8B&5Ij9#rj9!#3`!""MFRP
-`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3+*!!&Y!!!&539-!SS-!SS
-!$J!)1QpLDQ9MG(-!!J!!$3+(!!&[!!!!!!!!rP3,rP3!&$!!#(4PEA"`BA4S!!K
-dC@e`8'&dD!)#K3!#!SX#M!d#L`!$53!#"9)&I2j6rP)#M3Vq8`!B,Q0[FQ9MFQ9
-X+LSU+J!!!!!!!*!!!'jeE'`"rP)!!!B#M3!$rP%#MJ+2#[j4!!3+DfpME!d#MJ!
-"E3!!"9B&@Ij3#[j3!!3+B@aTB3B#M`!$rNm#N!!#N3Vq6`!%#QPZFfJ0!T!!!!)
-d!!!&A!9NrNi#NJVq6J!%#Q0QEf`0!T)!!@m!!!9J"@2q63[q63!d-!!BEh"PER0
-cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!T%
-!!rj-!T2q5`Vq6!!%#R4[)#!0!T-!!Qi!!!9R"AB#P!+9$3+8!!)d!!!&E`9frNS
-#PJVq5J!%#QCTE'80!TB!!@d!!!9b"A8#P``#P`!2!!P[BQTPBh4c,QJ!!J!!$3+
-9!!)d!!!&C`9[rNN#Q!Vq53!%#Q0QEf`0!TJ!!@m!!!9V"@lq5![q5!!8-!!)G'9
-YF("KG'J!#(4PEA"3BA4S"[j,!!!#!S`!!J+C!TS0!TN!!Q`!!J9p"Ahq4rj'!Ij
-(!!!"rNB!!!)#QJ!#!TX#R!d#Q`!#FJ!!"Ad&L!+G!Ti0!Td!!Q)!!!9p"B3#R`+
-J$3+I!!&[!!!&I3@!rN8,rN8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC
-[E'4PFP"KG'J0!U!!!@d!!!@!"B-#S3`#S3!+!!3kF'9Y!!)!!!d#RJ!"E`!!!!!
-!!2j%#rj%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!T`!!J+L!U-0!U)!!dN!!J@
-*"E2q3rj#!U3+rN-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ij#!!!'!U3
-!!rj"!U8#TJVq33!%#QY[Bf`0!U8!!@d!!!@0"C!!rN!+rN!!"!TKE'PK"J+Q!!2
-q2`+R!UJ+rMm!"!TTER0S$3+R!!)d!!!&N`@ErMi#U3Vq2J!%#Q0QEf`0!UN!!@m
-!!!@A"CVq23[q23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
-5@jME(9NC8C[E'4PFP"KG'J'!UJ!!rim!UVq1`Vq2!!%#R4[)#!0!US!!Qi!!!@
-H"Dd#U`+X$3+V!!)d!!!&TJ@YrMS#V3Vq1J!%#QCTE'80!Ud!!@d!!!@T"D`#VJ`
-#VJ!,!!9`C@dZD!!#!!!0!U`!!M3!!!@H"DEq13+[#[ij!!3+BfC[E!d#V`!"E`!
-!"D)&TIii#rii!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rMX!!!)#S`!#!V!#X3d
-#X!!$53!#"E3&h[ihrMB#XJVq0`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`
-"rMB!!!B#XJ!$rM8#X`+d#[ie!!3+DfpME!d#X`!"E3!!"EJ&Zrid#[id!!3+B@a
-TB3B#Y!!$rM-#Y3+f#[ic!!3+D@jcD!d#Y3!#0!!!"Ei&a[ib!VF+rM)!"!TMCQp
-X$3+h!!&[!!!&`JA&rM%,rM%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!
-BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J+f!!2q-!+irLm+rM!!"!TdEb!J$3+
-i!!*Z!!!&b3AB!VN#ZJd#Z3!#0!!!"G%&f2iZ!VX+rLi!"!TQD@aP$3+l!!&Y!!!
-&e!AA!V`-!V`!$!!'F'9Y-LjS!!)!!!d#ZJ!#0!!!"FN&dIiY!Vd+rLd!"!TMCQp
-X$3+p!!&[!!!&c3A3rL`,rL`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq,`!!!J+
-a!!)#[J+r$3+q!!*X!!)&h`AIrL[q+J(q+`!!!IiU!!!#!Vm!!J,!!X%0!X!!!R)
-!!!AI"HS#`J,$$3,#!!*L!!!&h`AQ!X3#a3d#a!!"E`!!"Gm&i[iT#riT!#3`!""
-MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,&!!&Y!!!&iJAP!XB
-!XB!$3!(1R"VBh-a-J!#!!!0!X-!!@m!!!!!!!$q+![q+!!8-!!)G'9YF("KG'J
-!#(4PEA"3BA4S!J,"!!)#a`,)$3,(!!0*!!)&k`B9rLIq*J,*#[iR!"JZBfpbC@0
-bC@`U+LSU!!!!!!!!N!!!ER9XE!(q*J!!"J,*!!2q*3,+!XX+rL8!"!TVEf0X$3,
-+!!&Y!!!&l`AbrL3+rL3!"!TKE'PK"J,,!!2q)`,-!Xd+rL-!"!TTER0S$3,-!!)
-d!!!&p3AprL)#cJVq)J!%#Q0QEf`0!Xi!!@m!!!Aj"Icq)3[q)3!d-!!BEh"PER0
-cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!Xd
-!!riJ!Xrq(`Vq)!!%#R4[)#!0!Xm!!Qi!!!B!"Jm#d!,4$3,3!!)d!!!'#!B2rKi
-#dJVq(J!%#QCTE'80!Y)!!@d!!!B,"Ji#d``#d`!1!!K`Df0c-6)ZD!!#!!!0!Y%
-!!M3!!!B!"JMq(3,8#[iG!!3+BfC[E!d#e!!"E`!!"J3'"riF#riF!"3`!!KdC@e
-`F'&dD!!)G'9YF&"KG'J'rKm!!!)#b!!#!Y8#eJd#e3!#E!!#"KB'&[iErKS"rKX
-!!!(q'J!!!J,@!!)#e`,B$3,A!!*b!!!'&JBK!YN#fJd#f3!#BJ!!"KB'(3,E!Y`
-0!YX!!@m!!!B@"KRq'3[q'3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
-XC'9b8'&dD!d#h!!"E3!!"KN'(!,G$!,G!!`!"MT`Df0c0`!#!!!0!YS!!@m!!!!
-!!!$q'![q'!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J,B!!)#hJ,I$3,H!!0*!!)
-')JC-rKIq&J,J#[iA!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(q&J!!"J,
-J!!2q&3,K!Z)+rK8!"!TVEf0X$3,K!!&Y!!!'*JBTrK3+rK3!"!TKE'PK"J,L!!2
-q%`,M!Z3+rK-!"!TTER0S$3,M!!)d!!!',!BdrK)#j3Vq%J!%#Q0QEf`0!Z8!!@m
-!!!B`"M2q%3[q%3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
-5@jME(9NC8C[E'4PFP"KG'J'!Z3!!ri3!ZEq$`Vq%!!%#R4[)#!0!ZB!!Qi!!!B
-h"NB#j`,S$3,R!!)d!!!'2`C'rJi#k3Vq$J!%#QCTE'80!ZN!!@d!!!C#"N8#kJ`
-#kJ!0!!G`Df0c0bjS!!)!!!d#k!!#0!!!"MF'2ri0!ZX+rJd!"!TMCQpX$3,V!!&
-[!!!'1`BqrJ`,rJ`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq$`!!!J,I!!)#l!,
-Y$3,X!!*X!!)'63C0rJ[q#J(q#`!!!Ii+!!!#!Zd!!J,Z!Zm0!Zi!!R)!!!C0"PJ
-#m!,a$3,`!!*L!!!'63C8![)#m`d#mJ!"E`!!"Nd'82i*#ri*!#3`!""MFRP`G'p
-QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,c!!&Y!!!'8!C6![3-![3!#`!
-&1R*KEQ3!!J!!$3,a!!&[!!!!!!!!rJJ,rJJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&
-dD!)#l`!#![8#pJd#p3!$53!#"PN'Jri(rJB#p`Vq"`!B,Q0[FQ9MFQ9X+LSU+J!
-!!!!!!*!!!'jeE'`"rJB!!!B#p`!$rJ8#q!,j#[i&!!3+DfpME!d#q!!"E3!!"Pd
-'B2i%#[i%!!3+B@aTB3B#q3!$rJ-#qJ,l#[i$!!3+D@jcD!d#qJ!#0!!!"Q-'Dri
-#![`+rJ)!"!TMCQpX$3,m!!&[!!!'C`CUrJ%,rJ%!0$!!''p`C@jcFfaTEQ0XG@4
-PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J,l!!2q!!,prIm
-+rJ!!"!TdEb!J$3,p!!*Z!!!'EJCp![i#r`d#rJ!#0!!!"RB'IIhq!`!+rIi!"!T
-QD@aP$3-!!!&Y!!!'H3Cm!`%-!`%!$!!'FQ&ZC#jS!!)!!!d#r`!#0!!!"Qi'G[h
-p!`)+rId!"!TMCQpX$3-#!!&[!!!'FJCerI`,rI`!&$!!#(4PEA"`BA4S!!KdC@e
-`8'&dD!Epr`!!!J,f!!)$!`-%$3-$!!*X!!)'K!D%rI[pqJ(pq`!!!Ihk!!!#!`3
-!!J-&!`B0!`8!!R)!!!D%"Sm$"`-)$3-(!!*L!!!'K!D,!`N$#Jd$#3!"E`!!"S3
-'Krhj#rhj!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-
-+!!&Y!!!'K`D+!`X-!`X!#J!%1R*M-J!#!!!0!`J!!@m!!!!!!!$pq![pq!!8-!!
-)G'9YF("KG'J!#(4PEA"3BA4S!J-'!!)$$!-0$3--!!0*!!)'N!!'Z[hhrIB$$JV
-pp`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rIB!!!B$$J!$rI8$$`-3#[h
-e!!3+DfpME!d$$`!"E3!!"T3'Prhd#[hd!!3+B@aTB3B$%!!$rI-$%3-5#[hc!!3
-+D@jcD!d$%3!#0!!!"TS'S[hb!a-+rI)!"!TMCQpX$3-6!!&[!!!'RJDKrI%,rI%
-!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
-NCA*3BA4S"J-5!!2pm!-8rHm+rI!!"!TdEb!J$3-8!!*Z!!!'T3Dd!a8$&Jd$&3!
-#0!!!"Ud'Y2hZ!aF+rHi!"!TQD@aP$3-A!!&Y!!!'X!Dc!aJ-!aJ!#`!&FQ-b,QJ
-!!J!!$3-@!!)d!!!'T3DYrHd$'3Vpl3!%#Q0QEf`0!aN!!@m!!!DT"Ucpl![pl!!
-8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[h[!!!#!`d!!J-D!aX0!aS!!Q`!!JDl"V[
-pkrhU!IhV!!!"rHS!!!)$'`!#!a`$(3d$(!!#FJ!!"VX'aJ-H!am0!ai!!Q)!!!D
-l"X)$)!-K$3-J!!&[!!!'Z`DqrHN,rHN!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0
-bHA"dEdC[E'4PFP"KG'J0!b%!!@d!!!Dq"X%$)J`$)J!+!!3kFQ-d!!)!!!d$(`!
-"E`!!!!!!!2hS#rhS!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!ad!!J-M!b30!b-
-!!dN!!JE("[(pjrhQ!b8+rHF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ih
-Q!!!'!b8!!rhP!bB$*`Vpj3!%#QY[Bf`0!bB!!@d!!!E,"Xlpj!Vpj!!%#Q&XD@%
-'!bF!!rhM!bJ$+3Vpi`!%#QPZFfJ0!bJ!!M3!!!E4"YRpiJ-U#[hL!!3+BfC[E!d
-$+J!"E`!!"Y8'f2hK#rhK!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p
-`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$+3!$rH!$+rhI#[hJ!!3+G'mJ)!d$+`!
-#EJ!!"Y`'k`-X!bd0!b`!!M3!!!EN"Z[phJ-Z#[hH!!3+CQPXC3d$,J!"E3!!"ZF
-'kJ-[$!-[!!X!"A*M0#jS!!)!!!d$,3!#0!!!"Y`'j2hG!c!+rGd!"!TMCQpX$3-
-`!!&[!!!'i!EMrG`,rG`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eph`!!!J-N!!)
-$-3-b$3-a!!*X!!)'mJEbrG[pfJ(pf`!!!IhD!!!#!c)!!J-c!c30!c-!!R)!!!E
-b"[d$03-f$3-e!!*L!!!'mJEj!cF$1!d$0`!"E`!!"[)'pIhC#rhC!#3`!""MFRP
-`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-i!!&Y!!!'p3Ei!cN-!cN
-!#J!%1R*M03!#!!!0!cB!!@m!!!!!!!$pf![pf!!8-!!)G'9YF("KG'J!#(4PEA"
-3BA4S!J-d!!)$1J-l$3-k!!0*!!)'rJFSrGIpeJ-m#[hA!"JZBfpbC@0bC@`U+LS
-U!!!!!!!!N!!!ER9XE!(peJ!!"J-m!!2pe3-p!ci+rG8!"!TVEf0X$3-p!!&Y!!!
-(!JF&rG3+rG3!"!TKE'PK"J-q!!2pd`-r!d!+rG-!"!TTER0S$3-r!!)d!!!(#!F
-3rG)$33VpdJ!%#Q0QEf`0!d%!!@m!!!F-"`rpd3[pd3!d-!!BEh"PER0cE'PZBfa
-eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!d!!!rh3!d,
-pc`Vpd!!%#R4[)#!0!d)!!Qi!!!F6"b)$3`0%$30$!!)d!!!('`FLrFi$43VpcJ!
-%#QCTE'80!d8!!@d!!!FH"b%$4J`$4J!,!!9bBc8ZD!!#!!!0!d3!!M3!!!F6"a[
-pc30(#[h0!!3+BfC[E!d$4`!"E`!!"aF('[h-#rh-!"3`!!KdC@e`F'&dD!!)G'9
-YF&"KG'J'rFm!!!)$1`!#!dJ$53d$5!!#E!!#"bN(+Ih,rFS"rFX!!!(pbJ!!!J0
-*!!)$5J0,$30+!!*b!!!(+3Fd!d`$63d$6!!#BJ!!"bN(-!01!dm0!di!!@m!!!F
-T"bcpb3[pb3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
-$6`!"E3!!"b`(,`03$!03!!d!"cTbDA"PE@3!!J!!$300!!&[!!!!!!!!rFJ,rFJ
-!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$5`!#!e%$8Jd$83!$53!#"c8(Arh(rFB
-$8`Vpa`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rFB!!!B$8`!$rF8$9!0
-9#[h&!!3+DfpME!d$9!!"E3!!"cN(22h%#[h%!!3+B@aTB3B$93!$rF-$9J0A#[h
-$!!3+D@jcD!d$9J!#0!!!"cm(4rh#!eJ+rF)!"!TMCQpX$30B!!&[!!!(3`G'rF%
-,rF%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
-'EfaNCA*3BA4S"J0A!!2p`!0CrEm+rF!!"!TdEb!J$30C!!*Z!!!(5JGC!eS$@`d
-$@J!#0!!!"e)(@Ifq!e`+rEi!"!TQD@aP$30F!!&Y!!!(93GB!ed-!ed!$J!)FQP
-`C@eN,QJ!!J!!$30E!!)d!!!(5JG5rEd$AJVp[3!%#Q0QEf`0!ei!!@m!!!G1"e(
-p[![p[!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[fr!!!#!e)!!J0I!f!0!em!!Q`
-!!JGJ"f$pZrfk!Ifl!!!"rES!!!)$B!!#!f%$BJd$B3!#FJ!!"f!(D`0M!f30!f-
-!!Q)!!!GJ"fF$C30Q$30P!!&[!!!(B!GMrEN,rEN!*$!!%'0bHA"dEfC[E'4PFR"
-KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!fB!!@d!!!GM"fB$C``$C`!+!!3kFR0K!!)
-!!!d$C!!"E`!!!!!!!2fi#rfi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!f)!!J0
-S!fN0!fJ!!dN!!JGX"jEpYrff!fS+rEF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"
-ZG@aX!Iff!!!'!fS!!rfe!fX$E!VpY3!%#QY[Bf`0!fX!!@d!!!G`"h2pY!VpY!!
-%#Q&XD@%'!f`!!rfc!fd$EJVpX`!%#QPZFfJ0!fd!!M3!!!Gf"hlpXJ0[#[fb!!3
-+BfC[E!d$E`!"E`!!"hS(IIfa#rfa!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"
-KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$EJ!$rE!$F2f[#[f`!!3+G'm
-J)!d$F!!#EJ!!"i%(N!!$F30b$30a!!)d!!!(L3H3!2fZ!h-+rDi!"!TQD@aP$30
-c!!&Y!!!(M!H2!h3-!h3!#`!&FR0K,QJ!!J!!$30b!!)d!!!(J3H*rDd$G3VpV3!
-%#Q0QEf`0!h8!!@m!!!H&"iMpV![pV!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[f
-[!!!#!fN!!J0f!hF0!hB!!Q`!!JHA"jIpUrfU!IfV!!!"rDS!!!)$G`!#!hJ$H3d
-$H!!#FJ!!"jF(SJ0k!hX0!hS!!Q)!!!HA"ji$I!0p$30m!!&[!!!(P`HDrDN,rDN
-!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!hd!!@d!!!H
-D"jd$IJ`$IJ!-!!BkFh4KBfX!!J!!$30l!!&[!!!!!!!!rDJ,rDJ!&$!!#(4PEA"
-`BA4S!!KdC@e`8'&dD!)$H3!#!hm$J!d$I`!$53!#"k-(cIfRrDB$J3VpT`!B,Q0
-[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rDB!!!B$J3!$rD8$JJ1$#[fP!!3+Dfp
-ME!d$JJ!"E3!!"kF(U[fN#[fN!!3+B@aTB3B$J`!$rD-$K!1&#[fM!!3+D@jcD!d
-$K!!#0!!!"kd(YIfL!iB+rD)!"!TMCQpX$31'!!&[!!!(X3HdrD%,rD%!0$!!''p
-`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4
-S"J1&!!2pS!1(rCm+rD!!"!TdEb!J$31(!!*Z!!!(Z!I(!iJ$L3d$L!!#0!!!"m!
-(arfH!iS+rCi!"!TQD@aP$31+!!&Y!!!(``I'!iX-!iX!$3!(Fh4KBfXZD!!#!!!
-0!iN!!M3!!!Hi"m$pR31-#[fG!!3+BfC[E!d$M!!"E`!!"l`([rfF#rfF!"3`!!K
-dC@e`F'&dD!!)G'9YF&"KG'J'rCm!!!)$J!!#!id$MJd$M3!$53!#"mi(q2fErCS
-$M`VpQ`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rCS!!!B$M`!$rCN$N!!
-$N3VpQ3!%#QY[Bf`0!j!!!!&Y!!!(dJI9rCJ+rCJ!"!TKE'PK"J14!!2pP`15!j-
-+rCF!"!TTER0S$315!!)d!!!(f!IJrCB$P!VpPJ!%#Q0QEf`0!j3!!@m!!!IF"pr
-pP3[pP3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
-NC8C[E'4PFP"KG'J'!j-!!rf8!jApN`VpP!!%#R4[)#!0!j8!!Qi!!!IM"r)$PJ1
-A$31@!!)d!!!(k`IbrC)$Q!VpNJ!%#QCTE'80!jJ!!@d!!!IZ"r%$Q3`$Q3!4!!Y
-cB@CPFh4KBfXZD!!#!!!0!jF!!M3!!!IM"q[pN31D#[f4!!3+BfC[E!d$QJ!"E`!
-!"qF(k[f3!![pN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EpN`!!!J11!!)$Q`1
-F$31E!!*X!!)(q3IjrBrpMJ(pM`!!!If1!!!#!j`!!J1G!ji0!jd!!R)!!!Ij#!3
-$R`1J$31I!!*L!!!(q3J!!k%$SJd$S3!"E`!!"rN(r2f0#rf0!#3`!""MFRP`G'p
-QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$31L!!&Y!!!(r!Ir!k--!k-!#J!
-%1R0SB3!#!!!0!k!!!@m!!!!!!!$pM![pM!!8-!!)G'9YF("KG'J!#(4PEA"3BA4
-S!J1H!!)$T!1P$31N!!0*!!))"3J[rB[pLJ1Q#[f,!"JZBfpbC@0bC@`U+LSU!!!
-!!!!!N!!!ER9XE!(pLJ!!"J1Q!!2pL31R!kJ+rBN!"!TVEf0X$31R!!&Y!!!)#3J
-rBJ+rBJ!"!TKE'PK"J1S!!2pK`1T!kS+rBF!"!TTER0S$31T!!)d!!!)$`JArBB
-$U`VpKJ!%#Q0QEf`0!kX!!@m!!!J6#"EpK3[pK3!d-!!BEh"PER0cE'PZBfaeC'9
-QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!kS!!rf%!kcpJ`V
-pK!!%#R4[)#!0!k`!!Qi!!!JD##N$V31Z$31Y!!)d!!!))JJTrB)$V`VpJJ!%#QC
-TE'80!km!!@d!!!JP##J$X!`$X!!,!!9cD'%ZD!!#!!!0!ki!!M3!!!JD##,pJ31
-a#[f"!!3+BfC[E!d$X3!"E`!!#"i))If!#rf!!"3`!!KdC@e`F'&dD!!)G'9YF&"
-KG'J'rB-!!!)$T3!#!l)$X`d$XJ!#E!!##$!)-2errAi"rAm!!!(pIJ!!!J1c!!)
-$Y!1e$31d!!*b!!!)-!Jl!lB$Y`d$YJ!#BJ!!#$!)0`1i!lN0!lJ!!@m!!!J`#$2
-pI3[pI3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d$Z3!
-"E3!!#$-)0J1k$!1k!!d!"cTdH(4IC')!!J!!$31h!!&[!!!!!!!!rA`,rA`!&$!
-!#(4PEA"`BA4S!!KdC@e`8'&dD!)$Y3!#!lX$[!d$Z`!$53!##$`)C[elrAS$[3V
-pH`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rAS!!!B$[3!$rAN$[J1r#[e
-j!!3+DfpME!d$[J!"E3!!#%!)3rei#[ei!!3+B@aTB3B$[`!$rAF$`!2"#[eh!!3
-+D@jcD!d$`!!#0!!!#%B)6[ef!m)+rAB!"!TMCQpX$32#!!&[!!!)5JK0rA8,rA8
-!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
-NCA*3BA4S"J2"!!2pG!2$rA-+rA3!"!TdEb!J$32$!!*Z!!!)83KJ!m3$a3d$a!!
-#0!!!#&N)B2eb!mB+rA)!"!TQD@aP$32'!!&Y!!!)A!KI!mF-!mF!$J!)G(KdAf4
-L,QJ!!J!!$32&!!)d!!!)83KCrA%$b!VpF3!%#Q0QEf`0!mJ!!@m!!!K9#&MpF![
-pF!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[ec!!!#!l`!!J2*!mS0!mN!!Q`!!JK
-R#'IpEreZ!Ie[!!!"r@i!!!)$bJ!#!mX$c!d$b`!#FJ!!#'F)FJ20!mi0!md!!Q)
-!!!KR#'i$c`23$322!!&[!!!)C`KUr@d,r@d!*$!!%'0bHA"dEfC[E'4PFR"KG'J
-!%'0bHA"dEdC[E'4PFP"KG'J0!p!!!@d!!!KU#'d$d3`$d3!,!!8kH$8`13!#!!!
-0!mi!!@m!!!!!!!$pE![pE!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J2-!!)$dJ2
-6$325!!0*!!))F`LGr@[pDJ28#[eV!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
-XE!(pDJ!!"J28!!2pD329!pB+r@N!"!TVEf0X$329!!&Y!!!)G`Kkr@J+r@J!"!T
-KE'PK"J2@!!2pC`2A!pJ+r@F!"!TTER0S$32A!!)d!!!)I3L&r@B$f3VpCJ!%#Q0
-QEf`0!pN!!@m!!!L"#)6pC3[pC3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
-S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!pJ!!reN!pVpB`VpC!!%#R4[)#!
-0!pS!!Qi!!!L)#*F$f`2F$32E!!)d!!!)N!!)PreL!pd+r@)!"!TQD@aP$32G!!&
-Y!!!)N`L@!pi-!pi!$!!'H$8`15jS!!)!!!d$h!!#0!!!#)J)N!$pB32I#[eK!!3
-+BfC[E!d$h`!"E`!!#)`)MreJ#reJ!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r@-
-!!!)$d`!#!q!$i3d$i!!$53!##*i)b2eIr9i$iJVpA`!B,Q0[FQ9MFQ9X+LSU+J!
-!!!!!!*!!!'jeE'`"r9i!!!B$iJ!$r9d$i`2N#[eG!!3+DfpME!d$i`!"E3!!#+)
-)TIeF#[eF!!3+B@aTB3B$j!!$r9X$j32Q#[eE!!3+D@jcD!d$j3!#0!!!#+J)X2e
-D!qF+r9S!"!TMCQpX$32R!!&[!!!)V!L[r9N,r9N!0$!!''p`C@jcFfaTEQ0XG@4
-PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J2Q!!2p@!2Sr9F
-+r9J!"!TdEb!J$32S!!*Z!!!)X`M#!qN$kJd$k3!#0!!!#,X)`[e@!qX+r9B!"!T
-QD@aP$32V!!&Y!!!)[JM"!q`-!q`!%!!+H$8`19pfCRNZD!!#!!!0!qS!!M3!!!L
-c#,[p932Y#[e9!!3+BfC[E!d$l3!"E`!!#,F)Z[e8#re8!"3`!!KdC@e`F'&dD!!
-)G'9YF&"KG'J'r9F!!!)$i3!#!qi$l`d$lJ!#E!!##-N)bIe6r9)"r9-!!!(p8J!
-!!J2[!!)$m!2a$32`!!*b!!!)b3M8!r)$m`d$mJ!#BJ!!#-N)d!2d!r80!r3!!@m
-!!!M*#-cp83[p83!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&
-dD!d$p3!"E3!!#-`)c`2f$!2f!!d!"cTi06!jGM-!!J!!$32c!!&[!!!!!!!!r9!
-,r9!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$m3!#!rF$q!d$p`!$53!##08)rre
-2r8i$q3Vp6`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8i!!!B$q3!$r8d
-$qJ2l#[e0!!3+DfpME!d$qJ!"E3!!#0N)h2e-#[e-!!3+B@aTB3B$q`!$r8X$r!2
-p#[e,!!3+D@jcD!d$r!!#0!!!#0m)jre+!ri+r8S!"!TMCQpX$32q!!&[!!!)i`M
-Qr8N,r8N!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfa
-eC'9'EfaNCA*3BA4S"J2p!!2p5!2rr8F+r8J!"!TdEb!J$32r!!*Z!!!)kJMj"!!
-%!3d%!!!#0!!!#2))qIe'"!)+r8B!"!TQD@aP$33#!!&Y!!!)p3Mi"!--"!-!$J!
-)H$8`1ABc,QJ!!J!!$33"!!)d!!!)kJMbr88%"!Vp43!%#Q0QEf`0"!3!!@m!!!M
-Z#2(p4![p4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[e(!!!#!rJ!!J3&"!B0"!8
-!!Q`!!JN!#3$p3re#!Ie$!!!"r8)!!!)%"J!#"!F%#!d%"`!$53!##3!*+[e"r8!
-%#3Vp33!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8!!!!B%#3!$r6m%#J3
-,#[dr!!3+DfpME!d%#J!"E3!!#33*"rdq#[dq!!3+B@aTB3B%#`!$r6d%$!30#[d
-p!!3+D@jcD!d%$!!#0!!!#3S*%[dm"!i+r6`!"!TMCQpX$331!!&[!!!*$JN4r6X
-,r6X!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
-'EfaNCA*3BA4S"J30!!2p1J32r6N+r6S!"!TdEb!J$332!!*Z!!!*&3NN""!%%3d
-%%!!#0!!!#4d**2di"")+r6J!"!TQD@aP$335!!&Y!!!*)!NM""--""-!#`!&Fh0
-X,QJ!!J!!$334!!)d!!!*&3NGr6F%&!Vp0`!%#Q0QEf`0""3!!@m!!!NC#4cp0J[
-p0J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD!Ep13!!!J3)!!)%&33
-@$339!!0*!!)*+`P9r6Ap0!3A#[de!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
-XE!(p0!!!"J3A!!2p-`3B""N+r6-!"!TVEf0X$33B!!&Y!!!*,`Nbr6)+r6)!"!T
-KE'PK"J3C!!2p-33D""X+r6%!"!TTER0S$33D!!)d!!!*03Npr6!%(!Vp-!!%#Q0
-QEf`0""`!!@m!!!Nj#6cp,`[p,`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
-S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'""X!!rdZ""hp,3Vp,J!%#R4[)#!
-0""d!!Qi!!!P!#8m%(J3I$33H!!)d!!!*5!P2r5`%)!Vp,!!%#QCTE'80"#!!!@d
-!!!P,#8i%)3`%)3!-!!CcFf`b,QJ!!J!!$33I!!)d!!!*3!P)r5X%)JVp+`!%#Q0
-QEf`0"#)!!@m!!!P%#8Ip+J[p+J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9
-b8'&dD!Ep,3!!!J3@!!)%)`3N$33M!!0*!!)*9JQ!r5Rp+!3P#[dT!"JZBfpbC@0
-bC@`U+LSU!!!!!!!!N!!!ER9XE!(p+!!!"J3P!!2p*`3Q"#F+r5F!"!TVEf0X$33
-Q!!&Y!!!*@JPGr5B+r5B!"!TKE'PK"J3R!!2p*33S"#N+r58!"!TTER0S$33S!!)
-d!!!*B!PSr53%+JVp*!!%#Q0QEf`0"#S!!@m!!!PN#@Ip)`[p)`!d-!!BEh"PER0
-cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"#N
-!!rdL"#[p)3Vp)J!%#R4[)#!0"#X!!Qi!!!PV#AS%,!3Y$33X!!)d!!!*F`Pkr5!
-%,JVp)!!%#QCTE'80"#i!!@d!!!Pf#AN%,``%,`!0!!GcFf`b-bjS!!)!!!d%,3!
-#0!!!#@X*FrdI"$!+r4m!"!TMCQpX$33`!!&[!!!*E`Pbr4i,r4i!(M!!$A0cE'C
-[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r5%!!!)%*!!#"$%%-Jd%-3!$53!##B%
-*UrdGr4`%-`Vp(3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r4`!!!B%-`!
-$r4X%0!3e#[dE!!3+DfpME!d%0!!"E3!!#B8*L2dD#[dD!!3+B@aTB3B%03!$r4N
-%0J3h#[dC!!3+D@jcD!d%0J!#0!!!#BX*NrdB"$J+r4J!"!TMCQpX$33i!!&[!!!
-*M`Q5r4F,r4F!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%P
-ZBfaeC'9'EfaNCA*3BA4S"J3h!!2p&J3jr48+r4B!"!TdEb!J$33j!!*Z!!!*PJQ
-P"$S%1`d%1J!#0!!!#Ci*TId8"$`+r43!"!TQD@aP$33m!!&Y!!!*S3QN"$d-"$d
-!$!!'Fh0X-bjS!!)!!!d%1`!#0!!!#CB*R[d6"$i+r4-!"!TMCQpX$33q!!&[!!!
-*QJQGr4),r4)!(M!!$A0cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r48!!!)
-%-J!#"$m%3!d%2`!$53!##D`*e[d4r4!%33Vp%3!B,Q0[FQ9MFQ9X+LSU+J!!!!!
-!!*!!!'jeE'`"r4!!!!B%33!$r3m%3J4$#[d2!!3+DfpME!d%3J!"E3!!#E!*Xrd
-1#[d1!!3+B@aTB3B%3`!$r3d%4!4&#[d0!!3+D@jcD!d%4!!#0!!!#EB*[[d-"%B
-+r3`!"!TMCQpX$34'!!&[!!!*ZJQpr3X,r3X!0$!!''p`C@jcFfaTEQ0XG@4PCQp
-XC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J4&!!2p#J4(r3N+r3S
-!"!TdEb!J$34(!!*Z!!!*`3R3"%J%53d%5!!#0!!!#FN*d2d)"%S+r3J!"!TQD@a
-P$34+!!&Y!!!*c!R2"%X-"%X!$!!'G'ac-5jS!!)!!!d%53!#0!!!#F%*bId("%`
-+r3F!"!TMCQpX$34-!!&[!!!*a3R)r3B,r3B!(M!!$A0cE'C[E'4PFR"KG'J!$A0
-cE%C[E'4PFP"KG'J'r3N!!!)%3!!#"%d%6Jd%63!#E!!##GF*erd&r33"r38!!!(
-p"!!!!J41!!)%6`43$342!!0*!!)*e`S"r32p!J44#[d$!"JZBfpbC@0bC@`U+LS
-U!!!!!!!!N!!!ER9XE!(p!J!!"J44!!2p!345"&-+r3%!"!TVEf0X$345!!&Y!!!
-*f`RHr3!+r3!!"!TKE'PK"J46!!2mr`48"&8+r2m!"!TTER0S$348!!)d!!!*i3R
-Tr2i%9JVmrJ!%#Q0QEf`0"&B!!@m!!!RP#HMmr3[mr3!d-!!BEh"PER0cE'PZBfa
-eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"&8!!rcm"&I
-mq`Vmr!!%#R4[)#!0"&F!!Qi!!!RX#IX%@!4C$34B!!)d!!!*p!Rlr2S%@JVmqJ!
-%#QCTE'80"&S!!@d!!!Rh#IS%@``%@`!1!!KMFRP`G'mZD!!#!!!0"&N!!M3!!!R
-X#I6mq34F#[cj!!3+BfC[E!d%A!!"E`!!#I!*mrci#rci!#3`!""MFRP`G'pQEfa
-NCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cl!!!#"&!!!J4G"&i0"&d!!Q`!!JS
-##J,mprcf!Ich!!!"r2B!!!)%AJ!#"&m%B!d%A`!$53!##J)+,2cer23%B3Vmp3!
-B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r23!!!B%B3!$r2-%BJ4M#[cc!!3
-+DfpME!d%BJ!"E3!!#JB+#Icb#[cb!!3+B@aTB3B%B`!$r2%%C!4P#[ca!!3+D@j
-cD!d%C!!#0!!!#J`+&2c`"'B+r2!!"!TMCQpX$34Q!!&[!!!+%!S6r1m,r1m!0$!
-!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*
-3BA4S"J4P!!2mlJ4Rr1d+r1i!"!TdEb!J$34R!!*Z!!!+&`SQ"'J%D3d%D!!#0!!
-!#Km+*[cX"'S+r1`!"!TQD@aP$34U!!&Y!!!+)JSP"'X-"'X!%!!+Eh"PER0cE(B
-ZD!!#!!!0"'N!!M3!!!SA#Krmk`4X#[cV!!3+BfC[E!d%E!!"E`!!#KX+([cU#rc
-U!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cY!!!#"'!
-!!J4Y"'i0"'d!!dN!!JSY#PImkIcS"'m+r1N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
-3!!"ZG@aX!IcS!!!'"'m!!rcR"(!%F3Vmj`!%#QY[Bf`0"(!!!@d!!!Sa#M6mjJV
-mjJ!%#Q&XD@%'"(%!!rcP"()%F`Vmj3!%#QPZFfJ0"()!!M3!!!Sh#Mrmj!4d#[c
-N!!3+BfC[E!d%G!!"E`!!#MX+2[cM#rcM!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
-PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%F`!$r1)%GIcK#[cL!!3
-+G'mJ)!d%G3!#EJ!!#N)+834f"(F0"(B!!M3!!!T+#P(mi!4i#[cJ!!3+CQPXC3d
-%H!!"E3!!#Nd+8!4j$!4j!!i!#(4YC'PQCLjS!!)!!!d%G`!#0!!!#N)+5[cI"(S
-+r0m!"!TMCQpX$34k!!&[!!!+4JT*r0i,r0i!*$!!%'0bHA"dEfC[E'4PFR"KG'J
-!%'0bHA"dEdC[E'4PFP"KG'J'r1%!!!)%EJ!#"(X%I!d%H`!#E!!##PJ+@2cGr0`
-"r0d!!!(mh!!!!J4m!!)%I34q$34p!!*X!!)+@!TBr0[mfJ(mf`!!!IcD!!!#"(i
-!!J4r")!0"(m!!dN!!JTB#S,mfIcB")%+r0N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
-3!!"ZG@aX!IcB!!!'")%!!rcA"))%J`Vme`!%#QY[Bf`0"))!!@d!!!TF#PrmeJV
-meJ!%#Q&XD@%'")-!!rc9")3%K3Vme3!%#QPZFfJ0")3!!M3!!!TL#QVme!5'#[c
-8!!3+BfC[E!d%KJ!"E`!!#QB+DIc6#rc6!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
-PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%K3!$r0)%Krc4#[c5!!3
-+G'mJ)!d%K`!#EJ!!#Qd+I!5)")N0")J!!M3!!!Te#Rcmd!5+#[c3!!3+CQPXC3d
-%LJ!"E3!!#RJ+H`5,$!5,!!`!"Q9IEh-ZD!!#!!!0")N!!M3!!!TY#RAmc`5-#[c
-2!!3+BfC[E!d%M!!"E`!!#R%+G2c1#rc1!#B`!"&[F'9ZFh0XCQpXC'9bF'&dD!!
-4Eh"PER0cE%C[E'4PFP"KG'J'r0%!!!)%J!!#")d%MJd%M3!$53!##S-+VIc0r-`
-%M`Vmc3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r-`!!!B%M`!$r-X%N!!
-%N3Vmb`!%#QY[Bf`0"*!!!!&Y!!!+K`U+r-S+r-S!"!TKE'PK"J54!!2mb355"*-
-+r-N!"!TTER0S$355!!)d!!!+M3U9r-J%P!Vmb!!%#Q0QEf`0"*3!!@m!!!U4#T6
-ma`[ma`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
-NC8C[E'4PFP"KG'J'"*-!!rc'"*Ama3VmaJ!%#R4[)#!0"*8!!Qi!!!UB#UF%PJ5
-A$35@!!)d!!!+S!URr-3%Q!Vma!!%#QCTE'80"*J!!@d!!!UM#UB%Q3`%Q3!0!!G
-PAfpc-LjS!!)!!!d%P`!#0!!!#TJ+S2c$"*S+r--!"!TMCQpX$35D!!&[!!!+R!U
-Ir-),r-)!*M!!%@p`C@jcFfaQEfaNCA*`BA4S!"&[F'9ZFh0X4QpXC'9b8'&dD!E
-ma3!!!J51!!)%Qrc"$35E!!*X!!)+VJUZr-$m[`(m`!!!!Ibr!!!#r-%!!!d!#3!
-"E3!!!!!!!3!I!Irq!!!#!!B!!J5F"*d0"*`!!Q`!!J!!!!$m[[bp!Ibq!!!"r,d
-!!!)%R3!#"*i%R`d%RJ!#E!!##V%+b!5Jr,`0"+!!!dN!!JUa#XMmZ`5K"+)+r,X
-!'#jcHA0[C'a[Cf&cDh)!!!!!!!!!!&4&@&30"+%!!@d!!!Ua#V3%S``%S`!'!!!
-!!J!!"J5L!!2mZJ5N"+8+r,S!"!TLG'jc$35N!!&+!!!+Y`Um"+B#"+B!!J5Rr,N
-0"+F!!@d!!!Uh#VS%U!`%U!!+!!4%EfjP!!)!!!,mZ3!!"J5P!!2mZ!5Tr,F+r,J
-!"!TRDACe$35T!!&Y!!!+[`V#r,B$r,B!"3EmY`!!!Ibm!!!#"*m!!J5Ur,80"+S
-!!Q`!!J!!!!$mY2bc!Ibd!!!"r,-!!!,mY3!!$J!#!!!2%!!$!",mXJ5V"+`%V35
-Z"+m%X!5a",)%X`5d",8%YJ5hr,(mX2b[r+i"r,)!!"!%U`!3r+hmV2bVr+VmUIb
-Sr+ImT[bPr+6mSrbLr+(mS2bIr*i+r+d!'#jKCACdEf&`F'jeE'`!!)!!!!#3!!!
-U+LSU#rbX!")`!!GdD'9`BA4S!!GdD'93BA4S#rbV!"``!!adD'9[E'4NC@aTEA-
-!$(4SC8pXC%4PE'PYF`[mUJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh4
-3BA4S#rbT!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mU!!Q-!!4D@jME(9NC@C
-[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rbR!$3`!"K[F'9ZFh0XD@jME(9
-NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD![mTJ!N-!!3Bh*
-jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mT3!H-!!0Fh0XCQpXC'9
-bF'&dD!!0Fh0X4QpXC'9b8'&dD![mT!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p
-`C@jcFfa'EfaNCA*3BA4S#rbM!#i`!"9dD'9ZCAGQEfaNCA*bC@CPFQ9ZBf8!&A4
-SC8jPGdC[E'4PFP*PCQ9bC@jMC3[mSJ!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!Ib
-K!!!"r+!!!!(mR`!!!IbH!!!1"+`!"a$mR35ir*cmQ`5j",VmQJVmR3!B,Q&PGR4
-[BA"`ER9XE!!!J!!!!*!!!#SU+LS0",J!!@X!!!!!#XJ%Z`)%Z`!#!!8%[!)%[!!
-#"*lmQ3,mQ3!!!IbF!!!#r*X!!"!%Z3!!%!5k!)B!(rbBr*ImP[b9r*6mNrb5!#c
-mNIb3!2b2r)lmMIb-!%rmL`"D!&[mLJ"Nr)N!EIb)r)ImKJ#2r)AmK2b$r),mJIb
-!r(rmI[apr(cmH`#Tr(VmHIair(F![Iaf!-ImG3$8!1)!l!$j!3-"%!%D!5F"-3%
-q!8J"93&I!@`"GJ'$!Bd"QJ'N!E%"Z`()!G)"h`(T!IB#!!)0!KF#*!)Z!MX#43*
-5!P`#D3*c!S!#LJ+A!U%#VJ+m!XB#d`,G!ZS#p!-"!`X$'!-L!bm$130'!e!$A30
-R!h3$IJ1,!jN$S`1`!lS$a`24!pi$l!2f"!-%%`3K"#m%234,"&X%D`4j")X%Q35
-Mr(3%U2acr(,mF3VmQ!!%#Q0[BQS+r*F!'#jPBA*cCQCNFQ&XDA-!!!!!!!!J!'&
-QC()+r*B!"!TMG(Kd#rb9!")`!!GdD'9`BA4S!!GdD'93BA4S#[b8!!3+BA0MFJV
-mN`!%#R4iC'`,r*)!($!!$(4SC@pXC'4PE'PYF`!-G'KP6faN4'9XD@ec#[b4!!3
-+BfPdE32mN!$rr3[mM`!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh43BA4
-S!rb1rri+r)d!"!T849K8#rb-!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mL`!
-Q-!!4D@jME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rb+!$3`!"K
-[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
-dD![mL3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mL!!
-H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD![mK`!Q-!!4Eh"PER0cE'C
-[E'4PFR"KG'J!%@p`C@jcFfa'EfaNCA*3BA4S#[b'!!3+BfC[E!VmK3!B,QeTFf0
-cE'0d+LSU+J!!!!!!!*!!!#SU+LS+r)3!"!TcC@aP#[b$!"JZBfpbC@4PE'mU+LS
-U!!!!!!!!N!!!+LSU+J(mJJ!!![b"!!!+r)!!"!TVEf0X#[ar!!3+D@jcD!2mIJ!
-%#[ap!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!VmI!!%#R*cE(3,r(X!,M!
-!&A4SC@jPGfC[E'4PFR*PCQ9bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P#[a
-k!!3+F'jKE3VmH3!%#Q&XD@%+r(J!"!TdEb!J#[ah!!3+CQPXC32mGJ!'#rae!"3
-`!!KdC@e`F'&dD!!)G'9YF&"KG'J+r(3!"!TLG'jc#[ac!!3+CfPfG32mFJ!&#[a
-a!"JZFhPcEf4XEfGKFfYb!!!!!!!!!!"849K8%IbD#XRJ%JUYi1%TDJ`!!LrM*N9
-4e%r&jLa&edrSaHBX4Nr%@qPF@eTVA&VU-NAE6m4Ek9aE@QYF@Z`bl5C&hNr,lbA
-Y*N9J!""2bf%!%59K!")Pl5C&B!!66mYK!"3Pl5C&B!!96mYK!"BPl5C&B!!A6m[
-Y*N9J!"K2amAQ,%C2&!!L+Q%!'9m!%#pK!"PK!"S[DJ`!'dmUB3!F,'S-!"eA!!K
-B!"i!(fK2+Q%!)'%!'@%!)5TK!"PI!"![B3!L$!!M6em!*%9J!#92A`!PDJ`!'dp
-K!#BUB3!F,'%!*ba'6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"R1,f%!+Q%!+bp
-K!#`-!#02A`!9B3!Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
-K!#TK!#m[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!
-`,f%!,!`!)dpI!"9K!$%P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!
-Z,f%!+Q%!-LpK!#`-!#02A`!9B3!c*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!
-T+Q%!'9m!,LpK!#TK!$3[B3!X$!!M6em!&@%!059&B!!Z6bTK!#"K!#KK!#%UB3!
-CA`!6,f%!+5TK!"PI!#i[B3!UB3!f,f%!,!`!)dpI!"9K!$FP4@!!,NmUB3!JB3!
-SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!1#pK!#`-!#02A`!9B3!j*89J!#j
-2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!$S[B3!X$!!M6em!&@%
-!1b9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!m,f%!,!`
-!)dpI!"9K!$dP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
-!2LpK!#`-!#02A`!9B3!r*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
-!,LpK!#TK!%![B3!X$!!M6em!&@%!359&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
-!+5TK!"PI!#i[B3!UB3"#,f%!,!`!)dpI!"9K!%-P4@!!,NmUB3!JB3!SB3!K+Q%
-!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!4#pK!#`-!#02A`!9B3"&*89J!#j2+Q%!)'%
-!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!%B[B3!X$!!M6em!&@%!4b9&B!!
-Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"),f%!,!`!)dpI!"9
-K!%NP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!5LpK!#`
-!#02A`!9B3",*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#T
-K!%`[B3!X$!!M6em!&@%!659&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
-I!#i[B3!UB3"1,f%!,!`!)dpI!"9K!%mP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bp
-K!#NUB3!CA`!Z,f%!+Q%!8#pK!#`-!#02A`!9B3"4*89J!#j2+Q%!)'%!+'%!)5T
-K!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&)[B3!X$!!M6em!&@%!8b9&B!!Z6bTK!#"
-K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"8,f%!,!`!)dpI!"9K!&8P4@!
-!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!9LpK!#`-!#02A`!
-9B3"A*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&J[B3!
-X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"C,f%!,!`!)dp
-I!"9K!&SP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!@bp
-K!#`-!#02A`!9B3"F*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
-K!#TK!&d[B3!X$!!M6em!&@%!AL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5T
-K!"PI!#i[B3!UB3"I,f%!,!`!)dpI!"9K!'!P4@!!,NmUB3!JB3!SB3!K+Q%!'9m
-!%bpK!#NUB3!CA`!Z,f%!+Q%!B5pK!#`-!#02A`!9B3"L*89J!#j2+Q%!)'%!+'%
-!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'-[B3!X$!!M6em!&@%!C#9&B!!Z6bT
-K!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"P,f%!,!`!)dpI!"9K!'B
-P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!CbpK!#`-!#0
-2A`!9B3"S*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'N
-[B3!X$!!M6em!&@%!DL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i
-[B3!UB3"V,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
-!E#pK!#`-!#02A`!9B3"Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
-!,LpK!#TK!'i[B3!X$!!M6em!&@%!Eb9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
-!+5TK!"PI!#i[B3!UB3"`,f%!,!`!)dpI!"9K!(%P4@!!,NmUB3!JB3!SB3!K+Q%
-!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!FLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-
-[B3!T+Q%!'9m!,LpK!#TK!(-[B3!X$!!M6em!&@%!G#9&B!!Z6bTK!#"K!#KK!#%
-UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"e,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m
-!%bpK!#NUB3!CA`!A,f%!+Q%!GLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!
-T+Q%!'9m!&bpK!#TK!(F[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
-I!"F[B3!UB3"i,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!A,f%
-!+Q%!H5pK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&bpK!#TK!(S
-[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!"8[B3!UB3"l,f%!,!`
-!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!9,f%!+Q%!I#pK!#`-!#02+Q%
-!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&5pK!#TK!(d[B3!X$!!M6bTK!#"K!#K
-K!#%UB3!CA`!6,f%!+5TK!"PI!"J[B3!UB3"q,f%!,!`!)dmUB3!JB3!SB3!K+Q%
-!'9m!%bpK!#NUB3!CA`!B,f%!+Q%!IbpK!#`-!#028&92B3#!B3#"B3##DhCK!)0
-K!)4K!#)-!)82$!5Y!&%!5deKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0
-[E@PZCcT[F'9ZFh0X,90139!Y-6Nj16%b-6%k6@&M6e-kE@YXD@jVFbjKF`!#!!!
-1"+i!!J6mF!5p!ra`!!%1",d!!3!%[J`%[J!'!!!!!J!!$J5[!!)%r'm%[`2mE`!
-%$J5r!!3!"-!%`36#"---"-!!%J!-6@&MD@jdEh0S)%K%!!)!!!`%`3!8!!j%CA0
-VG'p`)%C[E'4PFJ!#!!!-"-)!$J!)5@jMEfeTEQF!!J!!$!6$!"X!&@p`C@jcFf`
-Y8dj"8#da16Nj-6)a-3!#!!!-",!!4J"!6@&MD@jdEh0S)%K%1N4PFfYdEh!J4Qp
-XC'9b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6T0B@028`!#!!!-",%
-!5!"#6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9b1NPZBfpYD@jR1Qp`C@jcFf`
-Y8dj"8#da16Nj-6)a-6TTEQ0XG@4P!!)!!!`%XJ"3!%T0B@0TER4[FfJJ5%3k4'9
-cDh4[F#"'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a1QPZBfa
-eC'8kEh"PER0cE!!#!!!-",-!4`""6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9
-b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6TMFRP`G'm!!J!!$!5d!%3
-!2NeKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90
-139!Y-6Nj16%b-6%kFh0X!!)!!!`%Y3"!!$T0B@0TER4[FfJJ5%3k4'9cDh4[F#"
-'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a!!)!!!i%YJ!"&!6
-%$J6%!!-B"-AmEJ6'$J6&!!-B"-ImE36)$J6(!!-B"-RmE!6+$J6*!!-B!"rmD`6
-,#[aV!!3+BfC[E!`%b`!1!!K*EQ0[E@PZC`!#!!!+r'`!"!TMCQpX$!6+!"X!&@p
-`C@jcFf`Y8dj"8#da16Nj-6)a-3!#!!!+r'd!"!TMCQpX$!6)!!d!"fPZBfaeC'8
-!!J!!#[aZ!!3+BfC[E!`%aJ!9!!peER4TG'aPC#"QEfaNCA)!!J!!$!5h!%i!5%e
-KBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90139!
-Y-6Nj16%b-6%kBh*jF(4[1RJe-$Pf-`!#!!!"r,%!!!(mX!!!!Ib[!!!"r+i!!'&
-cBh)!!3!-qYlHV3!!!3!!!*G#!!#@3J!!!AB!!$-8-0J!!!!F!AB!$h0MFhS!!!#
-#6Np853!!!)jcBh"d!!!!QP4&@&3!!3#QFh4jE!!!!,j$6d4&!!%!bN*14%`!!!$
-LBA"XG!!!!1j'8N9'!!!!qNP$6L-!!!%'D@0X0!!!!4*TBh-M!!!"(QPMFc3!!!%
-UD'CNFJ!!!6C659T&!!!"3PG3Eh-!!!&1!!$rr`!!!!!!!!!!!)$rre!!!"i!!!!
-!!)$rr`!!"cJ#DH#m"'Mrr`!!!*S!!!!!%iRrr`!!"Pi!!!!!"'Mrr`!!!53!!!!
-!!!$rrb!!!9)!!!!!!!(rra3!!@i#DG`%!)$rr`!!!Pi#DH"X!!$rr`!!!Ri!!!!
-!!)$rr`!!!S-#DH"d!*Err`!!!Si!!!!!!*Err`!!!j)!!!!!!*Err`!!"CB#DH%
-i!*Err`!!"GS#DH%dkF$rr`!!"[`!!!!!rrrrr`!!"a)!!!!!!)$rr`!!"b!!!!!
-!*4S:
--- a/MacOS/opensslconf.h
+++ b/MacOS/opensslconf.h
@@ -1,116 +0,0 @@
-/* MacOS/opensslconf.h */
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned char
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if defined(HEADER_DES_H) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#if __option(longlong)
-#  define BN_LLONG
-#else
-#  undef BN_LLONG
-#endif
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#define DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#define DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-#endif /* HEADER_DES_LOCL_H */
-
-#ifndef __POWERPC__
-#define MD32_XARRAY
-#endif
--- a/Makefile.org
+++ b/Makefile.org
@@ -1,496 +0,0 @@
-##
-## Makefile for OpenSSL
-##
-
-VERSION=
-MAJOR=
-MINOR=
-SHLIB_VERSION_NUMBER=
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=
-SHLIB_MINOR=
-SHLIB_EXT=
-PLATFORM=dist
-OPTIONS=
-CONFIGURE_ARGS=
-SHLIB_TARGET=
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
-
-# RSAref  - Define if we are to link with RSAref.
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4  - Define to build without the RC4 algorithm
-# NO_RC2  - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-#           one.  32 bytes will be read from this when the random
-#           number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-#           NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-#       call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= gcc
-#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-DEPFLAG= 
-PEX_LIBS= 
-EX_LIBS= 
-EXE_EXT= 
-AR=ar r
-RANLIB= ranlib
-PERL= perl
-TAR= tar
-TARFLAGS= --no-recursion
-
-# Set BN_ASM to bn_asm.o if you want to use the C version
-BN_ASM= bn_asm.o
-#BN_ASM= bn_asm.o
-#BN_ASM= asm/bn86-elf.o	# elf, linux-elf
-#BN_ASM= asm/bn86-sol.o # solaris
-#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
-#BN_ASM= asm/bn86bsdi.o # bsdi
-#BN_ASM= asm/alpha.o    # DEC Alpha
-#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
-#BN_ASM= asm/r3000.o    # SGI MIPS cpu
-#BN_ASM= asm/sparc.o    # Sun solaris/SunOS
-#BN_ASM= asm/bn-win32.o # Windows 95/NT
-#BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
-#BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR=
-
-# Set DES_ENC to des_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-DES_ENC= asm/dx86-out.o asm/yx86-out.o
-#DES_ENC= des_enc.o fcrypt_b.o          # C
-#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
-#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
-#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
-#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
-
-# Set BF_ENC to bf_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-BF_ENC= asm/bx86-out.o
-#BF_ENC= bf_enc.o
-#BF_ENC= asm/bx86-elf.o # elf
-#BF_ENC= asm/bx86-sol.o # solaris
-#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
-#BF_ENC= asm/bx86bsdi.o # bsdi
-
-# Set CAST_ENC to c_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-CAST_ENC= asm/cx86-out.o
-#CAST_ENC= c_enc.o
-#CAST_ENC= asm/cx86-elf.o # elf
-#CAST_ENC= asm/cx86-sol.o # solaris
-#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
-#CAST_ENC= asm/cx86bsdi.o # bsdi
-
-# Set RC4_ENC to rc4_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-RC4_ENC= asm/rx86-out.o
-#RC4_ENC= rc4_enc.o
-#RC4_ENC= asm/rx86-elf.o # elf
-#RC4_ENC= asm/rx86-sol.o # solaris
-#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
-#RC4_ENC= asm/rx86bsdi.o # bsdi
-
-# Set RC5_ENC to rc5_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-RC5_ENC= asm/r586-out.o
-#RC5_ENC= rc5_enc.o
-#RC5_ENC= asm/r586-elf.o # elf
-#RC5_ENC= asm/r586-sol.o # solaris
-#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
-#RC5_ENC= asm/r586bsdi.o # bsdi
-
-# Also need MD5_ASM defined
-MD5_ASM_OBJ= asm/mx86-out.o
-#MD5_ASM_OBJ= asm/mx86-elf.o        # elf
-#MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
-#MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
-#MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
-
-# Also need SHA1_ASM defined
-SHA1_ASM_OBJ= asm/sx86-out.o
-#SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
-#SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
-#SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
-#SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
-
-# Also need RMD160_ASM defined
-RMD160_ASM_OBJ= asm/rm86-out.o
-#RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
-#RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
-#RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
-#RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
-
-# When we're prepared to use shared libraries in the programs we link here
-# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
-SHLIB_MARK=
-
-DIRS=   crypto ssl rsaref $(SHLIB_MARK) apps test tools
-SHLIBDIRS= crypto ssl
-
-# dirs in crypto to build
-SDIRS=  \
-	md2 md4 md5 sha mdc2 hmac ripemd \
-	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso engine \
-	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
-
-MAKEFILE= Makefile.ssl
-MAKE=     make -f Makefile.ssl
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-SHELL=/bin/sh
-
-TOP=    .
-ONEDIRS=out tmp
-EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-WDIRS=  windows
-LIBS=   libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-
-GENERAL=        Makefile
-BASENAME=       openssl
-NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
-WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os.h e_os2.h
-HEADER=         e_os.h
-
-# When we're prepared to use shared libraries in the programs we link here
-# we might remove 'clean-shared' from the targets to perform at this stage
-
-all: clean-shared Makefile.ssl sub_all
-
-sub_all:
-	@for i in $(DIRS); \
-	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
-	else \
-		$(MAKE) $$i; \
-	fi; \
-	done; \
-	if echo "$(DIRS)" | \
-	    egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
-	   [ -n "$(SHARED_LIBS)" ]; then \
-		$(MAKE) $(SHARED_LIBS); \
-	fi
-
-libcrypto$(SHLIB_EXT): libcrypto.a
-	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=crypto build-shared; \
-	else \
-		echo "There's no support for shared libraries on this platform" >&2; \
-	fi
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
-	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-	else \
-		echo "There's no support for shared libraries on this platform" >&2; \
-	fi
-
-clean-shared:
-	@for i in $(SHLIBDIRS); do \
-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
-			for j in $${tmp:-x}; do \
-				( set -x; rm -f lib$$i$$j ); \
-			done; \
-		fi; \
-		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
-	done
-
-link-shared:
-	@for i in $(SHLIBDIRS); do \
-		prev=lib$$i$(SHLIB_EXT); \
-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
-			for j in $${tmp:-x}; do \
-				( set -x; ln -f -s $$prev lib$$i$$j ); \
-				prev=lib$$i$$j; \
-			done; \
-		fi; \
-	done
-
-build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
-
-do_bsd-gcc-shared: do_gnu-shared
-do_linux-shared: do_gnu-shared
-do_gnu-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Wl,--whole-archive lib$$i.a \
-		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -l$$i"; \
-	done
-
-# This assumes that GNU utilities are *not* used
-do_tru64-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
-		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-		-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -l$$i"; \
-	done
-
-# This assumes that GNU utilities are *not* used
-do_solaris-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
-	  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -l$$i"; \
-	done
-
-Makefile.ssl: Makefile.org
-	@echo "Makefile.ssl is older than Makefile.org."
-	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
-	@false
-
-libclean:
-	rm -f *.a */lib */*/lib
-
-clean:
-	rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
-	@for i in $(DIRS) ;\
-	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making clean in $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
-		rm -f $(LIBS); \
-	fi; \
-	done;
-	rm -f *.a *.o speed.* *.map *.so .pure core
-	rm -f $(TARFILE)
-	@for i in $(ONEDIRS) ;\
-	do \
-	rm -fr $$i/*; \
-	done
-
-makefile.one: files
-	$(PERL) util/mk1mf.pl >makefile.one; \
-	sh util/do_ms.sh
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
-	@for i in $(DIRS) ;\
-	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making 'files' in $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
-	fi; \
-	done;
-
-links:
-	@$(TOP)/util/point.sh Makefile.ssl Makefile
-	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
-	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
-	@for i in $(DIRS); do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making links in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
-	fi; \
-	done;
-
-dclean:
-	rm -f *.bak
-	@for i in $(DIRS) ;\
-	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making dclean in $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
-	fi; \
-	done;
-
-rehash: rehash.time
-rehash.time: certs
-	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
-	touch rehash.time
-
-test:   tests
-
-tests: rehash
-	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' EXE_EXT='${EXE_EXT}' tests );
-	@apps/openssl version -a
-
-report:
-	@$(PERL) util/selftest.pl
-
-depend:
-	@for i in $(DIRS) ;\
-	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making dependencies $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
-	fi; \
-	done;
-
-lint:
-	@for i in $(DIRS) ;\
-	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making lint $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
-	fi; \
-	done;
-
-tags:
-	@for i in $(DIRS) ;\
-	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making tags $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
-	fi; \
-	done;
-
-errors:
-	perl util/mkerr.pl -recurse -write
-
-stacks:
-	perl util/mkstack.pl -write
-
-util/libeay.num::
-	perl util/mkdef.pl crypto update
-
-util/ssleay.num::
-	perl util/mkdef.pl ssl update
-
-crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
-	perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
-	perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
-
-TABLE: Configure
-	(echo 'Output of `Configure TABLE'"':"; \
-	perl Configure TABLE) > TABLE
-
-update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
-
-tar:
-	@$(TAR) $(TARFLAGS) -cvf - \
-		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
-	tardy --user_number=0  --user_name=openssl \
-	      --group_number=0 --group_name=openssl \
-	      --prefix=openssl-$(VERSION) - |\
-	gzip --best >../$(TARFILE).gz; \
-	ls -l ../$(TARFILE).gz
-
-dist:   
-	$(PERL) Configure dist
-	@$(MAKE) dist_pem_h
-	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) tar
-
-dist_pem_h:
-	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
-
-install: all install_docs
-	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/private \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/lib
-	@for i in $(EXHEADER) ;\
-	do \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-	@for i in $(DIRS) ;\
-	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i; echo "installing $$i..."; \
-		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
-	fi; \
-	done
-	@for i in $(LIBS) ;\
-	do \
-		if [ -f "$$i" ]; then \
-		(       echo installing $$i; \
-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
-		fi \
-	done
-	@if [ -n "$(SHARED_LIBS)" ]; then \
-		tmp="$(SHARED_LIBS)"; \
-		for i in $${tmp:-x}; \
-		do \
-			if [ -f "$$i" ]; then \
-			(       echo installing $$i; \
-				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-				chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
-			fi \
-		done; \
-		(	here="`pwd`"; \
-			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			make -f $$here/Makefile link-shared ); \
-	fi
-
-install_docs:
-	@$(PERL) $(TOP)/util/mkdir-p.pl \
-		$(INSTALL_PREFIX)$(MANDIR)/man1 \
-		$(INSTALL_PREFIX)$(MANDIR)/man3 \
-		$(INSTALL_PREFIX)$(MANDIR)/man5 \
-		$(INSTALL_PREFIX)$(MANDIR)/man7
-	@echo installing man 1 and man 5
-	@for i in doc/apps/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
-		(cd `dirname $$i`; \
-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
-			 --release=$(VERSION) `basename $$i`) \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
-	done
-	@echo installing man 3 and man 7
-	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
-		(cd `dirname $$i`; \
-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`) \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
-	done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/Makefile.ssl
+++ b/Makefile.ssl
@@ -0,0 +1,276 @@
+#
+# Makefile for all the SSL related library routines and utilities
+VERSION	= 0.8.1a
+#
+# make install will install:
+#   libraries into $INSTALLTOP/lib
+#   headers   into $INSTALLTOP/include
+#   utilities into $INSTALLTOP/bin
+#
+# By default INSTALLTOP is set to /usr/local/ssl
+# If you want things install elsewere, consider running
+# perl util/ssldir.pl /new/path
+#
+# Interesting Mailing Lists:
+#     ssl-bugs@mincom.oz.au
+#     ssl-users@mincom.oz.au
+#
+# To join the Mailing Lists:
+#     ssl-bugs-request@mincom.oz.au
+#     ssl-users-request@mincom.oz.au
+#
+# If you must get hold of people directly (we much prefer the above
+# lists to be used if the question is of general interest!):
+#	Eric Young <eay@cryptsoft.com>
+#	Tim Hudson <tjh@cryptsoft.com>
+#	or both    <ssleay@cryptsoft.com>
+#
+# The primary distribution of SSLeay is from
+# ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
+#
+# NOCONST - Define for C compilers that don't like the const key word.
+# NOPROTO - Define in if your compiler does not support prototypes.
+# RSAref  - Define if we are to link with RSAref.
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4  - Define to build without the RC4 algorithm
+# NO_RC2  - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+#	    system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+#	    one.  32 bytes will be read from this when the random
+#	    number generator is initalised.
+# SSL_ALLOW_ADH - define if you want the server to be able to use the
+#	    SSLv3 anon-DH ciphers.
+# SSL_ALLOW_ENULL - define if you want the server to be able to use the
+#	    NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+#	CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+#	call application defined callbacks via CRYPTO_set_mem_functions()
+
+
+CC= cc
+CFLAG= -O -DNOPROTO
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+PEX_LIBS= -L. -L.. -L../.. -L../../..
+EX_LIBS= 
+#EX_LIBS= #-lRSAglue -lrsaref -lnsl -lsocket
+AR=ar r
+
+# Set BN_MULW to bn_mulw.o if you want to use the C version
+#BN_MULW= asm/x86-lnx.o
+BN_MULW= bn_mulw.o
+#BN_MULW= asm/x86-lnx.o		# elf
+#BN_MULW= asm/x86-sol.o		# solaris
+#BN_MULW= asm/x86-lnxa.o	# a.out, FreeBSD
+#BN_MULW= asm/x86-bsdi.o	# bsdi
+#BN_MULW= asm/alpha.o		# DEC Alpha
+#BN_MULW= asm/pa-risc2.o	# HP-UX PA-RISC
+#BN_MULW= asm/r3000.o		# SGI MIPS cpu
+#BN_MULW= asm/sparc.o		# Sun solaris/SunOS
+#BN_MULW= asm/x86nt32.o		# Windows 95/NT
+#BN_MULW= asm/x86w16.o		# 16 bit code for Windows 3.1/DOS
+#BN_MULW= asm/x86w32.o		# 32 bit code for Windows 3.1
+
+# Set DES_ENC to des_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+DES_ENC= des_enc.o fcrypt_b.o
+#DES_ENC= des_enc.o fcrypt_b.o		# C
+#DES_ENC= asm/dx86-elf.o asm/cx86-elf.o # elf
+#DES_ENC= asm/dx86-sol.o asm/cx86-sol.o	# solaris
+#DES_ENC= asm/dx86-out.o asm/cx86-out.o	# a.out, FreeBSD
+#DES_ENC= asm/dx86bsdi.o asm/cx86bsdi.o	# bsdi
+
+# Set BF_ENC to bf_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+BF_ENC= bf_enc.o
+#BF_ENC= bf_enc.o	# C
+#BF_ENC= asm/bx86-elf.o # elf
+#BF_ENC= asm/bx86-sol.o	# solaris
+#BF_ENC= asm/bx86-out.o	# a.out, FreeBSD
+#BF_ENC= asm/bx86bsdi.o	# bsdi
+
+DIRS=	crypto ssl rsaref apps test tools
+# dirs in crypto to build
+SDIRS=  \
+	md sha mdc2 des rc4 rc2 idea bf bn rsa dsa dh \
+	buffer bio stack lhash rand err objects \
+	evp pem asn1 x509 conf txt_db pkcs7
+
+# If you change the INSTALLTOP, make sure to also change the values
+# in crypto/location.h
+INSTALLTOP=/usr/local/ssl
+
+MAKEFILE= Makefile.ssl
+MAKE=	  make -f Makefile.ssl
+
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+
+TOP=	.
+ONEDIRS=out tmp
+EDIRS=	times doc bugs util include certs ms shlib mt demos
+MISC=	COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile \
+	README TODO HISTORY README.066 README.080 \
+	VERSION PROBLEMS MINFO makefile.one e_os.h \
+	MICROSOFT makevms.com
+WDIRS=	windows
+LIBS=	libcrypto.a libssl.a 
+
+GENERAL=	Makefile
+BASENAME=	SSLeay
+NAME=		$(BASENAME)-$(VERSION)
+TARFILE=	$(NAME).tar
+WTARFILE=	$(NAME)-win.tar
+EX_HEADER=
+HEADER=		e_os.h
+
+all:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making $$i..."; \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' SDIRS='${SDIRS}' AR='${AR}' all ); \
+	done;
+
+sub_all:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making $$i..."; \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' AR='${AR}' all ); \
+	done;
+
+clean:
+	/bin/rm -f *.o core a.out fluff *.map
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "cleaning $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' clean ); \
+	/bin/rm -f $(LIBS); \
+	done;
+	/bin/rm -f *.a *.o speed.* *.map *.so .pure core
+	/bin/rm -f $(TARFILE)
+	@for i in $(ONEDIRS) ;\
+	do \
+	/bin/rm -f $$i/*; \
+	done
+
+makefile.one: files
+	perl util/mk1mf.pl >makefile.one; \
+	sh util/do_ms.sh
+
+files:	MINFO
+	perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making 'files' in $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' files ); \
+	done;
+
+links:
+	/bin/rm -f Makefile;
+	./util/point.sh Makefile.ssl Makefile;
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making links in $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' links ); \
+	done;
+	# @(cd apps; sh ./mklinks)
+	sh tools/c_rehash certs
+
+dclean:
+	/bin/rm -f *.bak
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "undoing makedepend in $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' dclean ); \
+	done;
+
+rehash:
+	@(PATH="`pwd`/apps:${PATH}"; sh tools/c_rehash certs)
+
+test:	tests
+
+tests:
+	(cd test; echo "testing $$i..."; \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' SDIRS='${SDIRS}' AR='${AR}' tests );
+	@apps/ssleay version -a
+
+depend:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making dependancies $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' depend ); \
+	done;
+
+lint:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making lint $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' lint ); \
+	done;
+
+tags:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making tags $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' tags ); \
+	done;
+
+errors:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "making errors in $$i..."; \
+	$(MAKE) SDIRS='${SDIRS}' errors ); \
+	done;
+
+tar:
+	@(cd ..;\
+	mv $(BASENAME) $(NAME); \
+	export STUFF; \
+	for i in $(MISC) $(DIRS) $(EDIRS) $(ONEDIRS) ;\
+	do \
+		STUFF="$$STUFF $(NAME)/$$i"; \
+	done; \
+	tar cf $(NAME)/$(TARFILE) $$STUFF; \
+	mv $(NAME) $(BASENAME) ) 
+	gzip -f $(TARFILE)
+
+dist:	
+	perl Configure dist
+	@$(MAKE) dist_pem_h
+	@$(MAKE) SDIRS='${SDIRS}' clean
+	@$(MAKE) SDIRS='${SDIRS}' dclean
+	@(cd apps; sh ./rmlinks)
+	@$(MAKE) makefile.one
+	@$(MAKE) tar
+
+dist_pem_h:
+	(cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+
+install: all
+	@-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
+	@-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
+	@-mkdir -p $(INSTALLTOP)/include 2>/dev/null
+	@-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
+	@-mkdir -p $(INSTALLTOP)/private 2>/dev/null
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "installing $$i..."; \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
+	done
+	@for i in $(LIBS) ;\
+	do \
+	(	echo installing $$i; \
+		cp $$i $(INSTALLTOP)/lib; \
+		sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
+		chmod 644 $(INSTALLTOP)/lib/$$i ); \
+	done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/150
+++ b/150
@@ -1,150 +0,0 @@
-
-  NEWS
-  ====
-
-  This file gives a brief overview of the major changes between each OpenSSL
-  release. For more details please read the CHANGES file.
-
-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
-
-      o Security fix: change behavior of OpenSSL to avoid using
-        environment variables when running as root.
-      o Security fix: check the result of RSA-CRT to reduce the
-        possibility of deducing the private key from an incorrectly
-        calculated signature.
-      o Security fix: prevent Bleichenbacher's DSA attack.
-      o Security fix: Zero the premaster secret after deriving the
-        master secret in DH ciphersuites.
-      o Reimplement SSL_peek(), which had various problems.
-      o Compatibility fix: the function des_encrypt() renamed to
-        des_encrypt1() to avoid clashes with some Unixen libc.
-      o Bug fixes for Win32, HP/UX and Irix.
-      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
-        memory checking routines.
-      o Bug fixes for RSA operations in threaded enviroments.
-      o Bug fixes in misc. openssl applications.
-      o Remove a few potential memory leaks.
-      o Add tighter checks of BIGNUM routines.
-      o Shared library support has been reworked for generality.
-      o More documentation.
-      o New function BN_rand_range().
-      o Add "-rand" option to openssl s_client and s_server.
-
-  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
-
-      o Some documentation for BIO and SSL libraries.
-      o Enhanced chain verification using key identifiers.
-      o New sign and verify options to 'dgst' application.
-      o Support for DER and PEM encoded messages in 'smime' application.
-      o New 'rsautl' application, low level RSA utility.
-      o MD4 now included.
-      o Bugfix for SSL rollback padding check.
-      o Support for external crypto devices [1].
-      o Enhanced EVP interface.
-
-    [1] The support for external crypto devices is currently a separate
-        distribution.  See the file README.ENGINE.
-
-  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
-
-      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
-      o Shared library support for HPUX and Solaris-gcc
-      o Support of Linux/IA64
-      o Assembler support for Mingw32
-      o New 'rand' application
-      o New way to check for existence of algorithms from scripts
-
-  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
-
-      o S/MIME support in new 'smime' command
-      o Documentation for the OpenSSL command line application
-      o Automation of 'req' application
-      o Fixes to make s_client, s_server work under Windows
-      o Support for multiple fieldnames in SPKACs
-      o New SPKAC command line utilty and associated library functions
-      o Options to allow passwords to be obtained from various sources
-      o New public key PEM format and options to handle it
-      o Many other fixes and enhancements to command line utilities
-      o Usable certificate chain verification
-      o Certificate purpose checking
-      o Certificate trust settings
-      o Support of authority information access extension
-      o Extensions in certificate requests
-      o Simplified X509 name and attribute routines
-      o Initial (incomplete) support for international character sets
-      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
-      o Read only memory BIOs and simplified creation function
-      o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
-        record; allow fragmentation and interleaving of handshake and other
-        data
-      o TLS/SSL code now "tolerates" MS SGC
-      o Work around for Netscape client certificate hang bug
-      o RSA_NULL option that removes RSA patent code but keeps other
-        RSA functionality
-      o Memory leak detection now allows applications to add extra information
-        via a per-thread stack
-      o PRNG robustness improved
-      o EGD support
-      o BIGNUM library bug fixes
-      o Faster DSA parameter generation
-      o Enhanced support for Alpha Linux
-      o Experimental MacOS support
-
-  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
-
-      o Transparent support for PKCS#8 format private keys: these are used
-        by several software packages and are more secure than the standard
-        form
-      o PKCS#5 v2.0 implementation
-      o Password callbacks have a new void * argument for application data
-      o Avoid various memory leaks
-      o New pipe-like BIO that allows using the SSL library when actual I/O
-        must be handled by the application (BIO pair)
-
-  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
-      o Lots of enhancements and cleanups to the Configuration mechanism
-      o RSA OEAP related fixes
-      o Added `openssl ca -revoke' option for revoking a certificate
-      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
-      o Source tree cleanups: removed lots of obsolete files
-      o Thawte SXNet, certificate policies and CRL distribution points
-        extension support
-      o Preliminary (experimental) S/MIME support
-      o Support for ASN.1 UTF8String and VisibleString
-      o Full integration of PKCS#12 code
-      o Sparc assembler bignum implementation, optimized hash functions
-      o Option to disable selected ciphers
-
-  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
-      o Fixed a security hole related to session resumption
-      o Fixed RSA encryption routines for the p < q case
-      o "ALL" in cipher lists now means "everything except NULL ciphers"
-      o Support for Triple-DES CBCM cipher
-      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
-      o First support for new TLSv1 ciphers
-      o Added a few new BIOs (syslog BIO, reliable BIO)
-      o Extended support for DSA certificate/keys.
-      o Extended support for Certificate Signing Requests (CSR)
-      o Initial support for X.509v3 extensions
-      o Extended support for compression inside the SSL record layer
-      o Overhauled Win32 builds
-      o Cleanups and fixes to the Big Number (BN) library
-      o Support for ASN.1 GeneralizedTime
-      o Splitted ASN.1 SETs from SEQUENCEs
-      o ASN1 and PEM support for Netscape Certificate Sequences
-      o Overhauled Perl interface
-      o Lots of source tree cleanups.
-      o Lots of memory leak fixes.
-      o Lots of bug fixes.
-
-  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
-      o Integration of the popular NO_RSA/NO_DSA patches
-      o Initial support for compression inside the SSL record layer
-      o Added BIO proxy and filtering functionality
-      o Extended Big Number (BN) library
-      o Added RIPE MD160 message digest
-      o Addeed support for RC2/64bit cipher
-      o Extended ASN.1 parser routines
-      o Adjustations of the source tree for CVS
-      o Support for various new platforms
-
--- a/50
+++ b/50
@@ -0,0 +1,50 @@
+If you have any problems with SSLeay then please take the following 
+steps:
+
+    Remove the ASM version of the BN routines (edit Configure)
+    Remove the compiler optimisation flags
+    Add in the compiler debug flags (-g)
+
+Note: if using gcc then remove -fomit-frame-pointer before you try
+      to debug things.
+
+If you wish to report a bug then please include the following information
+in any bug report:
+
+    SSLeay Details
+	- Version, most of these details can be got from the
+	  'ssleay version -a' command.
+    Operating System Details
+	- OS Name
+	- OS Version
+	- Hardware platform
+    Compiler Details
+	- Name
+	- Version
+    Application Details 
+	- Name 
+	- Version 
+    Problem Description
+	- include steps that will reproduce the problem (if known)
+    Stack Traceback (if the application dumps core)
+
+For example:
+
+    SSLeay-0.5.1a
+    SunOS 5.3, SPARC, SunC 3.0
+    SSLtelnet-0.7
+
+    Core dumps when using telnet with SSL support in bn_mul() with 
+    the following stack trackback 
+	...
+
+
+Report the bug to either
+    ssleay@mincom.oz.au (Eric and Tim)
+or
+    ssl-bugs@mincom.oz.au (mailing list of active developers)
+
+
+Tim Hudson
+tjh@mincom.oz.au
+
--- a/293
+++ b/293
@@ -1,176 +1,173 @@
+		SSLeay 0.8.1b 29-Jun-1998
+		Copyright (c) 1997, Eric Young
+		All rights reserved.

- OpenSSL 0.9.6a [engine] 5 Apr 2001
+This directory contains Eric Young's (eay@cryptsoft.com) implementation
+of SSL and supporting libraries.

- Copyright (c) 1998-2000 The OpenSSL Project
- Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
- All rights reserved.
+The current version of this library is available from
+    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz

- DESCRIPTION
- -----------
+There are patches to a number of internet applications which can be found in
+    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/

- The OpenSSL Project is a collaborative effort to develop a robust,
- commercial-grade, fully featured, and Open Source toolkit implementing the
- Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
- protocols as well as a full-strength general purpose cryptography library.
- The project is managed by a worldwide community of volunteers that use the
- Internet to communicate, plan, and develop the OpenSSL toolkit and its
- related documentation. 
+A Web page containing the SSLeay FAQ written by Tim Hudson <tjh@cryptsoft.com> 
+can be found at 
+    http://www.psy.uq.oz.au/~ftp/Crypto

- OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
- and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
- OpenSSL license plus the SSLeay license) situation, which basically means
- that you are free to get and use it for commercial and non-commercial
- purposes as long as you fulfill the conditions of both licenses. 
+Additional documentation is being slowly written by Eric Young, and is being
+added to http://www.cryptsoft.com/ssleay/doc.  It will normally also be
+available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay

- OVERVIEW
- --------
+This Library and programs are FREE for commercial and non-commercial
+usage.  The only restriction is that I must be attributed with the
+development of this code.  See the COPYRIGHT file for more details.
+Donations would still be accepted :-).

- The OpenSSL toolkit includes:
+THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6

- libssl.a:
-     Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
-     both SSLv2, SSLv3 and TLSv1 in the one server and client.
+The package includes

- libcrypto.a:
-     General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
-     actually logically part of it. It includes routines for the following:
+libssl.a:
+	My implementation of SSLv2, SSLv3 and the required code to support
+	both SSLv2 and SSLv3 in the one server.

-     Ciphers
-        libdes - EAY's libdes DES encryption package which has been floating
-                 around the net for a few years.  It includes 15
-                 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
-                 cbc, cfb and ofb; pcbc and a more general form of cfb and
-                 ofb) including desx in cbc mode, a fast crypt(3), and
-                 routines to read passwords from the keyboard.
-        RC4 encryption,
-        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
-        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
-        IDEA encryption     - 4 different modes, ecb, cbc, cfb and ofb.
+libcrypto.a:
+	General encryption and X509 stuff needed by SSL but not
+	actually logically part of it.  It includes routines for the following:

-     Digests
-        MD5 and MD2 message digest algorithms, fast implementations,
-        SHA (SHA-0) and SHA-1 message digest algorithms,
-        MDC2 message digest. A DES based hash that is popular on smart cards.
+  Ciphers
+	libdes - My libdes DES encryption package which has been floating
+		around the net for a few years.  It includes 15
+		'modes/variations' of DES (1, 2 and 3 key versions of ecb,
+		cbc, cfb and ofb; pcbc and a more general form of cfb and ofb)
+		including desx in cbc mode,
+		a fast crypt(3), and routines to read passwords from the
+		keyboard.
+	RC4 encryption,
+	RC2 encryption 		- 4 different modes, ecb, cbc, cfb and ofb.
+	Blowfish encryption	- 4 different modes, ecb, cbc, cfb and ofb.
+	IDEA encryption		- 4 different modes, ecb, cbc, cfb and ofb.

-     Public Key
-        RSA encryption/decryption/generation.  
-            There is no limit on the number of bits.
-        DSA encryption/decryption/generation.   
-            There is no limit on the number of bits.
-        Diffie-Hellman key-exchange/key generation.  
-            There is no limit on the number of bits.
+  Digests
+	MD5 and MD2 message digest algorithms, fast implementations,
+	SHA (SHA-0) and SHA-1 message digest algorithms,
+	MDC2 message digest.  A DES based hash that is polular on smart cards.

-     X.509v3 certificates
-        X509 encoding/decoding into/from binary ASN1 and a PEM
-             based ascii-binary encoding which supports encryption with a
-             private key.  Program to generate RSA and DSA certificate
-             requests and to generate RSA and DSA certificates.
+  Public Key
+	RSA encryption/decryption/generation.  There is no limit
+		on the number of bits.
+	DSA encryption/decryption/generation.   There is no limit on the
+		number of bits.
+	Diffie-Hellman key-exchange/key generation.  There is no limit
+		on the number of bits.

-     Systems
-        The normal digital envelope routines and base64 encoding.  Higher
-        level access to ciphers and digests by name.  New ciphers can be
-        loaded at run time.  The BIO io system which is a simple non-blocking
-        IO abstraction.  Current methods supported are file descriptors,
-        sockets, socket accept, socket connect, memory buffer, buffering, SSL
-        client/server, file pointer, encryption, digest, non-blocking testing
-        and null.
+  X509v3 certificates
+	X509 encoding/decoding into/from binary ASN1 and a PEM
+		based ascii-binary encoding which supports encryption with
+		a private key.
+	Program to generate RSA and DSA certificate requests and to
+		generate RSA and DSA certificates.

-     Data structures
-        A dynamically growing hashing system
-        A simple stack.
-        A Configuration loader that uses a format similar to MS .ini files.
+  Systems
+  	The normal digital envelope routines and base64 encoding.
+	Higher level access to ciphers and digests by name.  New ciphers can be
+		loaded at run time.
+	The BIO io system which is a simple non-blocking IO abstraction.
+		Current methods supported are file descriptors, sockets,
+		socket accept, socket connect, memory buffer, buffering,
+		SSL client/server, file pointer, encryption, digest,
+		non-blocking testing and null.
+  Data structures
+  	A dynamically growing hashing system
+	A simple stack.
+	A Configuration loader that uses a format similar to MS .ini files.

- openssl: 
-     A command line tool that can be used for:
-        Creation of RSA, DH and DSA key parameters
-        Creation of X.509 certificates, CSRs and CRLs 
-        Calculation of Message Digests
-        Encryption and Decryption with Ciphers
-        SSL/TLS Client and Server Tests
-        Handling of S/MIME signed or encrypted mail
+Programs in this package include
+	enc	- a general encryption program that can encrypt/decrypt using
+		one of 17 different cipher/mode combinations.  The
+		input/output can also be converted to/from base64
+		ascii encoding.
+	dgst	- a generate message digesting program that will generate
+		message digests for any of md2, md5, sha (sha-0 or sha-1)
+		or mdc2.
+	asn1parse - parse and display the structure of an asn1 encoded
+		binary file.
+	rsa	- Manipulate RSA private keys.
+	dsa	- Manipulate DSA private keys.
+	dh	- Manipulate Diffie-Hellman parameter files.
+	dsaparam- Manipulate and generate DSA parameter files.
+	crl	- Manipulate certificate revocation lists.
+	crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
+	x509	- Manipulate x509 certificates, self-sign certificates.
+	req	- Manipulate PKCS#10 certificate requests and also
+		  generate certificate requests.
+	genrsa  - Generates an arbitrary sized RSA private key.
+	gendh	- Generates a set of Diffie-Hellman parameters, the prime
+		  will be a strong prime.
+	ca	- Create certificates from PKCS#10 certificate requests.
+		  This program also maintains a database of certificates
+		  issued.
+	verify	- Check x509 certificate signatures.
+	speed	- Benchmark SSLeay's ciphers.
+	s_server- A test SSL server.
+	s_client- A test SSL client.
+	s_time	- Benchmark SSL performance of SSL server programs.
+	errstr	- Convert from SSLeay hex error codes to a readable form.
+	
+Documents avaliable are
+	A Postscript and html reference manual
+	(written by Tim Hudson tjh@cryptsoft.com).

-        
- PATENTS
- -------
+	A list of text protocol references I used.
+	An initial version of the library manual.

- Various companies hold various patents for various algorithms in various
- locations around the world. _YOU_ are responsible for ensuring that your use
- of any algorithms is legal by checking if there are any patents in your
- country.  The file contains some of the patents that we know about or are
- rumoured to exist. This is not a definitive list.
+To install this package, read the INSTALL file.
+For the Microsoft word, read MICROSOFT
+This library has been compiled and tested on Solaris 2.[34] (sparc and x86),
+SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23],
+LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22.

- RSA Security holds software patents on the RC5 algorithm.  If you
- intend to use this cipher, you must contact RSA Security for
- licensing conditions. Their web page is http://www.rsasecurity.com/.
+Multithreading has been tested under Windows NT and Solaris 2.5.1

- RC4 is a trademark of RSA Security, so use of this label should perhaps
- only be used with RSA Security's permission. 
+Due to time constraints, the current release has only be rigorously tested
+on Solaris 2.[45], Linux and Windows NT.

- The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
- Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They should
- be contacted if that algorithm is to be used, their web page is
- http://www.ascom.ch/.
+For people in the USA, it is possible to compile SSLeay to use RSA
+Inc.'s public key library, RSAref.  From my understanding, it is
+claimed by RSA Inc. to be illegal to use my public key routines inside the USA.
+Read doc/rsaref.doc on how to build with RSAref.

- INSTALLATION
- ------------
+Read the documentation in the doc directory.  It is quite rough,
+but it lists the functions, you will probably have to look at
+the code to work out how to used them.  I will be working on
+documentation.  Look at the example programs.

- To install this package under a Unix derivative, read the INSTALL file.  For
- a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read
- INSTALL.VMS.
+There should be a SSL reference manual which is being put together by
+Tim Hudson (tjh@cryptsoft.com) in the same location as this
+distribution.  This contains a lot more information that is very
+useful.  For a description of X509 Certificates, their use, and
+certification, read rfc1421, rfc1422, rfc1423 and rfc1424.  ssl/README
+also goes over the mechanism.

- Read the documentation in the doc/ directory.  It is quite rough, but it
- lists the functions, you will probably have to look at the code to work out
- how to used them. Look at the example programs.
+We have setup some mailing lists for use by people that are interested
+in helping develop this code and/or ask questions.
+    ssl-bugs@mincom.oz.au
+    ssl-users@mincom.oz.au
+    ssl-bugs-request@mincom.oz.au
+    ssl-users-request@mincom.oz.au

- SUPPORT 
- -------
+I have recently read about a new form of software, that which is in
+a permanent state of beta release.  Linux and Netscape are 2 good 
+examples of this, and I would also add SSLeay to this category.
+The Current stable release is 0.6.6.  It has a few minor problems.
+0.8.0 is not call compatable so make sure you have the correct version
+of SSLeay to link with.  

- If you have any problems with OpenSSL then please take the following steps
- first:
+eric (Jun 1997)

-    - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
-      to see if the problem has already been addressed
-    - Remove ASM versions of libraries
-    - Remove compiler optimisation flags 
+Eric Young (eay@cryptsoft.com)
+86 Taunton St.
+Annerley 4103.
+Australia.

- If you wish to report a bug then please include the following information in
- any bug report:
-
-    - On Unix systems:
-        Self-test report generated by 'make report'
-    - On other systems:
-        OpenSSL version: output of 'openssl version -a'
-        OS Name, Version, Hardware platform
-        Compiler Details (name, version)
-    - Application Details (name, version)
-    - Problem Description (steps that will reproduce the problem, if known)
-    - Stack Traceback (if the application dumps core)
-
- Report the bug to the OpenSSL project at:
-
-    openssl-bugs@openssl.org
-
- Note that mail to openssl-bugs@openssl.org is forwarded to a public
- mailing list. Confidential mail may be sent to openssl-security@openssl.org
- (PGP key available from the key servers).
-
- HOW TO CONTRIBUTE TO OpenSSL
- ----------------------------
-
- Development is coordinated on the openssl-dev mailing list (see
- http://www.openssl.org for information on subscribing). If you
- would like to submit a patch, send it to openssl-dev@openssl.org with
- the string "[PATCH]" in the subject. Please be sure to include a
- textual explanation of what your patch does.
-
- Note: For legal reasons, contributions from the US can be accepted only
- if a copy of the patch is sent to crypt@bxa.doc.gov
-
- The preferred format for changes is "diff -u" output. You might
- generate it like this:
-
- # cd openssl-work
- # [your changes]
- # ./Configure dist; make clean
- # cd ..
- # diff -ur openssl-orig openssl-work > mydiffs.patch
--- a/README.066
+++ b/README.066
@@ -0,0 +1,27 @@
+
+SSLeay 0.6.6 13-Jan-1997
+
+The main additions are
+
+- assember for x86 DES improvments.
+  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
+  loop and the IP/FP modifications are from
+  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
+  contribution.
+- The 'DES macros' introduced in 0.6.5 now have 3 types.
+  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
+  is best and there is a summery of mine in crypto/des/options.txt
+- A few bug fixes.
+- Added blowfish.  It is not used by SSL but all the other stuff that
+  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
+  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
+  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
+  the 'Configure' script.
+- There is now a 'get client certificate' callback which can be
+  'non-blocking'.  If more details are required, let me know.  It will
+  documented more in SSLv3 when I finish it.
+- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
+  now tests the ca program.
+- Lots of little things modified and tweaked.
+
+eric
--- a/README.080
+++ b/README.080
@@ -0,0 +1,147 @@
+This version of SSLeay has quite a lot of things different from the
+previous version.
+
+Basically check all callback parameters, I will be producing documentation
+about how to use things in th future.  Currently I'm just getting 080 out
+the door.  Please not that there are several ways to do everything, and
+most of the applications in the apps directory are hybrids, some using old
+methods and some using new methods.
+
+Have a look in demos/bio for some very simple programs and
+apps/s_client.c and apps/s_server.c for some more advanced versions.
+Notes are definitly needed but they are a week or so away.
+
+Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
+---
+Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
+get those people that want to move to using the new code base off to
+a quick start.
+
+Note that Eric has tidied up a lot of the areas of the API that were
+less than desirable and renamed quite a few things (as he had to break
+the API in lots of places anyrate). There are a whole pile of additional
+functions for making dealing with (and creating) certificates a lot
+cleaner.
+
+01-Jul-97
+Tim Hudson
+tjh@cryptsoft.com
+
+---8<---
+
+To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
+use something like the following (assuming you #include "crypto.h" which
+is something that you really should be doing).
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+#define SSLEAY8
+#endif
+
+buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
+            too if you are working with BIO internal stuff (as distinct
+	    from simply using the interface in an opaque manner)
+
+#include "bio.h"	- required along with "buffer.h" if you write
+			  your own BIO routines as the buffer and bio
+			  stuff that was intermixed has been separated
+			  out 
+			
+envelope.h -> evp.h  (which should have been done ages ago)
+
+Initialisation ... don't forget these or you end up with code that
+is missing the bits required to do useful things (like ciphers):
+
+SSLeay_add_ssl_algorithms()
+(probably also want SSL_load_error_strings() too but you should have
+ already had that call in place)
+
+SSL_CTX_new()	- requires an extra method parameter
+		      SSL_CTX_new(SSLv23_method()) 
+		      SSL_CTX_new(SSLv2_method()) 
+		      SSL_CTX_new(SSLv3_method()) 
+
+		  OR to only have the server or the client code
+		      SSL_CTX_new(SSLv23_server_method()) 
+		      SSL_CTX_new(SSLv2_server_method()) 
+		      SSL_CTX_new(SSLv3_server_method()) 
+		  or  
+		      SSL_CTX_new(SSLv23_client_method()) 
+		      SSL_CTX_new(SSLv2_client_method()) 
+		      SSL_CTX_new(SSLv3_client_method()) 
+
+SSL_set_default_verify_paths() ... renamed to the more appropriate
+SSL_CTX_set_default_verify_paths()
+
+If you want to use client certificates then you have to add in a bit
+of extra stuff in that a SSLv3 server sends a list of those CAs that
+it will accept certificates from ... so you have to provide a list to
+SSLeay otherwise certain browsers will not send client certs.
+
+SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+
+
+X509_NAME_oneline(X)	-> X509_NAME_oneline(X,NULL,0)	
+			   or provide a buffer and size to copy the
+			   result into
+
+X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
+		  notes on X509_NAME structure changes too)
+
+
+VERIFICATION CODE
+=================
+
+The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
+more accurately reflect things.
+
+The verification callback args are now packaged differently so that
+extra fields for verification can be added easily in future without
+having to break things by adding extra parameters each release :-)
+
+X509_cert_verify_error_string -> X509_verify_cert_error_string
+
+
+BIO INTERNALS
+=============
+
+Eric has fixed things so that extra flags can be introduced in
+the BIO layer in future without having to play with all the BIO
+modules by adding in some macros.
+
+The ugly stuff using 
+	b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
+becomes
+	BIO_clear_retry_flags(b)
+
+	b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
+becomes
+	BIO_set_retry_read(b)
+
+Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
+
+
+
+OTHER THINGS
+============
+
+X509_NAME has been altered so that it isn't just a STACK ... the STACK
+is now in the "entries" field ... and there are a pile of nice functions
+for getting at the details in a much cleaner manner.
+
+SSL_CTX has been altered ... "cert" is no longer a direct member of this
+structure ... things are now down under "cert_store" (see x509_vfy.h) and
+things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
+If your code "knows" about this level of detail then it will need some 
+surgery.
+
+If you depending on the incorrect spelling of a number of the error codes
+then you will have to change your code as these have been fixed.
+
+ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
+has been all along so this makes things clearer.
+ify_cert_error_string(ctx->error));
+
+SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
+			and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
+
+
--- a/README.ENGINE
+++ b/README.ENGINE
@@ -1,63 +0,0 @@
-
-  ENGINE
-  ======
-
-  With OpenSSL 0.9.6, a new component has been added to support external 
-  crypto devices, for example accelerator cards.  The component is called
-  ENGINE, and has still a pretty experimental status and almost no
-  documentation.  It's designed to be faily easily extensible by the
-  calling programs.
-
-  There's currently built-in support for the following crypto devices:
-
-      o CryptoSwift
-      o Compaq Atalla
-      o nCipher CHIL
-
-  A number of things are still needed and are being worked on:
-
-      o An openssl utility command to handle or at least check available
-        engines.
-      o A better way of handling the methods that are handled by the
-        engines.
-      o Documentation!
-
-  What already exists is fairly stable as far as it has been tested, but
-  the test base has been a bit small most of the time.
-
-  Because of this experimental status and what's lacking, the ENGINE
-  component is not yet part of the default OpenSSL distribution.  However,
-  we have made a separate kit for those who want to try this out, to be
-  found in the same places as the default OpenSSL distribution, but with
-  "-engine-" being part of the kit file name.  For example, version 0.9.6
-  is distributed in the following two files:
-
-      openssl-0.9.6.tar.gz
-      openssl-engine-0.9.6.tar.gz
-
-  NOTES
-  =====
-
-  openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
-  not need to download both.
-
-  openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
-  crypto device.  The internal OpenSSL functions are contained in the
-  engine "openssl", and will be used by default.
-
-  No external crypto device is chosen unless you say so.  You have actively
-  tell the openssl utility commands to use it through a new command line
-  switch called "-engine".  And if you want to use the ENGINE library to
-  do something similar, you must also explicitely choose an external crypto
-  device, or the built-in crypto routines will be used, just as in the
-  default OpenSSL distribution.
-
-
-  PROBLEMS
-  ========
-
-  It seems like the ENGINE part doesn't work too well with Cryptoswift on
-  Win32.  A quick test done right before the release showed that trying
-  "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
-  an attempt is made to write at memory address 0x00000002.
-
--- a/102
+++ b/102
@@ -1,102 +0,0 @@
-
-  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2001/04/05 17:48:02 $
-
-  DEVELOPMENT STATE
-
-    o  OpenSSL 0.9.6a: Released on April      5th, 2001
-    o  OpenSSL 0.9.6:  Released on September 24th, 2000
-    o  OpenSSL 0.9.5a: Released on April      1st, 2000
-    o  OpenSSL 0.9.5:  Released on February  28th, 2000
-    o  OpenSSL 0.9.4:  Released on August    09th, 1999
-    o  OpenSSL 0.9.3a: Released on May       29th, 1999
-    o  OpenSSL 0.9.3:  Released on May       25th, 1999
-    o  OpenSSL 0.9.2b: Released on March     22th, 1999
-    o  OpenSSL 0.9.1c: Released on December  23th, 1998
-
-  RELEASE SHOWSTOPPERS
-
-  AVAILABLE PATCHES
-
-  IN PROGRESS
-
-    o Steve is currently working on (in no particular order):
-        ASN1 code redesign, butchery, replacement.
-        OCSP
-        EVP cipher enhancement.
-        Enhanced certificate chain verification.
-	Private key, certificate and CRL API and implementation.
-	Developing and bugfixing PKCS#7 (S/MIME code).
-        Various X509 issues: character sets, certificate request extensions.
-    o Geoff and Richard are currently working on:
-	ENGINE (the new code that gives hardware support among others).
-    o Richard is currently working on:
-	UTIL (a new set of library functions to support some higher level
-	      functionality that is currently missing).
-	Shared library support for VMS.
-	OCSP
-	Kerberos 5 authentication
-	Constification
-
-  NEEDS PATCH
-
-    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
-
-    o  OpenSSL_0_9_6-stable:
-       #include <openssl/e_os.h> in exported header files is illegal since
-       e_os.h is suitable only for library-internal use.
-
-    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
-       or an error is reported
-
-  OPEN ISSUES
-
-    o  crypto/ex_data.c is not really thread-safe and so must be used
-       with care (e.g., extra locking where necessary, or don't call
-       CRYPTO_get_ex_new_index once multiple threads exist).
-       The current API is not suitable for everything that it pretends
-       to offer.
-
-    o  The Makefile hierarchy and build mechanism is still not a round thing:
-
-       1. The config vs. Configure scripts
-          It's the same nasty situation as for Apache with APACI vs.
-          src/Configure. It confuses.
-          Suggestion: Merge Configure and config into a single configure
-                      script with a Autoconf style interface ;-) and remove
-                      Configure and config. Or even let us use GNU Autoconf
-                      itself. Then we can avoid a lot of those platform checks
-                      which are currently in Configure.
-
-    o  Support for Shared Libraries has to be added at least
-       for the major Unix platforms. The details we can rip from the stuff
-       Ralf has done for the Apache src/Configure script. Ben wants the
-       solution to be really simple.
-
-       Status: Ralf will look how we can easily incorporate the
-               compiler PIC and linker DSO flags from Apache
-               into the OpenSSL Configure script.
-
-               Ulf: +1 for using GNU autoconf and libtool (but not automake,
-                    which apparently is not flexible enough to generate
-                    libcrypto)
-
-
-    o  The perl/ stuff needs a major overhaul. Currently it's
-       totally obsolete. Either we clean it up and enhance it to be up-to-date
-       with the C code or we also could replace it with the really nice
-       Net::SSLeay package we can find under
-       http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
-       longer time and it works fine and is a nice Perl module. Best would be
-       to convince the author to work for the OpenSSL project and create a
-       Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
-       us.
-
-       Status: Ralf thinks we should both contact the author of Net::SSLeay
-               and look how much effort it is to bring Eric's perl/ stuff up
-               to date.
-               Paul +1
-
-  WISHES
-
-    o 
--- a/2751
+++ b/2751
--- a/28
+++ b/28
@@ -0,0 +1,28 @@
+- The loading of the netscape RC4 encrypted key is a crock of pig pellets.
+  It will be reworked along with a nice general mechanism for encrypting
+  ASN.1 stuff. [ Jun 96 ] I've cleaned up private keys internally but
+  still have not done PKCS#8 support.
+
+- Winsock support in s_client/s_server for windows nt/3.1 is a crock.
+  I will probably not get this fixed for a while, it is just there so
+  I could test things.
+
+- Be able to generate DSS certificates.
+
+- Add CRL to the X509 verification stuff, this will probably be added with
+  SSLv3.
+
+ X509 callback.  I need to callback the application to retrieve certificates
+  and CRL.
+
+*<- designates the things I'm activly working on.
+<- designates that which I have next in the queue.
+
+====
+
+X509v3 extensions
+verify certificate chains
+X509 cert lookup methods
+RSA/DSA/DH methods mostly for smart cards
+dsa cert generation
+
--- a/24
+++ b/24
@@ -0,0 +1,24 @@
+SSLeay 0.8.1
+	- Mostly bug fixes.  There is an Ephemeral DH cipher problem which
+	  is fixed.
+
+SSLeay 0.8.0
+	- New release, for those that are wondering what happend to
+	  0.7.x, call it our internal development version :-)
+	- There have been lots of changes, mostly the addition of SSLv3.
+	- There have been many additions from people and amongst
+	  others, C2Net has assisted greatly.
+
+SSLeay 0.6.6
+	SSLeay 0.8.0 is not upward compatable with SSLeay 0.6.6, so
+	if your application requires 0.6.6, use it.  There have been
+	lots of bug fixes to 0.8.x that have not been applied to 0.6.6
+	so use 0.8.0+ in preference.
+
+PORTING 0.6.6 to 0.8.0
+	I'll be documenting this over the next few weeks but as
+	pressures have been increasing for making SSLv3 support
+	available I'm shipping it without this documentation as I
+	basically have not had time to write it (too busy earning a
+	living :-)
+
--- a/VMS/TODO
+++ b/VMS/TODO
@@ -1,18 +0,0 @@
-TODO:
-=====
-
-There are a few things that need to be worked out in the VMS version of
-OpenSSL, still:
-
- Description files. ("Makefile's" :-))
- Script code to link an already compiled build tree.
- A VMSINSTALlable version (way in the future, unless someone else hacks).
- shareable images (DLL for you Windows folks).
-
-There may be other things that I have missed and that may be desirable.
-Please send mail to <openssl-users@openssl.org> or to me directly if you
-have any ideas.
-
--
-Richard Levitte <richard@levitte.org>
-1999-05-24
--- a/VMS/WISHLIST.TXT
+++ b/VMS/WISHLIST.TXT
@@ -1,4 +0,0 @@
-* Have the building procedure contain a LINK-only possibility.
-  Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au>
-
-  One way to enable that is also to go over to DESCRIP.MMS files.
--- a/VMS/install.com
+++ b/VMS/install.com
@@ -1,72 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 23-MAY-1998 19:22
-$!
-$! P1	root of the directory tree
-$!
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-		   - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
-$	DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
-$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
-$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
-$	DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
-$	DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLINCLUDE:
-$	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
-$
-$	IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN -
-	   DELETE WRK_SSLINCLUDE:vms_idhacks.h;*
-$
-$	OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
-$	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
-$	WRITE SF "$! Startup file for Openssl 0.9.2-RL 15-Mar-1999"
-$	WRITE SF "$!"
-$	WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
-$	WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
-$	WRITE SF "$!"
-$	WRITE SF "$! P1	a qualifier to DEFINE.  For example ""/SYSTEM"" to get the logical names"
-$	WRITE SF "$!	defined in the system logical name table."
-$	WRITE SF "$!"
-$	WRITE SF "$	ARCH = ""VAX"""
-$	WRITE SF "$	IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA"""
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLROOT		",ROOT,".] /TRANS=CONC"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLLIB		SSLROOT:['ARCH'_LIB]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLINCLUDE	SSLROOT:[INCLUDE]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLEXE		SSLROOT:['ARCH'_EXE]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLCERTS	SSLROOT:[CERTS]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLPRIVATE	SSLROOT:[PRIVATE]"
-$	WRITE SF "$"
-$	WRITE SF "$!	This is program can include <openssl/{foo}.h>"
-$	WRITE SF "$	DEFINE/NOLOG'P1	OPENSSL		SSLINCLUDE:"
-$	WRITE SF "$"
-$	WRITE SF "$	IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -"
-$	WRITE SF "	   @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
-$	WRITE SF "$"
-$	WRITE SF "$	EXIT"
-$	CLOSE SF
-$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
-$
-$	COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG
-$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_UTILS.COM
-$
-$	EXIT
--- a/VMS/multinet_shr.opt
+++ b/VMS/multinet_shr.opt
@@ -1 +0,0 @@
-multinet:multinet_socket_library.exe/share
--- a/VMS/openssl_utils.com
+++ b/VMS/openssl_utils.com
@@ -1,38 +0,0 @@
-$!
-$!  APPS.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!
-$! Slightly modified by Richard Levitte <richard@levitte.org>
-$!
-$ OPENSSL  :== $SSLEXE:OPENSSL
-$ VERIFY   :== $SSLEXE:OPENSSL VERIFY
-$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
-$ REQ      :== $SSLEXE:OPENSSL REQ
-$ DGST     :== $SSLEXE:OPENSSL DGST
-$ DH       :== $SSLEXE:OPENSSL DH
-$ ENC      :== $SSLEXE:OPENSSL ENC
-$ GENDH    :== $SSLEXE:OPENSSL GENDH
-$ ERRSTR   :== $SSLEXE:OPENSSL ERRSTR
-$ CA       :== $SSLEXE:OPENSSL CA
-$ CRL      :== $SSLEXE:OPENSSL CRL
-$ RSA      :== $SSLEXE:OPENSSL RSA
-$ DSA      :== $SSLEXE:OPENSSL DSA
-$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
-$ X509     :== $SSLEXE:OPENSSL X509
-$ GENRSA   :== $SSLEXE:OPENSSL GENRSA
-$ GENDSA   :== $SSLEXE:OPENSSL GENDSA
-$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
-$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
-$ SPEED    :== $SSLEXE:OPENSSL SPEED
-$ S_TIME   :== $SSLEXE:OPENSSL S_TIME
-$ VERSION  :== $SSLEXE:OPENSSL VERSION
-$ PKCS7    :== $SSLEXE:OPENSSL PKCS7
-$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
-$ SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
-$ CIPHERS  :== $SSLEXE:OPENSSL CIPHERS
-$ NSEQ     :== $SSLEXE:OPENSSL NSEQ
-$ PKCS12   :== $SSLEXE:OPENSSL PKCS12
--- a/VMS/socketshr_shr.opt
+++ b/VMS/socketshr_shr.opt
@@ -1 +0,0 @@
-socketshr/share
--- a/VMS/test-includes.com
+++ b/VMS/test-includes.com
@@ -1,28 +0,0 @@
-$! Quick script to check how well including individual header files works
-$! on VMS, even when the VMS macro isn't defined.
-$
-$	sav_def = f$env("DEFAULT")
-$	here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
-$	set default 'here'
-$	set default [-.include.openssl]
-$	define openssl 'f$env("DEFAULT")'
-$	set default [--]
-$
-$ loop:
-$	f = f$search("openssl:*.h")
-$	if f .eqs. "" then goto loop_end
-$	write sys$output "Checking ",f
-$	open/write foo foo.c
-$	write foo "#undef VMS"
-$	write foo "#include <stdio.h>"
-$	write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
-$	write foo "main()"
-$	write foo "{printf(""foo\n"");}"
-$	close foo
-$	cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
-$	delete foo.c;
-$	goto loop
-$ loop_end:
-$	set default 'save_def'
-$	exit
-
--- a/VMS/ucx_shr_decc.opt
+++ b/VMS/ucx_shr_decc.opt
@@ -1 +0,0 @@
-sys$share:ucx$ipc_shr.exe/share
--- a/VMS/ucx_shr_decc_log.opt
+++ b/VMS/ucx_shr_decc_log.opt
@@ -1 +0,0 @@
-ucx$ipc_shr/share
--- a/VMS/ucx_shr_vaxc.opt
+++ b/VMS/ucx_shr_vaxc.opt
@@ -1 +0,0 @@
-sys$library:ucx$ipc.olb/library
--- a/apps/.cvsignore
+++ b/apps/.cvsignore
@@ -1,5 +0,0 @@
-openssl
-Makefile.save
-der_chop
-der_chop.bak
-CA.pl
--- a/apps/CA.com
+++ b/apps/CA.com
@@ -1,220 +0,0 @@
-$! CA - wrapper around ca to make it easier to use ... basically ca requires
-$!      some setup stuff to be done before you can use it and this makes
-$!      things easier between now and when Eric is convinced to fix it :-)
-$!
-$! CA -newca ... will setup the right stuff
-$! CA -newreq ... will generate a certificate request 
-$! CA -sign ... will sign the generated request and output 
-$!
-$! At the end of that grab newreq.pem and newcert.pem (one has the key 
-$! and the other the certificate) and cat them together and that is what
-$! you want/need ... I'll make even this a little cleaner later.
-$!
-$!
-$! 12-Jan-96 tjh    Added more things ... including CA -signcert which
-$!                  converts a certificate to a request and then signs it.
-$! 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
-$!                 environment variable so this can be driven from
-$!                 a script.
-$! 25-Jul-96 eay    Cleaned up filenames some more.
-$! 11-Jun-96 eay    Fixed a few filename missmatches.
-$! 03-May-96 eay    Modified to use 'openssl cmd' instead of 'cmd'.
-$! 18-Apr-96 tjh    Original hacking
-$!
-$! Tim Hudson
-$! tjh@cryptsoft.com
-$!
-$!
-$! default ssleay.cnf file has setup as per the following
-$! demoCA ... where everything is stored
-$
-$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
-$
-$ DAYS   = "-days 365"
-$ REQ    = openssl + " req " + SSLEAY_CONFIG
-$ CA     = openssl + " ca " + SSLEAY_CONFIG
-$ VERIFY = openssl + " verify"
-$ X509   = openssl + " x509"
-$ PKCS12 = openssl + " pkcs12"
-$ echo   = "write sys$Output"
-$!
-$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;"
-$ CATOP  := 's'.demoCA
-$ CAKEY  := ]cakey.pem
-$ CACERT := ]cacert.pem
-$
-$ __INPUT := SYS$COMMAND
-$ RET = 1
-$!
-$ i = 1
-$opt_loop:
-$ if i .gt. 8 then goto opt_loop_end
-$
-$ prog_opt = F$EDIT(P'i',"lowercase")
-$
-$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") 
-$ THEN
-$   echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" 
-$   exit
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-input")
-$ THEN
-$   ! Get input from somewhere other than SYS$COMMAND
-$   i = i + 1
-$   __INPUT = P'i'
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-newcert")
-$ THEN
-$   ! Create a certificate.
-$   DEFINE/USER SYS$INPUT '__INPUT'
-$   REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
-$   RET=$STATUS
-$   echo "Certificate (and private key) is in newreq.pem"
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-newreq")
-$ THEN
-$   ! Create a certificate request
-$   DEFINE/USER SYS$INPUT '__INPUT'
-$   REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
-$   RET=$STATUS
-$   echo "Request (and private key) is in newreq.pem"
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-newca")
-$ THEN
-$   ! If explicitly asked for or it doesn't exist then setup the directory
-$   ! structure that Eric likes to manage things.
-$   IF F$SEARCH(CATOP+"]serial.") .EQS. ""
-$   THEN
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP']
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs]
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl]
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts]
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private]
-$
-$     OPEN   /WRITE ser_file 'CATOP']serial. 
-$     WRITE ser_file "01"
-$     CLOSE ser_file
-$     APPEND/NEW NL: 'CATOP']index.txt
-$
-$     ! The following is to make sure access() doesn't get confused.  It
-$     ! really needs one file in the directory to give correct answers...
-$     COPY NLA0: 'CATOP'.certs].;
-$     COPY NLA0: 'CATOP'.crl].;
-$     COPY NLA0: 'CATOP'.newcerts].;
-$     COPY NLA0: 'CATOP'.private].;
-$   ENDIF
-$!
-$   IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
-$   THEN
-$     READ '__INPUT' FILE -
-	   /PROMT="CA certificate filename (or enter to create)"
-$     IF F$SEARCH(FILE) .NES. ""
-$     THEN
-$       COPY 'FILE' 'CATOP'.private'CAKEY'
-$	RET=$STATUS
-$     ELSE
-$       echo "Making CA certificate ..."
-$       DEFINE/USER SYS$INPUT '__INPUT'
-$       REQ -new -x509 -keyout 'CATOP'.private'CAKEY' -
-		       -out 'CATOP''CACERT' 'DAYS'
-$	RET=$STATUS
-$     ENDIF
-$   ENDIF
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-pkcs12")
-$ THEN
-$   i = i + 1
-$   cname = P'i'
-$   IF cname .EQS. "" THEN cname = "My certificate"
-$   PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT -
-	   -out newcert.p12 -export -name "''cname'"
-$   RET=$STATUS
-$   exit RET
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-xsign")
-$ THEN
-$!
-$   DEFINE/USER SYS$INPUT '__INPUT'
-$   CA -policy policy_anything -infiles newreq.pem
-$   RET=$STATUS
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
-$ THEN
-$!   
-$   DEFINE/USER SYS$INPUT '__INPUT'
-$   CA -policy policy_anything -out newcert.pem -infiles newreq.pem
-$   RET=$STATUS
-$   type newcert.pem
-$   echo "Signed certificate is in newcert.pem"
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-signcert")
-$  THEN
-$!   
-$   echo "Cert passphrase will be requested twice - bug?"
-$   DEFINE/USER SYS$INPUT '__INPUT'
-$   X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
-$   DEFINE/USER SYS$INPUT '__INPUT'
-$   CA -policy policy_anything -out newcert.pem -infiles tmp.pem
-y
-y
-$   type newcert.pem
-$   echo "Signed certificate is in newcert.pem"
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-verify")
-$ THEN
-$!   
-$   i = i + 1
-$   IF (p'i' .EQS. "")
-$   THEN
-$     DEFINE/USER SYS$INPUT '__INPUT'
-$     VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem
-$   ELSE
-$     j = i
-$    verify_opt_loop:
-$     IF j .GT. 8 THEN GOTO verify_opt_loop_end
-$     IF p'j' .NES. ""
-$     THEN 
-$       DEFINE/USER SYS$INPUT '__INPUT'
-$       __tmp = p'j'
-$       VERIFY "-CAfile" 'CATOP''CACERT' '__tmp'
-$       tmp=$STATUS
-$       IF tmp .NE. 0 THEN RET=tmp
-$     ENDIF
-$     j = j + 1
-$     GOTO verify_opt_loop
-$    verify_opt_loop_end:
-$   ENDIF
-$   
-$   GOTO opt_loop_end
-$ ENDIF
-$!
-$ IF (prog_opt .NES. "")
-$ THEN
-$!   
-$   echo "Unknown argument ''prog_opt'"
-$   
-$   EXIT 3
-$ ENDIF
-$
-$opt_loop_continue:
-$ i = i + 1
-$ GOTO opt_loop
-$
-$opt_loop_end:
-$ EXIT 'RET'
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -1,168 +0,0 @@
-#!/usr/local/bin/perl
-#
-# CA - wrapper around ca to make it easier to use ... basically ca requires
-#      some setup stuff to be done before you can use it and this makes
-#      things easier between now and when Eric is convinced to fix it :-)
-#
-# CA -newca ... will setup the right stuff
-# CA -newreq ... will generate a certificate request 
-# CA -sign ... will sign the generated request and output 
-#
-# At the end of that grab newreq.pem and newcert.pem (one has the key 
-# and the other the certificate) and cat them together and that is what
-# you want/need ... I'll make even this a little cleaner later.
-#
-#
-# 12-Jan-96 tjh    Added more things ... including CA -signcert which
-#                  converts a certificate to a request and then signs it.
-# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
-#		   environment variable so this can be driven from
-#		   a script.
-# 25-Jul-96 eay    Cleaned up filenames some more.
-# 11-Jun-96 eay    Fixed a few filename missmatches.
-# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
-# 18-Apr-96 tjh    Original hacking
-#
-# Tim Hudson
-# tjh@cryptsoft.com
-#
-
-# 27-Apr-98 snh    Translation into perl, fix existing CA bug.
-#
-#
-# Steve Henson
-# shenson@bigfoot.com
-
-# default openssl.cnf file has setup as per the following
-# demoCA ... where everything is stored
-
-$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
-$DAYS="-days 365";
-$REQ="openssl req $SSLEAY_CONFIG";
-$CA="openssl ca $SSLEAY_CONFIG";
-$VERIFY="openssl verify";
-$X509="openssl x509";
-$PKCS12="openssl pkcs12";
-
-$CATOP="./demoCA";
-$CAKEY="cakey.pem";
-$CACERT="cacert.pem";
-
-$DIRMODE = 0777;
-
-$RET = 0;
-
-foreach (@ARGV) {
-	if ( /^(-\?|-h|-help)$/ ) {
-	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
-	    exit 0;
-	} elsif (/^-newcert$/) {
-	    # create a certificate
-	    system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
-	    $RET=$?;
-	    print "Certificate (and private key) is in newreq.pem\n"
-	} elsif (/^-newreq$/) {
-	    # create a certificate request
-	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
-	    $RET=$?;
-	    print "Request (and private key) is in newreq.pem\n";
-	} elsif (/^-newca$/) {
-		# if explicitly asked for or it doesn't exist then setup the
-		# directory structure that Eric likes to manage things 
-	    $NEW="1";
-	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {
-		# create the directory hierarchy
-		mkdir $CATOP, $DIRMODE;
-		mkdir "${CATOP}/certs", $DIRMODE;
-		mkdir "${CATOP}/crl", $DIRMODE ;
-		mkdir "${CATOP}/newcerts", $DIRMODE;
-		mkdir "${CATOP}/private", $DIRMODE;
-		open OUT, ">${CATOP}/serial";
-		print OUT "01\n";
-		close OUT;
-		open OUT, ">${CATOP}/index.txt";
-		close OUT;
-	    }
-	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
-		print "CA certificate filename (or enter to create)\n";
-		$FILE = <STDIN>;
-
-		chop $FILE;
-
-		# ask user for existing CA certificate
-		if ($FILE) {
-		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
-		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
-		    $RET=$?;
-		} else {
-		    print "Making CA certificate ...\n";
-		    system ("$REQ -new -x509 -keyout " .
-			"${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
-		    $RET=$?;
-		}
-	    }
-	} elsif (/^-pkcs12$/) {
-	    my $cname = $ARGV[1];
-	    $cname = "My Certificate" unless defined $cname;
-	    system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
-			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
-			"-export -name \"$cname\"");
-	    $RET=$?;
-	    exit $RET;
-	} elsif (/^-xsign$/) {
-	    system ("$CA -policy policy_anything -infiles newreq.pem");
-	    $RET=$?;
-	} elsif (/^(-sign|-signreq)$/) {
-	    system ("$CA -policy policy_anything -out newcert.pem " .
-							"-infiles newreq.pem");
-	    $RET=$?;
-	    print "Signed certificate is in newcert.pem\n";
-	} elsif (/^(-signCA)$/) {
-	    system ("$CA -policy policy_anything -out newcert.pem " .
-					"-extensions v3_ca -infiles newreq.pem");
-	    $RET=$?;
-	    print "Signed CA certificate is in newcert.pem\n";
-	} elsif (/^-signcert$/) {
-	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
-								"-out tmp.pem");
-	    system ("$CA -policy policy_anything -out newcert.pem " .
-							"-infiles tmp.pem");
-	    $RET = $?;
-	    print "Signed certificate is in newcert.pem\n";
-	} elsif (/^-verify$/) {
-	    if (shift) {
-		foreach $j (@ARGV) {
-		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");
-		    $RET=$? if ($? != 0);
-		}
-		exit $RET;
-	    } else {
-		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
-		    $RET=$?;
-	    	    exit 0;
-	    }
-	} else {
-	    print STDERR "Unknown arg $_\n";
-	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
-	    exit 1;
-	}
-}
-
-exit $RET;
-
-sub cp_pem {
-my ($infile, $outfile, $bound) = @_;
-open IN, $infile;
-open OUT, ">$outfile";
-my $flag = 0;
-while (<IN>) {
-	$flag = 1 if (/^-----BEGIN.*$bound/) ;
-	print OUT $_ if ($flag);
-	if (/^-----END.*$bound/) {
-		close IN;
-		close OUT;
-		return;
-	}
-}
-}
-
--- a/apps/CA.sh
+++ b/apps/CA.sh
@@ -27,14 +27,14 @@
 # tjh@cryptsoft.com
 #

-# default openssl.cnf file has setup as per the following
+# default ssleay.cnf file has setup as per the following
 # demoCA ... where everything is stored

 DAYS="-days 365"
-REQ="openssl req $SSLEAY_CONFIG"
-CA="openssl ca $SSLEAY_CONFIG"
-VERIFY="openssl verify"
-X509="openssl x509"
+REQ="ssleay req $SSLEAY_CONFIG"
+CA="ssleay ca $SSLEAY_CONFIG"
+VERIFY="ssleay verify"
+X509="ssleay x509"

 CATOP=./demoCA
 CAKEY=./cakey.pem
@@ -60,7 +60,7 @@ case $i in
    echo "Request (and private key) is in newreq.pem"
    ;;
 -newca)     
-    # if explicitly asked for or it doesn't exist then setup the directory
+    # if explictly asked for or it doesn't exist then setup the directory
    # structure that Eric likes to manage things 
    NEW="1"
    if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -1,215 +0,0 @@
-/* apps/app_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-
-
-static int seeded = 0;
-static int egdsocket = 0;
-
-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
-	{
-	int consider_randfile = (file == NULL);
-	char buffer[200];
-	
-#ifdef WINDOWS
-	BIO_printf(bio_e,"Loading 'screen' into random state -");
-	BIO_flush(bio_e);
-	RAND_screen();
-	BIO_printf(bio_e," done\n");
-#endif
-
-	if (file == NULL)
-		file = RAND_file_name(buffer, sizeof buffer);
-	else if (RAND_egd(file) > 0)
-		{
-		/* we try if the given filename is an EGD socket.
-		   if it is, we don't write anything back to the file. */
-		egdsocket = 1;
-		return 1;
-		}
-	if (file == NULL || !RAND_load_file(file, -1))
-		{
-		if (RAND_status() == 0 && !dont_warn)
-			{
-			BIO_printf(bio_e,"unable to load 'random state'\n");
-			BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
-			BIO_printf(bio_e,"with much random data.\n");
-			if (consider_randfile) /* explanation does not apply when a file is explicitly named */
-				{
-				BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
-				BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
-				}
-			}
-		return 0;
-		}
-	seeded = 1;
-	return 1;
-	}
-
-long app_RAND_load_files(char *name)
-	{
-	char *p,*n;
-	int last;
-	long tot=0;
-	int egd;
-	
-	for (;;)
-		{
-		last=0;
-		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
-		if (*p == '\0') last=1;
-		*p='\0';
-		n=name;
-		name=p+1;
-		if (*n == '\0') break;
-
-		egd=RAND_egd(n);
-		if (egd > 0)
-			tot+=egd;
-		else
-			tot+=RAND_load_file(n,-1);
-		if (last) break;
-		}
-	if (tot > 512)
-		app_RAND_allow_write_file();
-	return(tot);
-	}
-
-int app_RAND_write_file(const char *file, BIO *bio_e)
-	{
-	char buffer[200];
-	
-	if (egdsocket || !seeded)
-		/* If we did not manage to read the seed file,
-		 * we should not write a low-entropy seed file back --
-		 * it would suppress a crucial warning the next time
-		 * we want to use it. */
-		return 0;
-
-	if (file == NULL)
-		file = RAND_file_name(buffer, sizeof buffer);
-	if (file == NULL || !RAND_write_file(file))
-		{
-		BIO_printf(bio_e,"unable to write 'random state'\n");
-		return 0;
-		}
-	return 1;
-	}
-
-void app_RAND_allow_write_file(void)
-	{
-	seeded = 1;
-	}
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1,5 +1,5 @@
 /* apps/apps.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -64,19 +64,27 @@
 #define NON_MAIN
 #include "apps.h"
 #undef NON_MAIN
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-#include <openssl/safestack.h>

-#ifdef WINDOWS
-#  include "bss_file.c"
+#ifdef WIN16
+#define APPS_WIN16
+#ifdef FLAT_BUILD
+#include "bss_file.c"
+#else
+#include "../crypto/bio/bss_file.c"
+#endif
 #endif

+#ifndef NOPROTO
 int app_init(long mesgwin);
+#else
+int app_init();
+#endif
+
 #ifdef undef /* never finished - probably never will be :-) */
-int args_from_file(char *file, int *argc, char **argv[])
+int args_from_file(file,argc,argv)
+char *file;
+int *argc;
+char **argv[];
 	{
 	FILE *fp;
 	int num,i;
@@ -96,8 +104,8 @@ int args_from_file(char *file, int *argc, char **argv[])
 	*argv=NULL;

 	len=(unsigned int)stbuf.st_size;
-	if (buf != NULL) OPENSSL_free(buf);
-	buf=(char *)OPENSSL_malloc(len+1);
+	if (buf != NULL) Free(buf);
+	buf=(char *)Malloc(len+1);
 	if (buf == NULL) return(0);

 	len=fread(buf,1,len,fp);
@@ -107,8 +115,8 @@ int args_from_file(char *file, int *argc, char **argv[])
 	i=0;
 	for (p=buf; *p; p++)
 		if (*p == '\n') i++;
-	if (arg != NULL) OPENSSL_free(arg);
-	arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
+	if (arg != NULL) Free(arg);
+	arg=(char **)Malloc(sizeof(char *)*(i*2));

 	*argv=arg;
 	num=0;
@@ -154,7 +162,8 @@ int args_from_file(char *file, int *argc, char **argv[])
 	}
 #endif

-int str2fmt(char *s)
+int str2fmt(s)
+char *s;
 	{
 	if 	((*s == 'D') || (*s == 'd'))
 		return(FORMAT_ASN1);
@@ -164,20 +173,15 @@ int str2fmt(char *s)
 		return(FORMAT_PEM);
 	else if ((*s == 'N') || (*s == 'n'))
 		return(FORMAT_NETSCAPE);
-	else if ((*s == 'S') || (*s == 's'))
-		return(FORMAT_SMIME);
-	else if ((*s == '1')
-		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
-		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
-		return(FORMAT_PKCS12);
-	else if ((*s == 'E') || (*s == 'e'))
-		return(FORMAT_ENGINE);
 	else
 		return(FORMAT_UNDEF);
 	}

 #if defined(MSDOS) || defined(WIN32) || defined(WIN16)
-void program_name(char *in, char *out, int size)
+void program_name(in,out,size)
+char *in;
+char *out;
+int size;
 	{
 	int i,n;
 	char *p=NULL;
@@ -214,28 +218,10 @@ void program_name(char *in, char *out, int size)
 	out[n]='\0';
 	}
 #else
-#ifdef VMS
-void program_name(char *in, char *out, int size)
-	{
-	char *p=in, *q;
-	char *chars=":]>";
-
-	while(*chars != '\0')
-		{
-		q=strrchr(p,*chars);
-		if (q > p)
-			p = q + 1;
-		chars++;
-		}
-
-	q=strrchr(p,'.');
-	if (q == NULL)
-		q = in+size;
-	strncpy(out,p,q-p);
-	out[q-p]='\0';
-	}
-#else
-void program_name(char *in, char *out, int size)
+void program_name(in,out,size)
+char *in;
+char *out;
+int size;
 	{
 	char *p;

@@ -248,25 +234,24 @@ void program_name(char *in, char *out, int size)
 	out[size-1]='\0';
 	}
 #endif
-#endif

 #ifdef WIN32
-int WIN32_rename(char *from, char *to)
+int WIN32_rename(from,to)
+char *from;
+char *to;
 	{
-#ifdef WINNT
 	int ret;
-/* Note: MoveFileEx() doesn't work under Win95, Win98 */

 	ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
 	return(ret?0:-1);
-#else
-	unlink(to);
-	return MoveFile(from, to);
-#endif
 	}
 #endif

-int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
+int chopup_args(arg,buf,argc,argv)
+ARGS *arg;
+char *buf;
+int *argc;
+char **argv[];
 	{
 	int num,len,i;
 	char *p;
@@ -279,7 +264,7 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	if (arg->count == 0)
 		{
 		arg->count=20;
-		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+		arg->data=(char **)Malloc(sizeof(char *)*arg->count);
 		}
 	for (i=0; i<arg->count; i++)
 		arg->data[i]=NULL;
@@ -298,7 +283,7 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 		if (num >= arg->count)
 			{
 			arg->count+=20;
-			arg->data=(char **)OPENSSL_realloc(arg->data,
+			arg->data=(char **)Realloc(arg->data,
 				sizeof(char *)*arg->count);
 			if (argc == 0) return(0);
 			}
@@ -332,447 +317,9 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	}

 #ifndef APP_INIT
-int app_init(long mesgwin)
+int app_init(mesgwin)
+long mesgwin;
 	{
 	return(1);
 	}
 #endif
-
-
-int dump_cert_text (BIO *out, X509 *x)
-{
-	char buf[256];
-	X509_NAME_oneline(X509_get_subject_name(x),buf,256);
-	BIO_puts(out,"subject=");
-	BIO_puts(out,buf);
-
-	X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
-	BIO_puts(out,"\nissuer= ");
-	BIO_puts(out,buf);
-	BIO_puts(out,"\n");
-        return 0;
-}
-
-static char *app_get_pass(BIO *err, char *arg, int keepbio);
-
-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
-{
-	int same;
-	if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
-	else same = 1;
-	if(arg1) {
-		*pass1 = app_get_pass(err, arg1, same);
-		if(!*pass1) return 0;
-	} else if(pass1) *pass1 = NULL;
-	if(arg2) {
-		*pass2 = app_get_pass(err, arg2, same ? 2 : 0);
-		if(!*pass2) return 0;
-	} else if(pass2) *pass2 = NULL;
-	return 1;
-}
-
-static char *app_get_pass(BIO *err, char *arg, int keepbio)
-{
-	char *tmp, tpass[APP_PASS_LEN];
-	static BIO *pwdbio = NULL;
-	int i;
-	if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
-	if(!strncmp(arg, "env:", 4)) {
-		tmp = getenv(arg + 4);
-		if(!tmp) {
-			BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
-			return NULL;
-		}
-		return BUF_strdup(tmp);
-	}
-	if(!keepbio || !pwdbio) {
-		if(!strncmp(arg, "file:", 5)) {
-			pwdbio = BIO_new_file(arg + 5, "r");
-			if(!pwdbio) {
-				BIO_printf(err, "Can't open file %s\n", arg + 5);
-				return NULL;
-			}
-		} else if(!strncmp(arg, "fd:", 3)) {
-			BIO *btmp;
-			i = atoi(arg + 3);
-			if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
-			if((i < 0) || !pwdbio) {
-				BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
-				return NULL;
-			}
-			/* Can't do BIO_gets on an fd BIO so add a buffering BIO */
-			btmp = BIO_new(BIO_f_buffer());
-			pwdbio = BIO_push(btmp, pwdbio);
-		} else if(!strcmp(arg, "stdin")) {
-			pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
-			if(!pwdbio) {
-				BIO_printf(err, "Can't open BIO for stdin\n");
-				return NULL;
-			}
-		} else {
-			BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
-			return NULL;
-		}
-	}
-	i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
-	if(keepbio != 1) {
-		BIO_free_all(pwdbio);
-		pwdbio = NULL;
-	}
-	if(i <= 0) {
-		BIO_printf(err, "Error reading password from BIO\n");
-		return NULL;
-	}
-	tmp = strchr(tpass, '\n');
-	if(tmp) *tmp = 0;
-	return BUF_strdup(tpass);
-}
-
-int add_oid_section(BIO *err, LHASH *conf)
-{	
-	char *p;
-	STACK_OF(CONF_VALUE) *sktmp;
-	CONF_VALUE *cnf;
-	int i;
-	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
-	if(!(sktmp = CONF_get_section(conf, p))) {
-		BIO_printf(err, "problem loading oid section %s\n", p);
-		return 0;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
-		cnf = sk_CONF_VALUE_value(sktmp, i);
-		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
-			BIO_printf(err, "problem creating object %s=%s\n",
-							 cnf->name, cnf->value);
-			return 0;
-		}
-	}
-	return 1;
-}
-
-X509 *load_cert(BIO *err, char *file, int format)
-	{
-	ASN1_HEADER *ah=NULL;
-	BUF_MEM *buf=NULL;
-	X509 *x=NULL;
-	BIO *cert;
-
-	if ((cert=BIO_new(BIO_s_file())) == NULL)
-		{
-		ERR_print_errors(err);
-		goto end;
-		}
-
-	if (file == NULL)
-		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(cert,file) <= 0)
-			{
-			perror(file);
-			goto end;
-			}
-		}
-
-	if 	(format == FORMAT_ASN1)
-		x=d2i_X509_bio(cert,NULL);
-	else if (format == FORMAT_NETSCAPE)
-		{
-		unsigned char *p,*op;
-		int size=0,i;
-
-		/* We sort of have to do it this way because it is sort of nice
-		 * to read the header first and check it, then
-		 * try to read the certificate */
-		buf=BUF_MEM_new();
-		for (;;)
-			{
-			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
-				goto end;
-			i=BIO_read(cert,&(buf->data[size]),1024*10);
-			size+=i;
-			if (i == 0) break;
-			if (i < 0)
-				{
-				perror("reading certificate");
-				goto end;
-				}
-			}
-		p=(unsigned char *)buf->data;
-		op=p;
-
-		/* First load the header */
-		if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
-			goto end;
-		if ((ah->header == NULL) || (ah->header->data == NULL) ||
-			(strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
-			ah->header->length) != 0))
-			{
-			BIO_printf(err,"Error reading header on certificate\n");
-			goto end;
-			}
-		/* header is ok, so now read the object */
-		p=op;
-		ah->meth=X509_asn1_meth();
-		if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
-			goto end;
-		x=(X509 *)ah->data;
-		ah->data=NULL;
-		}
-	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
-	else if (format == FORMAT_PKCS12)
-		{
-		PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
-
-		PKCS12_parse(p12, NULL, NULL, &x, NULL);
-		PKCS12_free(p12);
-		p12 = NULL;
-		}
-	else	{
-		BIO_printf(err,"bad input format specified for input cert\n");
-		goto end;
-		}
-end:
-	if (x == NULL)
-		{
-		BIO_printf(err,"unable to load certificate\n");
-		ERR_print_errors(err);
-		}
-	if (ah != NULL) ASN1_HEADER_free(ah);
-	if (cert != NULL) BIO_free(cert);
-	if (buf != NULL) BUF_MEM_free(buf);
-	return(x);
-	}
-
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
-	{
-	BIO *key=NULL;
-	EVP_PKEY *pkey=NULL;
-
-	if (file == NULL)
-		{
-		BIO_printf(err,"no keyfile specified\n");
-		goto end;
-		}
-	key=BIO_new(BIO_s_file());
-	if (key == NULL)
-		{
-		ERR_print_errors(err);
-		goto end;
-		}
-	if (BIO_read_filename(key,file) <= 0)
-		{
-		perror(file);
-		goto end;
-		}
-	if (format == FORMAT_ASN1)
-		{
-		pkey=d2i_PrivateKey_bio(key, NULL);
-		}
-	else if (format == FORMAT_PEM)
-		{
-		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
-		}
-	else if (format == FORMAT_PKCS12)
-		{
-		PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
-
-		PKCS12_parse(p12, pass, &pkey, NULL, NULL);
-		PKCS12_free(p12);
-		p12 = NULL;
-		}
-	else
-		{
-		BIO_printf(err,"bad input format specified for key\n");
-		goto end;
-		}
- end:
-	if (key != NULL) BIO_free(key);
-	if (pkey == NULL)
-		BIO_printf(err,"unable to load Private Key\n");
-	return(pkey);
-	}
-
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
-	{
-	BIO *key=NULL;
-	EVP_PKEY *pkey=NULL;
-
-	if (file == NULL)
-		{
-		BIO_printf(err,"no keyfile specified\n");
-		goto end;
-		}
-	key=BIO_new(BIO_s_file());
-	if (key == NULL)
-		{
-		ERR_print_errors(err);
-		goto end;
-		}
-	if (BIO_read_filename(key,file) <= 0)
-		{
-		perror(file);
-		goto end;
-		}
-	if (format == FORMAT_ASN1)
-		{
-		pkey=d2i_PUBKEY_bio(key, NULL);
-		}
-	else if (format == FORMAT_PEM)
-		{
-		pkey=PEM_read_bio_PUBKEY(key,NULL,NULL,NULL);
-		}
-	else
-		{
-		BIO_printf(err,"bad input format specified for key\n");
-		goto end;
-		}
- end:
-	if (key != NULL) BIO_free(key);
-	if (pkey == NULL)
-		BIO_printf(err,"unable to load Public Key\n");
-	return(pkey);
-	}
-
-STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
-	{
-	BIO *certs;
-	int i;
-	STACK_OF(X509) *othercerts = NULL;
-	STACK_OF(X509_INFO) *allcerts = NULL;
-	X509_INFO *xi;
-
-	if((certs = BIO_new(BIO_s_file())) == NULL)
-		{
-		ERR_print_errors(err);
-		goto end;
-		}
-
-	if (file == NULL)
-		BIO_set_fp(certs,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(certs,file) <= 0)
-			{
-			perror(file);
-			goto end;
-			}
-		}
-
-	if      (format == FORMAT_PEM)
-		{
-		othercerts = sk_X509_new_null();
-		if(!othercerts)
-			{
-			sk_X509_free(othercerts);
-			othercerts = NULL;
-			goto end;
-			}
-		allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
-		for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
-			{
-			xi = sk_X509_INFO_value (allcerts, i);
-			if (xi->x509)
-				{
-				sk_X509_push(othercerts, xi->x509);
-				xi->x509 = NULL;
-				}
-			}
-		goto end;
-		}
-	else	{
-		BIO_printf(err,"bad input format specified for input cert\n");
-		goto end;
-		}
-end:
-	if (othercerts == NULL)
-		{
-		BIO_printf(err,"unable to load certificates\n");
-		ERR_print_errors(err);
-		}
-	if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
-	if (certs != NULL) BIO_free(certs);
-	return(othercerts);
-	}
-
-typedef struct {
-	char *name;
-	unsigned long flag;
-	unsigned long mask;
-} NAME_EX_TBL;
-
-int set_name_ex(unsigned long *flags, const char *arg)
-{
-	char c;
-	const NAME_EX_TBL *ptbl, ex_tbl[] = {
-		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
-		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
-		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
-		{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
-		{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
-		{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
-		{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
-		{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
-		{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
-		{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
-		{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
-		{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
-		{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
-		{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
-		{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
-		{ "dn_rev", XN_FLAG_DN_REV, 0},
-		{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
-		{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
-		{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
-		{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
-		{ "space_eq", XN_FLAG_SPC_EQ, 0},
-		{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
-		{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
-		{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
-		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
-		{ NULL, 0, 0}
-	};
-
-	c = arg[0];
-
-	if(c == '-') {
-		c = 0;
-		arg++;
-	} else if (c == '+') {
-		c = 1;
-		arg++;
-	} else c = 1;
-
-	for(ptbl = ex_tbl; ptbl->name; ptbl++) {
-		if(!strcmp(arg, ptbl->name)) {
-			*flags &= ~ptbl->mask;
-			if(c) *flags |= ptbl->flag;
-			else *flags &= ~ptbl->flag;
-			return 1;
-		}
-	}
-	return 0;
-}
-
-void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
-{
-	char buf[256];
-	char mline = 0;
-	int indent = 0;
-	if(title) BIO_puts(out, title);
-	if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-		mline = 1;
-		indent = 4;
-	}
-	if(lflags == XN_FLAG_COMPAT) {
-		X509_NAME_oneline(nm,buf,256);
-		BIO_puts(out,buf);
-		BIO_puts(out, "\n");
-	} else {
-		if(mline) BIO_puts(out, "\n");
-		X509_NAME_print_ex(out, nm, indent, lflags);
-		BIO_puts(out, "\n");
-	}
-}
-
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -1,5 +1,5 @@
 /* apps/apps.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -59,26 +59,18 @@
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H

-#include "openssl/e_os.h"
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif

-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
+#include "buffer.h"
+#include "bio.h"
+#include "crypto.h"
+#include "progs.h"

-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
-int app_RAND_write_file(const char *file, BIO *bio_e);
-/* When `file' is NULL, use defaults.
- * `bio_e' is for error messages. */
-void app_RAND_allow_write_file(void);
-long app_RAND_load_files(char *file); /* `file' is a list of files to read,
-                                       * separated by LIST_SEPARATOR_CHAR
-                                       * (see e_os.h).  The string is
-                                       * destroyed! */
-
-#ifdef NO_STDIO
+#ifdef WIN16
 BIO_METHOD *BIO_s_file();
 #endif

@@ -100,6 +92,7 @@ extern BIO *bio_err;
 #else

 #define MAIN(a,v)	PROG(a,v)
+#include "conf.h"
 extern LHASH *config;
 extern char *default_config_file;
 extern BIO *bio_err;
@@ -114,7 +107,7 @@ extern BIO *bio_err;
 #define do_pipe_sig()
 #endif

-#if defined(MONOLITH) && !defined(OPENSSL_C)
+#if defined(MONOLITH) && !defined(SSLEAY)
 #  define apps_startup()	do_pipe_sig()
 #else
 #  if defined(MSDOS) || defined(WIN16) || defined(WIN32)
@@ -133,40 +126,29 @@ extern BIO *bio_err;
 #endif

 typedef struct args_st
-	{
-	char **data;
+        {
+        char **data;
 	int count;
-	} ARGS;
+        } ARGS;

+#ifndef NOPROTO
 int should_retry(int i);
 int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-#ifdef HEADER_X509_H
-int dump_cert_text(BIO *out, X509 *x);
-void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
+#else
+int should_retry();
+int args_from_file();
+int str2fmt();
+void program_name();
+int chopup_args();
 #endif
-int set_name_ex(unsigned long *flags, const char *arg);
-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, LHASH *conf);
-X509 *load_cert(BIO *err, char *file, int format);
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
-STACK_OF(X509) *load_certs(BIO *err, char *file, int format);

 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2
 #define FORMAT_PEM      3
 #define FORMAT_NETSCAPE 4
-#define FORMAT_PKCS12   5
-#define FORMAT_SMIME    6
-/* Since this is currently inofficial, let's give it a high number */
-#define FORMAT_ENGINE   127
-
-#define NETSCAPE_CERT_HDR	"certificate"
-
-#define APP_PASS_LEN	1024

 #endif
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -1,5 +1,5 @@
 /* apps/asn1pars.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -56,61 +56,54 @@
 * [including the GNU Public Licence.]
 */

-/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to 
- * add the -strparse option which parses nested binary structures
- */
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
+#include "err.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"
+
+#define FORMAT_UNDEF	0
+#define FORMAT_ASN1	1
+#define FORMAT_TEXT	2
+#define FORMAT_PEM	3

 /* -inform arg	- input format - default PEM (DER or PEM)
 * -in arg	- input file - default stdin
 * -i		- indent the details by depth
 * -offset	- where in the file to start
 * -length	- how many bytes to use
- * -oid file	- extra oid description file
 */

 #undef PROG
 #define PROG	asn1parse_main

-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int MAIN(argc, argv)
+int argc;
+char **argv;
 	{
-	int i,badops=0,offset=0,ret=1,j;
+	int i,badops=0,offset=0,ret=1;
 	unsigned int length=0;
-	long num,tmplen;
-	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
-	int informat,indent=0, noout = 0, dump = 0;
-	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
-	unsigned char *tmpbuf;
+	long num;
+	BIO *in=NULL,*out=NULL,*b64=NULL;
+	int informat,indent=0;
+	char *infile,*str=NULL,*prog;
 	BUF_MEM *buf=NULL;
-	STACK *osk=NULL;
-	ASN1_TYPE *at=NULL;

+	infile=NULL;
 	informat=FORMAT_PEM;

 	apps_startup();

 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

 	prog=argv[0];
 	argc--;
 	argv++;
-	if ((osk=sk_new_null()) == NULL)
-		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
-		goto end;
-		}
 	while (argc >= 1)
 		{
 		if 	(strcmp(*argv,"-inform") == 0)
@@ -123,21 +116,10 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			derfile= *(++argv);
-			}
 		else if (strcmp(*argv,"-i") == 0)
 			{
 			indent=1;
 			}
-		else if (strcmp(*argv,"-noout") == 0) noout = 1;
-		else if (strcmp(*argv,"-oid") == 0)
-			{
-			if (--argc < 1) goto bad;
-			oidfile= *(++argv);
-			}
 		else if (strcmp(*argv,"-offset") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -149,21 +131,6 @@ int MAIN(int argc, char **argv)
 			length= atoi(*(++argv));
 			if (length == 0) goto bad;
 			}
-		else if (strcmp(*argv,"-dump") == 0)
-			{
-			dump= -1;
-			}
-		else if (strcmp(*argv,"-dlimit") == 0)
-			{
-			if (--argc < 1) goto bad;
-			dump= atoi(*(++argv));
-			if (dump <= 0) goto bad;
-			}
-		else if (strcmp(*argv,"-strparse") == 0)
-			{
-			if (--argc < 1) goto bad;
-			sk_push(osk,*(++argv));
-			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -180,19 +147,10 @@ bad:
 		BIO_printf(bio_err,"%s [options] <infile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -noout arg    don't produce any output\n");
+		BIO_printf(bio_err," -in arg       inout file\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
-		BIO_printf(bio_err," -length arg   length of section in file\n");
+		BIO_printf(bio_err," -length arg   lenth of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
-		BIO_printf(bio_err," -dump         dump unknown data in hex form\n");
-		BIO_printf(bio_err," -dlimit arg   dump the first arg bytes of unknown data in hex form\n");
-		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
-		BIO_printf(bio_err," -strparse offset\n");
-		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
-		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
-		BIO_printf(bio_err," -out filename output DER encoding to file\n");
 		goto end;
 		}

@@ -205,25 +163,7 @@ bad:
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	out = BIO_push(tmpbio, out);
-	}
-#endif
-
-	if (oidfile != NULL)
-		{
-		if (BIO_read_filename(in,oidfile) <= 0)
-			{
-			BIO_printf(bio_err,"problems opening %s\n",oidfile);
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		OBJ_create_objects(in);
-		}
-
+	BIO_set_fp(out,stdout,BIO_NOCLOSE);
 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	else
@@ -235,14 +175,6 @@ bad:
 			}
 		}

-	if (derfile) {
-		if(!(derout = BIO_new_file(derfile, "wb"))) {
-			BIO_printf(bio_err,"problems opening %s\n",derfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-
 	if ((buf=BUF_MEM_new()) == NULL) goto end;
 	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */

@@ -268,67 +200,20 @@ bad:
 		}
 	str=buf->data;

-	/* If any structs to parse go through in sequence */
-
-	if (sk_num(osk))
-		{
-		tmpbuf=(unsigned char *)str;
-		tmplen=num;
-		for (i=0; i<sk_num(osk); i++)
-			{
-			ASN1_TYPE *atmp;
-			j=atoi(sk_value(osk,i));
-			if (j == 0)
-				{
-				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
-				continue;
-				}
-			tmpbuf+=j;
-			tmplen-=j;
-			atmp = at;
-			at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen);
-			ASN1_TYPE_free(atmp);
-			if(!at)
-				{
-				BIO_printf(bio_err,"Error parsing structure\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			/* hmm... this is a little evil but it works */
-			tmpbuf=at->value.asn1_string->data;
-			tmplen=at->value.asn1_string->length;
-			}
-		str=(char *)tmpbuf;
-		num=tmplen;
-		}
-
 	if (length == 0) length=(unsigned int)num;
-	if(derout) {
-		if(BIO_write(derout, str + offset, length) != (int)length) {
-			BIO_printf(bio_err, "Error writing output\n");
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-	if (!noout &&
-	    !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
-		    indent,dump))
+	if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret=0;
 end:
-	BIO_free(derout);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (b64 != NULL) BIO_free(b64);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	if (buf != NULL) BUF_MEM_free(buf);
-	if (at != NULL) ASN1_TYPE_free(at);
-	if (osk != NULL) sk_free(osk);
-	OBJ_cleanup();
 	EXIT(ret);
 	}

--- a/apps/bss_file.c
+++ b/apps/bss_file.c
@@ -0,0 +1,324 @@
+/* crypto/bio/bss_file.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define APPS_WIN16
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "bio.h"
+#include "err.h"
+
+#ifndef NOPROTO
+static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
+static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
+static int MS_CALLBACK file_puts(BIO *h,char *str);
+static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
+static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int MS_CALLBACK file_new(BIO *h);
+static int MS_CALLBACK file_free(BIO *data);
+#else
+static int MS_CALLBACK file_write();
+static int MS_CALLBACK file_read();
+static int MS_CALLBACK file_puts();
+static int MS_CALLBACK file_gets();
+static long MS_CALLBACK file_ctrl();
+static int MS_CALLBACK file_new();
+static int MS_CALLBACK file_free();
+#endif
+
+static BIO_METHOD methods_filep=
+	{
+	BIO_TYPE_FILE,"FILE pointer",
+	file_write,
+	file_read,
+	file_puts,
+	file_gets,
+	file_ctrl,
+	file_new,
+	file_free,
+	};
+
+BIO *BIO_new_file(filename,mode)
+char *filename;
+char *mode;
+	{
+	BIO *ret;
+	FILE *file;
+
+	if ((file=fopen(filename,mode)) == NULL)
+		{
+		SYSerr(SYS_F_FOPEN,errno);
+		BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
+		return(NULL);
+		}
+	if ((ret=BIO_new_fp(file,BIO_CLOSE)) == NULL)
+		{
+		fclose(file);
+		return(NULL);
+		}
+	return(ret);
+	}
+
+BIO *BIO_new_fp(stream,close_flag)
+FILE *stream;
+int close_flag;
+	{
+	BIO *ret;
+
+	if ((ret=BIO_new(BIO_s_file())) == NULL)
+		return(NULL);
+	BIO_set_fp(ret,stream,close_flag);
+	return(ret);
+	}
+
+#if !defined(WIN16) || defined(APPS_WIN16)
+
+BIO_METHOD *BIO_s_file()
+	{
+	return(&methods_filep);
+	}
+
+#else
+
+BIO_METHOD *BIO_s_file_internal_w16()
+	{
+	return(&methods_filep);
+	}
+
+#endif
+
+static int MS_CALLBACK file_new(bi)
+BIO *bi;
+	{
+	bi->init=0;
+	bi->num=0;
+	bi->ptr=NULL;
+	return(1);
+	}
+
+static int MS_CALLBACK file_free(a)
+BIO *a;
+	{
+	if (a == NULL) return(0);
+	if (a->shutdown)
+		{
+		if ((a->init) && (a->ptr != NULL))
+			{
+			fclose((FILE *)a->ptr);
+			a->ptr=NULL;
+			}
+		a->init=0;
+		}
+	return(1);
+	}
+	
+static int MS_CALLBACK file_read(b,out,outl)
+BIO *b;
+char *out;
+int outl;
+	{
+	int ret=0;
+
+	if (b->init && (out != NULL))
+		{
+		ret=fread(out,1,(int)outl,(FILE *)b->ptr);
+		}
+	return(ret);
+	}
+
+static int MS_CALLBACK file_write(b,in,inl)
+BIO *b;
+char *in;
+int inl;
+	{
+	int ret=0;
+
+	if (b->init && (in != NULL))
+		{
+		if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
+			ret=inl;
+		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
+		/* acording to Tim Hudson <tjh@cryptsoft.com>, the commented
+		 * out version above can cause 'inl' write calls under
+		 * some stupid stdio implementations (VMS) */
+		}
+	return(ret);
+	}
+
+static long MS_CALLBACK file_ctrl(b,cmd,num,ptr)
+BIO *b;
+int cmd;
+long num;
+char *ptr;
+	{
+	long ret=1;
+	FILE *fp=(FILE *)b->ptr;
+	FILE **fpp;
+	char p[4];
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ret=(long)fseek(fp,num,0);
+		break;
+	case BIO_CTRL_EOF:
+		ret=(long)feof(fp);
+		break;
+	case BIO_CTRL_INFO:
+		ret=ftell(fp);
+		break;
+	case BIO_C_SET_FILE_PTR:
+		file_free(b);
+		b->shutdown=(int)num;
+		b->ptr=(char *)ptr;
+		b->init=1;
+		break;
+	case BIO_C_SET_FILENAME:
+		file_free(b);
+		b->shutdown=(int)num&BIO_CLOSE;
+		if (num & BIO_FP_APPEND)
+			{
+			if (num & BIO_FP_READ)
+				strcpy(p,"a+");
+			else	strcpy(p,"a");
+			}
+		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
+			strcpy(p,"r+");
+		else if (num & BIO_FP_WRITE)
+			strcpy(p,"w");
+		else if (num & BIO_FP_READ)
+			strcpy(p,"r");
+		else
+			{
+			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
+			ret=0;
+			break;
+			}
+#if defined(MSDOS) || defined(WINDOWS)
+		if (!(num & BIO_FP_TEXT))
+			strcat(p,"b");
+		else
+			strcat(p,"t");
+#endif
+		fp=fopen(ptr,p);
+		if (fp == NULL)
+			{
+			SYSerr(SYS_F_FOPEN,errno);
+			BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
+			ret=0;
+			break;
+			}
+		b->ptr=(char *)fp;
+		b->init=1;
+		break;
+	case BIO_C_GET_FILE_PTR:
+		/* the ptr parameter is actually a FILE ** in this case. */
+		if (ptr != NULL)
+			{
+			fpp=(FILE **)ptr;
+			*fpp=(FILE *)b->ptr;
+			}
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=(long)b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+	case BIO_CTRL_FLUSH:
+		fflush((FILE *)b->ptr);
+		break;
+	case BIO_CTRL_DUP:
+		ret=1;
+		break;
+
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_PUSH:
+	case BIO_CTRL_POP:
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int MS_CALLBACK file_gets(bp,buf,size)
+BIO *bp;
+char *buf;
+int size;
+	{
+	int ret=0;
+
+	buf[0]='\0';
+	fgets(buf,size,(FILE *)bp->ptr);
+	if (buf[0] != '\0')
+		ret=strlen(buf);
+	return(ret);
+	}
+
+static int MS_CALLBACK file_puts(bp,str)
+BIO *bp;
+char *str;
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=file_write(bp,str,n);
+	return(ret);
+	}
+
--- a/apps/c512-key.pem
+++ b/apps/c512-key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
+q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
+/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
+HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
+ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
+nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
+ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
+-----END RSA PRIVATE KEY-----
--- a/apps/c512-req.pem
+++ b/apps/c512-req.pem
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
+MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0
+IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i
+2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs6
+2NNtXrT8odkCAwEAATANBgkqhkiG9w0BAQQFAANBAC5JBTeji7RosqMaUIDzIW13
+oO6+kPhx9fXSpMFHIsY3aH92Milkov/2A4SuZTcnv/P6+8klmS0EaiUKcRzak4E=
+-----END CERTIFICATE REQUEST-----
--- a/apps/ca-cert.srl
+++ b/apps/ca-cert.srl
@@ -1 +1 @@
-07
+03
--- a/apps/ca.c
+++ b/apps/ca.c
--- a/apps/cert.pem
+++ b/apps/cert.pem
@@ -1,11 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
-VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
-Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
-YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
-DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
-tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
-sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
-19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
-----END CERTIFICATE-----
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -1,5 +1,5 @@
 /* apps/ciphers.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -59,12 +59,12 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef NO_STDIO
+#ifdef WIN16
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include <openssl/err.h>
-#include <openssl/ssl.h>
+#include "err.h"
+#include "ssl.h"

 #undef PROG
 #define PROG	ciphers_main
@@ -74,24 +74,22 @@ static char *ciphers_usage[]={
 " -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
 " -ssl2       - SSL2 mode\n",
 " -ssl3       - SSL3 mode\n",
-" -tls1       - TLS1 mode\n",
 NULL
 };

-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int MAIN(argc, argv)
+int argc;
+char **argv;
 	{
 	int ret=1,i;
 	int verbose=0;
-	char **pp;
-	const char *p;
+	char **pp,*p;
 	int badops=0;
 	SSL_CTX *ctx=NULL;
 	SSL *ssl=NULL;
 	char *ciphers=NULL;
 	SSL_METHOD *meth=NULL;
-	STACK_OF(SSL_CIPHER) *sk;
+	STACK *sk;
 	char buf[512];
 	BIO *STDout=NULL;

@@ -108,12 +106,6 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	STDout = BIO_push(tmpbio, STDout);
-	}
-#endif

 	argc--;
 	argv++;
@@ -128,10 +120,6 @@ int MAIN(int argc, char **argv)
 #ifndef NO_SSL3
 		else if (strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
-#endif
-#ifndef NO_TLS1
-		else if (strcmp(*argv,"-tls1") == 0)
-			meth=TLSv1_client_method();
 #endif
 		else if ((strncmp(*argv,"-h",2) == 0) ||
 			 (strcmp(*argv,"-?") == 0))
@@ -154,16 +142,12 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}

-	OpenSSL_add_ssl_algorithms();
+	SSLeay_add_ssl_algorithms();

 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL) goto err;
-	if (ciphers != NULL) {
-		if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
-			BIO_printf(bio_err, "Error in cipher list\n");
-			goto err;
-		}
-	}
+	if (ciphers != NULL)
+		SSL_CTX_set_cipher_list(ctx,ciphers);
 	ssl=SSL_new(ctx);
 	if (ssl == NULL) goto err;

@@ -183,10 +167,10 @@ int MAIN(int argc, char **argv)
 		{
 		sk=SSL_get_ciphers(ssl);

-		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+		for (i=0; i<sk_num(sk); i++)
 			{
 			BIO_puts(STDout,SSL_CIPHER_description(
-				sk_SSL_CIPHER_value(sk,i),
+				(SSL_CIPHER *)sk_value(sk,i),
 				buf,512));
 			}
 		}
@@ -201,7 +185,7 @@ err:
 end:
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (ssl != NULL) SSL_free(ssl);
-	if (STDout != NULL) BIO_free_all(STDout);
+	if (STDout != NULL) BIO_free(STDout);
 	EXIT(ret);
 	}

--- a/apps/crl.c
+++ b/apps/crl.c
@@ -1,5 +1,5 @@
 /* apps/crl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -60,11 +60,10 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
+#include "bio.h"
+#include "err.h"
+#include "x509.h"
+#include "pem.h"

 #undef PROG
 #define PROG	crl_main
@@ -72,10 +71,15 @@
 #undef POSTFIX
 #define	POSTFIX	".rvk"

+#define FORMAT_UNDEF	0
+#define FORMAT_ASN1	1
+#define FORMAT_TEXT	2
+#define FORMAT_PEM	3
+
 static char *crl_usage[]={
 "usage: crl args\n",
 "\n",
-" -inform arg     - input format - default PEM (DER or PEM)\n",
+" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -text           - print out a text format version\n",
 " -in arg         - input file - default stdin\n",
@@ -85,52 +89,39 @@ static char *crl_usage[]={
 " -lastupdate     - lastUpdate field\n",
 " -nextupdate     - nextUpdate field\n",
 " -noout          - no CRL output\n",
-" -CAfile  name   - verify CRL using certificates in file \"name\"\n",
-" -CApath  dir    - verify CRL using certificates in \"dir\"\n",
 NULL
 };

+#ifndef NOPROTO
 static X509_CRL *load_crl(char *file, int format);
+#else
+static X509_CRL *load_crl();
+#endif
+
 static BIO *bio_out=NULL;

-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int MAIN(argc, argv)
+int argc;
+char **argv;
 	{
 	X509_CRL *x=NULL;
-	char *CAfile = NULL, *CApath = NULL;
 	int ret=1,i,num,badops=0;
 	BIO *out=NULL;
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
-	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
-	int fingerprint = 0;
+	char *str=NULL;
+	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
 	char **pp,buf[256];
-	X509_STORE *store = NULL;
-	X509_STORE_CTX ctx;
-	X509_LOOKUP *lookup = NULL;
-	X509_OBJECT xobj;
-	EVP_PKEY *pkey;
-	int do_ver = 0;
-	const EVP_MD *md_alg,*digest=EVP_md5();

 	apps_startup();

 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
-			{
 			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			bio_out = BIO_push(tmpbio, bio_out);
-			}
-#endif
-			}

 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
@@ -157,6 +148,10 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
+		else if (strcmp(*argv,"-text") == 0)
+			{
+			outformat=FORMAT_TEXT;
+			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -167,22 +162,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-CApath") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CApath = *(++argv);
-			do_ver = 1;
-			}
-		else if (strcmp(*argv,"-CAfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAfile = *(++argv);
-			do_ver = 1;
-			}
-		else if (strcmp(*argv,"-verify") == 0)
-			do_ver = 1;
-		else if (strcmp(*argv,"-text") == 0)
-			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
 		else if (strcmp(*argv,"-issuer") == 0)
@@ -193,13 +172,6 @@ int MAIN(int argc, char **argv)
 			nextupdate= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
-		else if (strcmp(*argv,"-fingerprint") == 0)
-			fingerprint= ++num;
-		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
-			{
-			/* ok */
-			digest=md_alg;
-			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -210,6 +182,14 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

+	if (outformat == FORMAT_TEXT)
+		{
+		num=0;
+		issuer= ++num;
+		lastupdate= ++num;
+		nextupdate= ++num;
+		}
+
 	if (badops)
 		{
 bad:
@@ -222,98 +202,38 @@ bad:
 	x=load_crl(infile,informat);
 	if (x == NULL) { goto end; }

-	if(do_ver) {
-		store = X509_STORE_new();
-		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
-		if (lookup == NULL) goto end;
-		if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
-			X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-			
-		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
-		if (lookup == NULL) goto end;
-		if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
-			X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-		ERR_clear_error();
-
-		X509_STORE_CTX_init(&ctx, store, NULL, NULL);
-
-		i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, 
-					X509_CRL_get_issuer(x), &xobj);
-		if(i <= 0) {
-			BIO_printf(bio_err,
-				"Error getting CRL issuer certificate\n");
-			goto end;
-		}
-		pkey = X509_get_pubkey(xobj.data.x509);
-		X509_OBJECT_free_contents(&xobj);
-		if(!pkey) {
-			BIO_printf(bio_err,
-				"Error getting CRL issuer public key\n");
-			goto end;
-		}
-		i = X509_CRL_verify(x, pkey);
-		EVP_PKEY_free(pkey);
-		if(i < 0) goto end;
-		if(i == 0) BIO_printf(bio_err, "verify failure\n");
-		else BIO_printf(bio_err, "verify OK\n");
-	}
-
 	if (num)
 		{
 		for (i=1; i<=num; i++)
 			{
 			if (issuer == i)
 				{
-				X509_NAME_oneline(X509_CRL_get_issuer(x),
-								buf,256);
-				BIO_printf(bio_out,"issuer= %s\n",buf);
+				X509_NAME_oneline(x->crl->issuer,buf,256);
+				fprintf(stdout,"issuer= %s\n",str);
 				}

 			if (hash == i)
 				{
-				BIO_printf(bio_out,"%08lx\n",
-					X509_NAME_hash(X509_CRL_get_issuer(x)));
+				fprintf(stdout,"%08lx\n",
+					X509_NAME_hash(x->crl->issuer));
 				}
 			if (lastupdate == i)
 				{
-				BIO_printf(bio_out,"lastUpdate=");
-				ASN1_TIME_print(bio_out,
-						X509_CRL_get_lastUpdate(x));
-				BIO_printf(bio_out,"\n");
+				fprintf(stdout,"lastUpdate=");
+				ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
+				fprintf(stdout,"\n");
 				}
 			if (nextupdate == i)
 				{
-				BIO_printf(bio_out,"nextUpdate=");
-				if (X509_CRL_get_nextUpdate(x)) 
-					ASN1_TIME_print(bio_out,
-						X509_CRL_get_nextUpdate(x));
-				else
-					BIO_printf(bio_out,"NONE");
-				BIO_printf(bio_out,"\n");
-				}
-			if (fingerprint == i)
-				{
-				int j;
-				unsigned int n;
-				unsigned char md[EVP_MAX_MD_SIZE];
-
-				if (!X509_CRL_digest(x,digest,md,&n))
-					{
-					BIO_printf(bio_err,"out of memory\n");
-					goto end;
-					}
-				BIO_printf(bio_out,"%s Fingerprint=",
-						OBJ_nid2sn(EVP_MD_type(digest)));
-				for (j=0; j<(int)n; j++)
-					{
-					BIO_printf(bio_out,"%02X%c",md[j],
-						(j+1 == (int)n)
-						?'\n':':');
-					}
+				fprintf(stdout,"nextUpdate=");
+				ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
+				fprintf(stdout,"\n");
 				}
 			}
 		}

+	if (noout) goto end;
+
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -322,15 +242,7 @@ bad:
 		}

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -340,14 +252,24 @@ bad:
 			}
 		}

-	if (text) X509_CRL_print(out, x);
-
-	if (noout) goto end;
-
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_X509_CRL(out,x);
+	else if (outformat == FORMAT_TEXT)
+		{
+		X509_REVOKED *r;
+
+		while ((r=(X509_REVOKED *)sk_pop(x->crl->revoked)) != NULL)
+			{
+			fprintf(stdout,"revoked: serialNumber=");
+			i2a_ASN1_INTEGER(out,r->serialNumber);
+			fprintf(stdout," revocationDate=");
+			ASN1_UTCTIME_print(bio_out,r->revocationDate);
+			fprintf(stdout,"\n");
+			}
+		i=1;
+		}
 	else	
 		{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
@@ -356,18 +278,15 @@ bad:
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
-	BIO_free_all(out);
-	BIO_free_all(bio_out);
-	bio_out=NULL;
-	X509_CRL_free(x);
-	if(store) {
-		X509_STORE_CTX_cleanup(&ctx);
-		X509_STORE_free(store);
-	}
+	if (out != NULL) BIO_free(out);
+	if (bio_out != NULL) BIO_free(bio_out);
+	if (x != NULL) X509_CRL_free(x);
 	EXIT(ret);
 	}

-static X509_CRL *load_crl(char *infile, int format)
+static X509_CRL *load_crl(infile, format)
+char *infile;
+int format;
 	{
 	X509_CRL *x=NULL;
 	BIO *in=NULL;
@@ -392,7 +311,7 @@ static X509_CRL *load_crl(char *infile, int format)
 	if 	(format == FORMAT_ASN1)
 		x=d2i_X509_CRL_bio(in,NULL);
 	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
+		x=PEM_read_bio_X509_CRL(in,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
@@ -405,7 +324,7 @@ static X509_CRL *load_crl(char *infile, int format)
 		}
 	
 end:
-	BIO_free(in);
+	if (in != NULL) BIO_free(in);
 	return(x);
 	}

--- a/apps/crl.out
+++ b/apps/crl.out
@@ -0,0 +1,8 @@
+-----BEGIN X509 CRL-----
+MIIBDjCBuTANBgkqhkiG9w0BAQQFADBgMQswCQYDVQQGEwJBVTEMMAoGA1UECBMD
+UUxEMRkwFwYDVQQKExBNaW5jb20gUHR5LiBMdGQuMQswCQYDVQQLEwJDUzEbMBkG
+A1UEAxMSU1NMZWF5IGRlbW8gc2VydmVyFw05NzA3MDkwMDAwMjJaFw05NzA4MDgw
+MDAwMjJaMCgwEgIBARcNOTUxMDA5MjMzMjA1WjASAgEDFw05NTEyMDEwMTAwMDBa
+MA0GCSqGSIb3DQEBBAUAA0EAcEBIWVZPXxSlLMPPLfBi4s0N3lzTgskZkgO6pjZi
+oQRwh5vi5zFqDNQteGx7RTHpUYntgyoAZ87FZE0GOJgBaQ==
+-----END X509 CRL-----
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -1,5 +1,5 @@
 /* apps/crl2p7.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -65,26 +65,31 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-#include <openssl/objects.h>
+#include "err.h"
+#include "evp.h"
+#include "x509.h"
+#include "pkcs7.h"
+#include "pem.h"
+#include "objects.h"
+
+#ifndef NOPROTO
+static int add_certs_from_file(STACK *stack, char *certfile);
+#else
+static int add_certs_from_file();
+#endif

-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 #undef PROG
 #define PROG	crl2pkcs7_main

-/* -inform arg	- input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
 */

-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int MAIN(argc, argv)
+int argc;
+char **argv;
 	{
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -93,21 +98,21 @@ int MAIN(int argc, char **argv)
 	PKCS7 *p7 = NULL;
 	PKCS7_SIGNED *p7s = NULL;
 	X509_CRL *crl=NULL;
-	STACK *certflst=NULL;
-	STACK_OF(X509_CRL) *crl_stack=NULL;
-	STACK_OF(X509) *cert_stack=NULL;
+	STACK *crl_stack=NULL;
+	STACK *cert_stack=NULL;
 	int ret=1,nocrl=0;

 	apps_startup();

 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
+	certfile=NULL;

 	prog=argv[0];
 	argc--;
@@ -141,8 +146,7 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-certfile") == 0)
 			{
 			if (--argc < 1) goto bad;
-			if(!certflst) certflst = sk_new_null();
-			sk_push(certflst,*(++argv));
+			certfile= *(++argv);
 			}
 		else
 			{
@@ -159,12 +163,11 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");
-		BIO_printf(bio_err," -in arg        input file\n");
+		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -in arg        inout file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
-		BIO_printf(bio_err,"                (can be used more than once)\n");
 		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
 		EXIT(1);
 		}
@@ -195,7 +198,7 @@ bad:
 		if 	(informat == FORMAT_ASN1)
 			crl=d2i_X509_CRL_bio(in,NULL);
 		else if (informat == FORMAT_PEM)
-			crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
+			crl=PEM_read_bio_X509_CRL(in,NULL,NULL);
 		else	{
 			BIO_printf(bio_err,"bad input format specified for input crl\n");
 			goto end;
@@ -215,39 +218,29 @@ bad:
 	p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);

 	if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
-	if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
+	if ((crl_stack=sk_new(NULL)) == NULL) goto end;
 	p7s->crl=crl_stack;
 	if (crl != NULL)
 		{
-		sk_X509_CRL_push(crl_stack,crl);
-		crl=NULL; /* now part of p7 for OPENSSL_freeing */
+		sk_push(crl_stack,(char *)crl);
+		crl=NULL; /* now part of p7 for Freeing */
 		}

-	if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
+	if ((cert_stack=sk_new(NULL)) == NULL) goto end;
 	p7s->cert=cert_stack;

-	if(certflst) for(i = 0; i < sk_num(certflst); i++) {
-		certfile = sk_value(certflst, i);
+	if (certfile != NULL) 
+		{
 		if (add_certs_from_file(cert_stack,certfile) < 0)
 			{
-			BIO_printf(bio_err, "error loading certificates\n");
+			BIO_printf(bio_err,"error loading certificates\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
-	}
-
-	sk_free(certflst);
+		}

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -274,7 +267,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (p7 != NULL) PKCS7_free(p7);
 	if (crl != NULL) X509_CRL_free(crl);

@@ -291,42 +284,40 @@ end:
 *	number of certs added if successful, -1 if not.
 *----------------------------------------------------------------------
 */
-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
+static int add_certs_from_file(stack,certfile)
+STACK *stack;
+char *certfile;
 	{
 	struct stat st;
 	BIO *in=NULL;
 	int count=0;
 	int ret= -1;
-	STACK_OF(X509_INFO) *sk=NULL;
+	STACK *sk=NULL;
 	X509_INFO *xi;

 	if ((stat(certfile,&st) != 0))
 		{
-		BIO_printf(bio_err,"unable to load the file, %s\n",certfile);
+		BIO_printf(bio_err,"unable to file the file, %s\n",certfile);
 		goto end;
 		}

 	in=BIO_new(BIO_s_file());
 	if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
 		{
-		BIO_printf(bio_err,"error opening the file, %s\n",certfile);
 		goto end;
 		}

 	/* This loads from a file, a stack of x509/crl/pkey sets */
-	sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL);
-	if (sk == NULL) {
-		BIO_printf(bio_err,"error reading the file, %s\n",certfile);
-		goto end;
-	}
+	sk=PEM_X509_INFO_read_bio(in,NULL,NULL);
+	if (sk == NULL) goto end;

 	/* scan over it and pull out the CRL's */
-	while (sk_X509_INFO_num(sk))
+	while (sk_num(sk))
 		{
-		xi=sk_X509_INFO_shift(sk);
+		xi=(X509_INFO *)sk_shift(sk);
 		if (xi->x509 != NULL)
 			{
-			sk_X509_push(stack,xi->x509);
+			sk_push(stack,(char *)xi->x509);
 			xi->x509=NULL;
 			count++;
 			}
@@ -335,9 +326,9 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)

 	ret=count;
 end:
- 	/* never need to OPENSSL_free x */
+ 	/* never need to Free x */
 	if (in != NULL) BIO_free(in);
-	if (sk != NULL) sk_X509_INFO_free(sk);
+	if (sk != NULL) sk_free(sk);
 	return(ret);
 	}

--- a/apps/der_chop.in
+++ b/apps/der_chop.in
@@ -42,13 +42,13 @@ $md4_cmd="md4";
 $rsa_cmd="rsa -des -inform der ";

 # this was the 0.5.x way of doing things ...
-$cmd="openssl asn1parse";
-$x509_cmd="openssl x509";
-$crl_cmd="openssl crl";
-$rc4_cmd="openssl rc4";
-$md2_cmd="openssl md2";
-$md4_cmd="openssl md4";
-$rsa_cmd="openssl rsa -des -inform der ";
+$cmd="ssleay asn1parse";
+$x509_cmd="ssleay x509";
+$crl_cmd="ssleay crl";
+$rc4_cmd="ssleay rc4";
+$md2_cmd="ssleay md2";
+$md4_cmd="ssleay md4";
+$rsa_cmd="ssleay rsa -des -inform der ";

 &Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
 $depth=($opt_d =~ /^\d+$/)?$opt_d:0;
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -1,5 +1,5 @@
 /* apps/dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -60,13 +60,12 @@
 #include <string.h>
 #include <stdlib.h>
 #include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/engine.h>
+#include "bio.h"
+#include "err.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#include "pem.h"

 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -74,98 +73,50 @@
 #undef PROG
 #define PROG	dgst_main

-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
-		EVP_PKEY *key, unsigned char *sigin, int siglen);
+#ifndef NOPROTO
+void do_fp(unsigned char *buf,BIO *f,int sep);
+#else
+void do_fp();
+#endif

-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int MAIN(argc,argv)
+int argc;
+char **argv;
 	{
-	ENGINE *e = NULL;
 	unsigned char *buf=NULL;
 	int i,err=0;
-	const EVP_MD *md=NULL,*m;
+	EVP_MD *md=NULL,*m;
 	BIO *in=NULL,*inp;
 	BIO *bmd=NULL;
-	BIO *out = NULL;
-	const char *name;
+	char *name;
 #define PROG_NAME_SIZE  16
-	char pname[PROG_NAME_SIZE];
+        char pname[PROG_NAME_SIZE];
 	int separator=0;
 	int debug=0;
-	const char *outfile = NULL, *keyfile = NULL;
-	const char *sigfile = NULL, *randfile = NULL;
-	char out_bin = -1, want_pub = 0, do_verify = 0;
-	EVP_PKEY *sigkey = NULL;
-	unsigned char *sigbuf = NULL;
-	int siglen = 0;
-	char *engine=NULL;

 	apps_startup();

-	if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
+	if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

 	/* first check the program name */
-	program_name(argv[0],pname,PROG_NAME_SIZE);
+        program_name(argv[0],pname,PROG_NAME_SIZE);

 	md=EVP_get_digestbyname(pname);

 	argc--;
 	argv++;
-	while (argc > 0)
+	for (i=0; i<argc; i++)
 		{
 		if ((*argv)[0] != '-') break;
 		if (strcmp(*argv,"-c") == 0)
 			separator=1;
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) break;
-			randfile=*(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) break;
-			outfile=*(++argv);
-			}
-		else if (strcmp(*argv,"-sign") == 0)
-			{
-			if (--argc < 1) break;
-			keyfile=*(++argv);
-			}
-		else if (strcmp(*argv,"-verify") == 0)
-			{
-			if (--argc < 1) break;
-			keyfile=*(++argv);
-			want_pub = 1;
-			do_verify = 1;
-			}
-		else if (strcmp(*argv,"-prverify") == 0)
-			{
-			if (--argc < 1) break;
-			keyfile=*(++argv);
-			do_verify = 1;
-			}
-		else if (strcmp(*argv,"-signature") == 0)
-			{
-			if (--argc < 1) break;
-			sigfile=*(++argv);
-			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) break;
-			engine= *(++argv);
-			}
-		else if (strcmp(*argv,"-hex") == 0)
-			out_bin = 0;
-		else if (strcmp(*argv,"-binary") == 0)
-			out_bin = 1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
@@ -179,63 +130,26 @@ int MAIN(int argc, char **argv)
 	if (md == NULL)
 		md=EVP_md5();

-	if(do_verify && !sigfile) {
-		BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
-		err = 1; 
-		goto end;
-	}
-
 	if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
 		{
 		BIO_printf(bio_err,"unknown option '%s'\n",*argv);
 		BIO_printf(bio_err,"options are\n");
-		BIO_printf(bio_err,"-c              to output the digest with separating colons\n");
-		BIO_printf(bio_err,"-d              to output debug info\n");
-		BIO_printf(bio_err,"-hex            output as hex dump\n");
-		BIO_printf(bio_err,"-binary         output in binary form\n");
-		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
-		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
-		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
-		BIO_printf(bio_err,"-signature file signature to verify\n");
-		BIO_printf(bio_err,"-binary         output in binary form\n");
-		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
-
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
+		BIO_printf(bio_err,"-c   to output the digest with separating colons\n");
+		BIO_printf(bio_err,"-c   to output debug info\n");
+		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm (default)\n",
 			LN_md5,LN_md5);
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
-			LN_md4,LN_md4);
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
 			LN_md2,LN_md2);
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
 			LN_sha1,LN_sha1);
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
 			LN_sha,LN_sha);
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest alogorithm\n",
 			LN_mdc2,LN_mdc2);
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
-			LN_ripemd160,LN_ripemd160);
 		err=1;
 		goto end;
 		}
-
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
+	
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)
@@ -251,80 +165,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}

-	if(out_bin == -1) {
-		if(keyfile) out_bin = 1;
-		else out_bin = 0;
-	}
-
-	if(randfile)
-		app_RAND_load_file(randfile, bio_err, 0);
-
-	if(outfile) {
-		if(out_bin)
-			out = BIO_new_file(outfile, "wb");
-		else    out = BIO_new_file(outfile, "w");
-	} else {
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-
-	if(!out) {
-		BIO_printf(bio_err, "Error opening output file %s\n", 
-					outfile ? outfile : "(stdout)");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	if(keyfile) {
-		BIO *keybio;
-		keybio = BIO_new_file(keyfile, "r");
-		if(!keybio) {
-			BIO_printf(bio_err, "Error opening key file %s\n",
-								keyfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		
-		if(want_pub) 
-			sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
-		else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
-		BIO_free(keybio);
-		if(!sigkey) {
-			BIO_printf(bio_err, "Error reading key file %s\n",
-								keyfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-
-	if(sigfile && sigkey) {
-		BIO *sigbio;
-		sigbio = BIO_new_file(sigfile, "rb");
-		siglen = EVP_PKEY_size(sigkey);
-		sigbuf = OPENSSL_malloc(siglen);
-		if(!sigbio) {
-			BIO_printf(bio_err, "Error opening signature file %s\n",
-								sigfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		siglen = BIO_read(sigbio, sigbuf, siglen);
-		BIO_free(sigbio);
-		if(siglen <= 0) {
-			BIO_printf(bio_err, "Error reading signature file %s\n",
-								sigfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-		
-
-
 	/* we use md as a filter, reading from 'in' */
 	BIO_set_md(bmd,md);
 	inp=BIO_push(bmd,in);
@@ -332,7 +172,7 @@ int MAIN(int argc, char **argv)
 	if (argc == 0)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-		do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen);
+		do_fp(buf,inp,separator);
 		}
 	else
 		{
@@ -345,28 +185,26 @@ int MAIN(int argc, char **argv)
 				err++;
 				continue;
 				}
-			if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]);
-			do_fp(out, buf,inp,separator, out_bin, sigkey, 
-								sigbuf, siglen);
-			(void)BIO_reset(bmd);
+			printf("%s(%s)= ",name,argv[i]);
+			do_fp(buf,inp,separator);
+			BIO_reset(bmd);
 			}
 		}
 end:
 	if (buf != NULL)
 		{
 		memset(buf,0,BUFSIZE);
-		OPENSSL_free(buf);
+		Free(buf);
 		}
 	if (in != NULL) BIO_free(in);
-	BIO_free_all(out);
-	EVP_PKEY_free(sigkey);
-	if(sigbuf) OPENSSL_free(sigbuf);
 	if (bmd != NULL) BIO_free(bmd);
 	EXIT(err);
 	}

-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
-			EVP_PKEY *key, unsigned char *sigin, int siglen)
+void do_fp(buf,bp,sep)
+unsigned char *buf;
+BIO *bp;
+int sep;
 	{
 	int len;
 	int i;
@@ -376,44 +214,14 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
 		if (i <= 0) break;
 		}
-	if(sigin)
-		{
-		EVP_MD_CTX *ctx;
-		BIO_get_md_ctx(bp, &ctx);
-		i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 
-		if(i > 0) BIO_printf(out, "Verified OK\n");
-		else if(i == 0) BIO_printf(out, "Verification Failure\n");
-		else
-			{
-			BIO_printf(bio_err, "Error Verifying Data\n");
-			ERR_print_errors(bio_err);
-			}
-		return;
-		}
-	if(key)
-		{
-		EVP_MD_CTX *ctx;
-		BIO_get_md_ctx(bp, &ctx);
-		if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) 
-			{
-			BIO_printf(bio_err, "Error Signing Data\n");
-			ERR_print_errors(bio_err);
-			return;
-			}
-		}
-	else
-		len=BIO_gets(bp,(char *)buf,BUFSIZE);
+	len=BIO_gets(bp,(char *)buf,BUFSIZE);

-	if(binout) BIO_write(out, buf, len);
-	else 
+	for (i=0; i<len; i++)
 		{
-		for (i=0; i<len; i++)
-			{
-			if (sep && (i != 0))
-				BIO_printf(out, ":");
-			BIO_printf(out, "%02x",buf[i]);
-			}
-		BIO_printf(out, "\n");
+		if (sep && (i != 0))
+			putc(':',stdout);
+		printf("%02x",buf[i]);
 		}
+	printf("\n");
 	}

--- a/apps/dh.c
+++ b/apps/dh.c
@@ -1,6 +1,5 @@
 /* apps/dh.c */
-/* obsoleted by dhparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -57,24 +56,22 @@
 * [including the GNU Public Licence.]
 */

-#ifndef NO_DH
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
 #include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/engine.h>
+#include "bio.h"
+#include "err.h"
+#include "bn.h"
+#include "dh.h"
+#include "x509.h"
+#include "pem.h"

 #undef PROG
 #define PROG	dh_main

-/* -inform arg	- input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@@ -84,24 +81,22 @@
 * -C
 */

-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int MAIN(argc, argv)
+int argc;
+char **argv;
 	{
-	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;

 	apps_startup();

 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

-	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -132,11 +127,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -160,38 +150,19 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
-		BIO_printf(bio_err," -in arg       input file\n");
+		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -in arg       inout file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -check        check the DH parameters\n");
-		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
+		BIO_printf(bio_err," -text         check the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		goto end;
 		}

 	ERR_load_crypto_strings();

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -211,15 +182,7 @@ bad:
 			}
 		}
 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -232,7 +195,7 @@ bad:
 	if	(informat == FORMAT_ASN1)
 		dh=d2i_DHparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
+		dh=PEM_read_bio_DHparams(in,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified\n");
@@ -257,7 +220,7 @@ bad:
 		BN_print(stdout,dh->g);
 		printf("\n");
 		if (dh->length != 0)
-			printf("recommended private length=%ld\n",dh->length);
+			printf("recomented private length=%ld\n",dh->length);
 #endif
 		}
 	
@@ -270,8 +233,8 @@ bad:
 			}
 		if (i & DH_CHECK_P_NOT_PRIME)
 			printf("p value is not prime\n");
-		if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-			printf("p value is not a safe prime\n");
+		if (i & DH_CHECK_P_NOT_STRONG_PRIME)
+			printf("p value is not a strong prime\n");
 		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
 			printf("unable to check the generator value\n");
 		if (i & DH_NOT_SUITABLE_GENERATOR)
@@ -286,10 +249,10 @@ bad:

 		len=BN_num_bytes(dh->p);
 		bits=BN_num_bits(dh->p);
-		data=(unsigned char *)OPENSSL_malloc(len);
+		data=(unsigned char *)Malloc(len);
 		if (data == NULL)
 			{
-			perror("OPENSSL_malloc");
+			perror("Malloc");
 			goto end;
 			}
 		l=BN_bn2bin(dh->p,data);
@@ -320,7 +283,6 @@ bad:
 		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
 		printf("\t\treturn(NULL);\n");
 		printf("\treturn(dh);\n\t}\n");
-		OPENSSL_free(data);
 		}


@@ -336,7 +298,7 @@ bad:
 			}
 		if (!i)
 			{
-			BIO_printf(bio_err,"unable to write DH parameters\n");
+			BIO_printf(bio_err,"unable to write DH paramaters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
@@ -344,8 +306,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}
-#endif
--- a/apps/dh1024.pem
+++ b/apps/dh1024.pem
@@ -1,10 +1,5 @@
 -----BEGIN DH PARAMETERS-----
-MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
-jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
-ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
 -----END DH PARAMETERS-----
-
-These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
--- a/apps/dh2048.pem
+++ b/apps/dh2048.pem
@@ -1,12 +0,0 @@
-----BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
-89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
-T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
-zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
-Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
-CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
-----END DH PARAMETERS-----
-
-These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
--- a/apps/dh4096.pem
+++ b/apps/dh4096.pem
@@ -1,18 +0,0 @@
-----BEGIN DH PARAMETERS-----
-MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
-l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
-Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
-Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
-VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
-alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
-sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
-ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
-OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
-AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
-KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
-----END DH PARAMETERS-----
-
-These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
--- a/apps/dh512.pem
+++ b/apps/dh512.pem
@@ -1,9 +0,0 @@
-----BEGIN DH PARAMETERS-----
-MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
-XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
-----END DH PARAMETERS-----
-
-These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -1,554 +0,0 @@
-/* apps/dhparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef NO_DH
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/engine.h>
-
-#ifndef NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#undef PROG
-#define PROG	dhparam_main
-
-#define DEFBITS	512
-
-/* -inform arg	- input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg	- input file - default stdin
- * -out arg	- output file - default stdout
- * -dsaparam  - read or generate DSA parameters, convert to DH
- * -check	- check the parameters are ok
- * -noout
- * -text
- * -C
- */
-
-static void MS_CALLBACK dh_cb(int p, int n, void *arg);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	DH *dh=NULL;
-	int i,badops=0,text=0;
-#ifndef NO_DSA
-	int dsaparam=0;
-#endif
-	BIO *in=NULL,*out=NULL;
-	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog;
-	char *inrand=NULL,*engine=NULL;
-	int num = 0, g = 0;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	infile=NULL;
-	outfile=NULL;
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-		else if (strcmp(*argv,"-check") == 0)
-			check=1;
-		else if (strcmp(*argv,"-text") == 0)
-			text=1;
-#ifndef NO_DSA
-		else if (strcmp(*argv,"-dsaparam") == 0)
-			dsaparam=1;
-#endif
-		else if (strcmp(*argv,"-C") == 0)
-			C=1;
-		else if (strcmp(*argv,"-noout") == 0)
-			noout=1;
-		else if (strcmp(*argv,"-2") == 0)
-			g=2;
-		else if (strcmp(*argv,"-5") == 0)
-			g=5;
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			}
-		else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
-			goto bad;
-		argv++;
-		argc--;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err,"%s [options] [numbits]\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
-		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
-#ifndef NO_DSA
-		BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");
-#endif
-		BIO_printf(bio_err," -check        check the DH parameters\n");
-		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
-		BIO_printf(bio_err," -C            Output C code\n");
-		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
-		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
-		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,"               the random number generator\n");
-		BIO_printf(bio_err," -noout        no output\n");
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
-	if (g && !num)
-		num = DEFBITS;
-
-#ifndef NO_DSA
-	if (dsaparam)
-		{
-		if (g)
-			{
-			BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
-			goto end;
-			}
-		}
-	else
-#endif
-		{
-		/* DH parameters */
-		if (num && !g)
-			g = 2;
-		}
-
-	if(num) {
-
-		if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
-			{
-			BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-			}
-		if (inrand != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				app_RAND_load_files(inrand));
-
-#ifndef NO_DSA
-		if (dsaparam)
-			{
-			DSA *dsa;
-			
-			BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
-			dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
-			if (dsa == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-
-			dh = DSA_dup_DH(dsa);
-			DSA_free(dsa);
-			if (dh == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		else
-#endif
-			{
-			BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
-			BIO_printf(bio_err,"This is going to take a long time\n");
-			dh=DH_generate_parameters(num,g,dh_cb,bio_err);
-			
-			if (dh == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-
-		app_RAND_write_file(NULL, bio_err);
-	} else {
-
-		in=BIO_new(BIO_s_file());
-		if (in == NULL)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (infile == NULL)
-			BIO_set_fp(in,stdin,BIO_NOCLOSE);
-		else
-			{
-			if (BIO_read_filename(in,infile) <= 0)
-				{
-				perror(infile);
-				goto end;
-				}
-			}
-
-		if	(informat != FORMAT_ASN1 && informat != FORMAT_PEM)
-			{
-			BIO_printf(bio_err,"bad input format specified\n");
-			goto end;
-			}
-
-#ifndef NO_DSA
-		if (dsaparam)
-			{
-			DSA *dsa;
-			
-			if (informat == FORMAT_ASN1)
-				dsa=d2i_DSAparams_bio(in,NULL);
-			else /* informat == FORMAT_PEM */
-				dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
-			
-			if (dsa == NULL)
-				{
-				BIO_printf(bio_err,"unable to load DSA parameters\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			
-			dh = DSA_dup_DH(dsa);
-			DSA_free(dsa);
-			if (dh == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		else
-#endif
-			{
-			if (informat == FORMAT_ASN1)
-				dh=d2i_DHparams_bio(in,NULL);
-			else /* informat == FORMAT_PEM */
-				dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
-			
-			if (dh == NULL)
-				{
-				BIO_printf(bio_err,"unable to load DH parameters\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		
-		/* dh != NULL */
-	}
-	
-	out=BIO_new(BIO_s_file());
-	if (out == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-
-	if (text)
-		{
-		DHparams_print(out,dh);
-		}
-	
-	if (check)
-		{
-		if (!DH_check(dh,&i))
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (i & DH_CHECK_P_NOT_PRIME)
-			printf("p value is not prime\n");
-		if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-			printf("p value is not a safe prime\n");
-		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
-			printf("unable to check the generator value\n");
-		if (i & DH_NOT_SUITABLE_GENERATOR)
-			printf("the g value is not a generator\n");
-		if (i == 0)
-			printf("DH parameters appear to be ok.\n");
-		}
-	if (C)
-		{
-		unsigned char *data;
-		int len,l,bits;
-
-		len=BN_num_bytes(dh->p);
-		bits=BN_num_bits(dh->p);
-		data=(unsigned char *)OPENSSL_malloc(len);
-		if (data == NULL)
-			{
-			perror("OPENSSL_malloc");
-			goto end;
-			}
-		printf("#ifndef HEADER_DH_H\n"
-		       "#include <openssl/dh.h>\n"
-		       "#endif\n");
-		printf("DH *get_dh%d()\n\t{\n",bits);
-
-		l=BN_bn2bin(dh->p,data);
-		printf("\tstatic unsigned char dh%d_p[]={",bits);
-		for (i=0; i<l; i++)
-			{
-			if ((i%12) == 0) printf("\n\t\t");
-			printf("0x%02X,",data[i]);
-			}
-		printf("\n\t\t};\n");
-
-		l=BN_bn2bin(dh->g,data);
-		printf("\tstatic unsigned char dh%d_g[]={",bits);
-		for (i=0; i<l; i++)
-			{
-			if ((i%12) == 0) printf("\n\t\t");
-			printf("0x%02X,",data[i]);
-			}
-		printf("\n\t\t};\n");
-
-		printf("\tDH *dh;\n\n");
-		printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
-		printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
-			bits,bits);
-		printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
-			bits,bits);
-		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
-		printf("\t\t{ DH_free(dh); return(NULL); }\n");
-		if (dh->length)
-			printf("\tdh->length = %d;\n", dh->length);
-		printf("\treturn(dh);\n\t}\n");
-		OPENSSL_free(data);
-		}
-
-
-	if (!noout)
-		{
-		if 	(outformat == FORMAT_ASN1)
-			i=i2d_DHparams_bio(out,dh);
-		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_DHparams(out,dh);
-		else	{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			goto end;
-			}
-		if (!i)
-			{
-			BIO_printf(bio_err,"unable to write DH parameters\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-	ret=0;
-end:
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
-	if (dh != NULL) DH_free(dh);
-	EXIT(ret);
-	}
-
-/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
-static void MS_CALLBACK dh_cb(int p, int n, void *arg)
-	{
-	char c='*';
-
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	BIO_write((BIO *)arg,&c,1);
-	(void)BIO_flush((BIO *)arg);
-#ifdef LINT
-	p=n;
-#endif
-	}
-
-#endif
--- a/apps/dsa-ca.pem
+++ b/apps/dsa-ca.pem
@@ -1,14 +1,17 @@
 -----BEGIN DSA PRIVATE KEY-----
-MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
-PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
-u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
-Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
-hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
-SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
-Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
-94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
-tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
-J6zsFbSEHaQGUmfSeoM=
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
+
+svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
+Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
+Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
+par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
+zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
+uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
+rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
+1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
+HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
+MVqOsYxGCb+kez0FoDSTgw==
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
 MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
--- a/apps/dsa-pca.pem
+++ b/apps/dsa-pca.pem
@@ -1,14 +1,17 @@
 -----BEGIN DSA PRIVATE KEY-----
-MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
-PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
-u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
-Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
-hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
-SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
-Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
-6TicfImU7UFRn9h00j0lJQ==
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
+
+GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
+mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
+of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
+FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
+RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
+qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
+diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
+V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
+hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
+dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
 MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -1,5 +1,5 @@
 /* apps/dsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -56,19 +56,17 @@
 * [including the GNU Public Licence.]
 */

-#ifndef NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/engine.h>
+#include "bio.h"
+#include "err.h"
+#include "dsa.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"

 #undef PROG
 #define PROG	dsa_main
@@ -84,30 +82,25 @@
 * -modulus	- print the DSA public key
 */

-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int MAIN(argc, argv)
+int argc;
+char **argv;
 	{
-	ENGINE *e = NULL;
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
-	const EVP_CIPHER *enc=NULL;
+	EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
-	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog,*engine;
-	char *passargin = NULL, *passargout = NULL;
-	char *passin = NULL, *passout = NULL;
+	char *infile,*outfile,*prog;
 	int modulus=0;

 	apps_startup();

 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

-	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -138,31 +131,12 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus=1;
-		else if (strcmp(*argv,"-pubin") == 0)
-			pubin=1;
-		else if (strcmp(*argv,"-pubout") == 0)
-			pubout=1;
 		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -178,49 +152,23 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg     input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg    output format - DER or PEM\n");
-		BIO_printf(bio_err," -in arg         input file\n");
-		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
-		BIO_printf(bio_err," -out arg        output file\n");
-		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
-		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
+		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
+		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -out arg      output file\n");
+		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
+		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
-		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
+		BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
 #endif
-		BIO_printf(bio_err," -text           print the key in text\n");
-		BIO_printf(bio_err," -noout          don't print key out\n");
-		BIO_printf(bio_err," -modulus        print the DSA public value\n");
+		BIO_printf(bio_err," -text         print the key in text\n");
+		BIO_printf(bio_err," -noout        don't print key out\n");
+		BIO_printf(bio_err," -modulus      print the DSA public value\n");
 		goto end;
 		}

 	ERR_load_crypto_strings();

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
-		BIO_printf(bio_err, "Error getting passwords\n");
-		goto end;
-	}
-
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -240,35 +188,25 @@ bad:
 			}
 		}

-	BIO_printf(bio_err,"read DSA key\n");
-	if	(informat == FORMAT_ASN1) {
-		if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL);
-		else dsa=d2i_DSAPrivateKey_bio(in,NULL);
-	} else if (informat == FORMAT_PEM) {
-		if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
-		else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);
-	} else
+	BIO_printf(bio_err,"read DSA private key\n");
+	if	(informat == FORMAT_ASN1)
+		dsa=d2i_DSAPrivateKey_bio(in,NULL);
+	else if (informat == FORMAT_PEM)
+		dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL);
+	else
 		{
 		BIO_printf(bio_err,"bad input format specified for key\n");
 		goto end;
 		}
 	if (dsa == NULL)
 		{
-		BIO_printf(bio_err,"unable to load Key\n");
+		BIO_printf(bio_err,"unable to load Private Key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -294,16 +232,12 @@ bad:
 		}

 	if (noout) goto end;
-	BIO_printf(bio_err,"writing DSA key\n");
-	if 	(outformat == FORMAT_ASN1) {
-		if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
-		else i=i2d_DSAPrivateKey_bio(out,dsa);
-	} else if (outformat == FORMAT_PEM) {
-		if(pubin || pubout)
-			i=PEM_write_bio_DSA_PUBKEY(out,dsa);
-		else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
-							NULL,0,NULL, passout);
-	} else {
+	BIO_printf(bio_err,"writing DSA private key\n");
+	if 	(outformat == FORMAT_ASN1)
+		i=i2d_DSAPrivateKey_bio(out,dsa);
+	else if (outformat == FORMAT_PEM)
+		i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL);
+	else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
@@ -315,11 +249,9 @@ bad:
 	else
 		ret=0;
 end:
-	if(in != NULL) BIO_free(in);
-	if(out != NULL) BIO_free_all(out);
-	if(dsa != NULL) DSA_free(dsa);
-	if(passin) OPENSSL_free(passin);
-	if(passout) OPENSSL_free(passout);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free(out);
+	if (dsa != NULL) DSA_free(dsa);
 	EXIT(ret);
 	}
-#endif
+
--- a/apps/dsap.pem
+++ b/apps/dsap.pem
@@ -1,6 +0,0 @@
-----BEGIN DSA PARAMETERS-----
-MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
-GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
-t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
-ADiRffvSdhrNw5dkqdql
-----END DSA PARAMETERS-----
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -1,5 +1,5 @@
 /* apps/dsaparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -56,25 +56,23 @@
 * [including the GNU Public Licence.]
 */

-#ifndef NO_DSA
-#include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
 #include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/engine.h>
+#include "bio.h"
+#include "err.h"
+#include "bn.h"
+#include "rand.h"
+#include "dsa.h"
+#include "x509.h"
+#include "pem.h"

 #undef PROG
 #define PROG	dsaparam_main

-/* -inform arg	- input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@@ -82,29 +80,31 @@
 * -text
 * -C
 * -noout
- * -genkey
 */

-static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
+#ifndef NOPROTO
+static void MS_CALLBACK dsa_cb(int p, int n);
+#else
+static void MS_CALLBACK dsa_cb();
+#endif

-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int MAIN(argc, argv)
+int argc;
+char **argv;
 	{
-	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*inrand=NULL,*engine=NULL;
-	int numbits= -1,num,genkey=0;
-	int need_rand=0;
+	char *infile,*outfile,*prog,*inrand=NULL;
+	int numbits= -1,num;
+	char buffer[200],*randfile=NULL;

 	apps_startup();

 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

 	infile=NULL;
 	outfile=NULL;
@@ -140,16 +140,10 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
-		else if (strcmp(*argv,"-genkey") == 0)
-			{
-			genkey=1;
-			need_rand=1;
-			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
-			need_rand=1;
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
@@ -157,7 +151,6 @@ int MAIN(int argc, char **argv)
 			{
 			/* generate a key */
 			numbits=num;
-			need_rand=1;
 			}
 		else
 			{
@@ -174,11 +167,11 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
-		BIO_printf(bio_err," -in arg       input file\n");
+		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -in arg       inout file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -text         print the key in text\n");
+		BIO_printf(bio_err," -text         check the DSA parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
@@ -207,15 +200,7 @@ bad:
 			}
 		}
 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -225,25 +210,19 @@ bad:
 			}
 		}

-	if (need_rand)
-		{
-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-		if (inrand != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				app_RAND_load_files(inrand));
-		}
-
 	if (numbits > 0)
 		{
-		assert(need_rand);
+		randfile=RAND_file_name(buffer,200);
+		RAND_load_file(randfile,1024L*1024L);
+
 		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
-	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
+	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,dsa_cb);
 		}
 	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
+		dsa=PEM_read_bio_DSAparams(in,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified\n");
@@ -270,10 +249,10 @@ bad:
 		bits_p=BN_num_bits(dsa->p);
 		bits_q=BN_num_bits(dsa->q);
 		bits_g=BN_num_bits(dsa->g);
-		data=(unsigned char *)OPENSSL_malloc(len+20);
+		data=(unsigned char *)Malloc(len+20);
 		if (data == NULL)
 			{
-			perror("OPENSSL_malloc");
+			perror("Malloc");
 			goto end;
 			}
 		l=BN_bn2bin(dsa->p,data);
@@ -313,7 +292,7 @@ bad:
 		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
 			bits_p,bits_p);
 		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
-		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
+		printf("\t\treturn(NULL);\n");
 		printf("\treturn(dsa);\n\t}\n");
 		}

@@ -330,39 +309,22 @@ bad:
 			}
 		if (!i)
 			{
-			BIO_printf(bio_err,"unable to write DSA parameters\n");
+			BIO_printf(bio_err,"unable to write DSA paramaters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
-	if (genkey)
-		{
-		DSA *dsakey;
-
-		assert(need_rand);
-		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
-		if (!DSA_generate_key(dsakey)) goto end;
-		if 	(outformat == FORMAT_ASN1)
-			i=i2d_DSAPrivateKey_bio(out,dsakey);
-		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
-		else	{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			goto end;
-			}
-		DSA_free(dsakey);
-		}
-	if (need_rand)
-		app_RAND_write_file(NULL, bio_err);
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dsa != NULL) DSA_free(dsa);
 	EXIT(ret);
 	}

-static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+static void MS_CALLBACK dsa_cb(p, n)
+int p;
+int n;
 	{
 	char c='*';

@@ -370,10 +332,9 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write(arg,&c,1);
-	(void)BIO_flush(arg);
+	BIO_write(bio_err,&c,1);
+	BIO_flush(bio_err);
 #ifdef LINT
 	p=n;
 #endif
 	}
-#endif
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -1,5 +1,5 @@
-/* crypto/evp/c_alld.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* apps/eay.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -57,47 +57,74 @@
 */

 #include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/pkcs12.h>
-#include <openssl/objects.h>
+#include <stdlib.h>
+#include <string.h>

-void OpenSSL_add_all_digests(void)
-	{
-#ifndef NO_MD2
-	EVP_add_digest(EVP_md2());
+#define MONOLITH
+#define USE_SOCKETS
+#include "../e_os.h"
+
+#include "bio.h"
+#include "stack.h"
+#include "lhash.h"
+
+#include "err.h"
+
+#include "bn.h"
+
+#include "evp.h"
+
+#include "rand.h"
+#include "conf.h"
+#include "txt_db.h"
+
+#include "err.h"
+
+#include "x509.h"
+#include "pkcs7.h"
+#include "pem.h"
+#include "asn1.h"
+#include "objects.h"
+
+#define MONOLITH
+
+#include "ssleay.c"
+#include "apps.c"
+#include "asn1pars.c"
+#ifndef NO_RSA
+#include "ca.c"
+#include "genrsa.c"
+#include "req.c"
+#include "rsa.c"
 #endif
-#ifndef NO_MD4
-	EVP_add_digest(EVP_md4());
+#ifndef NO_DH
+#include "gendh.c"
+#include "dh.c"
 #endif
-#ifndef NO_MD5
-	EVP_add_digest(EVP_md5());
-	EVP_add_digest_alias(SN_md5,"ssl2-md5");
-	EVP_add_digest_alias(SN_md5,"ssl3-md5");
+#include "crl.c"
+#include "crl2p7.c"
+#include "dgst.c"
+#include "enc.c"
+#include "errstr.c"
+#if !defined(NO_SSL2) || !defined(NO_SSL3)
+#ifndef NO_SOCK
+#include "s_cb.c"
+#include "s_client.c"
+#include "s_server.c"
+#include "s_socket.c"
+#include "s_time.c"
 #endif
-#ifndef NO_SHA
-	EVP_add_digest(EVP_sha());
+#endif
+#include "speed.c"
+#include "verify.c"
+#include "version.c"
+#include "x509.c"
+#include "ciphers.c"
+#include "sess_id.c"
+#include "pkcs7.c"
 #ifndef NO_DSA
-	EVP_add_digest(EVP_dss());
+#include "dsaparam.c"
+#include "dsa.c"
+#include "gendsa.c"
 #endif
-#endif
-#ifndef NO_SHA
-	EVP_add_digest(EVP_sha1());
-	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
-	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
-#ifndef NO_DSA
-	EVP_add_digest(EVP_dss1());
-	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
-	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
-	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
-#endif
-#endif
-#if !defined(NO_MDC2) && !defined(NO_DES)
-	EVP_add_digest(EVP_mdc2());
-#endif
-#ifndef NO_RIPEMD
-	EVP_add_digest(EVP_ripemd160());
-	EVP_add_digest_alias(SN_ripemd160,"ripemd");
-	EVP_add_digest_alias(SN_ripemd160,"rmd160");
-#endif
-	}
+
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -1,5 +1,5 @@
 /* apps/enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -60,19 +60,22 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-#ifndef NO_MD5
-#include <openssl/md5.h>
+#include "bio.h"
+#include "err.h"
+#include "evp.h"
+#include "objects.h"
+#include "x509.h"
+#ifdef NO_MD5
+#include "md5.h"
 #endif
-#include <openssl/pem.h>
-#include <openssl/engine.h>
+#include "pem.h"

+#ifndef NOPROTO
 int set_hex(char *in,unsigned char *out,int size);
+#else
+int set_hex();
+#endif
+
 #undef SIZE
 #undef BSIZE
 #undef PROG
@@ -81,38 +84,33 @@ int set_hex(char *in,unsigned char *out,int size);
 #define BSIZE	(8*1024)
 #define	PROG	enc_main

-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int MAIN(argc,argv)
+int argc;
+char **argv;
 	{
-	ENGINE *e = NULL;
-	static const char magic[]="Salted__";
-	char mbuf[8];	/* should be 1 smaller than magic */
 	char *strbuf=NULL;
 	unsigned char *buff=NULL,*bufsize=NULL;
 	int bsize=BSIZE,verbose=0;
 	int ret=1,inl;
 	unsigned char key[24],iv[MD5_DIGEST_LENGTH];
-	unsigned char salt[PKCS5_SALT_LEN];
-	char *str=NULL, *passarg = NULL, *pass = NULL;
-	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
+	char *str=NULL;
+	char *hkey=NULL,*hiv=NULL;
 	int enc=1,printkey=0,i,base64=0;
-	int debug=0,olb64=0,nosalt=0;
-	const EVP_CIPHER *cipher=NULL,*c;
+	int debug=0;
+	EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  16
-	char pname[PROG_NAME_SIZE];
-	char *engine = NULL;
+        char pname[PROG_NAME_SIZE];

 	apps_startup();

 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

 	/* first check the program name */
-	program_name(argv[0],pname,PROG_NAME_SIZE);
+        program_name(argv[0],pname,PROG_NAME_SIZE);
 	if (strcmp(pname,"base64") == 0)
 		base64=1;

@@ -139,32 +137,17 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outf= *(++argv);
 			}
-		else if (strcmp(*argv,"-pass") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passarg= *(++argv);
-			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
 			printkey=1;
 		else if	(strcmp(*argv,"-v") == 0)
 			verbose=1;
-		else if	(strcmp(*argv,"-salt") == 0)
-			nosalt=0;
-		else if	(strcmp(*argv,"-nosalt") == 0)
-			nosalt=1;
-		else if	(strcmp(*argv,"-debug") == 0)
+		else if	((strcmp(*argv,"-debug") == 0) ||
+			 (strcmp(*argv,"-d") == 0))
 			debug=1;
 		else if	(strcmp(*argv,"-P") == 0)
 			printkey=2;
-		else if	(strcmp(*argv,"-A") == 0)
-			olb64=1;
 		else if	(strcmp(*argv,"-a") == 0)
 			base64=1;
 		else if	(strcmp(*argv,"-base64") == 0)
@@ -216,11 +199,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			hkey= *(++argv);
 			}
-		else if (strcmp(*argv,"-S") == 0)
-			{
-			if (--argc < 1) goto bad;
-			hsalt= *(++argv);
-			}
 		else if (strcmp(*argv,"-iv") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -239,8 +217,7 @@ int MAIN(int argc, char **argv)
 bad:
 			BIO_printf(bio_err,"options are\n");
 			BIO_printf(bio_err,"%-14s input file\n","-in <file>");
-			BIO_printf(bio_err,"%-14s output file\n","-out <file>");
-			BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
+			BIO_printf(bio_err,"%-14s output fileencrypt\n","-out <file>");
 			BIO_printf(bio_err,"%-14s encrypt\n","-e");
 			BIO_printf(bio_err,"%-14s decrypt\n","-d");
 			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
@@ -249,7 +226,6 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
-			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");

 			BIO_printf(bio_err,"Cipher Types\n");
 			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
@@ -261,8 +237,8 @@ bad:
 #ifndef NO_RC4
 			BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
 #endif
-#ifndef NO_BF
-			BIO_printf(bio_err,"bf      :128 bit key Blowfish encryption\n");
+#ifndef NO_BLOWFISH
+			BIO_printf(bio_err,"bf      :128 bit key BlowFish encryption\n");
 #endif
 #ifndef NO_RC4
 			BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
@@ -299,23 +275,11 @@ bad:
 				LN_rc2_cfb64, LN_rc2_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
 #endif
-#ifndef NO_BF
+#ifndef NO_BLOWFISH
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_bf_ecb, LN_bf_cbc,
 				LN_bf_cfb64, LN_bf_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
-#endif
-#ifndef NO_CAST
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_cast5_ecb, LN_cast5_cbc,
-				LN_cast5_cfb64, LN_cast5_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
-#endif
-#ifndef NO_RC5
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_rc5_ecb, LN_rc5_cbc,
-				LN_rc5_cfb64, LN_rc5_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
 #endif
 			goto end;
 			}
@@ -323,24 +287,6 @@ bad:
 		argv++;
 		}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -370,11 +316,11 @@ bad:
 		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
 		}

-	strbuf=OPENSSL_malloc(SIZE);
-	buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
+	strbuf=Malloc(SIZE);
+	buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
 	if ((buff == NULL) || (strbuf == NULL))
 		{
-		BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
+		BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
 		goto end;
 		}

@@ -404,14 +350,6 @@ bad:
 			}
 		}

-	if(!str && passarg) {
-		if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
-			BIO_printf(bio_err, "Error getting password\n");
-			goto end;
-		}
-		str = pass;
-	}
-
 	if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
 		{
 		for (;;)
@@ -441,91 +379,11 @@ bad:
 			}
 		}

-
-	if (outf == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outf) <= 0)
-			{
-			perror(outf);
-			goto end;
-			}
-		}
-
-	rbio=in;
-	wbio=out;
-
-	if (base64)
-		{
-		if ((b64=BIO_new(BIO_f_base64())) == NULL)
-			goto end;
-		if (debug)
-			{
-			BIO_set_callback(b64,BIO_debug_callback);
-			BIO_set_callback_arg(b64,bio_err);
-			}
-		if (olb64)
-			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
-		if (enc)
-			wbio=BIO_push(b64,wbio);
-		else
-			rbio=BIO_push(b64,rbio);
-		}
-
 	if (cipher != NULL)
 		{
 		if (str != NULL)
 			{
-			/* Salt handling: if encrypting generate a salt and
-			 * write to output BIO. If decrypting read salt from
-			 * input BIO.
-			 */
-			unsigned char *sptr;
-			if(nosalt) sptr = NULL;
-			else {
-				if(enc) {
-					if(hsalt) {
-						if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) {
-							BIO_printf(bio_err,
-								"invalid hex salt value\n");
-							goto end;
-						}
-					} else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0)
-						goto end;
-					/* If -P option then don't bother writing */
-					if((printkey != 2)
-					   && (BIO_write(wbio,magic,
-							 sizeof magic-1) != sizeof magic-1
-					       || BIO_write(wbio,
-							    (char *)salt,
-							    PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) {
-						BIO_printf(bio_err,"error writing output file\n");
-						goto end;
-					}
-				} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
-					  || BIO_read(rbio,
-						      (unsigned char *)salt,
-				    PKCS5_SALT_LEN) != PKCS5_SALT_LEN) {
-					BIO_printf(bio_err,"error reading input file\n");
-					goto end;
-				} else if(memcmp(mbuf,magic,sizeof magic-1)) {
-				    BIO_printf(bio_err,"bad magic number\n");
-				    goto end;
-				}
-
-				sptr = salt;
-			}
-
-			EVP_BytesToKey(cipher,EVP_md5(),sptr,
+			EVP_BytesToKey(cipher,EVP_md5(),NULL,
 				(unsigned char *)str,
 				strlen(str),1,key,iv);
 			/* zero the complete buffer or the string
@@ -559,13 +417,6 @@ bad:

 		if (printkey)
 			{
-			if (!nosalt)
-				{
-				printf("salt=");
-				for (i=0; i<PKCS5_SALT_LEN; i++)
-					printf("%02X",salt[i]);
-				printf("\n");
-				}
 			if (cipher->key_len > 0)
 				{
 				printf("key=");
@@ -588,6 +439,36 @@ bad:
 			}
 		}

+
+	if (outf == NULL)
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_write_filename(out,outf) <= 0)
+			{
+			perror(outf);
+			goto end;
+			}
+		}
+
+	rbio=in;
+	wbio=out;
+
+	if (base64)
+		{
+		if ((b64=BIO_new(BIO_f_base64())) == NULL)
+			goto end;
+		if (debug)
+			{
+			BIO_set_callback(b64,BIO_debug_callback);
+			BIO_set_callback_arg(b64,bio_err);
+			}
+		if (enc)
+			wbio=BIO_push(b64,wbio);
+		else
+			rbio=BIO_push(b64,rbio);
+		}
+
 	/* Only encrypt/decrypt as we write the file */
 	if (benc != NULL)
 		wbio=BIO_push(benc,wbio);
@@ -615,18 +496,19 @@ bad:
 		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
 		}
 end:
-	ERR_print_errors(bio_err);
-	if (strbuf != NULL) OPENSSL_free(strbuf);
-	if (buff != NULL) OPENSSL_free(buff);
+	if (strbuf != NULL) Free(strbuf);
+	if (buff != NULL) Free(buff);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (benc != NULL) BIO_free(benc);
 	if (b64 != NULL) BIO_free(b64);
-	if(pass) OPENSSL_free(pass);
 	EXIT(ret);
 	}

-int set_hex(char *in, unsigned char *out, int size)
+int set_hex(in,out,size)
+char *in;
+unsigned char *out;
+int size;
 	{
 	int i,n;
 	unsigned char j;
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -1,5 +1,5 @@
 /* apps/errstr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -60,17 +60,17 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/lhash.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
+#include "bio.h"
+#include "lhash.h"
+#include "err.h"
+#include "ssl.h"

 #undef PROG
 #define PROG	errstr_main

-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int MAIN(argc, argv)
+int argc;
+char **argv;
 	{
 	int i,ret=0;
 	char buf[256];
@@ -80,7 +80,7 @@ int MAIN(int argc, char **argv)

 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

 	SSL_load_error_strings();

@@ -91,18 +91,12 @@ int MAIN(int argc, char **argv)
 		out=BIO_new(BIO_s_file());
 		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
 			{
-#ifdef VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
 			lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
 			lh_stats_bio((LHASH *)ERR_get_string_table(),out);
 			lh_node_usage_stats_bio((LHASH *)
 				ERR_get_string_table(),out);
 			}
-		if (out != NULL) BIO_free_all(out);
+		if (out != NULL) BIO_free(out);
 		argc--;
 		argv++;
 		}
@@ -110,10 +104,7 @@ int MAIN(int argc, char **argv)
 	for (i=1; i<argc; i++)
 		{
 		if (sscanf(argv[i],"%lx",&l))
-			{
-			ERR_error_string_n(l, buf, sizeof buf);
-			printf("%s\n",buf);
-			}
+			printf("%s\n",ERR_error_string(l,buf));
 		else
 			{
 			printf("%s: bad error code\n",argv[i]);
--- a/apps/f
+++ b/apps/f
@@ -0,0 +1,5 @@
+586
+2481
+
+1400
+2064
--- a/apps/g_ssleay.pl
+++ b/apps/g_ssleay.pl
@@ -0,0 +1,110 @@
+#!/usr/local/bin/perl
+
+$mkprog='mklinks';
+$rmprog='rmlinks';
+
+print "#ifndef NOPROTO\n";
+
+grep(s/^asn1pars$/asn1parse/,@ARGV);
+
+foreach (@ARGV)
+	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
+print "#else\n";
+foreach (@ARGV)
+	{ printf "extern int %s_main();\n",$_; }
+print "#endif\n";
+
+
+print <<'EOF';
+
+#ifdef SSLEAY_SRC
+
+#define FUNC_TYPE_GENERAL	1
+#define FUNC_TYPE_MD		2
+#define FUNC_TYPE_CIPHER	3
+
+typedef struct {
+	int type;
+	char *name;
+	int (*func)();
+	} FUNCTION;
+
+FUNCTION functions[] = {
+EOF
+
+foreach (@ARGV)
+	{
+	push(@files,$_);
+	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
+	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
+		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } 
+	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
+		($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
+		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
+	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
+		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
+	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/))
+		{ print "#ifndef NO_DH\n${str}#endif\n"; }
+	else
+		{ print $str; }
+	}
+
+foreach ("md2","md5","sha","sha1","mdc2")
+	{
+	push(@files,$_);
+	printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
+	}
+
+foreach (
+	"base64",
+	"des", "des3", "desx", "idea", "rc4", "rc2","bf",
+	"des-ecb", "des-ede",    "des-ede3",
+	"des-cbc", "des-ede-cbc","des-ede3-cbc",
+	"des-cfb", "des-ede-cfb","des-ede3-cfb",
+	"des-ofb", "des-ede-ofb","des-ede3-ofb",
+	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
+	"rc2-cbc", "rc2-ecb",    "rc2-cfb",  "rc2-ofb",
+	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb")
+	{
+	push(@files,$_);
+
+	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
+	if    ($_ =~ /des/)  { $t="#ifndef NO_DES\n${t}#endif\n"; }
+	elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
+	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
+	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
+	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
+	print $t;
+	}
+
+print "\t{0,NULL,NULL}\n\t};\n";
+print "#endif\n\n";
+
+open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
+print OUT "#!/bin/sh\nfor i in ";
+foreach (@files)
+	{ print OUT $_." "; }
+print OUT <<'EOF';
+
+do
+echo making symlink for $i
+/bin/rm -f $i
+ln -s ssleay $i
+done
+EOF
+close(OUT);
+chmod(0755,$mkprog);
+
+open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
+print OUT "#!/bin/sh\nfor i in ";
+foreach (@files)
+	{ print OUT $_." "; }
+print OUT <<'EOF';
+
+do
+echo removing $i
+/bin/rm -f $i
+done
+EOF
+close(OUT);
+chmod(0755,$rmprog);
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -1,6 +1,5 @@
 /* apps/gendh.c */
-/* obsoleted by dhparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -57,45 +56,48 @@
 * [including the GNU Public Licence.]
 */

-#ifndef NO_DH
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/engine.h>
+#include "bio.h"
+#include "rand.h"
+#include "err.h"
+#include "bn.h"
+#include "dh.h"
+#include "x509.h"
+#include "pem.h"

 #define DEFBITS	512
 #undef PROG
 #define PROG gendh_main

-static void MS_CALLBACK dh_cb(int p, int n, void *arg);
+#ifndef NOPROTO
+static void MS_CALLBACK dh_cb(int p, int n);
+static long dh_load_rand(char *names);
+#else
+static void MS_CALLBACK dh_cb();
+static long dh_load_rand();
+#endif

-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int MAIN(argc, argv)
+int argc;
+char **argv;
 	{
-	ENGINE *e = NULL;
+	char buffer[200];
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
-	char *inrand=NULL;
-	char *engine=NULL;
+	char *inrand=NULL,*randfile;
 	BIO *out=NULL;

 	apps_startup();

 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

 	argv++;
 	argc--;
@@ -113,11 +115,6 @@ int MAIN(int argc, char **argv)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -133,34 +130,15 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
-		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err," -2    use 2 as the generator value\n");
+	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
+		BIO_printf(bio_err," -5    use 5 as the generator value\n");
+		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 		
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -169,15 +147,7 @@ bad:
 		}

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -187,21 +157,28 @@ bad:
 			}
 		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
-		{
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-		}
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
+	randfile=RAND_file_name(buffer,200);
+	if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
+		BIO_printf(bio_err,"unable to load 'random state'\n");

-	BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
+	if (inrand == NULL)
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+	else
+		{
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			dh_load_rand(inrand));
+		}
+
+	BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
-	dh=DH_generate_parameters(num,g,dh_cb,bio_err);
+	dh=DH_generate_parameters(num,g,dh_cb);
 		
 	if (dh == NULL) goto end;

-	app_RAND_write_file(NULL, bio_err);
+	if (randfile == NULL)
+		BIO_printf(bio_err,"unable to write 'random state'\n");
+	else
+		RAND_write_file(randfile);

 	if (!PEM_write_bio_DHparams(out,dh))
 		goto end;
@@ -209,12 +186,14 @@ bad:
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}

-static void MS_CALLBACK dh_cb(int p, int n, void *arg)
+static void MS_CALLBACK dh_cb(p, n)
+int p;
+int n;
 	{
 	char c='*';

@@ -222,10 +201,34 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg)
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write((BIO *)arg,&c,1);
-	(void)BIO_flush((BIO *)arg);
+	BIO_write(bio_err,&c,1);
+	BIO_flush(bio_err);
 #ifdef LINT
 	p=n;
 #endif
 	}
-#endif
+
+static long dh_load_rand(name)
+char *name;
+	{
+	char *p,*n;
+	int last;
+	long tot=0;
+
+	for (;;)
+		{
+		last=0;
+		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+		if (*p == '\0') last=1;
+		*p='\0';
+		n=name;
+		name=p+1;
+		if (*n == '\0') break;
+
+		tot+=RAND_load_file(n,1);
+		if (last) break;
+		}
+	return(tot);
+	}
+
+
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -1,5 +1,5 @@
 /* apps/gendsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -56,43 +56,45 @@
 * [including the GNU Public Licence.]
 */

-#ifndef NO_DSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/engine.h>
+#include "bio.h"
+#include "rand.h"
+#include "err.h"
+#include "bn.h"
+#include "dsa.h"
+#include "x509.h"
+#include "pem.h"

 #define DEFBITS	512
 #undef PROG
 #define PROG gendsa_main

-int MAIN(int, char **);
+#ifndef NOPROTO
+static long dsa_load_rand(char *names);
+#else
+static long dsa_load_rand();
+#endif

-int MAIN(int argc, char **argv)
+int MAIN(argc, argv)
+int argc;
+char **argv;
 	{
-	ENGINE *e = NULL;
+	char buffer[200];
 	DSA *dsa=NULL;
-	int ret=1;
+	int ret=1,num=DEFBITS;
 	char *outfile=NULL;
-	char *inrand=NULL,*dsaparams=NULL;
-	char *passargout = NULL, *passout = NULL;
+	char *inrand=NULL,*randfile,*dsaparams=NULL;
 	BIO *out=NULL,*in=NULL;
-	EVP_CIPHER *enc=NULL;
-	char *engine=NULL;

 	apps_startup();

 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);

 	argv++;
 	argc--;
@@ -104,16 +106,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -121,19 +113,9 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-") == 0)
 			goto bad;
-#ifndef NO_DES
-		else if (strcmp(*argv,"-des") == 0)
-			enc=EVP_des_cbc();
-		else if (strcmp(*argv,"-des3") == 0)
-			enc=EVP_des_ede3_cbc();
-#endif
-#ifndef NO_IDEA
-		else if (strcmp(*argv,"-idea") == 0)
-			enc=EVP_idea_cbc();
-#endif
-		else if (**argv != '-' && dsaparams == NULL)
+		else if (dsaparams == NULL)
 			{
-			dsaparams = *argv;
+			dsaparams= *argv;
 			}
 		else
 			goto bad;
@@ -144,76 +126,33 @@ int MAIN(int argc, char **argv)
 	if (dsaparams == NULL)
 		{
 bad:
-		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
-		BIO_printf(bio_err," -out file - output the key to 'file'\n");
-#ifndef NO_DES
-		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
-		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#endif
-#ifndef NO_IDEA
-		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
-#endif
-		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"usage: gendsa [args] [numbits]\n");
+		BIO_printf(bio_err," -out file - output the key to 'file\n");
+		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
-		BIO_printf(bio_err," dsaparam-file\n");
-		BIO_printf(bio_err,"           - a DSA parameter file as generated by the dsaparam command\n");
 		goto end;
 		}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
-	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-	}
-
-
 	in=BIO_new(BIO_s_file());
-	if (!(BIO_read_filename(in,dsaparams)))
+	if (!(BIO_read_filename(in,"r")))
 		{
 		perror(dsaparams);
 		goto end;
 		}

-	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
+	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL)
 		{
 		BIO_printf(bio_err,"unable to load DSA parameter file\n");
 		goto end;
 		}
 	BIO_free(in);
-	in = NULL;
 		
 	out=BIO_new(BIO_s_file());
 	if (out == NULL) goto end;

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -223,30 +162,59 @@ bad:
 			}
 		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
-		{
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-		}
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
+	randfile=RAND_file_name(buffer,200);
+	if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
+		BIO_printf(bio_err,"unable to load 'random state'\n");

-	BIO_printf(bio_err,"Generating DSA key, %d bits\n",
-							BN_num_bits(dsa->p));
+	if (inrand == NULL)
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+	else
+		{
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			dsa_load_rand(inrand));
+		}
+
+	BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+	BIO_printf(bio_err,"This could take some time\n");
 	if (!DSA_generate_key(dsa)) goto end;

-	app_RAND_write_file(NULL, bio_err);
+	if (randfile == NULL)
+		BIO_printf(bio_err,"unable to write 'random state'\n");
+	else
+		RAND_write_file(randfile);

-	if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))
+	if (!PEM_write_bio_DSAPrivateKey(out,dsa,EVP_des_ede3_cbc(),NULL,0,NULL))
 		goto end;
 	ret=0;
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dsa != NULL) DSA_free(dsa);
-	if(passout) OPENSSL_free(passout);
 	EXIT(ret);
 	}
-#endif
+
+static long dsa_load_rand(name)
+char *name;
+	{
+	char *p,*n;
+	int last;
+	long tot=0;
+
+	for (;;)
+		{
+		last=0;
+		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+		if (*p == '\0') last=1;
+		*p='\0';
+		n=name;
+		name=p+1;
+		if (*n == '\0') break;
+
+		tot+=RAND_load_file(n,1);
+		if (last) break;
+		}
+	return(tot);
+	}
+
+
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -1,5 +1,5 @@
 /* apps/genrsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -56,52 +56,55 @@
 * [including the GNU Public Licence.]
 */

-#ifndef NO_RSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/engine.h>
+#include "bio.h"
+#include "rand.h"
+#include "err.h"
+#include "bn.h"
+#include "rsa.h"
+#include "evp.h"
+#include "x509.h"
+#include "pem.h"

 #define DEFBITS	512
 #undef PROG
 #define PROG genrsa_main

-static void MS_CALLBACK genrsa_cb(int p, int n, void *arg);
+#ifndef NOPROTO
+static void MS_CALLBACK genrsa_cb(int p, int n);
+static long gr_load_rand(char *names);
+#else
+static void MS_CALLBACK genrsa_cb();
+static long gr_load_rand();
+#endif

-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
+int MAIN(argc, argv)
+int argc;
+char **argv;
 	{
-	ENGINE *e = NULL;
 	int ret=1;
+	char buffer[200];
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
-	long l;
+	long rnum=0,l;
 	EVP_CIPHER *enc=NULL;
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
-	char *passargout = NULL, *passout = NULL;
-	char *engine=NULL;
-	char *inrand=NULL;
+	char *inrand=NULL,*randfile;
 	BIO *out=NULL;

 	apps_startup();

 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
 	if ((out=BIO_new(BIO_s_file())) == NULL)
 		{
-		BIO_printf(bio_err,"unable to create BIO for output\n");
+		BIO_printf(bio_err,"unable to creat BIO for output\n");
 		goto err;
 		}

@@ -117,13 +120,8 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-3") == 0)
 			f4=3;
-		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
+		else if (strcmp(*argv,"-F4") == 0)
 			f4=RSA_F4;
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -139,11 +137,6 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
 		else
 			break;
 		argv++;
@@ -153,57 +146,23 @@ int MAIN(int argc, char **argv)
 		{
 bad:
 		BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
-		BIO_printf(bio_err," -des            encrypt the generated key with DES in cbc mode\n");
-		BIO_printf(bio_err," -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
+		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
 #ifndef NO_IDEA
-		BIO_printf(bio_err," -idea           encrypt the generated key with IDEA in cbc mode\n");
+		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
-		BIO_printf(bio_err," -out file       output the key to 'file\n");
-		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
-		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
-		BIO_printf(bio_err," -3              use 3 for the E value\n");
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,"                 the random number generator\n");
+		BIO_printf(bio_err," -out file - output the key to 'file\n");
+		BIO_printf(bio_err," -f4       - use F4 (0x10001) for the E value\n");
+		BIO_printf(bio_err," -3        - use 3 for the E value\n");
+		BIO_printf(bio_err," -rand file:file:...\n");
+		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err,"             the random number generator\n");
 		goto err;
 		}
 		
 	ERR_load_crypto_strings();
-
-	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
-		BIO_printf(bio_err, "Error getting password\n");
-		goto err;
-	}
-
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto err;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto err;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -213,24 +172,45 @@ bad:
 			}
 		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
-		&& !RAND_status())
+#ifdef WINDOWS
+	BIO_printf(bio_err,"Loading 'screen' into random state -");
+	BIO_flush(bio_err);
+	RAND_screen();
+	BIO_printf(bio_err," done\n");
+#endif
+	randfile=RAND_file_name(buffer,200);
+	if ((randfile == NULL) ||
+		 !(rnum=(long)RAND_load_file(randfile,1024L*1024L)))
 		{
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+		BIO_printf(bio_err,"unable to load 'random state'\n");
 		}
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
+
+	if (inrand == NULL)
+		{
+		if (rnum == 0)
+			{
+			BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+			}
+		}
+	else
+		{
+		rnum+=gr_load_rand(inrand);
+		}
+	if (rnum != 0)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",rnum);

 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-	rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
+	rsa=RSA_generate_key(num,f4,genrsa_cb);
 		
-	app_RAND_write_file(NULL, bio_err);
+	if (randfile == NULL)
+		BIO_printf(bio_err,"unable to write 'random state'\n");
+	else
+		RAND_write_file(randfile);

 	if (rsa == NULL) goto err;
 	
-	/* We need to do the following for when the base number size is <
+	/* We need to do the folloing for when the base number size is <
 	 * long, esp windows 3.1 :-(. */
 	l=0L;
 	for (i=0; i<rsa->e->top; i++)
@@ -242,20 +222,21 @@ bad:
 		l+=rsa->e->d[i];
 		}
 	BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
-	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL, passout))
+	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL))
 		goto err;

 	ret=0;
 err:
 	if (rsa != NULL) RSA_free(rsa);
-	if (out != NULL) BIO_free_all(out);
-	if(passout) OPENSSL_free(passout);
+	if (out != NULL) BIO_free(out);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	EXIT(ret);
 	}

-static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
+static void MS_CALLBACK genrsa_cb(p, n)
+int p;
+int n;
 	{
 	char c='*';

@@ -263,16 +244,34 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write((BIO *)arg,&c,1);
-	(void)BIO_flush((BIO *)arg);
+	BIO_write(bio_err,&c,1);
+	BIO_flush(bio_err);
 #ifdef LINT
 	p=n;
 #endif
 	}
-#else /* !NO_RSA */

-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
+static long gr_load_rand(name)
+char *name;
+	{
+	char *p,*n;
+	int last;
+	long tot=0;
+
+	for (;;)
+		{
+		last=0;
+		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+		if (*p == '\0') last=1;
+		*p='\0';
+		n=name;
+		name=p+1;
+		if (*n == '\0') break;
+
+		tot+=RAND_load_file(n,1024L*1024L);
+		if (last) break;
+		}
+	return(tot);
+	}
+

-#endif
--- a/apps/install.com
+++ b/apps/install.com
@@ -1,69 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! P1	root of the directory tree
-$!
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-		   - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
-$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
-$	DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLVEXE:
-$	IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLAEXE:
-$	IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLLIB:
-$
-$	EXE := openssl
-$
-$	VEXE_DIR := [-.VAX.EXE.APPS]
-$	AEXE_DIR := [-.AXP.EXE.APPS]
-$
-$	I = 0
-$ LOOP_EXE: 
-$	E = F$EDIT(F$ELEMENT(I, ",", EXE),"TRIM")
-$	I = I + 1
-$	IF E .EQS. "," THEN GOTO LOOP_EXE_END
-$	SET NOON
-$	IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
-$	THEN
-$	  COPY 'VEXE_DIR''E'.EXE WRK_SSLVEXE:'E'.EXE/log
-$	  SET FILE/PROT=W:RE WRK_SSLVEXE:'E'.EXE
-$	ENDIF
-$	IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
-$	THEN
-$	  COPY 'AEXE_DIR''E'.EXE WRK_SSLAEXE:'E'.EXE/log
-$	  SET FILE/PROT=W:RE WRK_SSLAEXE:'E'.EXE
-$	ENDIF
-$	SET ON
-$	GOTO LOOP_EXE
-$ LOOP_EXE_END:
-$
-$	SET NOON
-$	COPY CA.COM WRK_SSLAEXE:CA.COM/LOG
-$	SET FILE/PROT=W:RE WRK_SSLAEXE:CA.COM
-$	COPY CA.COM WRK_SSLVEXE:CA.COM/LOG
-$	SET FILE/PROT=W:RE WRK_SSLVEXE:CA.COM
-$	COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
-$	SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
-$	SET ON
-$
-$	EXIT
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
--- a/apps/mklinks
+++ b/apps/mklinks
@@ -0,0 +1,7 @@
+#!/bin/sh
+for i in verify asn1parse req dgst dh enc gendh gendsa errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb 
+do
+echo making symlink for $i
+/bin/rm -f $i
+ln -s ssleay $i
+done
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -1,167 +0,0 @@
-/* nseq.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include "apps.h"
-
-#undef PROG
-#define PROG nseq_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-	char **args, *infile = NULL, *outfile = NULL;
-	BIO *in = NULL, *out = NULL;
-	int toseq = 0;
-	X509 *x509 = NULL;
-	NETSCAPE_CERT_SEQUENCE *seq = NULL;
-	int i, ret = 1;
-	int badarg = 0;
-	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-	ERR_load_crypto_strings();
-	args = argv + 1;
-	while (!badarg && *args && *args[0] == '-') {
-		if (!strcmp (*args, "-toseq")) toseq = 1;
-		else if (!strcmp (*args, "-in")) {
-			if (args[1]) {
-				args++;
-				infile = *args;
-			} else badarg = 1;
-		} else if (!strcmp (*args, "-out")) {
-			if (args[1]) {
-				args++;
-				outfile = *args;
-			} else badarg = 1;
-		} else badarg = 1;
-		args++;
-	}
-
-	if (badarg) {
-		BIO_printf (bio_err, "Netscape certificate sequence utility\n");
-		BIO_printf (bio_err, "Usage nseq [options]\n");
-		BIO_printf (bio_err, "where options are\n");
-		BIO_printf (bio_err, "-in file  input file\n");
-		BIO_printf (bio_err, "-out file output file\n");
-		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
-		EXIT(1);
-	}
-
-	if (infile) {
-		if (!(in = BIO_new_file (infile, "r"))) {
-			BIO_printf (bio_err,
-				 "Can't open input file %s\n", infile);
-			goto end;
-		}
-	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
-	if (outfile) {
-		if (!(out = BIO_new_file (outfile, "w"))) {
-			BIO_printf (bio_err,
-				 "Can't open output file %s\n", outfile);
-			goto end;
-		}
-	} else {
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-	if (toseq) {
-		seq = NETSCAPE_CERT_SEQUENCE_new();
-		seq->certs = sk_X509_new_null();
-		while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 
-		    sk_X509_push(seq->certs,x509);
-
-		if(!sk_X509_num(seq->certs))
-		{
-			BIO_printf (bio_err, "Error reading certs file %s\n", infile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
-		ret = 0;
-		goto end;
-	}
-
-	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
-		BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	for(i = 0; i < sk_X509_num(seq->certs); i++) {
-		x509 = sk_X509_value(seq->certs, i);
-		dump_cert_text(out, x509);
-		PEM_write_bio_X509(out, x509);
-	}
-	ret = 0;
-end:
-	BIO_free(in);
-	BIO_free_all(out);
-	NETSCAPE_CERT_SEQUENCE_free(seq);
-
-	EXIT(ret);
-}
-
--- a/apps/oid.cnf
+++ b/apps/oid.cnf
@@ -1,6 +0,0 @@
-2.99999.1       SET.ex1         SET x509v3 extension 1
-2.99999.2       SET.ex2         SET x509v3 extension 2
-2.99999.3       SET.ex3         SET x509v3 extension 3
-2.99999.4       SET.ex4         SET x509v3 extension 4
-2.99999.5       SET.ex5         SET x509v3 extension 5
-2.99999.6       SET.ex6         SET x509v3 extension 6
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -1,236 +0,0 @@
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE		= $ENV::HOME/.rnd
-oid_file		= $ENV::HOME/.oid
-oid_section		= new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions		= 
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= sys\$disk:[.demoCA	# Where everything is kept
-certs		= $dir.certs]		# Where the issued certs are kept
-crl_dir		= $dir.crl]		# Where the issued crl are kept
-database	= $dir]index.txt	# database index file.
-new_certs_dir	= $dir.newcerts]	# default place for new certs.
-
-certificate	= $dir]cacert.pem 	# The CA certificate
-serial		= $dir]serial.		# The current serial number
-crl		= $dir]crl.pem 		# The current CRL
-private_key	= $dir.private]cakey.pem# The private key
-RANDFILE	= $dir.private].rand	# private random number file
-
-x509_extensions	= usr_cert		# The extentions to add to the cert
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crl_extensions	= crl_ext
-
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= md5			# which md to use.
-preserve	= no			# keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy		= policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= match
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 1024
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
-
-# This sets the permitted types in a DirectoryString. There are several
-# options. 
-# default: PrintableString, T61String, BMPString.
-# pkix	 : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nobmp : PrintableString, T61String (no BMPStrings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-dirstring_type = nobmp
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= Some-State
-
-localityName			= Locality Name (eg, city)
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= World Wide Web Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-
-commonName			= Common Name (eg, YOUR name)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 40
-
-# SET-ex3			= SET extension number 3
-
-[ req_attributes ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType			= server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment			= "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -1,5 +1,5 @@
-/* apps/openssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+/* apps/ssleay.c */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
@@ -56,36 +56,64 @@
 * [including the GNU Public Licence.]
 */

+#define DEBUG
+
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
+#ifdef WIN16
+#define APPS_WIN16
+#endif
+#include "bio.h"
+#include "crypto.h"
+#include "lhash.h"
+#include "conf.h"
+#include "x509.h"
+#include "pem.h"
+#include "ssl.h"
+#define SSLEAY	/* turn off a few special case MONOLITH macros */
 #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
+#define SSLEAY_SRC
 #include "apps.h"
-#include "progs.h"
 #include "s_apps.h"
-#include <openssl/err.h>
+#include "err.h"

+
+#ifndef NOPROTO
 static unsigned long MS_CALLBACK hash(FUNCTION *a);
 static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
+static void sig_stop(int i);
+#else
+static unsigned long MS_CALLBACK hash();
+static int MS_CALLBACK cmp();
+static LHASH *prog_init();
+static int do_cmd();
+static void sig_stop();
+#endif
+
 LHASH *config=NULL;
 char *default_config_file=NULL;

+#ifdef DEBUG
+static void sig_stop(i)
+int i;
+	{
+	char *a=NULL;
+
+	*a='\0';
+	}
+#endif
+
 /* Make sure there is only one when MONOLITH is defined */
 #ifdef MONOLITH
 BIO *bio_err=NULL;
 #endif

-int main(int Argc, char *Argv[])
+int main(Argc,Argv)
+int Argc;
+char *Argv[];
 	{
 	ARGS arg;
 #define PROG_NAME_SIZE	16
@@ -101,29 +129,33 @@ int main(int Argc, char *Argv[])
 	arg.data=NULL;
 	arg.count=0;

-	if (getenv("OPENSSL_DEBUG_MEMORY") != NULL)
-		CRYPTO_malloc_debug_init();
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
+	/* SSLeay_add_ssl_algorithms(); is called in apps_startup() */
 	apps_startup();

+#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
+#ifdef SIGBUS
+	signal(SIGBUS,sig_stop);
+#endif
+#ifdef SIGSEGV
+	signal(SIGSEGV,sig_stop);
+#endif
+#endif
+
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

 	ERR_load_crypto_strings();

 	/* Lets load up our environment a little */
-	p=getenv("OPENSSL_CONF");
-	if (p == NULL)
-		p=getenv("SSLEAY_CONF");
+	p=getenv("SSLEAY_CONF");
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
-#ifndef VMS
-		strcat(config_name,"/");
-#endif
-		strcat(config_name,OPENSSL_CONF);
+		strcat(config_name,"/lib/");
+		strcat(config_name,SSLEAY_CONF);
 		p=config_name;
 		}

@@ -138,7 +170,7 @@ int main(int Argc, char *Argv[])
 	program_name(Argv[0],pname,PROG_NAME_SIZE);

 	f.name=pname;
-	fp=(FUNCTION *)lh_retrieve(prog,&f);
+	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
 	if (fp != NULL)
 		{
 		Argv[0]=pname;
@@ -157,7 +189,7 @@ int main(int Argc, char *Argv[])
 		goto end;
 		}

-	/* ok, lets enter the old 'OpenSSL>' mode */
+	/* ok, lets enter the old 'SSLeay>' mode */
 	
 	for (;;)
 		{
@@ -170,7 +202,7 @@ int main(int Argc, char *Argv[])
 			p[0]='\0';
 			if (i++)
 				prompt=">";
-			else	prompt="OpenSSL> ";
+			else	prompt="SSLeay>";
 			fputs(prompt,stdout);
 			fflush(stdout);
 			fgets(p,n,stdin);
@@ -192,7 +224,6 @@ int main(int Argc, char *Argv[])
 			}
 		if (ret != 0)
 			BIO_printf(bio_err,"error in %s\n",argv[0]);
-		(void)BIO_flush(bio_err);
 		}
 	BIO_printf(bio_err,"bad exit\n");
 	ret=1;
@@ -203,12 +234,11 @@ end:
 		config=NULL;
 		}
 	if (prog != NULL) lh_free(prog);
-	if (arg.data != NULL) OPENSSL_free(arg.data);
+	if (arg.data != NULL) Free(arg.data);
 	ERR_remove_state(0);

 	EVP_cleanup();
-	ERR_free_strings();
-	
+
 	CRYPTO_mem_leaks(bio_err);
 	if (bio_err != NULL)
 		{
@@ -218,11 +248,10 @@ end:
 	EXIT(ret);
 	}

-#define LIST_STANDARD_COMMANDS "list-standard-commands"
-#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
-#define LIST_CIPHER_COMMANDS "list-cipher-commands"
-
-static int do_cmd(LHASH *prog, int argc, char *argv[])
+static int do_cmd(prog,argc,argv)
+LHASH *prog;
+int argc;
+char *argv[];
 	{
 	FUNCTION f,*fp;
 	int i,ret=1,tp,nl;
@@ -230,29 +259,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 	if ((argc <= 0) || (argv[0] == NULL))
 		{ ret=0; goto end; }
 	f.name=argv[0];
-	fp=(FUNCTION *)lh_retrieve(prog,&f);
+	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
 	if (fp != NULL)
 		{
 		ret=fp->func(argc,argv);
 		}
-	else if ((strncmp(argv[0],"no-",3)) == 0)
-		{
-		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		bio_stdout = BIO_push(tmpbio, bio_stdout);
-		}
-#endif
-		f.name=argv[0]+3;
-		ret = (lh_retrieve(prog,&f) != NULL);
-		if (!ret)
-			BIO_printf(bio_stdout, "%s\n", argv[0]);
-		else
-			BIO_printf(bio_stdout, "%s\n", argv[0]+3);
-		BIO_free_all(bio_stdout);
-		goto end;
-		}
 	else if ((strcmp(argv[0],"quit") == 0) ||
 		(strcmp(argv[0],"q") == 0) ||
 		(strcmp(argv[0],"exit") == 0) ||
@@ -261,40 +272,12 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		ret= -1;
 		goto end;
 		}
-	else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
-		(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
-		(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))
-		{
-		int list_type;
-		BIO *bio_stdout;
-
-		if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)
-			list_type = FUNC_TYPE_GENERAL;
-		else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
-			list_type = FUNC_TYPE_MD;
-		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
-			list_type = FUNC_TYPE_CIPHER;
-		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		bio_stdout = BIO_push(tmpbio, bio_stdout);
-		}
-#endif
-		
-		for (fp=functions; fp->name != NULL; fp++)
-			if (fp->type == list_type)
-				BIO_printf(bio_stdout, "%s\n", fp->name);
-		BIO_free_all(bio_stdout);
-		ret=0;
-		goto end;
-		}
 	else
 		{
-		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
+		BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
 			argv[0]);
-		BIO_printf(bio_err, "\nStandard commands");
 		i=0;
+		fp=functions;
 		tp=0;
 		for (fp=functions; fp->name != NULL; fp++)
 			{
@@ -312,57 +295,45 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 					{
 					i=1;
 					BIO_printf(bio_err,
-						"\nMessage Digest commands (see the `dgst' command for more details)\n");
+						"Message Digest commands - see the dgst command for more details\n");
 					}
 				else if (tp == FUNC_TYPE_CIPHER)
 					{
 					i=1;
-					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
+					BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
 					}
 				}
 			BIO_printf(bio_err,"%-15s",fp->name);
 			}
-		BIO_printf(bio_err,"\n\n");
+		BIO_printf(bio_err,"\nquit\n");
 		ret=0;
 		}
 end:
 	return(ret);
 	}

-static int SortFnByName(const void *_f1,const void *_f2)
-    {
-    const FUNCTION *f1=_f1;
-    const FUNCTION *f2=_f2;
-
-    if(f1->type != f2->type)
-	return f1->type-f2->type;
-    return strcmp(f1->name,f2->name);
-    }
-
-static LHASH *prog_init(void)
+static LHASH *prog_init()
 	{
 	LHASH *ret;
 	FUNCTION *f;
-	int i;
-
-	/* Purely so it looks nice when the user hits ? */
-	for(i=0,f=functions ; f->name != NULL ; ++f,++i)
-	    ;
-	qsort(functions,i,sizeof *functions,SortFnByName);

 	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);

 	for (f=functions; f->name != NULL; f++)
-		lh_insert(ret,f);
+		lh_insert(ret,(char *)f);
 	return(ret);
 	}

-static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b)
+static int MS_CALLBACK cmp(a,b)
+FUNCTION *a,*b;
 	{
 	return(strncmp(a->name,b->name,8));
 	}

-static unsigned long MS_CALLBACK hash(FUNCTION *a)
+static unsigned long MS_CALLBACK hash(a)
+FUNCTION *a;
 	{
 	return(lh_strhash(a->name));
 	}
+
+#undef SSLEAY
--- a/Show More
+++ b/Show More