This commit was manufactured by cvs2svn to create tag 'OpenSSL_0_9_5'.

2000-05-25 13:20:13 +00:00
349 changed files with 23559 additions and 12679 deletions
--- a/.cvsignore
+++ b/.cvsignore
@@ -7,7 +7,5 @@ outinc
 rehash.time
 testlog
 make.log
-maketest.log
 cctest
 cctest.c
-cctest.a
--- a/269
+++ b/269
@@ -2,265 +2,6 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
-
-  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
-     this option is set, tolerate broken clients that send the negotiated
-     protocol version number instead of the requested protocol version
-     number.
-     [Bodo Moeller]
-
-  *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
-     i.e. non-zero for export ciphersuites, zero otherwise.
-     Previous versions had this flag inverted, inconsistent with
-     rsa_tmp_cb (..._TMP_RSA_CB).
-     [Bodo Moeller; problem reported by Amit Chopra]
-
-  *) Add missing DSA library text string. Work around for some IIS
-     key files with invalid SEQUENCE encoding.
-     [Steve Henson]
-
-  *) Add a document (doc/standards.txt) that list all kinds of standards
-     and so on that are implemented in OpenSSL.
-     [Richard Levitte]
-
-  *) Enhance c_rehash script. Old version would mishandle certificates
-     with the same subject name hash and wouldn't handle CRLs at all.
-     Added -fingerprint option to crl utility, to support new c_rehash
-     features.
-     [Steve Henson]
-
-  *) Eliminate non-ANSI declarations in crypto.h and stack.h.
-     [Ulf M<>ller]
-
-  *) Fix for SSL server purpose checking. Server checking was
-     rejecting certificates which had extended key usage present
-     but no ssl client purpose.
-     [Steve Henson, reported by Rene Grosser <grosser@hisolutions.com>]
-
-  *) Make PKCS#12 code work with no password. The PKCS#12 spec
-     is a little unclear about how a blank password is handled.
-     Since the password in encoded as a BMPString with terminating
-     double NULL a zero length password would end up as just the
-     double NULL. However no password at all is different and is
-     handled differently in the PKCS#12 key generation code. NS
-     treats a blank password as zero length. MSIE treats it as no
-     password on export: but it will try both on import. We now do
-     the same: PKCS12_parse() tries zero length and no password if
-     the password is set to "" or NULL (NULL is now a valid password:
-     it wasn't before) as does the pkcs12 application.
-     [Steve Henson]
-
-  *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
-     perror when PEM_read_bio_X509_REQ fails, the error message must
-     be obtained from the error queue.
-     [Bodo Moeller]
-
-  *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
-     it in ERR_remove_state if appropriate, and change ERR_get_state
-     accordingly to avoid race conditions (this is necessary because
-     thread_hash is no longer constant once set).
-     [Bodo Moeller]
-
-  *) Bugfix for linux-elf makefile.one.
-     [Ulf M<>ller]
-
-  *) RSA_get_default_method() will now cause a default
-     RSA_METHOD to be chosen if one doesn't exist already.
-     Previously this was only set during a call to RSA_new()
-     or RSA_new_method(NULL) meaning it was possible for
-     RSA_get_default_method() to return NULL.
-     [Geoff Thorpe]
-
-  *) Added native name translation to the existing DSO code
-     that will convert (if the flag to do so is set) filenames
-     that are sufficiently small and have no path information
-     into a canonical native form. Eg. "blah" converted to
-     "libblah.so" or "blah.dll" etc.
-     [Geoff Thorpe]
-
-  *) New function ERR_error_string_n(e, buf, len) which is like
-     ERR_error_string(e, buf), but writes at most 'len' bytes
-     including the 0 terminator.  For ERR_error_string_n, 'buf'
-     may not be NULL.
-     [Damien Miller <djm@mindrot.org>, Bodo Moeller]
-
-  *) CONF library reworked to become more general.  A new CONF
-     configuration file reader "class" is implemented as well as a
-     new functions (NCONF_*, for "New CONF") to handle it.  The now
-     old CONF_* functions are still there, but are reimplemented to
-     work in terms of the new functions.  Also, a set of functions
-     to handle the internal storage of the configuration data is
-     provided to make it easier to write new configuration file
-     reader "classes" (I can definitely see something reading a
-     configuration file in XML format, for example), called _CONF_*,
-     or "the configuration storage API"...
-
-     The new configuration file reading functions are:
-
-        NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
-        NCONF_get_section, NCONF_get_string, NCONF_get_numbre
-
-        NCONF_default, NCONF_WIN32
-
-        NCONF_dump_fp, NCONF_dump_bio
-
-     NCONF_default and NCONF_WIN32 are method (or "class") choosers,
-     NCONF_new creates a new CONF object.  This works in the same way
-     as other interfaces in OpenSSL, like the BIO interface.
-     NCONF_dump_* dump the internal storage of the configuration file,
-     which is useful for debugging.  All other functions take the same
-     arguments as the old CONF_* functions wth the exception of the
-     first that must be a `CONF *' instead of a `LHASH *'.
-
-     To make it easer to use the new classes with the old CONF_* functions,
-     the function CONF_set_default_method is provided.
-     [Richard Levitte]
-
-  *) Add '-tls1' option to 'openssl ciphers', which was already
-     mentioned in the documentation but had not been implemented.
-     (This option is not yet really useful because even the additional
-     experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
-     [Bodo Moeller]
-
-  *) Initial DSO code added into libcrypto for letting OpenSSL (and
-     OpenSSL-based applications) load shared libraries and bind to
-     them in a portable way.
-     [Geoff Thorpe, with contributions from Richard Levitte]
-
- Changes between 0.9.5 and 0.9.5a  [1 Apr 2000]
-
-  *) Make sure _lrotl and _lrotr are only used with MSVC.
-
-  *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
-     (the default implementation of RAND_status).
-
-  *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
-     to '-clrext' (= clear extensions), as intended and documented.
-     [Bodo Moeller; inconsistency pointed out by Michael Attili
-     <attili@amaxo.com>]
-
-  *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
-     was larger than the MD block size.      
-     [Steve Henson, pointed out by Yost William <YostW@tce.com>]
-
-  *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
-     fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
-     using the passed key: if the passed key was a private key the result
-     of X509_print(), for example, would be to print out all the private key
-     components.
-     [Steve Henson]
-
-  *) des_quad_cksum() byte order bug fix.
-     [Ulf M<>ller, using the problem description in krb4-0.9.7, where
-      the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]
-
-  *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
-     discouraged.
-     [Steve Henson, pointed out by Brian Korver <briank@cs.stanford.edu>]
-
-  *) For easily testing in shell scripts whether some command
-     'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
-     returns with exit code 0 iff no command of the given name is available.
-     'no-XXX' is printed in this case, 'XXX' otherwise.  In both cases,
-     the output goes to stdout and nothing is printed to stderr.
-     Additional arguments are always ignored.
-
-     Since for each cipher there is a command of the same name,
-     the 'no-cipher' compilation switches can be tested this way.
-
-     ('openssl no-XXX' is not able to detect pseudo-commands such
-     as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
-     [Bodo Moeller]
-
-  *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
-     [Bodo Moeller]
-
-  *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
-     is set; it will be thrown away anyway because each handshake creates
-     its own key.
-     ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
-     to parameters -- in previous versions (since OpenSSL 0.9.3) the
-     'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining
-     you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
-     [Bodo Moeller]
-
-  *) New s_client option -ign_eof: EOF at stdin is ignored, and
-     'Q' and 'R' lose their special meanings (quit/renegotiate).
-     This is part of what -quiet does; unlike -quiet, -ign_eof
-     does not suppress any output.
-     [Richard Levitte]
-
-  *) Add compatibility options to the purpose and trust code. The
-     purpose X509_PURPOSE_ANY is "any purpose" which automatically
-     accepts a certificate or CA, this was the previous behaviour,
-     with all the associated security issues.
-
-     X509_TRUST_COMPAT is the old trust behaviour: only and
-     automatically trust self signed roots in certificate store. A
-     new trust setting X509_TRUST_DEFAULT is used to specify that
-     a purpose has no associated trust setting and it should instead
-     use the value in the default purpose.
-     [Steve Henson]
-
-  *) Fix the PKCS#8 DSA private key code so it decodes keys again
-     and fix a memory leak.
-     [Steve Henson]
-
-  *) In util/mkerr.pl (which implements 'make errors'), preserve
-     reason strings from the previous version of the .c file, as
-     the default to have only downcase letters (and digits) in
-     automatically generated reasons codes is not always appropriate.
-     [Bodo Moeller]
-
-  *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
-     using strerror.  Previously, ERR_reason_error_string() returned
-     library names as reason strings for SYSerr; but SYSerr is a special
-     case where small numbers are errno values, not library numbers.
-     [Bodo Moeller]
-
-  *) Add '-dsaparam' option to 'openssl dhparam' application.  This
-     converts DSA parameters into DH parameters. (When creating parameters,
-     DSA_generate_parameters is used.)
-     [Bodo Moeller]
-
-  *) Include 'length' (recommended exponent length) in C code generated
-     by 'openssl dhparam -C'.
-     [Bodo Moeller]
-
-  *) The second argument to set_label in perlasm was already being used
-     so couldn't be used as a "file scope" flag. Moved to third argument
-     which was free.
-     [Steve Henson]
-
-  *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
-     instead of RAND_bytes for encryption IVs and salts.
-     [Bodo Moeller]
-
-  *) Include RAND_status() into RAND_METHOD instead of implementing
-     it only for md_rand.c  Otherwise replacing the PRNG by calling
-     RAND_set_rand_method would be impossible.
-     [Bodo Moeller]
-
-  *) Don't let DSA_generate_key() enter an infinite loop if the random
-     number generation fails.
-     [Bodo Moeller]
-
-  *) New 'rand' application for creating pseudo-random output.
-     [Bodo Moeller]
-
-  *) Added configuration support for Linux/IA64
-     [Rolf Haberrecker <rolf@suse.de>]
-
-  *) Assembler module support for Mingw32.
-     [Ulf M<>ller]
-
-  *) Shared library support for HPUX (in shlib/).
-     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous]
-
-  *) Shared library support for Solaris gcc.
-     [Lutz Behnke <behnke@trustcenter.de>]
-
 Changes between 0.9.4 and 0.9.5  [28 Feb 2000]

  *) PKCS7_encrypt() was adding text MIME headers twice because they
@@ -769,11 +510,11 @@

     With these changes, a new set of functions and macros have appeared:

-       CRYPTO_set_mem_debug_functions()	        [F]
-       CRYPTO_get_mem_debug_functions()         [F]
-       CRYPTO_dbg_set_options()	                [F]
-       CRYPTO_dbg_get_options()                 [F]
-       CRYPTO_malloc_debug_init()               [M]
+       CRYPTO_set_mem_debug_functions()		[F]
+       CRYPTO_get_mem_debug_functions()		[F]
+       CRYPTO_dbg_set_options()			[F]
+       CRYPTO_dbg_get_options()			[F]
+       CRYPTO_malloc_debug_init()		[M]

     The memory debug functions are NULL by default, unless the library
     is compiled with CRYPTO_MDEBUG or friends is defined.  If someone
--- a/169
+++ b/169
@@ -10,7 +10,7 @@ use strict;

 # see INSTALL for instructions.

-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";

 # Options:
 #
@@ -28,8 +28,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
 # no-asm        do not use assembler
-# no-dso        do not compile in any native shared-library methods. This
-#               will ensure that all methods just return NULL.
 # 386           generate 80386 code
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through 
@@ -88,13 +86,13 @@ my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:as
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined

-#config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme
+#config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj

 my %table=(
-#"b",		"${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
-#"bl-4c-2c",	"${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
-#"bl-4c-ri",	"${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
-#"b2-is-ri-dp",	"${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
+#"b",		"$tcc:$tflags::$tlib:$bits1:$tbn_mul::",
+#"bl-4c-2c",	"$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
+#"bl-4c-ri",	"$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
+#"b2-is-ri-dp",	"$tcc:$tflags::$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",

 # Our development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
@@ -102,11 +100,11 @@ my %table=(
 "debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
 "debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo",	"gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-bodo",	"gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::$x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::$x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-levitte-linux-elf","gcc:-DRL_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:::",
 "dist",		"cc:-O::(unknown):::::",

 # Basic configs that should work on any (32 and less bit) box
@@ -119,32 +117,32 @@ my %table=(
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",

 #### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o:",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn",
-"debug-solaris-sparcv9-gcc","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn",
+"debug-solaris-sparcv8-gcc","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"debug-solaris-sparcv9-gcc","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o::",

 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn",
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:::",
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn",
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
 ####
-"debug-solaris-sparcv8-cc","cc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn",
-"debug-solaris-sparcv9-cc","cc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn",
+"debug-solaris-sparcv8-cc","cc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"debug-solaris-sparcv9-cc","cc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",

 #### SPARC Linux setups
 "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
@@ -160,7 +158,7 @@ my %table=(

 # Sunos configs, assuming sparc for the gcc one.
 ##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::",
-"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
+"sunos-gcc","gcc:-O3 -mv8::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",

 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
@@ -204,34 +202,32 @@ my %table=(
 #   crypto/sha/sha_lcl.h.
 #					<appro@fy.chalmers.se>
 #
-"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
-# Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:::",

 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
 # egcs.  gcc 2.8.1 is also broken.

-"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
 # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
 # please report your OS and compiler version to the openssl-bugs@openssl.org
 # mailing list.
-"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",

-"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
 # If hpux-gcc fails, try this one:
-"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",

 # HPUX 10.X config.  Supports threads.
-"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
 # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
-"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",

-"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
 # If hpux10-gcc fails, try this one:
-"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",

 # HPUX 11.X from www.globus.org.
 # Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
@@ -270,28 +266,25 @@ my %table=(

 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf-noefence","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-linux-elf","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
 "linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
+"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",

 # UnixWare 2.0
-"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
 "unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",

 # UnixWare 7
@@ -327,12 +320,12 @@ my %table=(
 # DGUX, 88100.
 "dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
 "dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",

 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
-"sco5-cc",  "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
-"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+"sco5-cc",  "cc:::(unknown):-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...

 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
@@ -359,8 +352,8 @@ my %table=(
 # CygWin32
 # (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
 # and its library files in util/pl/*)
-"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
-"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
+"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",

 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
@@ -370,7 +363,7 @@ my %table=(

 # Some OpenBSD from Bob Beck <beck@obtuse.com>
 "OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
 "OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
 "OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",

@@ -388,7 +381,6 @@ my $install_prefix="";
 my $no_threads=0;
 my $threads=0;
 my $no_asm=0;
-my $no_dso=0;
 my @skip=();
 my $Makefile="Makefile.ssl";
 my $des_locl="crypto/des/des_locl.h";
@@ -429,15 +421,12 @@ my $target="";
 my $options="";
 foreach (@ARGV)
 	{
-	s /^-no-/no-/; # some people just can't read the instructions
 	if (/^no-asm$/)
 	 	{
 		$no_asm=1;
 		$flags .= "-DNO_ASM ";
 		$openssl_other_defines .= "#define NO_ASM\n";
 		}
-	elsif (/^no-dso$/)
-		{ $no_dso=1; }
 	elsif (/^no-threads$/)
 		{ $no_threads=1; }
 	elsif (/^threads$/)
@@ -546,39 +535,10 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
 print "IsWindows=$IsWindows\n";

 (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
- $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme)=
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
 	split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
 $cflags="$flags$cflags" if ($flags ne "");

-# The DSO code currently always implements all functions so that no
-# applications will have to worry about that from a compilation point
-# of view. However, the "method"s may return zero unless that platform
-# has support compiled in for them. Currently each method is enabled
-# by a define "DSO_<name>" ... we translate the "dso_scheme" config
-# string entry into using the following logic;
-my $dso_cflags;
-if (!$no_dso && $dso_scheme ne "")
-	{
-	$dso_scheme =~ tr/[a-z]/[A-Z]/;
-	if ($dso_scheme eq "DLFCN")
-		{
-		$dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
-		$openssl_other_defines .= "#define DSO_DLFCN\n";
-		$openssl_other_defines .= "#define HAVE_DLFCN_H\n";
-		}
-	elsif ($dso_scheme eq "DLFCN_NO_H")
-		{
-		$dso_cflags = "-DDSO_DLFCN";
-		$openssl_other_defines .= "#define DSO_DLFCN\n";
-		}
-	else
-		{
-		$dso_cflags = "-DDSO_$dso_scheme";
-		$openssl_other_defines .= "#define DSO_$dso_scheme\n";
-		}
-	$cflags = "$dso_cflags $cflags";
-	}
-
 my $thread_cflags;
 my $thread_defines;
 if ($thread_cflag ne "(unknown)" && !$no_threads)
@@ -891,13 +851,12 @@ EOF
 	### (system 'make depend') == 0 or exit $? if $depflags ne "";
 	# Run "make depend" manually if you want to be able to delete
 	# the source code files of ciphers you left out.
+	&dofile("tools/c_rehash",$openssldir,'^DIR=',	'DIR=%s',);
 	if ( $perl =~ m@^/@) {
-	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
 	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
 	    &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
 	} else {
 	    # No path for Perl known ...
-	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
 	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}	    
@@ -906,6 +865,9 @@ EOF
 print <<EOF;

 Configured for $target.
+
+NOTE: OpenSSL header files were moved from <*.h> to <openssl/*.h>;
+see file INSTALL for hints on coping with compatibility problems.
 EOF

 print <<\EOF if (!$no_threads && !$threads);
@@ -976,11 +938,12 @@ sub dofile
 		{
 		grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
 		}
-	open(OUT,">$f.new") || die "unable to open $f.new:$!\n";
+	($ff=$f) =~ s/\..*$//;
+	open(OUT,">$ff.new") || die "unable to open $f:$!\n";
 	print OUT @a;
 	close(OUT);
-	rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f;
-	rename("$f.new",$f) || die "unable to rename $f.new\n";
+	rename($f,"$ff.bak") || die "unable to rename $f\n" if -e $f;
+	rename("$ff.new",$f) || die "unable to rename $ff.new\n";
 	}

 sub print_table_entry
@@ -989,8 +952,7 @@ sub print_table_entry

 	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
 	my $bn_obj,my $des_obj,my $bf_obj,
-	$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,
-	$dso_scheme)=
+	$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
 	split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
 			
 	print <<EOF
@@ -1011,6 +973,5 @@ sub print_table_entry
 \$rc4_obj      = $rc4_obj
 \$rmd160_obj   = $rmd160_obj
 \$rc5_obj      = $rc5_obj
-\$dso_scheme   = $dso_scheme
 EOF
 	}
--- a/191
+++ b/191
@@ -9,24 +9,12 @@ OpenSSL  -  Frequently Asked Questions
 * Why do I get a "PRNG not seeded" error message?
 * Why does the linker complain about undefined symbols?
 * Where can I get a compiled version of OpenSSL?
-* I've compiled a program under Windows and it crashes: why?
-* I've called <some function> and it fails, why?
-* I just get a load of numbers for the error output, what do they mean?
-* Why do I get errors about unknown algorithms?
-* How do I create certificates or certificate requests?
-* Why can't I create certificate requests?
-* Why does <SSL program> fail with a certificate verify error?
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-* How can I create DSA certificates?
-* Why can't I make an SSL connection using a DSA certificate?
-* How can I remove the passphrase on a private key?
-* Why can't the OpenSSH configure script detect OpenSSL?


 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.5a was released on April 1st, 2000.
+OpenSSL 0.9.5 was released on February 28th, 2000.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -91,11 +79,9 @@ the popular web browsers without RSA support.

 * Is OpenSSL thread-safe?

-Yes (with limitations: an SSL connection may not concurrently be used
-by multiple threads).  On Windows and many Unix systems, OpenSSL
-automatically uses the multi-threaded versions of the standard
-libraries.  If your platform is not one of these, consult the INSTALL
-file.
+Yes.  On Windows and many Unix systems, OpenSSL automatically uses the
+multi-threaded versions of the standard libraries.  If your platform
+is not one of these, consult the INSTALL file.

 Multi-threaded applications must provide two callback functions to
 OpenSSL.  This is described in the threads(3) manpage.
@@ -114,21 +100,8 @@ OpenSSL functions that need randomness report an error if the random
 number generator has not been seeded with at least 128 bits of
 randomness.  If this error occurs, please contact the author of the
 application you are using.  It is likely that it never worked
-correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
-to perform potentially insecure encryption.
-
-On systems without /dev/urandom, it is a good idea to use the Entropy
-Gathering Demon; see the RAND_egd() manpage for details.
-
-Most components of the openssl command line tool try to use the
-file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
-for seeding the PRNG.  If this file does not exist or is too short,
-the "PRNG not seeded" error message may occur.
-
-[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
-0.9.5 does not do this and will fail on systems without /dev/urandom
-when trying to password-encrypt an RSA key!  This is a bug in the
-library; try a later version instead.]
+correctly.  OpenSSL 0.9.5 makes the error visible by refusing to
+perform potentially insecure encryption.


 * Why does the linker complain about undefined symbols?
@@ -140,18 +113,7 @@ If you used ./Configure instead of ./config, make sure that you
 selected the right target.  File formats may differ slightly between
 OS versions (for example sparcv8/sparcv9, or a.out/elf).

-In case you get errors about the following symbols, use the config
-option "no-asm", as described in INSTALL:
-
- BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
- CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
- RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
- bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
- bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
- des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
- des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
-
-If none of these helps, you may want to try using the current snapshot.
+If that doesn't help, you may want to try using the current snapshot.
 If the problem persists, please submit a bug report.


@@ -166,142 +128,3 @@ a C compiler, read the "Mingw32" section of INSTALL.W32 for information
 on how to obtain and install the free GNU C compiler.

 A number of Linux and *BSD distributions include OpenSSL.
-
-
-* I've compiled a program under Windows and it crashes: why?
-
-This is usually because you've missed the comment in INSTALL.W32. You
-must link with the multithreaded DLL version of the VC++ runtime library
-otherwise the conflict will cause a program to crash: typically on the
-first BIO related read or write operation.
-
-
-* I've called <some function> and it fails, why?
-
-Before submitting a report or asking in one of the mailing lists, you
-should try to determine the cause. In particular, you should call
-ERR_print_errors() or ERR_print_errors_fp() after the failed call
-and see if the message helps. Note that the problem may occur earlier
-than you think -- you should check for errors after every call where
-it is possible, otherwise the actual problem may be hidden because
-some OpenSSL functions clear the error state.
-
-
-* I just get a load of numbers for the error output, what do they mean?
-
-The actual format is described in the ERR_print_errors() manual page.
-You should call the function ERR_load_crypto_strings() before hand and
-the message will be output in text form. If you can't do this (for example
-it is a pre-compiled binary) you can use the errstr utility on the error
-code itself (the hex digits after the second colon).
-
-
-* Why do I get errors about unknown algorithms?
-
-This can happen under several circumstances such as reading in an
-encrypted private key or attempting to decrypt a PKCS#12 file. The cause
-is forgetting to load OpenSSL's table of algorithms with
-OpenSSL_add_all_algorithms(). See the manual page for more information.
-
-
-* How do I create certificates or certificate requests?
-
-Check out the CA.pl(1) manual page. This provides a simple wrapper round
-the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
-out the manual pages for the individual utilities and the certificate
-extensions documentation (currently in doc/openssl.txt).
-
-
-* Why can't I create certificate requests?
-
-You typically get the error:
-
-	unable to find 'distinguished_name' in config
-	problems making Certificate Request
-
-This is because it can't find the configuration file. Check out the
-DIAGNOSTICS section of req(1) for more information.
-
-
-* Why does <SSL program> fail with a certificate verify error?
-
-This problem is usually indicated by log messages saying something like
-"unable to get local issuer certificate" or "self signed certificate".
-When a certificate is verified its root CA must be "trusted" by OpenSSL
-this typically means that the CA certificate must be placed in a directory
-or file and the relevant program configured to read it. The OpenSSL program
-'verify' behaves in a similar way and issues similar error messages: check
-the verify(1) program manual page for more information.
-
-
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-
-This is almost certainly because you are using an old "export grade" browser
-which only supports weak encryption. Upgrade your browser to support 128 bit
-ciphers.
-
-
-* How can I create DSA certificates?
-
-Check the CA.pl(1) manual page for a DSA certificate example.
-
-
-* Why can't I make an SSL connection to a server using a DSA certificate?
-
-Typically you'll see a message saying there are no shared ciphers when
-the same setup works fine with an RSA certificate. There are two possible
-causes. The client may not support connections to DSA servers most web
-browsers (including Netscape and MSIE) only support connections to servers
-supporting RSA cipher suites. The other cause is that a set of DH parameters
-has not been supplied to the server. DH parameters can be created with the
-dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
-check the source to s_server in apps/s_server.c for an example.
-
-
-* How can I remove the passphrase on a private key?
-
-Firstly you should be really *really* sure you want to do this. Leaving
-a private key unencrypted is a major security risk. If you decide that
-you do have to do this check the EXAMPLES sections of the rsa(1) and
-dsa(1) manual pages.
-
-
-* Why can't the OpenSSH configure script detect OpenSSL?
-
-There is a problem with OpenSSH 1.2.2p1, in that the configure script
-can't find the installed OpenSSL libraries.  The problem is actually
-a small glitch that is easily solved with the following patch to be
-applied to the OpenSSH distribution:
-
----- snip:start -----
--- openssh-1.2.2p1/configure.in.orig	Thu Mar 23 18:56:58 2000
-+++ openssh-1.2.2p1/configure.in	Thu Mar 23 18:55:05 2000
-@@ -152,10 +152,10 @@
- AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
- for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
- 	if test ! -z "$ssldir" ; then
-		LIBS="$saved_LIBS -L$ssldir"
-+		LIBS="$saved_LIBS -L$ssldir/lib"
- 		CFLAGS="$CFLAGS -I$ssldir/include"
- 		if test "x$need_dash_r" = "x1" ; then
-			LIBS="$LIBS -R$ssldir"
-+			LIBS="$LIBS -R$ssldir/lib"
- 		fi
- 	fi
- 	LIBS="$LIBS -lcrypto"
--- openssh-1.2.2p1/configure.orig	Thu Mar 23 18:55:02 2000
-+++ openssh-1.2.2p1/configure	Thu Mar 23 18:57:08 2000
-@@ -1890,10 +1890,10 @@
- echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5
- for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
- 	if test ! -z "$ssldir" ; then
-		LIBS="$saved_LIBS -L$ssldir"
-+		LIBS="$saved_LIBS -L$ssldir/lib"
- 		CFLAGS="$CFLAGS -I$ssldir/include"
- 		if test "x$need_dash_r" = "x1" ; then
-			LIBS="$LIBS -R$ssldir"
-+			LIBS="$LIBS -R$ssldir/lib"
- 		fi
- 	fi
- 	LIBS="$LIBS -lcrypto"
----- snip:end -----
--- a/7
+++ b/7
@@ -2,8 +2,8 @@
 INSTALLATION ON THE UNIX PLATFORM
 ---------------------------------

- [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
-  in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
+ [See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
+  and INSTALL.VMS for installing on OpenVMS systems.]

 To install OpenSSL, you will need:

@@ -33,8 +33,7 @@
 Configuration Options
 ---------------------

- There are several options to ./config (or ./Configure) to customize
- the build:
+ There are several options to ./config to customize the build:

  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
 	        Configuration files used by OpenSSL will be in DIR/ssl
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -116,12 +116,10 @@

 * Compile OpenSSL:

-   > ms\mingw32
+   > perl Configure Mingw32
+   > ms\mw.bat

-   This will create the library and binaries in out. In case any problems
-   occur, try
-   > ms\mingw32 no-asm
-   instead.
+   This will create the library and binaries in out.

   libcrypto.a and libssl.a are the static libraries. To use the DLLs,
   link with libeay32.a and libssl32.a instead.
--- a/MacOS/GetHTTPS.src/GetHTTPS.cpp
+++ b/MacOS/GetHTTPS.src/GetHTTPS.cpp
@@ -19,7 +19,6 @@
 *				are installed!  Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
 */
 /* modified to seed the PRNG */
-/* modified to use CRandomizer for seeding */


 //	Include some funky libs I've developed over time
@@ -27,13 +26,14 @@
 #include "CPStringUtils.hpp"
 #include "ErrorHandling.hpp"
 #include "MacSocket.h"
-#include "Randomizer.h"
+

 //	We use the OpenSSL implementation of SSL....
 //	This was a lot of work to finally get going, though you wouldn't know it by the results!

 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <openssl/rand.h>

 #include <timer.h>

@@ -48,6 +48,10 @@

 OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr);

+
+
+
+
 //	My idle-wait callback.  Doesn't do much, does it?  Silly cooperative multitasking.

 OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
@@ -55,33 +59,31 @@ OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
 #pragma unused(inUserRefPtr)

 EventRecord		theEvent;
+
 	::EventAvail(everyEvent,&theEvent);
-	
-	CRandomizer *randomizer = (CRandomizer*)inUserRefPtr;
-	if (randomizer)
-		randomizer->PeriodicAction();

 	return(noErr);
 }


+
 //	Finally!

 void main(void)
 {
-	OSErr				errCode;
-	int					theSocket = -1;
-	int					theTimeout = 30;
+OSErr				errCode;
+int					theSocket = -1;
+int					theTimeout = 30;

-	SSL_CTX				*ssl_ctx = nil;
-	SSL					*ssl = nil;
+SSL_CTX				*ssl_ctx = nil;
+SSL					*ssl = nil;

-	char				tempString[256];
-	UnsignedWide		microTickCount;
-
-
-	CRandomizer randomizer;
+char				tempString[256];
+UnsignedWide		microTickCount;
 	
+#warning   -- USE A TRUE RANDOM SEED, AND ADD ENTROPY WHENEVER POSSIBLE. --
+const char seed[] = "uyq9,7-b(VHGT^%$&^F/,876;,;./lkJHGFUY{PO*";	// Just gobbledygook
+
 	printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
 	
 	BailIfError(errCode = MacSocket_Startup());
@@ -90,7 +92,7 @@ void main(void)

 	//	Create a socket-like object
 	
-	BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,&randomizer));
+	BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,nil));

 	
 	//	Set up the connect string and try to connect
@@ -116,6 +118,10 @@ void main(void)
 //	ssl_ctx = SSL_CTX_new(SSLv3_client_method());
 			

+	RAND_seed (seed, sizeof (seed));
+	Microseconds (&microTickCount);
+	RAND_add (&microTickCount, sizeof (microTickCount), 0);		// Entropy is actually > 0, needs an estimate
+
 	//	Create an SSL thingey and try to negotiate the connection
 	
 	ssl = SSL_new(ssl_ctx);
--- a/MacOS/OpenSSL.mcp.hqx
+++ b/MacOS/OpenSSL.mcp.hqx
--- a/MacOS/Randomizer.cpp
+++ b/MacOS/Randomizer.cpp
@@ -1,476 +0,0 @@
-/* 
------- Strong random data generation on a Macintosh (pre - OS X) ------
-		
--	GENERAL: We aim to generate unpredictable bits without explicit
-	user interaction. A general review of the problem may be found
-	in RFC 1750, "Randomness Recommendations for Security", and some
-	more discussion, of general and Mac-specific issues has appeared
-	in "Using and Creating Cryptographic- Quality Random Numbers" by
-	Jon Callas (www.merrymeet.com/jon/usingrandom.html).
-
-	The data and entropy estimates provided below are based on my
-	limited experimentation and estimates, rather than by any
-	rigorous study, and the entropy estimates tend to be optimistic.
-	They should not be considered absolute.
-
-	Some of the information being collected may be correlated in
-	subtle ways. That includes mouse positions, timings, and disk
-	size measurements. Some obvious correlations will be eliminated
-	by the programmer, but other, weaker ones may remain. The
-	reliability of the code depends on such correlations being
-	poorly understood, both by us and by potential interceptors.
-
-	This package has been planned to be used with OpenSSL, v. 0.9.5.
-	It requires the OpenSSL function RAND_add. 
-
--	OTHER WORK: Some source code and other details have been
-	published elsewhere, but I haven't found any to be satisfactory
-	for the Mac per se:
-
-	* The Linux random number generator (by Theodore Ts'o, in
-	  drivers/char/random.c), is a carefully designed open-source
-	  crypto random number package. It collects data from a variety
-	  of sources, including mouse, keyboard and other interrupts.
-	  One nice feature is that it explicitly estimates the entropy
-	  of the data it collects. Some of its features (e.g. interrupt
-	  timing) cannot be reliably exported to the Mac without using
-	  undocumented APIs.
-
-	* Truerand by Don P. Mitchell and Matt Blaze uses variations
-	  between different timing mechanisms on the same system. This
-	  has not been tested on the Mac, but requires preemptive
-	  multitasking, and is hardware-dependent, and can't be relied
-	  on to work well if only one oscillator is present.
-
-	* Cryptlib's RNG for the Mac (RNDMAC.C by Peter Gutmann),
-	  gathers a lot of information about the machine and system
-	  environment. Unfortunately, much of it is constant from one
-	  startup to the next. In other words, the random seed could be
-	  the same from one day to the next. Some of the APIs are
-	  hardware-dependent, and not all are compatible with Carbon (OS
-	  X). Incidentally, the EGD library is based on the UNIX entropy
-	  gathering methods in cryptlib, and isn't suitable for MacOS
-	  either.
-
-	* Mozilla (and perhaps earlier versions of Netscape) uses the
-	  time of day (in seconds) and an uninitialized local variable
-	  to seed the random number generator. The time of day is known
-	  to an outside interceptor (to within the accuracy of the
-	  system clock). The uninitialized variable could easily be
-	  identical between subsequent launches of an application, if it
-	  is reached through the same path.
-
-	* OpenSSL provides the function RAND_screen(), by G. van
-	  Oosten, which hashes the contents of the screen to generate a
-	  seed. This is not useful for an extension or for an
-	  application which launches at startup time, since the screen
-	  is likely to look identical from one launch to the next. This
-	  method is also rather slow.
-
-	* Using variations in disk drive seek times has been proposed
-	  (Davis, Ihaka and Fenstermacher, world.std.com/~dtd/;
-	  Jakobsson, Shriver, Hillyer and Juels,
-	  www.bell-labs.com/user/shriver/random.html). These variations
-	  appear to be due to air turbulence inside the disk drive
-	  mechanism, and are very strongly unpredictable. Unfortunately
-	  this technique is slow, and some implementations of it may be
-	  patented (see Shriver's page above.) It of course cannot be
-	  used with a RAM disk.
-
--	TIMING: On the 601 PowerPC the time base register is guaranteed
-	to change at least once every 10 addi instructions, i.e. 10
-	cycles. On a 60 MHz machine (slowest PowerPC) this translates to
-	a resolution of 1/6 usec. Newer machines seem to be using a 10
-	cycle resolution as well.
-	
-	For 68K Macs, the Microseconds() call may be used. See Develop
-	issue 29 on the Apple developer site
-	(developer.apple.com/dev/techsupport/develop/issue29/minow.html)
-	for information on its accuracy and resolution. The code below
-	has been tested only on PowerPC based machines.
-
-	The time from machine startup to the launch of an application in
-	the startup folder has a variance of about 1.6 msec on a new G4
-	machine with a defragmented and optimized disk, most extensions
-	off and no icons on the desktop. This can be reasonably taken as
-	a lower bound on the variance. Most of this variation is likely
-	due to disk seek time variability. The distribution of startup
-	times is probably not entirely even or uncorrelated. This needs
-	to be investigated, but I am guessing that it not a majpor
-	problem. Entropy = log2 (1600/0.166) ~= 13 bits on a 60 MHz
-	machine, ~16 bits for a 450 MHz machine.
-
-	User-launched application startup times will have a variance of
-	a second or more relative to machine startup time. Entropy >~22
-	bits.
-
-	Machine startup time is available with a 1-second resolution. It
-	is predictable to no better a minute or two, in the case of
-	people who show up punctually to work at the same time and
-	immediately start their computer. Using the scheduled startup
-	feature (when available) will cause the machine to start up at
-	the same time every day, making the value predictable. Entropy
-	>~7 bits, or 0 bits with scheduled startup.
-
-	The time of day is of course known to an outsider and thus has 0
-	entropy if the system clock is regularly calibrated.
-
--	KEY TIMING: A  very fast typist (120 wpm) will have a typical
-	inter-key timing interval of 100 msec. We can assume a variance
-	of no less than 2 msec -- maybe. Do good typists have a constant
-	rhythm, like drummers? Since what we measure is not the
-	key-generated interrupt but the time at which the key event was
-	taken off the event queue, our resolution is roughly the time
-	between process switches, at best 1 tick (17 msec). I  therefore
-	consider this technique questionable and not very useful for
-	obtaining high entropy data on the Mac.
-
--	MOUSE POSITION AND TIMING: The high bits of the mouse position
-	are far from arbitrary, since the mouse tends to stay in a few
-	limited areas of the screen. I am guessing that the position of
-	the mouse is arbitrary within a 6 pixel square. Since the mouse
-	stays still for long periods of time, it should be sampled only
-	after it was moved, to avoid correlated data. This gives an
-	entropy of log2(6*6) ~= 5 bits per measurement.
-
-	The time during which the mouse stays still can vary from zero
-	to, say, 5 seconds (occasionally longer). If the still time is
-	measured by sampling the mouse during null events, and null
-	events are received once per tick, its resolution is 1/60th of a
-	second, giving an entropy of log2 (60*5) ~= 8 bits per
-	measurement. Since the distribution of still times is uneven,
-	this estimate is on the high side.
-
-	For simplicity and compatibility across system versions, the
-	mouse is to be sampled explicitly (e.g. in the event loop),
-	rather than in a time manager task.
-
--	STARTUP DISK TOTAL FILE SIZE: Varies typically by at least 20k
-	from one startup to the next, with 'minimal' computer use. Won't
-	vary at all if machine is started again immediately after
-	startup (unless virtual memory is on), but any application which
-	uses the web and caches information to disk is likely to cause
-	this much variation or more. The variation is probably not
-	random, but I don't know in what way. File sizes tend to be
-	divisible by 4 bytes since file format fields are often
-	long-aligned. Entropy > log2 (20000/4) ~= 12 bits.
-	
--	STARTUP DISK FIRST AVAILABLE ALLOCATION BLOCK: As the volume
-	gets fragmented this could be anywhere in principle. In a
-	perfectly unfragmented volume this will be strongly correlated
-	with the total file size on the disk. With more fragmentation
-	comes less certainty. I took the variation in this value to be
-	1/8 of the total file size on the volume.
-
--	SYSTEM REQUIREMENTS: The code here requires System 7.0 and above
-	(for Gestalt and Microseconds calls). All the calls used are
-	Carbon-compatible.
-*/
-
-/*------------------------------ Includes ----------------------------*/
-
-#include "Randomizer.h"
-
-// Mac OS API
-#include <Files.h>
-#include <Folders.h>
-#include <Events.h>
-#include <Processes.h>
-#include <Gestalt.h>
-#include <Resources.h>
-#include <LowMem.h>
-
-// Standard C library
-#include <stdlib.h>
-#include <math.h>
-
-/*---------------------- Function declarations -----------------------*/
-
-// declared in OpenSSL/crypto/rand/rand.h
-extern "C" void RAND_add (const void *buf, int num, double entropy);
-
-unsigned long GetPPCTimer (bool is601);	// Make it global if needed
-					// elsewhere
-
-/*---------------------------- Constants -----------------------------*/
-
-#define kMouseResolution 6		// Mouse position has to differ
-					// from the last one by this
-					// much to be entered
-#define kMousePositionEntropy 5.16	// log2 (kMouseResolution**2)
-#define kTypicalMouseIdleTicks 300.0	// I am guessing that a typical
-					// amount of time between mouse
-					// moves is 5 seconds
-#define kVolumeBytesEntropy 12.0	// about log2 (20000/4),
-					// assuming a variation of 20K
-					// in total file size and
-					// long-aligned file formats.
-#define kApplicationUpTimeEntropy 6.0	// Variance > 1 second, uptime
-					// in ticks  
-#define kSysStartupEntropy 7.0		// Entropy for machine startup
-					// time
-
-
-/*------------------------ Function definitions ----------------------*/
-
-CRandomizer::CRandomizer (void)
-{
-	long	result;
-	
-	mSupportsLargeVolumes =
-		(Gestalt(gestaltFSAttr, &result) == noErr) &&
-		((result & (1L << gestaltFSSupports2TBVols)) != 0);
-	
-	if (Gestalt (gestaltNativeCPUtype, &result) != noErr)
-	{
-		mIsPowerPC = false;
-		mIs601 = false;
-	}
-	else
-	{
-		mIs601 = (result == gestaltCPU601);
-		mIsPowerPC = (result >= gestaltCPU601);
-	}
-	mLastMouse.h = mLastMouse.v = -10;	// First mouse will
-						// always be recorded
-	mLastPeriodicTicks = TickCount();
-	GetTimeBaseResolution ();
-	
-	// Add initial entropy
-	AddTimeSinceMachineStartup ();
-	AddAbsoluteSystemStartupTime ();
-	AddStartupVolumeInfo ();
-	AddFiller ();
-}
-
-void CRandomizer::PeriodicAction (void)
-{
-	AddCurrentMouse ();
-	AddNow (0.0);	// Should have a better entropy estimate here
-	mLastPeriodicTicks = TickCount();
-}
-
-/*------------------------- Private Methods --------------------------*/
-
-void CRandomizer::AddCurrentMouse (void)
-{
-	Point mouseLoc;
-	unsigned long lastCheck;	// Ticks since mouse was last
-					// sampled
-
-#if TARGET_API_MAC_CARBON
-	GetGlobalMouse (&mouseLoc);
-#else
-	mouseLoc = LMGetMouseLocation();
-#endif
-	
-	if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
-	    labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
-		AddBytes (&mouseLoc, sizeof (mouseLoc),
-				kMousePositionEntropy);
-	
-	if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
-		mMouseStill ++;
-	else
-	{
-		double entropy;
-		
-		// Mouse has moved. Add the number of measurements for
-		// which it's been still. If the resolution is too
-		// coarse, assume the entropy is 0.
-
-		lastCheck = TickCount() - mLastPeriodicTicks;
-		if (lastCheck <= 0)
-			lastCheck = 1;
-		entropy = log2l
-			(kTypicalMouseIdleTicks/(double)lastCheck);
-		if (entropy < 0.0)
-			entropy = 0.0;
-		AddBytes (&mMouseStill, sizeof (mMouseStill), entropy);
-		mMouseStill = 0;
-	}
-	mLastMouse = mouseLoc;
-}
-
-void CRandomizer::AddAbsoluteSystemStartupTime (void)
-{
-	unsigned long	now;		// Time in seconds since
-					// 1/1/1904
-	GetDateTime (&now);
-	now -= TickCount() / 60;	// Time in ticks since machine
-					// startup
-	AddBytes (&now, sizeof (now), kSysStartupEntropy);
-}
-
-void CRandomizer::AddTimeSinceMachineStartup (void)
-{
-	AddNow (1.5);			// Uncertainty in app startup
-					// time is > 1.5 msec (for
-					// automated app startup).
-}
-
-void CRandomizer::AddAppRunningTime (void)
-{
-	ProcessSerialNumber PSN;
-	ProcessInfoRec		ProcessInfo;
-	
-	ProcessInfo.processInfoLength = sizeof (ProcessInfoRec);
-	ProcessInfo.processName = nil;
-	ProcessInfo.processAppSpec = nil;
-	
-	GetCurrentProcess (&PSN);
-	GetProcessInformation (&PSN, &ProcessInfo);
-
-	// Now add the amount of time in ticks that the current process
-	// has been active
-
-	AddBytes (&ProcessInfo, sizeof (ProcessInfoRec),
-			kApplicationUpTimeEntropy);
-}
-
-void CRandomizer::AddStartupVolumeInfo (void)
-{
-	short			vRefNum;
-	long			dirID;
-	XVolumeParam	pb;
-	OSErr			err;
-	
-	if (!mSupportsLargeVolumes)
-		return;
-		
-	FindFolder (kOnSystemDisk, kSystemFolderType, kDontCreateFolder,
-			&vRefNum, &dirID);
-	pb.ioVRefNum = vRefNum;
-	pb.ioCompletion = 0;
-	pb.ioNamePtr = 0;
-	pb.ioVolIndex = 0;
-	err = PBXGetVolInfoSync (&pb);
-	if (err != noErr)
-		return;
-		
-	// Base the entropy on the amount of space used on the disk and
-	// on the next available allocation block. A lot else might be
-	// unpredictable, so might as well toss the whole block in. See
-	// comments for entropy estimate justifications.
-
-	AddBytes (&pb, sizeof (pb),
-		kVolumeBytesEntropy +
-		log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
-				* 4294967296.0D +
-			(pb.ioVTotalBytes.lo - pb.ioVFreeBytes.lo))
-				/ pb.ioVAlBlkSiz - 3.0));
-}
-
-/*
-	On a typical startup CRandomizer will come up with about 60
-	bits of good, unpredictable data. Assuming no more input will
-	be available, we'll need some more lower-quality data to give
-	OpenSSL the 128 bits of entropy it desires. AddFiller adds some
-	relatively predictable data into the soup.
-*/
-
-void CRandomizer::AddFiller (void)
-{
-	struct
-	{
-		ProcessSerialNumber psn;	// Front process serial
-						// number
-		RGBColor	hiliteRGBValue;	// User-selected
-						// highlight color
-		long		processCount;	// Number of active
-						// processes
-		long		cpuSpeed;	// Processor speed
-		long		totalMemory;	// Total logical memory
-						// (incl. virtual one)
-		long		systemVersion;	// OS version
-		short		resFile;	// Current resource file
-	} data;
-	
-	GetNextProcess ((ProcessSerialNumber*) kNoProcess);
-	while (GetNextProcess (&data.psn) == noErr)
-		data.processCount++;
-	GetFrontProcess (&data.psn);
-	LMGetHiliteRGB (&data.hiliteRGBValue);
-	Gestalt (gestaltProcClkSpeed, &data.cpuSpeed);
-	Gestalt (gestaltLogicalRAMSize, &data.totalMemory);
-	Gestalt (gestaltSystemVersion, &data.systemVersion);
-	data.resFile = CurResFile ();
-	
-	// Here we pretend to feed the PRNG completely random data. This
-	// is of course false, as much of the above data is predictable
-	// by an outsider. At this point we don't have any more
-	// randomness to add, but with OpenSSL we must have a 128 bit
-	// seed before we can start. We just add what we can, without a
-	// real entropy estimate, and hope for the best.
-
-	AddBytes (&data, sizeof(data), 8.0 * sizeof(data));
-	AddCurrentMouse ();
-	AddNow (1.0);
-}
-
-//-------------------  LOW LEVEL ---------------------
-
-void CRandomizer::AddBytes (void *data, long size, double entropy)
-{
-	RAND_add (data, size, entropy * 0.125);	// Convert entropy bits
-						// to bytes
-}
-
-void CRandomizer::AddNow (double millisecondUncertainty)
-{
-	long time = SysTimer();
-	AddBytes (&time, sizeof (time), log2l (millisecondUncertainty *
-			mTimebaseTicksPerMillisec));
-}
-
-//----------------- TIMING SUPPORT ------------------
-
-void CRandomizer::GetTimeBaseResolution (void)
-{	
-#ifdef __powerc
-	long speed;
-	
-	// gestaltProcClkSpeed available on System 7.5.2 and above
-	if (Gestalt (gestaltProcClkSpeed, &speed) != noErr)
-		// Only PowerPCs running pre-7.5.2 are 60-80 MHz
-		// machines.
-		mTimebaseTicksPerMillisec =  6000.0D;
-	// Assume 10 cycles per clock update, as in 601 spec. Seems true
-	// for later chips as well.
-	mTimebaseTicksPerMillisec = speed / 1.0e4D;
-#else
-	// 68K VIA-based machines (see Develop Magazine no. 29)
-	mTimebaseTicksPerMillisec = 783.360D;
-#endif
-}
-
-unsigned long CRandomizer::SysTimer (void)	// returns the lower 32
-						// bit of the chip timer
-{
-#ifdef __powerc
-	return GetPPCTimer (mIs601);
-#else
-	UnsignedWide usec;
-	Microseconds (&usec);
-	return usec.lo;
-#endif
-}
-
-#ifdef __powerc
-// The timebase is available through mfspr on 601, mftb on later chips.
-// Motorola recommends that an 601 implementation map mftb to mfspr
-// through an exception, but I haven't tested to see if MacOS actually
-// does this. We only sample the lower 32 bits of the timer (i.e. a
-// few minutes of resolution)
-
-asm unsigned long GetPPCTimer (register bool is601)
-{
-	cmplwi	is601, 0	// Check if 601
-	bne	_601		// if non-zero goto _601
-	mftb  	r3		// Available on 603 and later.
-	blr			// return with result in r3
-_601:
-	mfspr r3, spr5  	// Available on 601 only.
-				// blr inserted automatically
-}
-#endif
--- a/MacOS/Randomizer.h
+++ b/MacOS/Randomizer.h
@@ -1,43 +0,0 @@
-
-//	Gathers unpredictable system data to be used for generating
-//	random bits
-
-#include <MacTypes.h>
-
-class CRandomizer
-{
-public:
-	CRandomizer (void);
-	void PeriodicAction (void);
-	
-private:
-
-	// Private calls
-
-	void		AddTimeSinceMachineStartup (void);
-	void		AddAbsoluteSystemStartupTime (void);
-	void		AddAppRunningTime (void);
-	void		AddStartupVolumeInfo (void);
-	void		AddFiller (void);
-
-	void		AddCurrentMouse (void);
-	void		AddNow (double millisecondUncertainty);
-	void		AddBytes (void *data, long size, double entropy);
-	
-	void		GetTimeBaseResolution (void);
-	unsigned long	SysTimer (void);
-
-	// System Info	
-	bool		mSupportsLargeVolumes;
-	bool		mIsPowerPC;
-	bool		mIs601;
-	
-	// Time info
-	double		mTimebaseTicksPerMillisec;
-	unsigned long	mLastPeriodicTicks;
-	
-	// Mouse info
-	long		mSamplePeriod;
-	Point		mLastMouse;
-	long		mMouseStill;
-};
--- a/Makefile.org
+++ b/Makefile.org
@@ -28,6 +28,8 @@ OPENSSLDIR=/usr/local/ssl
 # DEVRANDOM - Give this the value of the 'random device' if your OS supports
 #           one.  32 bytes will be read from this when the random
 #           number generator is initalised.
+# SSL_ALLOW_ADH - define if you want the server to be able to use the
+#           SSLv3 anon-DH ciphers.
 # SSL_FORBID_ENULL - define if you want the server to be not able to use the
 #           NULL encryption ciphers.
 #
@@ -149,7 +151,7 @@ SHLIBDIRS= crypto ssl
 SDIRS=  \
 	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso \
+	bn rsa dsa dh \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

@@ -262,7 +264,7 @@ dclean:

 rehash: rehash.time
 rehash.time: certs
-	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
+	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
 	touch rehash.time

 test:   tests
@@ -366,28 +368,21 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man7
 	@echo installing man 1 and man 5
 	@for i in doc/apps/*.pod; do \
+		(cd `dirname $$i`; \
 		fn=`basename $$i .pod`; \
 		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
-		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
-			 --release=$(VERSION) `basename $$i`) \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+			 --release=$(VERSION) `basename $$i` \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \
 	done
 	@echo installing man 3 and man 7
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+		(cd `dirname $$i`; \
 		fn=`basename $$i .pod`; \
 		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
-		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`) \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+			--release=$(VERSION) `basename $$i` \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \
 	done

-shlib: all
-	if [ ! -d shlib_dir ] ; then mkdir shlib_dir ; else rm -f shlib_dir/* ; fi
-	cd shlib_dir ; ar -x ../libcrypto.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libcrypto.so.0.9 \
-            -o ./libcrypto.so.0.9.4 && rm *.o
-	cd shlib_dir ; ar -x ../libssl.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libssl.so.0.9 \
-            -o ./libssl.so.0.9.4 && rm *.o
-
 # DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/9
+++ b/9
@@ -5,15 +5,6 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
-
-      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
-      o Shared library support for HPUX and Solaris-gcc
-      o Support of Linux/IA64
-      o Assembler support for Mingw32
-      o New 'rand' application
-      o New way to check for existence of algorithms from scripts
-
  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:

      o S/MIME support in new 'smime' command
--- a/9
+++ b/9
@@ -1,5 +1,5 @@

- OpenSSL 0.9.5a  1 Apr 2000
+ OpenSSL 0.9.5  28 Feb 2000

 Copyright (c) 1998-2000 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -11,10 +11,9 @@
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
 Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
- protocols as well as a full-strength general purpose cryptography library.
- The project is managed by a worldwide community of volunteers that use the
- Internet to communicate, plan, and develop the OpenSSL toolkit and its
- related documentation. 
+ protocols with full-strength cryptography world-wide. The project is managed
+ by a worldwide community of volunteers that use the Internet to communicate,
+ plan, and develop the OpenSSL toolkit and its related documentation. 

 OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
 and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
--- a/9
+++ b/9
@@ -1,11 +1,9 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2000/04/14 23:35:50 $
+  ______________                           $Date: 2000/02/28 11:59:02 $

  DEVELOPMENT STATE

-    o  OpenSSL 0.9.6:  Under development...
-    o  OpenSSL 0.9.5a: Released on April     1st, 2000
    o  OpenSSL 0.9.5:  Released on February 28th, 2000
    o  OpenSSL 0.9.4:  Released on August   09th, 1999
    o  OpenSSL 0.9.3a: Released on May      29th, 1999
@@ -17,6 +15,7 @@

  AVAILABLE PATCHES

+    o shared libraries <behnke@trustcenter.de>
    o CA.pl patch (Damien Miller)

  IN PROGRESS
@@ -89,6 +88,10 @@
      use a key length decided by the size of the RSA encrypted key and expect
      RC2 to adapt).

+    o ERR_error_string(..., buf) does not know how large buf is,
+      there should be ERR_error_string_n(..., buf, bufsize)
+      or similar.
+
  WISHES

    o 
--- a/234
+++ b/234
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -38,7 +38,7 @@ E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa dsa dsaparam \
 	x509 genrsa gendsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
-	pkcs8 spkac smime rand
+	pkcs8 spkac smime

 PROGS= $(PROGRAM).c

@@ -54,14 +54,18 @@ E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
 	rsa.o dsa.o dsaparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
-	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o
+	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o
+
+#	pem_mail.o

 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c dsa.c dsaparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
-	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c
+	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c
+
+#	pem_mail.c

 SRC=$(E_SRC)

@@ -135,7 +139,7 @@ $(DLIBCRYPTO):
 $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(PROGRAM)
 	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
-	@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
+	@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)

 progs.h: progs.pl
 	$(PERL) progs.pl $(E_EXE) >progs.h
@@ -197,20 +201,20 @@ ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
-ca.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ca.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ca.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ca.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h
+ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ca.o: ../include/openssl/x509v3.h apps.h
 ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -237,19 +241,19 @@ crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 crl.o: ../include/openssl/des.h ../include/openssl/dh.h
 crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-crl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-crl.o: ../include/openssl/err.h ../include/openssl/evp.h
-crl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-crl.o: ../include/openssl/md2.h ../include/openssl/md5.h
-crl.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-crl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-crl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-crl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-crl.o: ../include/openssl/stack.h ../include/openssl/x509.h
-crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h
 crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -448,22 +452,21 @@ openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 openssl.o: ../include/openssl/des.h ../include/openssl/dh.h
 openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-openssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-openssl.o: ../include/openssl/md2.h ../include/openssl/md5.h
-openssl.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-openssl.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-openssl.o: progs.h s_apps.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
 passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -534,42 +537,25 @@ pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs8.o: ../include/openssl/stack.h ../include/openssl/x509.h
 pkcs8.o: ../include/openssl/x509_vfy.h apps.h
-rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
-rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rand.o: ../include/openssl/err.h ../include/openssl/evp.h
-rand.o: ../include/openssl/idea.h ../include/openssl/md2.h
-rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rand.o: ../include/openssl/stack.h ../include/openssl/x509.h
-rand.o: ../include/openssl/x509_vfy.h apps.h
 req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 req.o: ../include/openssl/des.h ../include/openssl/dh.h
 req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-req.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-req.o: ../include/openssl/err.h ../include/openssl/evp.h
-req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-req.o: ../include/openssl/md2.h ../include/openssl/md5.h
-req.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-req.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-req.o: ../include/openssl/stack.h ../include/openssl/x509.h
-req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+req.o: ../include/openssl/x509v3.h apps.h
 rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -748,41 +734,39 @@ speed.o: ./testrsa.h apps.h
 spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
-spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+spkac.o: ../include/openssl/crypto.h ../include/openssl/des.h
+spkac.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 spkac.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
 spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
-spkac.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-spkac.o: ../include/openssl/md2.h ../include/openssl/md5.h
-spkac.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-spkac.o: ../include/openssl/stack.h ../include/openssl/x509.h
-spkac.o: ../include/openssl/x509_vfy.h apps.h
+spkac.o: ../include/openssl/idea.h ../include/openssl/md2.h
+spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
+spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 verify.o: ../include/openssl/des.h ../include/openssl/dh.h
 verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-verify.o: ../include/openssl/err.h ../include/openssl/evp.h
-verify.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-verify.o: ../include/openssl/md2.h ../include/openssl/md5.h
-verify.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-verify.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-verify.o: ../include/openssl/stack.h ../include/openssl/x509.h
-verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify.o: ../include/openssl/x509v3.h apps.h
 version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -805,16 +789,16 @@ x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 x509.o: ../include/openssl/des.h ../include/openssl/dh.h
 x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-x509.o: ../include/openssl/err.h ../include/openssl/evp.h
-x509.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-x509.o: ../include/openssl/md2.h ../include/openssl/md5.h
-x509.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
-x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-x509.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-x509.o: ../include/openssl/stack.h ../include/openssl/x509.h
-x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -109,9 +109,7 @@
 *
 */

-#define NON_MAIN
 #include "apps.h"
-#undef NON_MAIN
 #include <openssl/bio.h>
 #include <openssl/rand.h>

@@ -164,7 +162,7 @@ long app_RAND_load_files(char *name)
 	char *p,*n;
 	int last;
 	long tot=0;
-	int egd;
+    int egd;
 	
 	for (;;)
 		{
@@ -176,9 +174,9 @@ long app_RAND_load_files(char *name)
 		name=p+1;
 		if (*n == '\0') break;

-		egd=RAND_egd(n);
+        egd=RAND_egd(n);
 		if (egd > 0) tot+=egd;
-		tot+=RAND_load_file(n,-1);
+		tot+=RAND_load_file(n,1024L*1024L);
 		if (last) break;
 		}
 	if (tot > 512)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -263,7 +263,7 @@ int MAIN(int argc, char **argv)
 	long l;
 	const EVP_MD *dgst=NULL;
 	STACK_OF(CONF_VALUE) *attribs=NULL;
-	STACK_OF(X509) *cert_sk=NULL;
+	STACK *cert_sk=NULL;
 	BIO *hex=NULL;
 #undef BSIZE
 #define BSIZE 256
@@ -817,7 +817,7 @@ bad:
 			goto err;
 			}

-		if ((cert_sk=sk_X509_new_null()) == NULL)
+		if ((cert_sk=sk_new_null()) == NULL)
 			{
 			BIO_printf(bio_err,"Malloc failure\n");
 			goto err;
@@ -834,7 +834,7 @@ bad:
 				total_done++;
 				BIO_printf(bio_err,"\n");
 				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_X509_push(cert_sk,x))
+				if (!sk_push(cert_sk,(char *)x))
 					{
 					BIO_printf(bio_err,"Malloc failure\n");
 					goto err;
@@ -858,7 +858,7 @@ bad:
 				total_done++;
 				BIO_printf(bio_err,"\n");
 				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_X509_push(cert_sk,x))
+				if (!sk_push(cert_sk,(char *)x))
 					{
 					BIO_printf(bio_err,"Malloc failure\n");
 					goto err;
@@ -877,7 +877,7 @@ bad:
 				total_done++;
 				BIO_printf(bio_err,"\n");
 				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_X509_push(cert_sk,x))
+				if (!sk_push(cert_sk,(char *)x))
 					{
 					BIO_printf(bio_err,"Malloc failure\n");
 					goto err;
@@ -896,7 +896,7 @@ bad:
 				total_done++;
 				BIO_printf(bio_err,"\n");
 				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_X509_push(cert_sk,x))
+				if (!sk_push(cert_sk,(char *)x))
 					{
 					BIO_printf(bio_err,"Malloc failure\n");
 					goto err;
@@ -907,7 +907,7 @@ bad:
 		 * and a data base and serial number that need
 		 * updating */

-		if (sk_X509_num(cert_sk) > 0)
+		if (sk_num(cert_sk) > 0)
 			{
 			if (!batch)
 				{
@@ -923,7 +923,7 @@ bad:
 					}
 				}

-			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
+			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk));

 			strncpy(buf[0],serialfile,BSIZE-4);

@@ -955,12 +955,12 @@ bad:
 	
 		if (verbose)
 			BIO_printf(bio_err,"writing new certificates\n");
-		for (i=0; i<sk_X509_num(cert_sk); i++)
+		for (i=0; i<sk_num(cert_sk); i++)
 			{
 			int k;
 			unsigned char *n;

-			x=sk_X509_value(cert_sk,i);
+			x=(X509 *)sk_value(cert_sk,i);

 			j=x->cert_info->serialNumber->length;
 			p=(char *)x->cert_info->serialNumber->data;
@@ -999,7 +999,7 @@ bad:
 			write_new_certificate(Sout,x, output_der, notext);
 			}

-		if (sk_X509_num(cert_sk))
+		if (sk_num(cert_sk))
 			{
 			/* Rename the database and the serial file */
 			strncpy(buf[2],serialfile,BSIZE-4);
@@ -1233,7 +1233,7 @@ err:
 	BIO_free(out);
 	BIO_free(in);

-	sk_X509_pop_free(cert_sk,X509_free);
+	sk_pop_free(cert_sk,X509_free);

 	if (ret) ERR_print_errors(bio_err);
 	app_RAND_write_file(randfile, bio_err);
@@ -1662,7 +1662,7 @@ again2:
 					}
 				if (j < 0)
 					{
-					BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data));
+					BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str == NULL)?"NULL":(char *)str->data),((str2 == NULL)?"NULL":(char *)str2->data));
 					goto err;
 					}
 				}
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -74,7 +74,6 @@ static char *ciphers_usage[]={
 " -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
 " -ssl2       - SSL2 mode\n",
 " -ssl3       - SSL3 mode\n",
-" -tls1       - TLS1 mode\n",
 NULL
 };

@@ -122,10 +121,6 @@ int MAIN(int argc, char **argv)
 #ifndef NO_SSL3
 		else if (strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
-#endif
-#ifndef NO_TLS1
-		else if (strcmp(*argv,"-tls1") == 0)
-			meth=TLSv1_client_method();
 #endif
 		else if ((strncmp(*argv,"-h",2) == 0) ||
 			 (strcmp(*argv,"-?") == 0))
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -104,7 +104,6 @@ int MAIN(int argc, char **argv)
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
 	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
-	int fingerprint = 0;
 	char **pp,buf[256];
 	X509_STORE *store = NULL;
 	X509_STORE_CTX ctx;
@@ -112,7 +111,6 @@ int MAIN(int argc, char **argv)
 	X509_OBJECT xobj;
 	EVP_PKEY *pkey;
 	int do_ver = 0;
-	const EVP_MD *md_alg,*digest=EVP_md5();

 	apps_startup();

@@ -185,13 +183,6 @@ int MAIN(int argc, char **argv)
 			nextupdate= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
-		else if (strcmp(*argv,"-fingerprint") == 0)
-			fingerprint= ++num;
-		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
-			{
-			/* ok */
-			digest=md_alg;
-			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -283,26 +274,6 @@ bad:
 					BIO_printf(bio_out,"NONE");
 				BIO_printf(bio_out,"\n");
 				}
-			if (fingerprint == i)
-				{
-				int j;
-				unsigned int n;
-				unsigned char md[EVP_MAX_MD_SIZE];
-
-				if (!X509_CRL_digest(x,digest,md,&n))
-					{
-					BIO_printf(bio_err,"out of memory\n");
-					goto end;
-					}
-				BIO_printf(bio_out,"%s Fingerprint=",
-						OBJ_nid2sn(EVP_MD_type(digest)));
-				for (j=0; j<(int)n; j++)
-					{
-					BIO_printf(bio_out,"%02X%c",md[j],
-						(j+1 == (int)n)
-						?'\n':':');
-					}
-				}
 			}
 		}

--- a/apps/dh.c
+++ b/apps/dh.c
@@ -1,5 +1,4 @@
 /* apps/dh.c */
-/* obsoleted by dhparam.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -235,8 +234,8 @@ bad:
 			}
 		if (i & DH_CHECK_P_NOT_PRIME)
 			printf("p value is not prime\n");
-		if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-			printf("p value is not a safe prime\n");
+		if (i & DH_CHECK_P_NOT_STRONG_PRIME)
+			printf("p value is not a strong prime\n");
 		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
 			printf("unable to check the generator value\n");
 		if (i & DH_NOT_SUITABLE_GENERATOR)
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -55,59 +55,6 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */

 #ifndef NO_DH
 #include <stdio.h>
@@ -122,10 +69,6 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>

-#ifndef NO_DSA
-#include <openssl/dsa.h>
-#endif
-
 #undef PROG
 #define PROG	dhparam_main

@@ -135,7 +78,6 @@
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
- * -dsaparam  - read or generate DSA parameters, convert to DH
 * -check	- check the parameters are ok
 * -noout
 * -text
@@ -150,9 +92,6 @@ int MAIN(int argc, char **argv)
 	{
 	DH *dh=NULL;
 	int i,badops=0,text=0;
-#ifndef NO_DSA
-	int dsaparam=0;
-#endif
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
@@ -199,10 +138,6 @@ int MAIN(int argc, char **argv)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
-#ifndef NO_DSA
-		else if (strcmp(*argv,"-dsaparam") == 0)
-			dsaparam=1;
-#endif
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
 		else if (strcmp(*argv,"-noout") == 0)
@@ -231,16 +166,13 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-#ifndef NO_DSA
-		BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");
-#endif
 		BIO_printf(bio_err," -check        check the DH parameters\n");
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
 		BIO_printf(bio_err," -noout        no output\n");
@@ -249,25 +181,8 @@ bad:

 	ERR_load_crypto_strings();

-	if (g && !num)
-		num = DEFBITS;
-
-#ifndef NO_DSA
-	if (dsaparam)
-		{
-		if (g)
-			{
-			BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
-			goto end;
-			}
-		}
-	else
-#endif
-		{
-		/* DH parameters */
-		if (num && !g)
-			g = 2;
-		}
+	if(g && !num) num = DEFBITS;
+	else if(num && !g) g = 2;

 	if(num) {

@@ -279,40 +194,11 @@ bad:
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));

-#ifndef NO_DSA
-		if (dsaparam)
-			{
-			DSA *dsa;
+		BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
+		BIO_printf(bio_err,"This is going to take a long time\n");
+		dh=DH_generate_parameters(num,g,dh_cb,bio_err);
 			
-			BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
-	        dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
-			if (dsa == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-
-			dh = DSA_dup_DH(dsa);
-			DSA_free(dsa);
-			if (dh == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		else
-#endif
-			{
-			BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
-			BIO_printf(bio_err,"This is going to take a long time\n");
-			dh=DH_generate_parameters(num,g,dh_cb,bio_err);
-			
-			if (dh == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
+		if (dh == NULL) goto end;

 		app_RAND_write_file(NULL, bio_err);
 	} else {
@@ -334,56 +220,24 @@ bad:
 				}
 			}

-		if	(informat != FORMAT_ASN1 && informat != FORMAT_PEM)
+		if	(informat == FORMAT_ASN1)
+			dh=d2i_DHparams_bio(in,NULL);
+		else if (informat == FORMAT_PEM)
+			dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
+		else
 			{
 			BIO_printf(bio_err,"bad input format specified\n");
 			goto end;
 			}
+		if (dh == NULL)
+			{
+			BIO_printf(bio_err,"unable to load DH parameters\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}

-#ifndef NO_DSA
-		if (dsaparam)
-			{
-			DSA *dsa;
-			
-			if (informat == FORMAT_ASN1)
-				dsa=d2i_DSAparams_bio(in,NULL);
-			else /* informat == FORMAT_PEM */
-				dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
-			
-			if (dsa == NULL)
-				{
-				BIO_printf(bio_err,"unable to load DSA parameters\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			
-			dh = DSA_dup_DH(dsa);
-			DSA_free(dsa);
-			if (dh == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		else
-#endif
-			{
-			if (informat == FORMAT_ASN1)
-				dh=d2i_DHparams_bio(in,NULL);
-			else /* informat == FORMAT_PEM */
-				dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
-			
-			if (dh == NULL)
-				{
-				BIO_printf(bio_err,"unable to load DH parameters\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		
-		/* dh != NULL */
 	}
-	
+
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -401,6 +255,7 @@ bad:
 			}
 		}

+	

 	if (text)
 		{
@@ -416,8 +271,8 @@ bad:
 			}
 		if (i & DH_CHECK_P_NOT_PRIME)
 			printf("p value is not prime\n");
-		if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-			printf("p value is not a safe prime\n");
+		if (i & DH_CHECK_P_NOT_STRONG_PRIME)
+			printf("p value is not a strong prime\n");
 		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
 			printf("unable to check the generator value\n");
 		if (i & DH_NOT_SUITABLE_GENERATOR)
@@ -438,29 +293,25 @@ bad:
 			perror("Malloc");
 			goto end;
 			}
-		printf("#ifndef HEADER_DH_H\n"
-		       "#include <openssl/dh.h>\n"
-		       "#endif\n");
-		printf("DH *get_dh%d()\n\t{\n",bits);
-
 		l=BN_bn2bin(dh->p,data);
-		printf("\tstatic unsigned char dh%d_p[]={",bits);
+		printf("static unsigned char dh%d_p[]={",bits);
 		for (i=0; i<l; i++)
 			{
-			if ((i%12) == 0) printf("\n\t\t");
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
-		printf("\n\t\t};\n");
+		printf("\n\t};\n");

 		l=BN_bn2bin(dh->g,data);
-		printf("\tstatic unsigned char dh%d_g[]={",bits);
+		printf("static unsigned char dh%d_g[]={",bits);
 		for (i=0; i<l; i++)
 			{
-			if ((i%12) == 0) printf("\n\t\t");
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
-		printf("\n\t\t};\n");
+		printf("\n\t};\n\n");

+		printf("DH *get_dh%d()\n\t{\n",bits);
 		printf("\tDH *dh;\n\n");
 		printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
 		printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
@@ -468,9 +319,7 @@ bad:
 		printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
 			bits,bits);
 		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
-		printf("\t\t{ DH_free(dh); return(NULL); }\n");
-		if (dh->length)
-			printf("\tdh->length = %d;\n", dh->length);
+		printf("\t\treturn(NULL);\n");
 		printf("\treturn(dh);\n\t}\n");
 		Free(data);
 		}
@@ -501,7 +350,6 @@ end:
 	EXIT(ret);
 	}

-/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
 static void MS_CALLBACK dh_cb(int p, int n, void *arg)
 	{
 	char c='*';
--- a/apps/eay.c
+++ b/apps/eay.c
@@ -0,0 +1,131 @@
+/* apps/eay.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define MONOLITH
+#define USE_SOCKETS
+
+#include "openssl/e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
+
+#include <openssl/err.h>
+
+#include <openssl/bn.h>
+
+#include <openssl/evp.h>
+
+#include <openssl/rand.h>
+#include <openssl/conf.h>
+#include <openssl/txt_db.h>
+
+#include <openssl/err.h>
+
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+#define MONOLITH
+
+#include "openssl.c"
+#include "apps.c"
+#include "asn1pars.c"
+#ifndef NO_RSA
+#include "ca.c"
+#include "genrsa.c"
+#include "req.c"
+#include "rsa.c"
+#endif
+#ifndef NO_DH
+#include "gendh.c"
+#include "dh.c"
+#endif
+#include "crl.c"
+#include "crl2p7.c"
+#include "dgst.c"
+#include "enc.c"
+#include "errstr.c"
+#if !defined(NO_SSL2) || !defined(NO_SSL3)
+#ifndef NO_SOCK
+#include "s_cb.c"
+#include "s_client.c"
+#include "s_server.c"
+#include "s_socket.c"
+#include "s_time.c"
+#endif
+#endif
+#include "speed.c"
+#include "verify.c"
+#include "version.c"
+#include "x509.c"
+#include "ciphers.c"
+#include "sess_id.c"
+#include "pkcs7.c"
+#ifndef NO_DSA
+#include "dsaparam.c"
+#include "dsa.c"
+#include "gendsa.c"
+#endif
+
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -104,10 +104,7 @@ int MAIN(int argc, char **argv)
 	for (i=1; i<argc; i++)
 		{
 		if (sscanf(argv[i],"%lx",&l))
-			{
-			ERR_error_string_n(l, buf, sizeof buf);
-			printf("%s\n",buf);
-			}
+			printf("%s\n",ERR_error_string(l,buf));
 		else
 			{
 			printf("%s: bad error code\n",argv[i]);
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -1,5 +1,4 @@
 /* apps/gendh.c */
-/* obsoleted by dhparam.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -128,7 +127,7 @@ bad:
 		BIO_printf(bio_err," -2    use 2 as the generator value\n");
 	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
 		BIO_printf(bio_err," -5    use 5 as the generator value\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
@@ -160,7 +159,7 @@ bad:
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));

-	BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
+	BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
 	dh=DH_generate_parameters(num,g,dh_cb,bio_err);
 		
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -145,7 +145,7 @@ bad:
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		BIO_printf(bio_err," dsaparam-file\n");
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -154,7 +154,7 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
 		goto err;
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -157,13 +157,13 @@ $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "RSA;DSA;DSAPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
-	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND"
+	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
 	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
 	       RSA.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
 	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
-	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ
+	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",OPENSSL,"
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -56,10 +56,13 @@
 * [including the GNU Public Licence.]
 */

+#ifndef DEBUG
+#undef DEBUG
+#endif
+
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
@@ -68,11 +71,18 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
+#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
 #include "apps.h"
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>

+/*
+#ifdef WINDOWS
+#include "bss_file.c"
+#endif
+*/
+
 static unsigned long MS_CALLBACK hash(FUNCTION *a);
 static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
@@ -80,6 +90,15 @@ static int do_cmd(LHASH *prog,int argc,char *argv[]);
 LHASH *config=NULL;
 char *default_config_file=NULL;

+#ifdef DEBUG
+static void sig_stop(int i)
+	{
+	char *a=NULL;
+
+	*a='\0';
+	}
+#endif
+
 /* Make sure there is only one when MONOLITH is defined */
 #ifdef MONOLITH
 BIO *bio_err=NULL;
@@ -101,6 +120,15 @@ int main(int Argc, char *Argv[])
 	arg.data=NULL;
 	arg.count=0;

+#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
+#ifdef SIGBUS
+	signal(SIGBUS,sig_stop);
+#endif
+#ifdef SIGSEGV
+	signal(SIGSEGV,sig_stop);
+#endif
+#endif
+
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

 	apps_startup();
@@ -206,7 +234,13 @@ end:

 	EVP_cleanup();
 	ERR_free_strings();
-	
+
+#ifdef LEVITTE_DEBUG
+	CRYPTO_push_info("Just to make sure I get a memory leak I can see :-)");
+	(void)Malloc(1024);
+	CRYPTO_pop_info();
+#endif
+
 	CRYPTO_mem_leaks(bio_err);
 	if (bio_err != NULL)
 		{
@@ -233,18 +267,6 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		{
 		ret=fp->func(argc,argv);
 		}
-	else if ((strncmp(argv[0],"no-",3)) == 0)
-		{
-		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-		f.name=argv[0]+3;
-		ret = (lh_retrieve(prog,&f) != NULL);
-		if (!ret)
-			BIO_printf(bio_stdout, "%s\n", argv[0]);
-		else
-			BIO_printf(bio_stdout, "%s\n", argv[0]+3);
-		BIO_free(bio_stdout);
-		goto end;
-		}
 	else if ((strcmp(argv[0],"quit") == 0) ||
 		(strcmp(argv[0],"q") == 0) ||
 		(strcmp(argv[0],"exit") == 0) ||
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -63,7 +63,6 @@ int MAIN(int argc, char **argv)
 	int in_stdin = 0;
 	char *salt = NULL, *passwd = NULL, **passwds = NULL;
 	char *salt_malloc = NULL, *passwd_malloc = NULL;
-	size_t passwd_malloc_size = 0;
 	int pw_source_defined = 0;
 	BIO *in = NULL, *out = NULL;
 	int i, badopt, opt_done;
@@ -197,10 +196,7 @@ int MAIN(int argc, char **argv)
 	if (passwds == NULL)
 		{
 		/* no passwords on the command line */
-
-		passwd_malloc_size = pw_maxlen + 2;
-		/* longer than necessary so that we can warn about truncation */
-		passwd = passwd_malloc = Malloc(passwd_malloc_size);
+		passwd = passwd_malloc = Malloc(pw_maxlen + 1);
 		if (passwd_malloc == NULL)
 			goto err;
 		}
@@ -212,7 +208,7 @@ int MAIN(int argc, char **argv)
 		
 		passwds = passwds_static;
 		if (in == NULL)
-			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
+			if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0)
 				goto err;
 		passwds[0] = passwd_malloc;
 		}
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -80,8 +80,7 @@ EVP_CIPHER *enc;

 int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
-			  int passlen, int options, char *pempass);
+int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options, char *pempass);
 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
 int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
@@ -266,7 +265,7 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
-	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+	BIO_printf(bio_err,  "-rand file:file:...\n");
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
    	goto end;
@@ -361,8 +360,7 @@ int MAIN(int argc, char **argv)

    if (export_cert) {
 	EVP_PKEY *key;
-	STACK_OF(PKCS12_SAFEBAG) *bags;
-	STACK_OF(PKCS7) *safes;
+	STACK *bags, *safes;
 	PKCS12_SAFEBAG *bag;
 	PKCS8_PRIV_KEY_INFO *p8;
 	PKCS7 *authsafe;
@@ -407,7 +405,7 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 	
-	bags = sk_PKCS12_SAFEBAG_new (NULL);
+	bags = sk_new (NULL);

 	/* Add any more certificates asked for */
 	if (certsin) {
@@ -447,7 +445,7 @@ int MAIN(int argc, char **argv)
 			PKCS12_add_localkeyid(bag, keyid, keyidlen);
 		} else if((catmp = sk_shift(canames))) 
 				PKCS12_add_friendlyname(bag, catmp, -1);
-		sk_PKCS12_SAFEBAG_push(bags, bag);
+		sk_push(bags, (char *)bag);
 	}
 	sk_X509_pop_free(certs, X509_free);
 	if (canames) sk_free(canames);
@@ -461,15 +459,15 @@ int MAIN(int argc, char **argv)
 	/* Turn certbags into encrypted authsafe */
 	authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
 								 iter, bags);
-	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	sk_pop_free(bags, PKCS12_SAFEBAG_free);

 	if (!authsafe) {
 		ERR_print_errors (bio_err);
 		goto end;
 	}

-	safes = sk_PKCS7_new (NULL);
-	sk_PKCS7_push (safes, authsafe);
+	safes = sk_new (NULL);
+	sk_push (safes, (char *)authsafe);

 	/* Make a shrouded key bag */
 	p8 = EVP_PKEY2PKCS8 (key);
@@ -479,18 +477,18 @@ int MAIN(int argc, char **argv)
 	PKCS8_PRIV_KEY_INFO_free(p8);
        if (name) PKCS12_add_friendlyname (bag, name, -1);
 	PKCS12_add_localkeyid (bag, keyid, keyidlen);
-	bags = sk_PKCS12_SAFEBAG_new(NULL);
-	sk_PKCS12_SAFEBAG_push (bags, bag);
+	bags = sk_new(NULL);
+	sk_push (bags, (char *)bag);
 	/* Turn it into unencrypted safe bag */
 	authsafe = PKCS12_pack_p7data (bags);
-	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	sk_PKCS7_push (safes, authsafe);
+	sk_pop_free(bags, PKCS12_SAFEBAG_free);
+	sk_push (safes, (char *)authsafe);

 	p12 = PKCS12_init (NID_pkcs7_data);

 	M_PKCS12_pack_authsafes (p12, safes);

-	sk_PKCS7_pop_free(safes, PKCS7_free);
+	sk_pop_free(safes, PKCS7_free);

 	PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);

@@ -530,16 +528,11 @@ int MAIN(int argc, char **argv)
 #ifdef CRYPTO_MDEBUG
    CRYPTO_push_info("verify MAC");
 #endif
-	/* If we enter empty password try no password first */
-	if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
-		/* If mac and crypto pass the same set it to NULL too */
-		if(!twopass) cpass = NULL;
-	} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
+	if (!PKCS12_verify_mac (p12, mpass, -1)) {
 	    BIO_printf (bio_err, "Mac verify error: invalid password?\n");
 	    ERR_print_errors (bio_err);
 	    goto end;
-	}
-	BIO_printf (bio_err, "MAC verified OK\n");
+	} else BIO_printf (bio_err, "MAC verified OK\n");
 #ifdef CRYPTO_MDEBUG
    CRYPTO_pop_info();
 #endif
@@ -556,9 +549,9 @@ int MAIN(int argc, char **argv)
 #ifdef CRYPTO_MDEBUG
    CRYPTO_pop_info();
 #endif
+    PKCS12_free(p12);
    ret = 0;
    end:
-    PKCS12_free(p12);
    if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
 #ifdef CRYPTO_MDEBUG
    CRYPTO_remove_all_info();
@@ -573,14 +566,12 @@ int MAIN(int argc, char **argv)
 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 	     int passlen, int options, char *pempass)
 {
-	STACK_OF(PKCS7) *asafes;
-	STACK_OF(PKCS12_SAFEBAG) *bags;
+	STACK *asafes, *bags;
 	int i, bagnid;
 	PKCS7 *p7;
-
 	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
-	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
-		p7 = sk_PKCS7_value (asafes, i);
+	for (i = 0; i < sk_num (asafes); i++) {
+		p7 = (PKCS7 *) sk_value (asafes, i);
 		bagnid = OBJ_obj2nid (p7->type);
 		if (bagnid == NID_pkcs7_data) {
 			bags = M_PKCS12_unpack_p7data (p7);
@@ -596,25 +587,23 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 		if (!bags) return 0;
 	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
 						 options, pempass)) {
-			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
+			sk_pop_free (bags, PKCS12_SAFEBAG_free);
 			return 0;
 		}
-		sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
+		sk_pop_free (bags, PKCS12_SAFEBAG_free);
 	}
-	sk_PKCS7_pop_free (asafes, PKCS7_free);
+	sk_pop_free (asafes, PKCS7_free);
 	return 1;
 }

-int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
-			   char *pass, int passlen, int options, char *pempass)
+int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass,
+	     int passlen, int options, char *pempass)
 {
 	int i;
-	for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
+	for (i = 0; i < sk_num (bags); i++) {
 		if (!dump_certs_pkeys_bag (out,
-					   sk_PKCS12_SAFEBAG_value (bags, i),
-					   pass, passlen,
-					   options, pempass))
-		    return 0;
+			 (PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen,
+					 	options, pempass)) return 0;
 	}
 	return 1;
 }
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -33,7 +33,6 @@ extern int pkcs12_main(int argc,char *argv[]);
 extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
-extern int rand_main(int argc,char *argv[]);

 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -104,7 +103,6 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
 	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
 	{FUNC_TYPE_GENERAL,"smime",smime_main},
-	{FUNC_TYPE_GENERAL,"rand",rand_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
 	{FUNC_TYPE_MD,"sha",dgst_main},
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -1,140 +0,0 @@
-/* apps/rand.c */
-
-#include "apps.h"
-
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-#undef PROG
-#define PROG rand_main
-
-/* -out file         - write to file
- * -rand file:file   - PRNG seed files
- * -base64           - encode output
- * num               - write 'num' bytes
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	int i, r, ret = 1;
-	int badopt;
-	char *outfile = NULL;
-	char *inrand = NULL;
-	int base64 = 0;
-	BIO *out = NULL;
-	int num = -1;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-
-	badopt = 0;
-	i = 0;
-	while (!badopt && argv[++i] != NULL)
-		{
-		if (strcmp(argv[i], "-out") == 0)
-			{
-			if ((argv[i+1] != NULL) && (outfile == NULL))
-				outfile = argv[++i];
-			else
-				badopt = 1;
-			}
-		else if (strcmp(argv[i], "-rand") == 0)
-			{
-			if ((argv[i+1] != NULL) && (inrand == NULL))
-				inrand = argv[++i];
-			else
-				badopt = 1;
-			}
-		else if (strcmp(argv[i], "-base64") == 0)
-			{
-			if (!base64)
-				base64 = 1;
-			else
-				badopt = 1;
-			}
-		else if (isdigit((unsigned char)argv[i][0]))
-			{
-			if (num < 0)
-				{
-				r = sscanf(argv[i], "%d", &num);
-				if (r == 0 || num < 0)
-					badopt = 1;
-				}
-			else
-				badopt = 1;
-			}
-		else
-			badopt = 1;
-		}
-
-	if (num < 0)
-		badopt = 1;
-	
-	if (badopt) 
-		{
-		BIO_printf(bio_err, "Usage: rand [options] num\n");
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, "-out file            - write to file\n");
-		BIO_printf(bio_err, "-rand file%cfile%c...  - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err, "-base64              - encode output\n");
-		goto err;
-		}
-
-	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
-
-	out = BIO_new(BIO_s_file());
-	if (out == NULL)
-		goto err;
-	if (outfile != NULL)
-		r = BIO_write_filename(out, outfile);
-	else
-		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-	if (r <= 0)
-		goto err;
-
-	if (base64)
-		{
-		BIO *b64 = BIO_new(BIO_f_base64());
-		if (b64 == NULL)
-			goto err;
-		out = BIO_push(b64, out);
-		}
-	
-	while (num > 0) 
-		{
-		unsigned char buf[4096];
-		int chunk;
-
-		chunk = num;
-		if (chunk > sizeof buf)
-			chunk = sizeof buf;
-		r = RAND_bytes(buf, chunk);
-		if (r <= 0)
-			goto err;
-		BIO_write(out, buf, chunk);
-		num -= chunk;
-		}
-	BIO_flush(out);
-
-	app_RAND_write_file(NULL, bio_err);
-	ret = 0;
-	
-err:
-	ERR_print_errors(bio_err);
-	if (out)
-		BIO_free_all(out);
-	EXIT(ret);
-	}
--- a/apps/req.c
+++ b/apps/req.c
@@ -878,8 +878,8 @@ end:
 	EVP_PKEY_free(pkey);
 	X509_REQ_free(req);
 	X509_free(x509ss);
-	if(passargin && passin) Free(passin);
-	if(passargout && passout) Free(passout);
+	if(passin) Free(passin);
+	if(passout) Free(passout);
 	OBJ_cleanup();
 #ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -179,6 +179,7 @@ bad:
 		BIO_printf(bio_err," -outform arg    output format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -in arg         input file\n");
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err," -in arg         input file\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
--- a/apps/rsa/01.pem
+++ b/apps/rsa/01.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
+MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
+BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
+cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
+qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
+MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
+gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
+LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
+Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
+Pjrmw2eSgbdmmdumWAcNPVbV
+-----END CERTIFICATE-----
--- a/apps/rsa/1.txt
+++ b/apps/rsa/1.txt
@@ -0,0 +1,50 @@
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+subject=/C=US/ST=New York/L=New York/O=Industrial Press Inc./CN=www.industrialpress.com
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            68:ae:14:a4:c9:9f:a9:f3:9a:23:cf:2f:15:19:b3:5a
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : May 18 23:59:59 1999 GMT
+        Subject: C=US, ST=New York, L=New York, O=Industrial Press Inc., CN=www.industrialpress.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:aa:21:fd:c5:42:4d:1e:fa:82:99:a0:e8:9f:6e:
+                    d5:6a:52:5b:a9:32:f2:98:5d:f2:28:a5:81:c5:b3:
+                    83:2d:68:d7:ef:22:a3:7b:0a:2a:5a:1a:2d:68:40:
+                    11:23:a8:d7:3e:aa:26:53:ce:e0:15:4d:6d:1f:8a:
+                    ff:6e:0c:21:dc:59:94:30:ad:ea:a3:dd:97:3a:cb:
+                    f0:34:01:f3:5f:35:91:5d:03:49:9a:6e:78:83:61:
+                    75:45:4b:74:d2:98:18:88:ec:62:98:3b:1e:d6:df:
+                    51:2f:93:ce:08:31:1b:7d:7f:03:82:e8:2b:13:f5:
+                    b0:91:2d:85:ad:2a:1c:e7:f7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        8c:3b:7e:f1:74:12:d1:2f:ac:d4:bf:2d:8b:aa:02:05:30:fe:
+        d1:f4:14:b8:02:92:a2:8b:99:86:26:ff:24:7e:67:48:43:d9:
+        e3:ff:52:11:7e:8c:0c:26:57:ca:c7:b4:19:da:4c:ce:e8:37:
+        6d:d1:55:6d:a4:09:ff:2c:a2:21:9f:af:63:d8:b5:fb:9f:a5:
+        7b:5d:ed:ac:d4:15:af:96:24:25:a7:a7:43:76:f4:41:b4:05:
+        1d:49:38:50:b4:43:fe:1d:87:f5:fd:aa:e9:4c:f2:5b:aa:3e:
+        3a:e6:c3:67:92:81:b7:66:99:db:a6:58:07:0d:3d:56:d5
+-----BEGIN CERTIFICATE-----
+MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
+MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
+BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
+cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
+qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
+MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
+gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
+LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
+Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
+Pjrmw2eSgbdmmdumWAcNPVbV
+-----END CERTIFICATE-----
--- a/apps/rsa/SecureServer.pem
+++ b/apps/rsa/SecureServer.pem
@@ -0,0 +1,47 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: Nov  9 00:00:00 1994 GMT
+            Not After : Jan  7 23:59:59 2010 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+                    dd:2d:d6:c8:1e:7b
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----
--- a/apps/rsa/s.txt
+++ b/apps/rsa/s.txt
@@ -0,0 +1,49 @@
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: Nov  9 00:00:00 1994 GMT
+            Not After : Jan  7 23:59:59 2010 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+                    dd:2d:d6:c8:1e:7b
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -84,6 +84,7 @@ typedef fd_mask fd_set;
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"

+int do_accept(int acc_sock, int *sock, char **host);
 int do_server(int port, int *ret, int (*cb) (), char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
@@ -96,9 +97,17 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_stuff(char *ctx, char *cert_file, char *key_file);
 #endif
 int init_client(int *sock, char *server, int port);
+int init_client_ip(int *sock,unsigned char ip[4], int port);
+int nbio_init_client_ip(int *sock,unsigned char ip[4], int port);
+int nbio_sock_error(int sock);
+int spawn(int argc, char **argv, int *in, int *out);
+int init_server(int *sock, int port);
+int init_server_long(int *sock, int port,char *ip);
 int should_retry(int i);
+void sock_cleanup(void );
 int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+int host_ip(char *str, unsigned char ip[4]);

 long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret);
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1,4 +1,4 @@
-/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
+/* apps/s_cb.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -117,7 +117,6 @@ static void sc_usage(void);
 static void print_stuff(BIO *berr,SSL *con,int full);
 static BIO *bio_c_out=NULL;
 static int c_quiet=0;
-static int c_ign_eof=0;

 static void sc_usage(void)
 	{
@@ -144,7 +143,6 @@ static void sc_usage(void)
 #endif
 	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
 	BIO_printf(bio_err," -quiet        - no s_client output\n");
-	BIO_printf(bio_err," -ign_eof      - ignore input eof (default when -quiet)\n");
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
@@ -194,7 +192,6 @@ int MAIN(int argc, char **argv)
 	apps_startup();
 	c_Pause=0;
 	c_quiet=0;
-	c_ign_eof=0;
 	c_debug=0;
 	c_showcerts=0;

@@ -252,12 +249,7 @@ int MAIN(int argc, char **argv)
 		else if	(strcmp(*argv,"-crlf") == 0)
 			crlf=1;
 		else if	(strcmp(*argv,"-quiet") == 0)
-			{
 			c_quiet=1;
-			c_ign_eof=1;
-			}
-		else if	(strcmp(*argv,"-ign_eof") == 0)
-			c_ign_eof=1;
 		else if	(strcmp(*argv,"-pause") == 0)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
@@ -719,13 +711,13 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 			else
 				i=read(fileno(stdin),cbuf,BUFSIZZ);

-			if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
+			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
 				{
 				BIO_printf(bio_err,"DONE\n");
 				goto shut;
 				}

-			if ((!c_ign_eof) && (cbuf[0] == 'R'))
+			if ((!c_quiet) && (cbuf[0] == 'R'))
 				{
 				BIO_printf(bio_err,"RENEGOTIATING\n");
 				SSL_renegotiate(con);
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -1,4 +1,4 @@
-/* apps/s_socket.c -  socket-related functions used by s_client and s_server */
+/* apps/s_socket.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -79,17 +79,16 @@ typedef unsigned int u_int;
 #include "s_apps.h"
 #include <openssl/ssl.h>

-static struct hostent *GetHostByName(char *name);
-#ifdef WINDOWS
-static void sock_cleanup(void);
+#ifdef VMS
+#if (__VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl,
+			      and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+#include <processes.h> /* for vfork() */
 #endif
-static int sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port);
-static int init_server(int *sock, int port);
-static int init_server_long(int *sock, int port,char *ip);
-static int do_accept(int acc_sock, int *sock, char **host);
-static int host_ip(char *str, unsigned char ip[4]);

+static struct hostent *GetHostByName(char *name);
+int sock_init(void );
 #ifdef WIN16
 #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
 #else
@@ -132,19 +131,19 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
 #endif /* WIN32 */
 #endif /* WINDOWS */

-#ifdef WINDOWS
-static void sock_cleanup(void)
+void sock_cleanup(void)
 	{
+#ifdef WINDOWS
 	if (wsa_init_done)
 		{
 		wsa_init_done=0;
 		WSACancelBlockingCall();
 		WSACleanup();
 		}
-	}
 #endif
+	}

-static int sock_init(void)
+int sock_init(void)
 	{
 #ifdef WINDOWS
 	if (!wsa_init_done)
@@ -188,7 +187,7 @@ int init_client(int *sock, char *host, int port)
 	return(init_client_ip(sock,ip,port));
 	}

-static int init_client_ip(int *sock, unsigned char ip[4], int port)
+int init_client_ip(int *sock, unsigned char ip[4], int port)
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
@@ -219,6 +218,75 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	return(1);
 	}

+int nbio_sock_error(int sock)
+	{
+	int j,i;
+	int size;
+
+	size=sizeof(int);
+	/* Note: under VMS with SOCKETSHR the third parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,(void *)&size);
+	if (i < 0)
+		return(1);
+	else
+		return(j);
+	}
+
+int nbio_init_client_ip(int *sock, unsigned char ip[4], int port)
+	{
+	unsigned long addr;
+	struct sockaddr_in them;
+	int s,i;
+
+	if (!sock_init()) return(0);
+
+	memset((char *)&them,0,sizeof(them));
+	them.sin_family=AF_INET;
+	them.sin_port=htons((unsigned short)port);
+	addr=	(unsigned long)
+		((unsigned long)ip[0]<<24L)|
+		((unsigned long)ip[1]<<16L)|
+		((unsigned long)ip[2]<< 8L)|
+		((unsigned long)ip[3]);
+	them.sin_addr.s_addr=htonl(addr);
+
+	if (*sock <= 0)
+		{
+#ifdef FIONBIO
+		unsigned long l=1;
+#endif
+
+		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+		if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+		i=0;
+		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+		if (i < 0) { perror("keepalive"); return(0); }
+		*sock=s;
+
+#ifdef FIONBIO
+		BIO_socket_ioctl(s,FIONBIO,&l);
+#endif
+		}
+	else
+		s= *sock;
+
+	i=connect(s,(struct sockaddr *)&them,sizeof(them));
+	if (i == INVALID_SOCKET)
+		{
+		if (BIO_sock_should_retry(i))
+			return(-1);
+		else
+			return(0);
+		}
+	else
+		return(1);
+	}
+
 int do_server(int port, int *ret, int (*cb)(), char *context)
 	{
 	int sock;
@@ -251,7 +319,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context)
 		}
 	}

-static int init_server_long(int *sock, int port, char *ip)
+int init_server_long(int *sock, int port, char *ip)
 	{
 	int ret=0;
 	struct sockaddr_in server;
@@ -301,12 +369,12 @@ err:
 	return(ret);
 	}

-static int init_server(int *sock, int port)
+int init_server(int *sock, int port)
 	{
 	return(init_server_long(sock, port, NULL));
 	}

-static int do_accept(int acc_sock, int *sock, char **host)
+int do_accept(int acc_sock, int *sock, char **host)
 	{
 	int ret,i;
 	struct hostent *h1,*h2;
@@ -422,7 +490,7 @@ err:
 	return(0);
 	}

-static int host_ip(char *str, unsigned char ip[4])
+int host_ip(char *str, unsigned char ip[4])
 	{
 	unsigned int in[4]; 
 	int i;
@@ -538,3 +606,69 @@ static struct hostent *GetHostByName(char *name)
 		return(ret);
 		}
 	}
+
+#ifndef MSDOS
+int spawn(int argc, char **argv, int *in, int *out)
+	{
+	int pid;
+#define CHILD_READ	p1[0]
+#define CHILD_WRITE	p2[1]
+#define PARENT_READ	p2[0]
+#define PARENT_WRITE	p1[1]
+	int p1[2],p2[2];
+
+	if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
+
+#ifdef VMS
+	if ((pid=vfork()) == 0)
+#else
+	if ((pid=fork()) == 0)
+#endif
+		{ /* child */
+		if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
+			perror("dup2");
+		if (dup2(CHILD_WRITE,fileno(stderr)) < 0)
+			perror("dup2");
+		if (dup2(CHILD_READ,fileno(stdin)) < 0)
+			perror("dup2");
+		close(CHILD_READ); 
+		close(CHILD_WRITE);
+
+		close(PARENT_READ);
+		close(PARENT_WRITE);
+		execvp(argv[0],argv);
+		perror("child");
+		exit(1);
+		}
+
+	/* parent */
+	*in= PARENT_READ;
+	*out=PARENT_WRITE;
+	close(CHILD_READ);
+	close(CHILD_WRITE);
+	return(pid);
+	}
+#endif /* MSDOS */
+
+
+#ifdef undef
+	/* Turn on synchronous sockets so that we can do a WaitForMultipleObjects
+	 * on sockets */
+	{
+	SOCKET s;
+	int optionValue = SO_SYNCHRONOUS_NONALERT;
+	int err;
+
+	err = setsockopt( 
+	    INVALID_SOCKET, 
+	    SOL_SOCKET, 
+	    SO_OPENTYPE, 
+	    (char *)&optionValue, 
+	    sizeof(optionValue));
+	if (err != NO_ERROR) {
+	/* failed for some reason... */
+		BIO_printf(bio_err, "failed to setsockopt(SO_OPENTYPE, SO_SYNCHRONOUS_ALERT) - %d\n",
+			WSAGetLastError());
+		}
+	}
+#endif
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -272,7 +272,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
-		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,  "-rand file:file:...\n");
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,  "               the random number generator\n");
 		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
@@ -309,6 +309,9 @@ int MAIN(int argc, char **argv)
 			goto end;
 #endif
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("load encryption certificates");
+#endif		
 		encerts = sk_X509_new_null();
 		while (*args) {
 			if(!(cert = load_cert(*args))) {
@@ -319,29 +322,50 @@ int MAIN(int argc, char **argv)
 			cert = NULL;
 			args++;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

 	if(signerfile && (operation == SMIME_SIGN)) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("load signer certificate");
+#endif		
 		if(!(signer = load_cert(signerfile))) {
 			BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

 	if(certfile) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("load other certfiles");
+#endif		
 		if(!(other = load_certs(certfile))) {
 			BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

 	if(recipfile && (operation == SMIME_DECRYPT)) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("load recipient certificate");
+#endif		
 		if(!(recip = load_cert(recipfile))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

 	if(operation == SMIME_DECRYPT) {
@@ -351,13 +375,22 @@ int MAIN(int argc, char **argv)
 	} else keyfile = NULL;

 	if(keyfile) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("load keyfile");
+#endif		
 		if(!(key = load_key(keyfile, passin))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

+#ifdef CRYPTO_MDEBUG
+	CRYPTO_push_info("open input files");
+#endif		
 	if (infile) {
 		if (!(in = BIO_new_file(infile, inmode))) {
 			BIO_printf (bio_err,
@@ -365,7 +398,13 @@ int MAIN(int argc, char **argv)
 			goto end;
 		}
 	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+#endif		

+#ifdef CRYPTO_MDEBUG
+	CRYPTO_push_info("open output files");
+#endif		
 	if (outfile) {
 		if (!(out = BIO_new_file(outfile, outmode))) {
 			BIO_printf (bio_err,
@@ -373,23 +412,50 @@ int MAIN(int argc, char **argv)
 			goto end;
 		}
 	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+#endif		

 	if(operation == SMIME_VERIFY) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("setup_verify");
+#endif		
 		if(!(store = setup_verify(CAfile, CApath))) goto end;
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

 	ret = 3;

 	if(operation == SMIME_ENCRYPT) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("PKCS7_encrypt");
+#endif		
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	} else if(operation == SMIME_SIGN) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("PKCS7_sign");
+#endif		
 		p7 = PKCS7_sign(signer, key, other, in, flags);
 		BIO_reset(in);
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	} else {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("SMIME_read_PKCS7");
+#endif		
 		if(!(p7 = SMIME_read_PKCS7(in, &indata))) {
 			BIO_printf(bio_err, "Error reading S/MIME message\n");
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

 	if(!p7) {
@@ -399,25 +465,45 @@ int MAIN(int argc, char **argv)

 	ret = 4;
 	if(operation == SMIME_DECRYPT) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("PKCS7_decrypt");
+#endif		
 		if(!PKCS7_decrypt(p7, key, recip, out, flags)) {
 			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	} else if(operation == SMIME_VERIFY) {
 		STACK_OF(X509) *signers;
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("PKCS7_verify");
+#endif		
 		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
 			BIO_printf(bio_err, "Verification Successful\n");
 		} else {
 			BIO_printf(bio_err, "Verification Failure\n");
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+		CRYPTO_push_info("PKCS7_get0_signers");
+#endif		
 		signers = PKCS7_get0_signers(p7, other, flags);
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+		CRYPTO_push_info("save_certs");
+#endif		
 		if(!save_certs(signerfile, signers)) {
 			BIO_printf(bio_err, "Error writing signers to %s\n",
 								signerfile);
 			ret = 5;
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 		sk_X509_free(signers);
 	} else if(operation == SMIME_PK7OUT) {
 		PEM_write_bio_PKCS7(out, p7);
@@ -429,6 +515,9 @@ int MAIN(int argc, char **argv)
 	}
 	ret = 0;
 end:
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_remove_all_info();
+#endif
 	if (need_rand)
 		app_RAND_write_file(NULL, bio_err);
 	if(ret) ERR_print_errors(bio_err);
@@ -494,9 +583,20 @@ static X509_STORE *setup_verify(char *CAfile, char *CApath)
 {
 	X509_STORE *store;
 	X509_LOOKUP *lookup;
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_push_info("X509_STORE_new");
+#endif	
 	if(!(store = X509_STORE_new())) goto end;
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("X509_STORE_add_lookup(...file)");
+#endif	
 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
 	if (lookup == NULL) goto end;
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("X509_LOOKUP_load_file");
+#endif	
 	if (CAfile) {
 		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
 			BIO_printf(bio_err, "Error loading file %s\n", CAfile);
@@ -504,14 +604,25 @@ static X509_STORE *setup_verify(char *CAfile, char *CApath)
 		}
 	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
 		
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("X509_STORE_add_lookup(...hash_dir)");
+#endif	
 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
 	if (lookup == NULL) goto end;
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("X509_LOOKUP_add_dir");
+#endif	
 	if (CApath) {
 		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
 			BIO_printf(bio_err, "Error loading directory %s\n", CApath);
 			goto end;
 		}
 	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+#endif	

 	ERR_clear_error();
 	return store;
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1030,11 +1030,6 @@ int MAIN(int argc, char **argv)

 	RAND_pseudo_bytes(buf,20);
 #ifndef NO_DSA
-	if (RAND_status() != 1)
-		{
-		RAND_seed(rnd_seed, sizeof rnd_seed);
-		rnd_fake = 1;
-		}
 	for (j=0; j<DSA_NUM; j++)
 		{
 		unsigned int kk;
@@ -1094,7 +1089,6 @@ int MAIN(int argc, char **argv)
 				dsa_doit[j]=0;
 			}
 		}
-	if (rnd_fake) RAND_cleanup();
 #endif

 	fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -63,10 +63,8 @@
 #include <time.h>
 #include "apps.h"
 #include <openssl/bio.h>
-#include <openssl/conf.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
-#include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>

--- a/apps/testdsa.h
+++ b/apps/testdsa.h
@@ -1,5 +1,4 @@
 /* NOCW */
-/* used by apps/speed.c */
 DSA *get_dsa512(void );
 DSA *get_dsa1024(void );
 DSA *get_dsa2048(void );
@@ -147,5 +146,3 @@ DSA *get_dsa2048()
 	return(dsa);
 	}

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-static int rnd_fake = 0;
--- a/apps/testrsa.h
+++ b/apps/testrsa.h
@@ -1,5 +1,4 @@
 /* apps/testrsa.h */
-/* used by apps/speed.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
--- a/apps/tkca
+++ b/apps/tkca
@@ -0,0 +1,66 @@
+#!/usr/local/bin/perl5
+#
+# This is only something I'm playing with, it does not work :-)
+#
+
+use Tk;
+
+my $main=MainWindow->new();
+my $f=$main->Frame(-relief => "ridge", -borderwidth => 2);
+$f->pack(-fill => 'x');
+
+my $ff=$f->Frame;
+$ff->pack(-fill => 'x');
+my $l=$ff->Label(-text => "TkCA - SSLeay",
+	-relief => "ridge", -borderwidth => 2);
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Certify");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Review");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Revoke");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Generate CRL");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my($db)=&load_db("demoCA/index.txt");
+
+MainLoop;
+
+sub load_db
+	{
+	my(%ret);
+	my($file)=@_;
+	my(*IN);
+	my(%db_serial,%db_name,@f,@db_s);
+
+	$ret{'serial'}=\%db_serial;
+	$ret{'name'}=\%db_name;
+
+	open(IN,"<$file") || die "unable to open $file:$!\n";
+	while (<IN>)
+		{
+		chop;
+		s/([^\\])\t/\1\t\t/g;
+		my(@f)=split(/\t\t/);
+		die "wrong number of fields in $file, line $.\n"
+			if ($#f != 5);
+
+		my(%f);
+		$f{'type'}=$f[0];
+		$f{'exp'}=$f[1];
+		$f{'rev'}=$f[2];
+		$f{'serial'}=$f[3];
+		$f{'file'}=$f[4];
+		$f{'name'}=$f[5];
+		die "serial number $f{'serial'} appears twice (line $.)\n"
+			if (defined($db{$f{'serial'}}))
+		$db_serial{$f{'serial'}}=\%f;
+		$db_name{$f{'name'}}.=$f{'serial'}." ";
+		}
+	return \%ret;
+	}
--- a/apps/winrand.c
+++ b/apps/winrand.c
@@ -1,149 +0,0 @@
-/* apps/winrand.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Usage: winrand [filename]
- *
- * Collects entropy from mouse movements and other events and writes
- * random data to filename or .rnd
- */
-
-#include <windows.h>
-#include <openssl/opensslv.h>
-#include <openssl/rand.h>
-
-LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
-const char *filename;
-
-int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
-        PSTR cmdline, int iCmdShow)
-	{
-	static char appname[] = "OpenSSL";
-	HWND hwnd;
-	MSG msg;
-	WNDCLASSEX wndclass;
-        char buffer[200];
-
-        if (cmdline[0] == '\0')
-                filename = RAND_file_name(buffer, sizeof buffer);
-        else
-                filename = cmdline;
-
-        RAND_load_file(filename, -1);
-
-	wndclass.cbSize = sizeof(wndclass);
-	wndclass.style = CS_HREDRAW | CS_VREDRAW;
-	wndclass.lpfnWndProc = WndProc;
-	wndclass.cbClsExtra = 0;
-	wndclass.cbWndExtra = 0;
-	wndclass.hInstance = hInstance;
-	wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
-	wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
-	wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
-	wndclass.lpszMenuName = NULL;
-        wndclass.lpszClassName = appname;
-	wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
-	RegisterClassEx(&wndclass);
-
-        hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
-		WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
-		CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL);
-
-	ShowWindow(hwnd, iCmdShow);
-	UpdateWindow(hwnd);
-
-
-	while (GetMessage(&msg, NULL, 0, 0))
-		{
-		TranslateMessage(&msg);
-		DispatchMessage(&msg);
-		}
-
-	return msg.wParam;
-	}
-
-LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
-	{
-        HDC hdc;
-	PAINTSTRUCT ps;
-        RECT rect;
-        char buffer[200];
-        static int seeded = 0;
-
-	switch (iMsg)
-		{
-	case WM_PAINT:
-		hdc = BeginPaint(hwnd, &ps);
-		GetClientRect(hwnd, &rect);
-                DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
-			&rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
-		EndPaint(hwnd, &ps);
-		return 0;
-		
-        case WM_DESTROY:
-                PostQuitMessage(0);
-                return 0;
-                }
-
-        if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0)
-                {
-                seeded = 1;
-                if (RAND_write_file(filename) <= 0)
-                        MessageBox(hwnd, "Couldn't write random file!",
-				"OpenSSL", MB_OK | MB_ICONERROR);
-                PostQuitMessage(0);
-                }
-
-	return DefWindowProc(hwnd, iMsg, wParam, lParam);
-	}
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -113,8 +113,6 @@ static char *x509_usage[]={
 " -addreject arg  - reject certificate for a given purpose\n",
 " -setalias arg   - set certificate alias\n",
 " -days arg       - How long till expiry of a signed certificate - def 30 days\n",
-" -checkend arg   - check whether the cert expires in the next arg seconds\n",
-"                   exit 1 if so, 0 if not\n",
 " -signkey arg    - self sign cert with arg\n",
 " -x509toreq      - output a certification request object\n",
 " -req            - input is a certificate request, sign and output.\n",
@@ -128,7 +126,7 @@ static char *x509_usage[]={
 " -md2/-md5/-sha1/-mdc2 - digest to use\n",
 " -extfile        - configuration file with X509V3 extensions to add\n",
 " -extensions     - section from config file with X509V3 extensions to add\n",
-" -clrext         - delete extensions before signing and input certificate\n",
+" -crlext         - delete extensions before signing and input certificate\n",
 NULL
 };

@@ -175,7 +173,6 @@ int MAIN(int argc, char **argv)
 	LHASH *extconf = NULL;
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
-	int checkend=0,checkoffset=0;

 	reqfile=0;

@@ -356,12 +353,6 @@ int MAIN(int argc, char **argv)
 			startdate= ++num;
 		else if (strcmp(*argv,"-enddate") == 0)
 			enddate= ++num;
-		else if (strcmp(*argv,"-checkend") == 0)
-			{
-			if (--argc < 1) goto bad;
-			checkoffset=atoi(*(++argv));
-			checkend=1;
-			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
 		else if (strcmp(*argv,"-trustout") == 0)
@@ -374,15 +365,8 @@ int MAIN(int argc, char **argv)
 			aliasout= ++num;
 		else if (strcmp(*argv,"-CAcreateserial") == 0)
 			CA_createserial= ++num;
-		else if (strcmp(*argv,"-clrext") == 0)
-			clrext = 1;
-#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
 		else if (strcmp(*argv,"-crlext") == 0)
-			{
-			BIO_printf(bio_err,"use -clrext instead of -crlext\n");
 			clrext = 1;
-			}
-#endif
 		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
 			{
 			/* ok */
@@ -483,18 +467,13 @@ bad:
 			if (BIO_read_filename(in,infile) <= 0)
 				{
 				perror(infile);
-				BIO_free(in);
 				goto end;
 				}
 			}
 		req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
 		BIO_free(in);

-		if (req == NULL)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
+		if (req == NULL) { perror(infile); goto end; }

 		if (	(req->req_info == NULL) ||
 			(req->req_info->pubkey == NULL) ||
@@ -848,24 +827,6 @@ bad:
 			}
 		}

-	if(checkend)
-		{
-		time_t t=ASN1_UTCTIME_get(X509_get_notAfter(x));
-		time_t tnow=time(NULL);
-
-		if(tnow+checkoffset > t)
-			{
-			BIO_printf(out,"Certificate will expire\n");
-			ret=1;
-			}
-		else
-			{
-			BIO_printf(out,"Certificate will not expire\n");
-			ret=0;
-			}
-		goto end;
-		}
-
 	if (noout)
 		{
 		ret=0;
--- a/14
+++ b/14
@@ -292,8 +292,6 @@ TEST="false"
 for i
 do
 case "$i" in 
-# shared library support (behnke@trustcenter.de)
-shared) SHARED=true;;
 -d*) PREFIX="debug-";;
 -t*) TEST="true";;
 -h*) TEST="true"; cat <<EOF
@@ -409,8 +407,6 @@ case "$GUESSOS" in
 	;;
  mips-*-linux?) OUT="linux-mips" ;;
  ppc-*-linux2) OUT="linux-ppc" ;;
-  m68k-*-linux*) OUT="linux-m68k" ;;
-  ia64-*-linux?) OUT="linux-ia64" ;;
  ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
  sparc64-*-linux2)
 	#Before we can uncomment following lines we have to wait at least
@@ -480,16 +476,6 @@ then
  options="$options -DATALLA"
 fi

-#get some basic shared lib support (behnke@trustcenter.de)
-case "$OUT" in
-   solaris-*-gcc)
-	if  [ "$SHARED" = "true" ] 
-	 then
-	  options="$options -DPIC -fPIC"
-        fi
-     ;;
-esac
-
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
 then
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -27,7 +27,7 @@ LIBS=

 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso \
+	bn rsa dsa dh \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

@@ -40,7 +40,7 @@ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdi
 SRC= $(LIBSRC)

 EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
-HEADER=	cryptlib.h buildinf.h md32_common.h $(EXHEADER)
+HEADER=	cryptlib.h buildinf.h $(EXHEADER)

 ALL=    $(GENERAL) $(SRC) $(HEADER)

--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -817,38 +817,36 @@ t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-t_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../cryptlib.h
+t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_crl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-t_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_crl.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../cryptlib.h
+t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
@@ -863,19 +861,18 @@ t_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-t_req.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-t_req.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_req.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_req.o: ../cryptlib.h
+t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -899,19 +896,18 @@ t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-t_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_x509.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../cryptlib.h
+t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -433,6 +433,3 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
 	if(ai->type == V_ASN1_NEG_INTEGER) bn->neg = 1;
 	return(ret);
 	}
-
-IMPLEMENT_STACK_OF(ASN1_INTEGER)
-IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -264,37 +264,3 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 #endif
 	return(s);
 	}
-
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
-	{
-	struct tm tm;
-	int offset;
-
-	memset(&tm,'\0',sizeof tm);
-
-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
-	tm.tm_year=g2(s->data);
-	if(tm.tm_year < 50)
-		tm.tm_year+=100;
-	tm.tm_mon=g2(s->data+2)-1;
-	tm.tm_mday=g2(s->data+4);
-	tm.tm_hour=g2(s->data+6);
-	tm.tm_min=g2(s->data+8);
-	tm.tm_sec=g2(s->data+10);
-	if(s->data[12] == 'Z')
-		offset=0;
-	else
-		{
-		offset=g2(s->data+13)*60+g2(s->data+15);
-		if(s->data[12] == '-')
-			offset= -offset;
-		}
-#undef g2
-
-	return timegm(&tm)-offset*60; /* FIXME: timegm is non-standard,
-	                               * typically we only have mktime (which
-	                               * interprets the struct tm according to
-	                               * the current time zone setting).
-	                               * Also time_t is inappropriate for general
-	                               * UTC times because it may a 32 bit type. */
-	}
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -59,6 +59,10 @@
 #ifndef HEADER_ASN1_H
 #define HEADER_ASN1_H

+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 #include <time.h>
 #include <openssl/bn.h>
 #include <openssl/stack.h>
@@ -68,10 +72,6 @@
 #include <openssl/vms_idhacks.h>
 #endif

-#ifdef  __cplusplus
-extern "C" {
-#endif
-
 #define V_ASN1_UNIVERSAL		0x00
 #define	V_ASN1_APPLICATION		0x40
 #define V_ASN1_CONTEXT_SPECIFIC		0x80
@@ -140,8 +140,6 @@ extern "C" {
 #define MBSTRING_UNIV		(MBSTRING_FLAG|3)
 #define MBSTRING_UTF8		(MBSTRING_FLAG|4)

-struct X509_algor_st;
-
 #define DECLARE_ASN1_SET_OF(type) \
 int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
 			   int (*func)(type *,unsigned char **), int ex_tag, \
@@ -151,14 +149,7 @@ STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
 				       type *(*func)(type **, \
 						     unsigned char **,long), \
 				       void (*free_func)(type *), \
-				       int ex_tag,int ex_class); \
-unsigned char *ASN1_seq_pack_##type(STACK_OF(type) *st, \
-				    int (*i2d)(type *,unsigned char **), \
-				    unsigned char **buf,int *len); \
-STACK_OF(type) *ASN1_seq_unpack_##type(unsigned char *buf,int len, \
-				       type *(*d2i)(type **,unsigned char **, \
-						    long), \
-				       void (*free_func)(type *));
+				       int ex_tag,int ex_class);

 #define IMPLEMENT_ASN1_SET_OF(type) \
 int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
@@ -174,17 +165,7 @@ STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
    { return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \
 					    (char *(*)())func, \
 					    (void (*)())free_func, \
-					    ex_tag,ex_class); } \
-unsigned char *ASN1_seq_pack_##type(STACK_OF(type) *st, \
-				    int (*i2d)(type *,unsigned char **), \
-				    unsigned char **buf,int *len) \
-    { return ASN1_seq_pack((STACK *)st,i2d,buf,len); } \
-STACK_OF(type) *ASN1_seq_unpack_##type(unsigned char *buf,int len, \
-				       type *(*d2i)(type **,unsigned char **, \
-						    long), \
-				       void (*free_func)(type *)) \
-    { return (STACK_OF(type) *)ASN1_seq_unpack(buf,len,(char *(*)())d2i, \
-					       (void(*)(void *))free_func); }
+					    ex_tag,ex_class); }

 typedef struct asn1_ctx_st
 	{
@@ -293,9 +274,6 @@ typedef struct asn1_string_st ASN1_UTF8STRING;

 typedef int ASN1_NULL;

-DECLARE_STACK_OF(ASN1_INTEGER)
-DECLARE_ASN1_SET_OF(ASN1_INTEGER)
-
 typedef struct asn1_type_st
 	{
 	int type;
@@ -601,7 +579,6 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);

 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
@@ -793,7 +770,7 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
 STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
 						 void (*free_func)() ); 
 unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
-			     int *len );
+								 int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
 ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);

--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -54,8 +54,7 @@
 */

 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * made to it will be overwritten when the script next updates this file.
 */

 #include <stdio.h>
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -59,12 +59,12 @@
 #ifndef HEADER_ASN1_MAC_H
 #define HEADER_ASN1_MAC_H

-#include <openssl/asn1.h>
-
 #ifdef  __cplusplus
 extern "C" {
 #endif

+#include <openssl/asn1.h>
+
 #ifndef ASN1_MAC_ERR_LIB
 #define ASN1_MAC_ERR_LIB	ERR_LIB_ASN1
 #endif 
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -211,11 +211,7 @@ RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
 	M_ASN1_BIT_STRING_free(os);
 	c.q=c.p;
 	if ((ret=d2i_Netscape_RSA_2(a,&c.p,c.slen,cb)) == NULL) goto err;
-	/* Note: some versions of IIS key files use length values that are
-	 * too small for the surrounding SEQUENCEs. This following line
-	 * effectively disable length checking.
-	 */
-	c.slen = 0;
+	c.slen-=(c.p-c.q);

 	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
 	}
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -129,7 +129,7 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
 	}
 	pbe->salt->length = saltlen;
 	if (salt) memcpy (pbe->salt->data, salt, saltlen);
-	else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
+	else if (RAND_bytes (pbe->salt->data, saltlen) <= 0)
 		return NULL;

 	if (!(astype = ASN1_TYPE_new())) {
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -194,8 +194,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;

 	/* Create random IV */
-	if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
-		goto err;
+	RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher));

 	/* Dummy cipherinit to just setup the IV */
 	EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
@@ -213,7 +212,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 	if (!(osalt->data = Malloc (saltlen))) goto merr;
 	osalt->length = saltlen;
 	if (salt) memcpy (osalt->data, salt, saltlen);
-	else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
+	else if (RAND_bytes (osalt->data, saltlen) <= 0) goto merr;

 	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
 	if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
--- a/crypto/asn1/p7_lib.c
+++ b/crypto/asn1/p7_lib.c
@@ -293,5 +293,3 @@ void PKCS7_content_free(PKCS7 *a)
 	a->d.ptr=NULL;
 	}

-IMPLEMENT_STACK_OF(PKCS7)
-IMPLEMENT_ASN1_SET_OF(PKCS7)
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -119,7 +119,7 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)

 	pkey=X509_REQ_get_pubkey(x);
 #ifndef NO_RSA
-	if (pkey != NULL && pkey->type == EVP_PKEY_RSA)
+	if (pkey->type == EVP_PKEY_RSA)
 		{
 		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
 			BN_num_bits(pkey->pkey.rsa->n));
@@ -128,7 +128,7 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
 	else 
 #endif
 #ifndef NO_DSA
-		if (pkey != NULL && pkey->type == EVP_PKEY_DSA)
+		if (pkey->type == EVP_PKEY_DSA)
 		{
 		BIO_printf(bp,"%12sDSA Public Key:\n","");
 		DSA_print(bp,pkey->pkey.dsa,16);
@@ -137,8 +137,7 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
 #endif
 		BIO_printf(bp,"%12sUnknown Public Key:\n","");

-	if (pkey != NULL)
-	    EVP_PKEY_free(pkey);
+	EVP_PKEY_free(pkey);

 	/* may not be */
 	sprintf(str,"%8sAttributes:\n","");
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -183,10 +183,8 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)

 	Free(s);

-#if 0
 	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
 	pk->pkey=pkey;
-#endif

 	if (*x != NULL)
 		X509_PUBKEY_free(*x);
--- a/crypto/bf/Makefile.ssl
+++ b/crypto/bf/Makefile.ssl
@@ -49,7 +49,7 @@ lib:	$(LIBOBJ)

 # elf
 asm/bx86-elf.o: asm/bx86unix.cpp
-	$(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o
+	$(CPP) -DELF asm/bx86unix.cpp | as -o asm/bx86-elf.o

 # solaris
 asm/bx86-sol.o: asm/bx86unix.cpp
@@ -65,7 +65,7 @@ asm/bx86-out.o: asm/bx86unix.cpp
 asm/bx86bsdi.o: asm/bx86unix.cpp
 	$(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o

-asm/bx86unix.cpp: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+asm/bx86unix.cpp:
 	(cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp)

 files:
--- a/crypto/bf/Makefile.uni
+++ b/crypto/bf/Makefile.uni
@@ -0,0 +1,157 @@
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+DIR=	bf
+TOP=	.
+# use BF_PTR2 for intel boxes,
+# BF_PTR for sparc and MIPS/SGI
+# use nothing for Alpha and HP.
+
+# There are 3 possible performance options, experiment :-)
+#OPTS= -DBF_PTR  # usr for sparc and MIPS/SGI
+#OPTS= -DBF_PTR2 # use for pentium
+OPTS=		 # use for pentium pro, Alpha and HP
+
+MAKE=make -f Makefile
+#CC=cc
+#CFLAG= -O
+
+CC=gcc
+#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+CFLAG= -O3 -fomit-frame-pointer
+
+CFLAGS=$(OPTS) $(CFLAG)
+CPP=$(CC) -E
+AS=as
+RANLIB=ranlib
+
+# Assember version of bf_encrypt().
+BF_ENC=bf_enc.o		# normal C version
+#BF_ENC=asm/bx86-elf.o	# elf format x86
+#BF_ENC=asm/bx86-out.o	# a.out format x86
+#BF_ENC=asm/bx86-sol.o	# solaris format x86 
+#BF_ENC=asm/bx86bsdi.o	# bsdi format x86 
+
+LIBDIR=/usr/local/lib
+BINDIR=/usr/local/bin
+INCDIR=/usr/local/include
+MANDIR=/usr/local/man
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
+
+GENERAL=Makefile Makefile.ssl Makefile.uni asm bf_locl.org README \
+	COPYRIGHT blowfish.doc INSTALL
+
+TESTING=    bftest bfspeed bf_opts
+TESTING_SRC=bftest.c bfspeed.c bf_opts.c
+HEADERS=bf_locl.h blowfish.h bf_pi.h
+
+ALL=	$(GENERAL) $(TESTING_SRC) $(LIBSRC) $(HEADERS)
+
+BLIB=	libblowfish.a
+
+all: $(BLIB) $(TESTING)
+
+cc:
+	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+
+gcc:
+	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+
+x86-elf:
+	$(MAKE) BF_ENC='asm/bx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+
+x86-out:
+	$(MAKE) BF_ENC='asm/bx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+
+x86-solaris:
+	$(MAKE) BF_ENC='asm/bx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+
+x86-bsdi:
+	$(MAKE) BF_ENC='asm/bx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+
+# elf
+asm/bx86-elf.o: asm/bx86unix.cpp
+	$(CPP) -DELF asm/bx86unix.cpp | $(AS) -o asm/bx86-elf.o
+
+# solaris
+asm/bx86-sol.o: asm/bx86unix.cpp
+	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+	as -o asm/bx86-sol.o asm/bx86-sol.s
+	rm -f asm/bx86-sol.s
+
+# a.out
+asm/bx86-out.o: asm/bx86unix.cpp
+	$(CPP) -DOUT asm/bx86unix.cpp | $(AS) -o asm/bx86-out.o
+
+# bsdi
+asm/bx86bsdi.o: asm/bx86unix.cpp
+	$(CPP) -DBSDI asm/bx86unix.cpp | $(AS) -o asm/bx86bsdi.o
+
+asm/bx86unix.cpp:
+	(cd asm; perl bf-586.pl cpp >bx86unix.cpp)
+	
+test:	all
+	./bftest
+
+$(BLIB): $(LIBOBJ)
+	/bin/rm -f $(BLIB)
+	ar cr $(BLIB) $(LIBOBJ)
+	$(RANLIB) $(BLIB)
+
+bftest: bftest.o $(BLIB)
+	$(CC) $(CFLAGS) -o bftest bftest.o $(BLIB)
+
+bfspeed: bfspeed.o $(BLIB)
+	$(CC) $(CFLAGS) -o bfspeed bfspeed.o $(BLIB)
+
+bf_opts: bf_opts.o $(BLIB)
+	$(CC) $(CFLAGS) -o bf_opts bf_opts.o $(BLIB)
+
+tags:
+	ctags $(TESTING_SRC) $(LIBBF)
+
+tar:
+	tar chf libbf.tar $(ALL)
+
+shar:
+	shar $(ALL) >libbf.shar
+
+depend:
+	makedepend $(LIBBF) $(TESTING_SRC)
+
+clean:
+	/bin/rm -f *.o tags core $(TESTING) $(BLIB) .nfs* *.old *.bak asm/*.o 
+
+dclean:
+	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+	mv -f Makefile.new Makefile
+
+# Eric is probably going to choke when he next looks at this --tjh
+install: $(BLIB)
+	if test $(INSTALLTOP); then \
+	    echo SSL style install; \
+	    cp $(BLIB) $(INSTALLTOP)/lib; \
+		$(RANLIB) $(BLIB); \
+	    chmod 644 $(INSTALLTOP)/lib/$(BLIB); \
+	    cp blowfish.h $(INSTALLTOP)/include; \
+	    chmod 644 $(INSTALLTOP)/include/blowfish.h; \
+	else \
+	    echo Standalone install; \
+	    cp $(BLIB) $(LIBDIR)/$(BLIB); \
+		$(RANLIB) $(BLIB); \
+	    chmod 644 $(LIBDIR)/$(BLIB); \
+	    cp blowfish.h $(INCDIR)/blowfish.h; \
+	    chmod 644 $(INCDIR)/blowfish.h; \
+	fi
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/crypto/bf/asm/b-win32.asm
+++ b/crypto/bf/asm/b-win32.asm
@@ -0,0 +1,906 @@
+	; Don't even think of reading this code
+	; It was automatically generated by bf-586.pl
+	; Which is a perl program used to generate the x86 assember for
+	; any of elf, a.out, BSDI,Win32, or Solaris
+	; eric <eay@cryptsoft.com>
+	; 
+	TITLE	bf-586.asm
+        .486
+.model FLAT
+_TEXT	SEGMENT
+PUBLIC	_BF_encrypt
+
+_BF_encrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	mov	ebx,		DWORD PTR 12[esp]
+	mov	ebp,		DWORD PTR 16[esp]
+	push	esi
+	push	edi
+	; Load the 2 words
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	xor	eax,		eax
+	mov	ebx,		DWORD PTR [ebp]
+	xor	ecx,		ecx
+	xor	edi,		ebx
+	; 
+	; Round 0
+	mov	edx,		DWORD PTR 4[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 1
+	mov	edx,		DWORD PTR 8[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 2
+	mov	edx,		DWORD PTR 12[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 3
+	mov	edx,		DWORD PTR 16[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 4
+	mov	edx,		DWORD PTR 20[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 5
+	mov	edx,		DWORD PTR 24[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 6
+	mov	edx,		DWORD PTR 28[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 7
+	mov	edx,		DWORD PTR 32[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 8
+	mov	edx,		DWORD PTR 36[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 9
+	mov	edx,		DWORD PTR 40[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 10
+	mov	edx,		DWORD PTR 44[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 11
+	mov	edx,		DWORD PTR 48[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 12
+	mov	edx,		DWORD PTR 52[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 13
+	mov	edx,		DWORD PTR 56[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 14
+	mov	edx,		DWORD PTR 60[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 15
+	mov	edx,		DWORD PTR 64[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	; Load parameter 0 (16) enc=1
+	mov	eax,		DWORD PTR 20[esp]
+	xor	edi,		ebx
+	mov	edx,		DWORD PTR 68[ebp]
+	xor	esi,		edx
+	mov	DWORD PTR 4[eax],edi
+	mov	DWORD PTR [eax],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_BF_encrypt ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_BF_decrypt
+
+_BF_decrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	mov	ebx,		DWORD PTR 12[esp]
+	mov	ebp,		DWORD PTR 16[esp]
+	push	esi
+	push	edi
+	; Load the 2 words
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	xor	eax,		eax
+	mov	ebx,		DWORD PTR 68[ebp]
+	xor	ecx,		ecx
+	xor	edi,		ebx
+	; 
+	; Round 16
+	mov	edx,		DWORD PTR 64[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 15
+	mov	edx,		DWORD PTR 60[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 14
+	mov	edx,		DWORD PTR 56[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 13
+	mov	edx,		DWORD PTR 52[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 12
+	mov	edx,		DWORD PTR 48[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 11
+	mov	edx,		DWORD PTR 44[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 10
+	mov	edx,		DWORD PTR 40[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 9
+	mov	edx,		DWORD PTR 36[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 8
+	mov	edx,		DWORD PTR 32[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 7
+	mov	edx,		DWORD PTR 28[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 6
+	mov	edx,		DWORD PTR 24[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 5
+	mov	edx,		DWORD PTR 20[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 4
+	mov	edx,		DWORD PTR 16[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 3
+	mov	edx,		DWORD PTR 12[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	edi,		ebx
+	; 
+	; Round 2
+	mov	edx,		DWORD PTR 8[ebp]
+	mov	ebx,		edi
+	xor	esi,		edx
+	shr	ebx,		16
+	mov	edx,		edi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	xor	eax,		eax
+	xor	esi,		ebx
+	; 
+	; Round 1
+	mov	edx,		DWORD PTR 4[ebp]
+	mov	ebx,		esi
+	xor	edi,		edx
+	shr	ebx,		16
+	mov	edx,		esi
+	mov	al,		bh
+	and	ebx,		255
+	mov	cl,		dh
+	and	edx,		255
+	mov	eax,		DWORD PTR 72[eax*4+ebp]
+	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
+	xor	ebx,		eax
+	mov	edx,		DWORD PTR 3144[edx*4+ebp]
+	add	ebx,		edx
+	; Load parameter 0 (1) enc=0
+	mov	eax,		DWORD PTR 20[esp]
+	xor	edi,		ebx
+	mov	edx,		DWORD PTR [ebp]
+	xor	esi,		edx
+	mov	DWORD PTR 4[eax],edi
+	mov	DWORD PTR [eax],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_BF_decrypt ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_BF_cbc_encrypt
+
+_BF_cbc_encrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	mov	ebp,		DWORD PTR 28[esp]
+	; getting iv ptr from parameter 4
+	mov	ebx,		DWORD PTR 36[esp]
+	mov	esi,		DWORD PTR [ebx]
+	mov	edi,		DWORD PTR 4[ebx]
+	push	edi
+	push	esi
+	push	edi
+	push	esi
+	mov	ebx,		esp
+	mov	esi,		DWORD PTR 36[esp]
+	mov	edi,		DWORD PTR 40[esp]
+	; getting encrypt flag from parameter 5
+	mov	ecx,		DWORD PTR 56[esp]
+	; get and push parameter 3
+	mov	eax,		DWORD PTR 48[esp]
+	push	eax
+	push	ebx
+	cmp	ecx,		0
+	jz	$L000decrypt
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	jz	$L001encrypt_finish
+L002encrypt_loop:
+	mov	ecx,		DWORD PTR [esi]
+	mov	edx,		DWORD PTR 4[esi]
+	xor	eax,		ecx
+	xor	ebx,		edx
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR 8[esp],eax
+	mov	DWORD PTR 12[esp],ebx
+	call	_BF_encrypt
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L002encrypt_loop
+$L001encrypt_finish:
+	mov	ebp,		DWORD PTR 52[esp]
+	and	ebp,		7
+	jz	$L003finish
+	xor	ecx,		ecx
+	xor	edx,		edx
+	mov	ebp,		DWORD PTR $L004cbc_enc_jmp_table[ebp*4]
+	jmp	 ebp
+L005ej7:
+	mov	dh,		BYTE PTR 6[esi]
+	shl	edx,		8
+L006ej6:
+	mov	dh,		BYTE PTR 5[esi]
+L007ej5:
+	mov	dl,		BYTE PTR 4[esi]
+L008ej4:
+	mov	ecx,		DWORD PTR [esi]
+	jmp	$L009ejend
+L010ej3:
+	mov	ch,		BYTE PTR 2[esi]
+	shl	ecx,		8
+L011ej2:
+	mov	ch,		BYTE PTR 1[esi]
+L012ej1:
+	mov	cl,		BYTE PTR [esi]
+$L009ejend:
+	xor	eax,		ecx
+	xor	ebx,		edx
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR 8[esp],eax
+	mov	DWORD PTR 12[esp],ebx
+	call	_BF_encrypt
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	jmp	$L003finish
+$L000decrypt:
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	jz	$L013decrypt_finish
+L014decrypt_loop:
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR 8[esp],eax
+	mov	DWORD PTR 12[esp],ebx
+	call	_BF_decrypt
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	bswap	eax
+	bswap	ebx
+	mov	ecx,		DWORD PTR 16[esp]
+	mov	edx,		DWORD PTR 20[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR [edi],ecx
+	mov	DWORD PTR 4[edi],edx
+	mov	DWORD PTR 16[esp],eax
+	mov	DWORD PTR 20[esp],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L014decrypt_loop
+$L013decrypt_finish:
+	mov	ebp,		DWORD PTR 52[esp]
+	and	ebp,		7
+	jz	$L003finish
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR 8[esp],eax
+	mov	DWORD PTR 12[esp],ebx
+	call	_BF_decrypt
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	bswap	eax
+	bswap	ebx
+	mov	ecx,		DWORD PTR 16[esp]
+	mov	edx,		DWORD PTR 20[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+L015dj7:
+	ror	edx,		16
+	mov	BYTE PTR 6[edi],dl
+	shr	edx,		16
+L016dj6:
+	mov	BYTE PTR 5[edi],dh
+L017dj5:
+	mov	BYTE PTR 4[edi],dl
+L018dj4:
+	mov	DWORD PTR [edi],ecx
+	jmp	$L019djend
+L020dj3:
+	ror	ecx,		16
+	mov	BYTE PTR 2[edi],cl
+	shl	ecx,		16
+L021dj2:
+	mov	BYTE PTR 1[esi],ch
+L022dj1:
+	mov	BYTE PTR [esi],	cl
+$L019djend:
+	jmp	$L003finish
+$L003finish:
+	mov	ecx,		DWORD PTR 60[esp]
+	add	esp,		24
+	mov	DWORD PTR [ecx],eax
+	mov	DWORD PTR 4[ecx],ebx
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+$L004cbc_enc_jmp_table:
+	DD	0
+	DD	L012ej1
+	DD	L011ej2
+	DD	L010ej3
+	DD	L008ej4
+	DD	L007ej5
+	DD	L006ej6
+	DD	L005ej7
+L023cbc_dec_jmp_table:
+	DD	0
+	DD	L022dj1
+	DD	L021dj2
+	DD	L020dj3
+	DD	L018dj4
+	DD	L017dj5
+	DD	L016dj6
+	DD	L015dj7
+_BF_cbc_encrypt ENDP
+_TEXT	ENDS
+END
--- a/crypto/bio/Makefile.ssl
+++ b/crypto/bio/Makefile.ssl
@@ -172,10 +172,8 @@ bss_acpt.o: ../../include/openssl/opensslconf.h
 bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bss_acpt.o: ../../include/openssl/stack.h ../cryptlib.h
 bss_bio.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-bss_bio.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-bss_bio.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-bss_bio.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bss_bio.o: ../../include/openssl/stack.h
+bss_bio.o: ../../include/openssl/err.h ../../include/openssl/opensslv.h
+bss_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 bss_conn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 bss_conn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -64,8 +64,6 @@
 #include <stdarg.h>
 #include <string.h>
 #include <ctype.h>
-#include <assert.h>
-#include <limits.h>
 #include "cryptlib.h"
 #ifndef NO_SYS_TYPES_H
 #include <sys/types.h>
@@ -74,11 +72,31 @@

 #ifdef BN_LLONG
 # ifndef HAVE_LONG_LONG
-#  define HAVE_LONG_LONG 1
+#  define HAVE_LONG_LONG
 # endif
 #endif

-/***************************************************************************/
+static void dopr (char *buffer, size_t maxlen, size_t *retlen,
+	const char *format, va_list args);
+
+int BIO_printf (BIO *bio, ...)
+	{
+	va_list args;
+	char *format;
+	int ret;
+	size_t retlen;
+	MS_STATIC char hugebuf[1024*2]; /* 10k in one chunk is the limit */
+
+	va_start(args, bio);
+	format=va_arg(args, char *);
+
+	hugebuf[0]='\0';
+	dopr(hugebuf, sizeof(hugebuf), &retlen, format, args);
+	ret=BIO_write(bio, hugebuf, (int)retlen);
+
+	va_end(args);
+	return(ret);
+	}

 /*
 * Copyright Patrick Powell 1995
@@ -99,7 +117,6 @@
 * o Andrew Tridgell <tridge@samba.org>        (1998, for Samba)
 * o Luke Mewburn <lukem@netbsd.org>           (1999, for LukemFTP)
 * o Ralf S. Engelschall <rse@engelschall.com> (1999, for Pth)
- * o ...                                       (for OpenSSL)
 */

 #if HAVE_LONG_DOUBLE
@@ -114,25 +131,10 @@
 #define LLONG long
 #endif

-static void fmtstr     (void (*)(char **, size_t *, size_t *, int),
-			char **, size_t *, size_t *, const char *, int, int,
-			int);
-static void fmtint     (void (*)(char **, size_t *, size_t *, int),
-			char **, size_t *, size_t *, LLONG, int, int, int, int);
-static void fmtfp      (void (*)(char **, size_t *, size_t *, int),
-			char **, size_t *, size_t *, LDOUBLE, int, int, int);
-static int dopr_isbig (size_t, size_t);
-static int dopr_copy (size_t);
-static void dopr_outch (char **, size_t *, size_t *, int);
-#ifdef USE_ALLOCATING_PRINT
-static int doapr_isbig (size_t, size_t);
-static int doapr_copy (size_t);
-static void doapr_outch (char **, size_t *, size_t *, int);
-#endif
-static void _dopr(void (*)(char **, size_t *, size_t *, int),
-		  int (*)(size_t, size_t), int (*)(size_t),
-		  char **buffer, size_t *maxlen, size_t *retlen, int *truncated,
-		  const char *format, va_list args);
+static void fmtstr     (char *, size_t *, size_t, char *, int, int, int);
+static void fmtint     (char *, size_t *, size_t, LLONG, int, int, int, int);
+static void fmtfp      (char *, size_t *, size_t, LDOUBLE, int, int, int);
+static void dopr_outch (char *, size_t *, size_t, int);

 /* format read states */
 #define DP_S_DEFAULT    0
@@ -163,7 +165,6 @@ static void _dopr(void (*)(char **, size_t *, size_t *, int),
 #define char_to_int(p) (p - '0')
 #define MAX(p,q) ((p >= q) ? p : q)

-#ifndef USE_ALLOCATING_PRINT
 static void
 dopr(
    char *buffer,
@@ -171,38 +172,6 @@ dopr(
    size_t *retlen,
    const char *format,
    va_list args)
-{
-    int ignored;
-    _dopr(dopr_outch, dopr_isbig, dopr_copy,
-        &buffer, &maxlen, retlen, &ignored, format, args);
-}
-
-#else
-static void
-doapr(
-    char **buffer,
-    size_t *retlen,
-    const char *format,
-    va_list args)
-{
-    size_t dummy_maxlen = 0;
-    int ignored;
-    _dopr(doapr_outch, doapr_isbig, doapr_copy,
-        buffer, &dummy_maxlen, retlen, &ignored, format, args);
-}
-#endif
-
-static void
-_dopr(
-    void (*outch_fn)(char **, size_t *, size_t *, int),
-    int (*isbig_fn)(size_t, size_t),
-    int (*copy_fn)(size_t),
-    char **buffer,
-    size_t *maxlen,
-    size_t *retlen,
-    int *truncated,
-    const char *format,
-    va_list args)
 {
    char ch;
    LLONG value;
@@ -221,7 +190,7 @@ _dopr(
    ch = *format++;

    while (state != DP_S_DONE) {
-        if ((ch == '\0') || (*isbig_fn)(currlen, *maxlen))
+        if ((ch == '\0') || (currlen >= maxlen))
            state = DP_S_DONE;

        switch (state) {
@@ -229,7 +198,7 @@ _dopr(
            if (ch == '%')
                state = DP_S_FLAGS;
            else
-                (*outch_fn)(buffer, &currlen, maxlen, ch);
+                dopr_outch(buffer, &currlen, maxlen, ch);
            ch = *format++;
            break;
        case DP_S_FLAGS:
@@ -335,8 +304,7 @@ _dopr(
                    value = va_arg(args, int);
                    break;
                }
-                fmtint(outch_fn, buffer, &currlen, maxlen,
-                       value, 10, min, max, flags);
+                fmtint(buffer, &currlen, maxlen, value, 10, min, max, flags);
                break;
            case 'X':
                flags |= DP_F_UP;
@@ -361,7 +329,7 @@ _dopr(
                        unsigned int);
                    break;
                }
-                fmtint(outch_fn, buffer, &currlen, maxlen, value,
+                fmtint(buffer, &currlen, maxlen, value,
                       ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
                       min, max, flags);
                break;
@@ -370,8 +338,7 @@ _dopr(
                    fvalue = va_arg(args, LDOUBLE);
                else
                    fvalue = va_arg(args, double);
-                fmtfp(outch_fn, buffer, &currlen, maxlen,
-                      fvalue, min, max, flags);
+                fmtfp(buffer, &currlen, maxlen, fvalue, min, max, flags);
                break;
            case 'E':
                flags |= DP_F_UP;
@@ -390,19 +357,19 @@ _dopr(
                    fvalue = va_arg(args, double);
                break;
            case 'c':
-                (*outch_fn)(buffer, &currlen, maxlen,
+                dopr_outch(buffer, &currlen, maxlen,
                    va_arg(args, int));
                break;
            case 's':
                strvalue = va_arg(args, char *);
                if (max < 0)
-                    max = (*copy_fn)(*maxlen);
-                fmtstr(outch_fn, buffer, &currlen, maxlen, strvalue,
-                       flags, min, max);
+                    max = maxlen;
+                fmtstr(buffer, &currlen, maxlen, strvalue,
+                    flags, min, max);
                break;
            case 'p':
                value = (long)va_arg(args, void *);
-                fmtint(outch_fn, buffer, &currlen, maxlen,
+                fmtint(buffer, &currlen, maxlen,
                    value, 16, min, max, flags);
                break;
            case 'n': /* XXX */
@@ -425,7 +392,7 @@ _dopr(
                }
                break;
            case '%':
-                (*outch_fn)(buffer, &currlen, maxlen, ch);
+                dopr_outch(buffer, &currlen, maxlen, ch);
                break;
            case 'w':
                /* not supported yet, treat as next char */
@@ -446,21 +413,19 @@ _dopr(
            break;
        }
    }
-    *truncated = (currlen > *maxlen - 1);
-    if (*truncated)
-        currlen = *maxlen - 1;
-    (*buffer)[currlen] = '\0';
+    if (currlen >= maxlen - 1)
+        currlen = maxlen - 1;
+    buffer[currlen] = '\0';
    *retlen = currlen;
    return;
 }

 static void
 fmtstr(
-    void (*outch_fn)(char **, size_t *, size_t *, int),
-    char **buffer,
+    char *buffer,
    size_t *currlen,
-    size_t *maxlen,
-    const char *value,
+    size_t maxlen,
+    char *value,
    int flags,
    int min,
    int max)
@@ -479,16 +444,16 @@ fmtstr(
        padlen = -padlen;

    while ((padlen > 0) && (cnt < max)) {
-        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        dopr_outch(buffer, currlen, maxlen, ' ');
        --padlen;
        ++cnt;
    }
    while (*value && (cnt < max)) {
-        (*outch_fn)(buffer, currlen, maxlen, *value++);
+        dopr_outch(buffer, currlen, maxlen, *value++);
        ++cnt;
    }
    while ((padlen < 0) && (cnt < max)) {
-        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        dopr_outch(buffer, currlen, maxlen, ' ');
        ++padlen;
        ++cnt;
    }
@@ -496,10 +461,9 @@ fmtstr(

 static void
 fmtint(
-    void (*outch_fn)(char **, size_t *, size_t *, int),
-    char **buffer,
+    char *buffer,
    size_t *currlen,
-    size_t *maxlen,
+    size_t maxlen,
    LLONG value,
    int base,
    int min,
@@ -553,28 +517,28 @@ fmtint(

    /* spaces */
    while (spadlen > 0) {
-        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        dopr_outch(buffer, currlen, maxlen, ' ');
        --spadlen;
    }

    /* sign */
    if (signvalue)
-        (*outch_fn)(buffer, currlen, maxlen, signvalue);
+        dopr_outch(buffer, currlen, maxlen, signvalue);

    /* zeros */
    if (zpadlen > 0) {
        while (zpadlen > 0) {
-            (*outch_fn)(buffer, currlen, maxlen, '0');
+            dopr_outch(buffer, currlen, maxlen, '0');
            --zpadlen;
        }
    }
    /* digits */
    while (place > 0)
-        (*outch_fn)(buffer, currlen, maxlen, convert[--place]);
+        dopr_outch(buffer, currlen, maxlen, convert[--place]);

    /* left justified spaces */
    while (spadlen < 0) {
-        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        dopr_outch(buffer, currlen, maxlen, ' ');
        ++spadlen;
    }
    return;
@@ -613,10 +577,9 @@ round(LDOUBLE value)

 static void
 fmtfp(
-    void (*outch_fn)(char **, size_t *, size_t *, int),
-    char **buffer,
+    char *buffer,
    size_t *currlen,
-    size_t *maxlen,
+    size_t maxlen,
    LDOUBLE fvalue,
    int min,
    int max,
@@ -694,173 +657,54 @@ fmtfp(

    if ((flags & DP_F_ZERO) && (padlen > 0)) {
        if (signvalue) {
-            (*outch_fn)(buffer, currlen, maxlen, signvalue);
+            dopr_outch(buffer, currlen, maxlen, signvalue);
            --padlen;
            signvalue = 0;
        }
        while (padlen > 0) {
-            (*outch_fn)(buffer, currlen, maxlen, '0');
+            dopr_outch(buffer, currlen, maxlen, '0');
            --padlen;
        }
    }
    while (padlen > 0) {
-        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        dopr_outch(buffer, currlen, maxlen, ' ');
        --padlen;
    }
    if (signvalue)
-        (*outch_fn)(buffer, currlen, maxlen, signvalue);
+        dopr_outch(buffer, currlen, maxlen, signvalue);

    while (iplace > 0)
-        (*outch_fn)(buffer, currlen, maxlen, iconvert[--iplace]);
+        dopr_outch(buffer, currlen, maxlen, iconvert[--iplace]);

    /*
     * Decimal point. This should probably use locale to find the correct
     * char to print out.
     */
    if (max > 0) {
-        (*outch_fn)(buffer, currlen, maxlen, '.');
+        dopr_outch(buffer, currlen, maxlen, '.');

        while (fplace > 0)
-            (*outch_fn)(buffer, currlen, maxlen, fconvert[--fplace]);
+            dopr_outch(buffer, currlen, maxlen, fconvert[--fplace]);
    }
    while (zpadlen > 0) {
-        (*outch_fn)(buffer, currlen, maxlen, '0');
+        dopr_outch(buffer, currlen, maxlen, '0');
        --zpadlen;
    }

    while (padlen < 0) {
-        (*outch_fn)(buffer, currlen, maxlen, ' ');
+        dopr_outch(buffer, currlen, maxlen, ' ');
        ++padlen;
    }
 }

-static int
-dopr_copy(
-    size_t len)
-{
-    return len;
-}
-
-#ifdef USE_ALLOCATING_PRINT
-static int
-doapr_copy(
-    size_t len)
-{
-    /* Return as high an integer as possible */
-    return INT_MAX;
-}
-#endif
-
-static int
-dopr_isbig(
-    size_t currlen,
-    size_t maxlen)
-{
-    return currlen > maxlen;
-}
-
-#ifdef USE_ALLOCATING_PRINT
-static int
-doapr_isbig(
-    size_t currlen,
-    size_t maxlen)
-{
-    return 0;
-}
-#endif
-
 static void
 dopr_outch(
-    char **buffer,
+    char *buffer,
    size_t *currlen,
-    size_t *maxlen,
+    size_t maxlen,
    int c)
 {
-    if (*currlen < *maxlen)
-        (*buffer)[(*currlen)++] = (char)c;
+    if (*currlen < maxlen)
+        buffer[(*currlen)++] = (char)c;
    return;
 }
-
-#ifdef USE_ALLOCATING_PRINT
-static void
-doapr_outch(
-    char **buffer,
-    size_t *currlen,
-    size_t *maxlen,
-    int c)
-{
-    if (*buffer == NULL) {
-	if (*maxlen == 0)
-	    *maxlen = 1024;
-	*buffer = Malloc(*maxlen);
-    }
-    while (*currlen >= *maxlen) {
-	*maxlen += 1024;
-	*buffer = Realloc(*buffer, *maxlen);
-    }
-    /* What to do if *buffer is NULL? */
-    assert(*buffer != NULL);
-
-    (*buffer)[(*currlen)++] = (char)c;
-    return;
-}
-#endif
-
-/***************************************************************************/
-
-int BIO_printf (BIO *bio, const char *format, ...)
-	{
-	va_list args;
-	int ret;
-	size_t retlen;
-#ifdef USE_ALLOCATING_PRINT
-	char *hugebuf;
-#else
-	MS_STATIC char hugebuf[1024*2]; /* 10k in one chunk is the limit */
-#endif
-
-	va_start(args, format);
-
-#ifndef USE_ALLOCATING_PRINT
-	hugebuf[0]='\0';
-	dopr(hugebuf, sizeof(hugebuf), &retlen, format, args);
-#else
-	hugebuf = NULL;
-	CRYPTO_push_info("doapr()");
-	doapr(&hugebuf, &retlen, format, args);
-	if (hugebuf)
-		{
-#endif
-		ret=BIO_write(bio, hugebuf, (int)retlen);
-
-#ifdef USE_ALLOCATING_PRINT
-		Free(hugebuf);
-		}
-	CRYPTO_pop_info();
-#endif
-	va_end(args);
-	return(ret);
-	}
-
-/* As snprintf is not available everywhere, we provide our own implementation.
- * This function has nothing to do with BIOs, but it's closely related
- * to BIO_printf, and we need *some* name prefix ...
- * (XXX  the function should be renamed, but to what?) */
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-	{
-	va_list args;
-	size_t retlen;
-	int truncated;
-
-	va_start(args, format);
-	_dopr(dopr_outch, dopr_isbig, dopr_copy,
-		&buf, &n, &retlen, &truncated, format, args);
-	if (truncated)
-		/* In case of truncation, return -1 like traditional snprintf.
-		 * (Current drafts for ISO/IEC 9899 say snprintf should return
-		 * the number of characters that would have been written,
-		 * had the buffer been large enough.) */
-		return -1;
-	else
-		return (retlen <= INT_MAX) ? retlen : -1;
-	}
--- a/crypto/bio/bf_buff.c
+++ b/crypto/bio/bf_buff.c
@@ -62,14 +62,14 @@
 #include <openssl/bio.h>
 #include <openssl/evp.h>

-static int buffer_write(BIO *h, const char *buf,int num);
-static int buffer_read(BIO *h, char *buf, int size);
-static int buffer_puts(BIO *h, const char *str);
-static int buffer_gets(BIO *h, char *str, int size);
-static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int buffer_write(BIO *h,char *buf,int num);
+static int buffer_read(BIO *h,char *buf,int size);
+static int buffer_puts(BIO *h,char *str);
+static int buffer_gets(BIO *h,char *str,int size);
+static long buffer_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int buffer_new(BIO *h);
 static int buffer_free(BIO *data);
-static long buffer_callback_ctrl(BIO *h, int cmd, void (*fp)());
+static long buffer_callback_ctrl(BIO *h,int cmd, void (*fp)());
 #define DEFAULT_BUFFER_SIZE	1024

 static BIO_METHOD methods_buffer=
@@ -195,7 +195,7 @@ start:
 	goto start;
 	}

-static int buffer_write(BIO *b, const char *in, int inl)
+static int buffer_write(BIO *b, char *in, int inl)
 	{
 	int i,num=0;
 	BIO_F_BUFFER_CTX *ctx;
@@ -268,7 +268,7 @@ start:
 	goto start;
 	}

-static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long buffer_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	BIO *dbio;
 	BIO_F_BUFFER_CTX *ctx;
@@ -504,7 +504,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
 		}
 	}

-static int buffer_puts(BIO *b, const char *str)
+static int buffer_puts(BIO *b, char *str)
 	{
 	return(BIO_write(b,str,strlen(str)));
 	}
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -66,11 +66,11 @@
 /* BIO_put and BIO_get both add to the digest,
 * BIO_gets returns the digest */

-static int nbiof_write(BIO *h,const char *buf,int num);
+static int nbiof_write(BIO *h,char *buf,int num);
 static int nbiof_read(BIO *h,char *buf,int size);
-static int nbiof_puts(BIO *h,const char *str);
+static int nbiof_puts(BIO *h,char *str);
 static int nbiof_gets(BIO *h,char *str,int size);
-static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2);
+static long nbiof_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int nbiof_new(BIO *h);
 static int nbiof_free(BIO *data);
 static long nbiof_callback_ctrl(BIO *h,int cmd,void (*fp)());
@@ -159,7 +159,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
 	return(ret);
 	}

-static int nbiof_write(BIO *b, const char *in, int inl)
+static int nbiof_write(BIO *b, char *in, int inl)
 	{
 	NBIO_TEST *nt;
 	int ret=0;
@@ -204,7 +204,7 @@ static int nbiof_write(BIO *b, const char *in, int inl)
 	return(ret);
 	}

-static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long nbiof_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	long ret;

@@ -247,7 +247,7 @@ static int nbiof_gets(BIO *bp, char *buf, int size)
 	}


-static int nbiof_puts(BIO *bp, const char *str)
+static int nbiof_puts(BIO *bp, char *str)
 	{
 	if (bp->next_bio == NULL) return(0);
 	return(BIO_puts(bp->next_bio,str));
--- a/crypto/bio/bf_null.c
+++ b/crypto/bio/bf_null.c
@@ -65,14 +65,14 @@
 /* BIO_put and BIO_get both add to the digest,
 * BIO_gets returns the digest */

-static int nullf_write(BIO *h, const char *buf, int num);
-static int nullf_read(BIO *h, char *buf, int size);
-static int nullf_puts(BIO *h, const char *str);
-static int nullf_gets(BIO *h, char *str, int size);
-static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int nullf_write(BIO *h,char *buf,int num);
+static int nullf_read(BIO *h,char *buf,int size);
+static int nullf_puts(BIO *h,char *str);
+static int nullf_gets(BIO *h,char *str,int size);
+static long nullf_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int nullf_new(BIO *h);
 static int nullf_free(BIO *data);
-static long nullf_callback_ctrl(BIO *h, int cmd, void (*fp)());
+static long nullf_callback_ctrl(BIO *h,int cmd,void (*fp)());
 static BIO_METHOD methods_nullf=
 	{
 	BIO_TYPE_NULL_FILTER,
@@ -121,7 +121,7 @@ static int nullf_read(BIO *b, char *out, int outl)
 	return(ret);
 	}

-static int nullf_write(BIO *b, const char *in, int inl)
+static int nullf_write(BIO *b, char *in, int inl)
 	{
 	int ret=0;

@@ -133,7 +133,7 @@ static int nullf_write(BIO *b, const char *in, int inl)
 	return(ret);
 	}

-static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long nullf_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	long ret;

@@ -175,7 +175,7 @@ static int nullf_gets(BIO *bp, char *buf, int size)
 	}


-static int nullf_puts(BIO *bp, const char *str)
+static int nullf_puts(BIO *bp, char *str)
 	{
 	if (bp->next_bio == NULL) return(0);
 	return(BIO_puts(bp->next_bio,str));
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -59,14 +59,14 @@
 #ifndef HEADER_BIO_H
 #define HEADER_BIO_H

-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/crypto.h>
-
 #ifdef  __cplusplus
 extern "C" {
 #endif

+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/crypto.h>
+
 /* These are the 'types' of BIOs */
 #define BIO_TYPE_NONE		0
 #define BIO_TYPE_MEM		(1|0x0400)
@@ -207,21 +207,19 @@ extern "C" {
 #define BIO_method_name(b)		((b)->method->name)
 #define BIO_method_type(b)		((b)->method->type)

-typedef struct bio_st BIO;
-
 #ifndef WIN16
 typedef struct bio_method_st
 	{
 	int type;
 	const char *name;
-	int (*bwrite)(BIO *, const char *, int);
-	int (*bread)(BIO *, char *, int);
-	int (*bputs)(BIO *, const char *);
-	int (*bgets)(BIO *, char *, int);
-	long (*ctrl)(BIO *, int, long, void *);
-	int (*create)(BIO *);
-	int (*destroy)(BIO *);
-	long (*callback_ctrl)(BIO *, int, void (*)(struct bio_st *, int, const char *, int, long, long));
+	int (*bwrite)();
+	int (*bread)();
+	int (*bputs)();
+	int (*bgets)();
+	long (*ctrl)();
+	int (*create)();
+	int (*destroy)();
+	long (*callback_ctrl)();
 	} BIO_METHOD;
 #else
 typedef struct bio_method_st
@@ -239,7 +237,7 @@ typedef struct bio_method_st
 	} BIO_METHOD;
 #endif

-struct bio_st
+typedef struct bio_st
 	{
 	BIO_METHOD *method;
 	/* bio, mode, argp, argi, argl, ret */
@@ -259,9 +257,7 @@ struct bio_st
 	unsigned long num_write;

 	CRYPTO_EX_DATA ex_data;
-	};
-
-DECLARE_STACK_OF(BIO)
+	} BIO;

 typedef struct bio_f_buffer_ctx_struct
 	{
@@ -509,13 +505,12 @@ BIO *BIO_new_fp(FILE *stream, int close_flag);
 BIO *	BIO_new(BIO_METHOD *type);
 int	BIO_set(BIO *a,BIO_METHOD *type);
 int	BIO_free(BIO *a);
-void	BIO_vfree(BIO *a);
 int	BIO_read(BIO *b, void *data, int len);
 int	BIO_gets(BIO *bp,char *buf, int size);
-int	BIO_write(BIO *b, const void *data, int len);
+int	BIO_write(BIO *b, const char *data, int len);
 int	BIO_puts(BIO *bp,const char *buf);
 long	BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
+long	BIO_callback_ctrl(BIO *bp,int cmd,void (*fp)());
 char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
 long	BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
 BIO *	BIO_push(BIO *b,BIO *append);
@@ -597,8 +592,7 @@ void BIO_copy_next_retry(BIO *b);

 long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);

-int BIO_printf(BIO *bio, const char *format, ...);
-int BIO_snprintf(char *buf, size_t n, const char *format, ...);
+int BIO_printf(BIO *bio, ...);

 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
@@ -54,8 +54,7 @@
 */

 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * made to it will be overwritten when the script next updates this file.
 */

 #include <stdio.h>
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -137,9 +137,6 @@ int BIO_free(BIO *a)
 	return(1);
 	}

-void BIO_vfree(BIO *a)
-    { BIO_free(a); }
-
 int BIO_read(BIO *b, void *out, int outl)
 	{
 	int i;
@@ -172,7 +169,7 @@ int BIO_read(BIO *b, void *out, int outl)
 	return(i);
 	}

-int BIO_write(BIO *b, const void *in, int inl)
+int BIO_write(BIO *b, const char *in, int inl)
 	{
 	int i;
 	long (*cb)();
@@ -320,7 +317,7 @@ long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
 	return(ret);
 	}

-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long))
+long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)())
 	{
 	long ret;
 	long (*cb)();
@@ -535,5 +532,3 @@ unsigned long BIO_number_written(BIO *bio)
 	if(bio) return bio->num_write;
 	return 0;
 }
-
-IMPLEMENT_STACK_OF(BIO)
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -92,10 +92,10 @@ typedef struct bio_accept_st
 	BIO *bio_chain;
 	} BIO_ACCEPT;

-static int acpt_write(BIO *h, const char *buf, int num);
-static int acpt_read(BIO *h, char *buf, int size);
-static int acpt_puts(BIO *h, const char *str);
-static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int acpt_write(BIO *h,char *buf,int num);
+static int acpt_read(BIO *h,char *buf,int size);
+static int acpt_puts(BIO *h,char *str);
+static long acpt_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int acpt_new(BIO *h);
 static int acpt_free(BIO *data);
 static int acpt_state(BIO *b, BIO_ACCEPT *c);
@@ -307,7 +307,7 @@ static int acpt_read(BIO *b, char *out, int outl)
 	return(ret);
 	}

-static int acpt_write(BIO *b, const char *in, int inl)
+static int acpt_write(BIO *b, char *in, int inl)
 	{
 	int ret;
 	BIO_ACCEPT *data;
@@ -326,7 +326,7 @@ static int acpt_write(BIO *b, const char *in, int inl)
 	return(ret);
 	}

-static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long acpt_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	BIO *dbio;
 	int *ip;
@@ -440,7 +440,7 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
 	return(ret);
 	}

-static int acpt_puts(BIO *bp, const char *str)
+static int acpt_puts(BIO *bp, char *str)
 	{
 	int n,ret;

--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -19,20 +19,14 @@

 #include <openssl/bio.h>
 #include <openssl/err.h>
-#include <openssl/err.h>
 #include <openssl/crypto.h>

-#include "openssl/e_os.h"
-#ifndef SSIZE_MAX
-# define SSIZE_MAX INT_MAX
-#endif
-
 static int bio_new(BIO *bio);
 static int bio_free(BIO *bio);
 static int bio_read(BIO *bio, char *buf, int size);
-static int bio_write(BIO *bio, const char *buf, int num);
+static int bio_write(BIO *bio, char *buf, int num);
 static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
-static int bio_puts(BIO *bio, const char *str);
+static int bio_puts(BIO *bio, char *str);

 static int bio_make_pair(BIO *bio1, BIO *bio2);
 static void bio_destroy_pair(BIO *bio);
@@ -211,10 +205,10 @@ static int bio_read(BIO *bio, char *buf, int size_)
 */
 /* WARNING: The non-copying interface is largely untested as of yet
 * and may contain bugs. */
-static ssize_t bio_nread0(BIO *bio, char **buf)
+static size_t bio_nread0(BIO *bio, char **buf)
 	{
 	struct bio_bio_st *b, *peer_b;
-	ssize_t num;
+	size_t num;
 	
 	BIO_clear_retry_flags(bio);

@@ -249,20 +243,15 @@ static ssize_t bio_nread0(BIO *bio, char **buf)
 	return num;
 	}

-static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
+static size_t bio_nread(BIO *bio, char **buf, size_t num)
 	{
 	struct bio_bio_st *b, *peer_b;
-	ssize_t num, available;
-
-	if (num_ > SSIZE_MAX)
-		num = SSIZE_MAX;
-	else
-		num = (ssize_t)num_;
+	size_t available;

 	available = bio_nread0(bio, buf);
 	if (num > available)
 		num = available;
-	if (num <= 0)
+	if (num == 0)
 		return num;

 	b = bio->ptr;
@@ -283,7 +272,7 @@ static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
 	}


-static int bio_write(BIO *bio, const char *buf, int num_)
+static int bio_write(BIO *bio, char *buf, int num_)
 	{
 	size_t num = num_;
 	size_t rest;
@@ -362,7 +351,7 @@ static int bio_write(BIO *bio, const char *buf, int num_)
 * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
 *  or just         bio_nwrite(), write to buffer)
 */
-static ssize_t bio_nwrite0(BIO *bio, char **buf)
+static size_t bio_nwrite0(BIO *bio, char **buf)
 	{
 	struct bio_bio_st *b;
 	size_t num;
@@ -410,20 +399,15 @@ static ssize_t bio_nwrite0(BIO *bio, char **buf)
 	return num;
 	}

-static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
+static size_t bio_nwrite(BIO *bio, char **buf, size_t num)
 	{
 	struct bio_bio_st *b;
-	ssize_t num, space;
-
-	if (num_ > SSIZE_MAX)
-		num = SSIZE_MAX;
-	else
-		num = (ssize_t)num_;
+	size_t space;

 	space = bio_nwrite0(bio, buf);
 	if (num > space)
 		num = space;
-	if (num <= 0)
+	if (num == 0)
 		return num;
 	b = bio->ptr;
 	assert(b != NULL);
@@ -525,11 +509,6 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
 		ret = 1;
 		break;

-	case BIO_C_NREAD0:
-		/* prepare for non-copying read */
-		ret = (long) bio_nread0(bio, ptr);
-		break;
-		
 	case BIO_C_NREAD:
 		/* non-copying read */
 		ret = (long) bio_nread(bio, ptr, (size_t) num);
@@ -628,7 +607,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
 	return ret;
 	}

-static int bio_puts(BIO *bio, const char *str)
+static int bio_puts(BIO *bio, char *str)
 	{
 	return bio_write(bio, str, strlen(str));
 	}
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -98,13 +98,13 @@ typedef struct bio_connect_st
 	int (*info_callback)();
 	} BIO_CONNECT;

-static int conn_write(BIO *h, const char *buf, int num);
-static int conn_read(BIO *h, char *buf, int size);
-static int conn_puts(BIO *h, const char *str);
-static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int conn_write(BIO *h,char *buf,int num);
+static int conn_read(BIO *h,char *buf,int size);
+static int conn_puts(BIO *h,char *str);
+static long conn_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int conn_new(BIO *h);
 static int conn_free(BIO *data);
-static long conn_callback_ctrl(BIO *h, int cmd, void (*fp)());
+static long conn_callback_ctrl(BIO *h,int cmd,void *(*fp)());

 static int conn_state(BIO *b, BIO_CONNECT *c);
 static void conn_close_socket(BIO *data);
@@ -426,7 +426,7 @@ static int conn_read(BIO *b, char *out, int outl)
 	return(ret);
 	}

-static int conn_write(BIO *b, const char *in, int inl)
+static int conn_write(BIO *b, char *in, int inl)
 	{
 	int ret;
 	BIO_CONNECT *data;
@@ -449,7 +449,7 @@ static int conn_write(BIO *b, const char *in, int inl)
 	return(ret);
 	}

-static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long conn_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	BIO *dbio;
 	int *ip;
@@ -519,10 +519,9 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 			else if (num == 2)
 				{
 				char buf[16];
-				char *p = ptr;

 				sprintf(buf,"%d.%d.%d.%d",
-					p[0],p[1],p[2],p[3]);
+					ptr[0],ptr[1],ptr[2],ptr[3]);
 				if (data->param_hostname != NULL)
 					Free(data->param_hostname);
 				data->param_hostname=BUF_strdup(buf);
@@ -602,7 +601,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 	return(ret);
 	}

-static long conn_callback_ctrl(BIO *b, int cmd, void (*fp)())
+static long conn_callback_ctrl(BIO *b, int cmd, void *(*fp)())
 	{
 	long ret=1;
 	BIO_CONNECT *data;
@@ -623,7 +622,7 @@ static long conn_callback_ctrl(BIO *b, int cmd, void (*fp)())
 	return(ret);
 	}

-static int conn_puts(BIO *bp, const char *str)
+static int conn_puts(BIO *bp, char *str)
 	{
 	int n,ret;

--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -73,11 +73,11 @@

 #if !defined(NO_STDIO)

-static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
-static int MS_CALLBACK file_read(BIO *h, char *buf, int size);
-static int MS_CALLBACK file_puts(BIO *h, const char *str);
-static int MS_CALLBACK file_gets(BIO *h, char *str, int size);
-static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
+static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
+static int MS_CALLBACK file_puts(BIO *h,char *str);
+static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
+static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int MS_CALLBACK file_new(BIO *h);
 static int MS_CALLBACK file_free(BIO *data);
 static BIO_METHOD methods_filep=
@@ -163,7 +163,7 @@ static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
 	return(ret);
 	}

-static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
+static int MS_CALLBACK file_write(BIO *b, char *in, int inl)
 	{
 	int ret=0;

@@ -179,7 +179,7 @@ static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
 	return(ret);
 	}

-static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	long ret=1;
 	FILE *fp=(FILE *)b->ptr;
@@ -294,7 +294,7 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
 	return(ret);
 	}

-static int MS_CALLBACK file_puts(BIO *bp, const char *str)
+static int MS_CALLBACK file_puts(BIO *bp, char *str)
 	{
 	int n,ret;

--- a/crypto/bio/bss_log.c
+++ b/crypto/bio/bss_log.c
@@ -57,8 +57,8 @@
 	Why BIO_s_log?

 	BIO_s_log is useful for system daemons (or services under NT).
-	It is one-way BIO, it sends all stuff to syslogd (on system that
-	commonly use that), or event log (on NT), or OPCOM (on OpenVMS).
+	It is one-way BIO, it sends all stuff to syslogd (or event log
+	under NT).

 */

@@ -66,58 +66,29 @@
 #include <stdio.h>
 #include <errno.h>

-#if defined(WIN32)
-#  include <process.h>
-#elif defined(VMS) || defined(__VMS)
-#  include <opcdef.h>
-#  include <descrip.h>
-#  include <lib$routines.h>
-#  include <starlet.h>
-#elif defined(__ultrix)
-#  include <sys/syslog.h>
-#elif !defined(MSDOS) /* Unix */
-#  include <syslog.h>
+#ifndef WIN32
+#ifdef __ultrix
+#include <sys/syslog.h>
+#else
+#include <syslog.h>
+#endif
+#else
+#include <process.h>
 #endif

 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
-
 #ifndef NO_SYSLOG

-#if defined(WIN32)
-#define LOG_EMERG	0
-#define LOG_ALERT	1
-#define LOG_CRIT	2
-#define LOG_ERR		3
-#define LOG_WARNING	4
-#define LOG_NOTICE	5
-#define LOG_INFO	6
-#define LOG_DEBUG	7

-#define LOG_DAEMON	(3<<3)
-#elif defined(VMS)
-/* On VMS, we don't really care about these, but we need them to compile */
-#define LOG_EMERG	0
-#define LOG_ALERT	1
-#define LOG_CRIT	2
-#define LOG_ERR		3
-#define LOG_WARNING	4
-#define LOG_NOTICE	5
-#define LOG_INFO	6
-#define LOG_DEBUG	7
-
-#define LOG_DAEMON	OPC$M_NM_NTWORK
-#endif
-
-static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num);
-static int MS_CALLBACK slg_puts(BIO *h, const char *str);
-static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int MS_CALLBACK slg_write(BIO *h,char *buf,int num);
+static int MS_CALLBACK slg_puts(BIO *h,char *str);
+static long MS_CALLBACK slg_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int MS_CALLBACK slg_new(BIO *h);
 static int MS_CALLBACK slg_free(BIO *data);
-static void xopenlog(BIO* bp, const char* name, int level);
-static void xsyslog(BIO* bp, int priority, const char* string);
-static void xcloselog(BIO* bp);
+static int xopenlog(BIO* bp, const char* name, int level);
+static int xcloselog(BIO* bp);

 static BIO_METHOD methods_slg=
 	{
@@ -142,7 +113,11 @@ static int MS_CALLBACK slg_new(BIO *bi)
 	bi->init=1;
 	bi->num=0;
 	bi->ptr=NULL;
+#ifndef WIN32
 	xopenlog(bi, "application", LOG_DAEMON);
+#else
+	xopenlog(bi, "application", 0);
+#endif
 	return(1);
 	}

@@ -153,19 +128,48 @@ static int MS_CALLBACK slg_free(BIO *a)
 	return(1);
 	}
 	
-static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
+static int MS_CALLBACK slg_write(BIO *b, char *in, int inl)
 	{
 	int ret= inl;
-	char* buf;
+	char* buf= in;
 	char* pp;
+#if defined(WIN32)
+	LPCSTR lpszStrings[2];
+	WORD evtype= EVENTLOG_ERROR_TYPE;
+	int pid = _getpid();
+	char pidbuf[20];
+#else
 	int priority;
+#endif

 	if((buf= (char *)Malloc(inl+ 1)) == NULL){
 		return(0);
 	}
 	strncpy(buf, in, inl);
 	buf[inl]= '\0';
+#if defined(WIN32)
+	if(strncmp(buf, "ERR ", 4) == 0){
+		evtype= EVENTLOG_ERROR_TYPE;
+		pp= buf+ 4;
+	}else if(strncmp(buf, "WAR ", 4) == 0){
+		evtype= EVENTLOG_WARNING_TYPE;
+		pp= buf+ 4;
+	}else if(strncmp(buf, "INF ", 4) == 0){
+		evtype= EVENTLOG_INFORMATION_TYPE;
+		pp= buf+ 4;
+	}else{
+		evtype= EVENTLOG_ERROR_TYPE;
+		pp= buf;
+	}

+	sprintf(pidbuf, "[%d] ", pid);
+	lpszStrings[0] = pidbuf;
+	lpszStrings[1] = pp;
+
+	if(b->ptr)
+		ReportEvent(b->ptr, evtype, 0, 1024, NULL, 2, 0,
+				lpszStrings, NULL);
+#else
 	if(strncmp(buf, "ERR ", 4) == 0){
 		priority= LOG_ERR;
 		pp= buf+ 4;
@@ -180,13 +184,13 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
 		pp= buf;
 	}

-	xsyslog(b, priority, pp);
-
+	syslog(priority, "%s", pp);
+#endif
 	Free(buf);
 	return(ret);
 	}

-static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	switch (cmd)
 		{
@@ -200,7 +204,7 @@ static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
 	return(0);
 	}

-static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
+static int MS_CALLBACK slg_puts(BIO *bp, char *str)
 	{
 	int n,ret;

@@ -209,128 +213,28 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
 	return(ret);
 	}

+static int xopenlog(BIO* bp, const char* name, int level)
+{
 #if defined(WIN32)
-
-static void xopenlog(BIO* bp, const char* name, int level)
-{
-	bp->ptr= (char *)RegisterEventSource(NULL, name);
+	if((bp->ptr= (char *)RegisterEventSource(NULL, name)) == NULL){
+		return(0);
+	}
+#else
+	openlog(name, LOG_PID|LOG_CONS, level);
+#endif
+	return(1);
 }

-static void xsyslog(BIO *bp, int priority, const char *string)
-{
-	LPCSTR lpszStrings[2];
-	WORD evtype= EVENTLOG_ERROR_TYPE;
-	int pid = _getpid();
-	char pidbuf[20];
-
-	switch (priority)
-		{
-	case LOG_ERR:
-		evtype = EVENTLOG_ERROR_TYPE;
-		break;
-	case LOG_WARNING:
-		evtype = EVENTLOG_WARNING_TYPE;
-		break;
-	case LOG_INFO:
-		evtype = EVENTLOG_INFORMATION_TYPE;
-		break;
-	default:
-		evtype = EVENTLOG_ERROR_TYPE;
-		break;
-		}
-
-	sprintf(pidbuf, "[%d] ", pid);
-	lpszStrings[0] = pidbuf;
-	lpszStrings[1] = string;
-
-	if(bp->ptr)
-		ReportEvent(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
-				lpszStrings, NULL);
-}
-	
-static void xcloselog(BIO* bp)
+static int xcloselog(BIO* bp)
 {
+#if defined(WIN32)
 	if(bp->ptr)
 		DeregisterEventSource((HANDLE)(bp->ptr));
 	bp->ptr= NULL;
-}
-
-#elif defined(VMS)
-
-static int VMS_OPC_target = LOG_DAEMON;
-
-static void xopenlog(BIO* bp, const char* name, int level)
-{
-	VMS_OPC_target = level; 
-}
-
-static void xsyslog(BIO *bp, int priority, const char *string)
-{
-	struct dsc$descriptor_s opc_dsc;
-	struct opcdef *opcdef_p;
-	char buf[10240];
-	unsigned int len;
-        struct dsc$descriptor_s buf_dsc;
-	$DESCRIPTOR(fao_cmd, "!AZ: !AZ");
-	char *priority_tag;
-
-	switch (priority)
-	  {
-	  case LOG_EMERG: priority_tag = "Emergency"; break;
-	  case LOG_ALERT: priority_tag = "Alert"; break;
-	  case LOG_CRIT: priority_tag = "Critical"; break;
-	  case LOG_ERR: priority_tag = "Error"; break;
-	  case LOG_WARNING: priority_tag = "Warning"; break;
-	  case LOG_NOTICE: priority_tag = "Notice"; break;
-	  case LOG_INFO: priority_tag = "Info"; break;
-	  case LOG_DEBUG: priority_tag = "DEBUG"; break;
-	  }
-
-	buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-	buf_dsc.dsc$b_class = DSC$K_CLASS_S;
-	buf_dsc.dsc$a_pointer = buf;
-	buf_dsc.dsc$w_length = sizeof(buf) - 1;
-
-	lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
-
-	/* we know there's an 8 byte header.  That's documented */
-	opcdef_p = (struct opcdef *) Malloc(8 + len);
-	opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
-	memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
-	opcdef_p->opc$l_ms_rqstid = 0;
-	memcpy(&opcdef_p->opc$l_ms_text, buf, len);
-
-	opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-	opc_dsc.dsc$b_class = DSC$K_CLASS_S;
-	opc_dsc.dsc$a_pointer = (char *)opcdef_p;
-	opc_dsc.dsc$w_length = len + 8;
-
-	sys$sndopr(opc_dsc, 0);
-
-	Free(opcdef_p);
-}
-
-static void xcloselog(BIO* bp)
-{
-}
-
-#else /* Unix */
-
-static void xopenlog(BIO* bp, const char* name, int level)
-{
-	openlog(name, LOG_PID|LOG_CONS, level);
-}
-
-static void xsyslog(BIO *bp, int priority, const char *string)
-{
-	syslog(priority, "%s", string);
-}
-
-static void xcloselog(BIO* bp)
-{
+#else
 	closelog();
+#endif
+	return(1);
 }

-#endif /* Unix */
-
-#endif /* NO_SYSLOG */
+#endif
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -61,11 +61,11 @@
 #include "cryptlib.h"
 #include <openssl/bio.h>

-static int mem_write(BIO *h, const char *buf, int num);
-static int mem_read(BIO *h, char *buf, int size);
-static int mem_puts(BIO *h, const char *str);
-static int mem_gets(BIO *h, char *str, int size);
-static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int mem_write(BIO *h,char *buf,int num);
+static int mem_read(BIO *h,char *buf,int size);
+static int mem_puts(BIO *h,char *str);
+static int mem_gets(BIO *h,char *str,int size);
+static long mem_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int mem_new(BIO *h);
 static int mem_free(BIO *data);
 static BIO_METHOD mem_method=
@@ -170,7 +170,7 @@ static int mem_read(BIO *b, char *out, int outl)
 	return(ret);
 	}

-static int mem_write(BIO *b, const char *in, int inl)
+static int mem_write(BIO *b, char *in, int inl)
 	{
 	int ret= -1;
 	int blen;
@@ -198,7 +198,7 @@ end:
 	return(ret);
 	}

-static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long mem_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	long ret=1;
 	char **pptr;
@@ -300,7 +300,7 @@ static int mem_gets(BIO *bp, char *buf, int size)
 	return(ret);
 	}

-static int mem_puts(BIO *bp, const char *str)
+static int mem_puts(BIO *bp, char *str)
 	{
 	int n,ret;

--- a/crypto/bio/bss_null.c
+++ b/crypto/bio/bss_null.c
@@ -61,11 +61,11 @@
 #include "cryptlib.h"
 #include <openssl/bio.h>

-static int null_write(BIO *h, const char *buf, int num);
-static int null_read(BIO *h, char *buf, int size);
-static int null_puts(BIO *h, const char *str);
-static int null_gets(BIO *h, char *str, int size);
-static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int null_write(BIO *h,char *buf,int num);
+static int null_read(BIO *h,char *buf,int size);
+static int null_puts(BIO *h,char *str);
+static int null_gets(BIO *h,char *str,int size);
+static long null_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int null_new(BIO *h);
 static int null_free(BIO *data);
 static BIO_METHOD null_method=
@@ -106,12 +106,12 @@ static int null_read(BIO *b, char *out, int outl)
 	return(0);
 	}

-static int null_write(BIO *b, const char *in, int inl)
+static int null_write(BIO *b, char *in, int inl)
 	{
 	return(inl);
 	}

-static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long null_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	long ret=1;

@@ -142,7 +142,7 @@ static int null_gets(BIO *bp, char *buf, int size)
 	return(0);
 	}

-static int null_puts(BIO *bp, const char *str)
+static int null_puts(BIO *bp, char *str)
 	{
 	if (str == NULL) return(0);
 	return(strlen(str));
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@@ -65,19 +65,19 @@
 #include <openssl/bio.h>

 #ifndef BIO_FD
-static int sock_write(BIO *h, const char *buf, int num);
-static int sock_read(BIO *h, char *buf, int size);
-static int sock_puts(BIO *h, const char *str);
-static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int sock_write(BIO *h,char *buf,int num);
+static int sock_read(BIO *h,char *buf,int size);
+static int sock_puts(BIO *h,char *str);
+static long sock_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int sock_new(BIO *h);
 static int sock_free(BIO *data);
 int BIO_sock_should_retry(int s);
 #else

-static int fd_write(BIO *h, const char *buf, int num);
-static int fd_read(BIO *h, char *buf, int size);
-static int fd_puts(BIO *h, const char *str);
-static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int fd_write(BIO *h,char *buf,int num);
+static int fd_read(BIO *h,char *buf,int size);
+static int fd_puts(BIO *h,char *str);
+static long fd_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int fd_new(BIO *h);
 static int fd_free(BIO *data);
 int BIO_fd_should_retry(int s);
@@ -209,9 +209,9 @@ static int fd_read(BIO *b, char *out,int outl)
 	}

 #ifndef BIO_FD
-static int sock_write(BIO *b, const char *in, int inl)
+static int sock_write(BIO *b, char *in, int inl)
 #else
-static int fd_write(BIO *b, const char *in, int inl)
+static int fd_write(BIO *b, char *in, int inl)
 #endif
 	{
 	int ret;
@@ -237,9 +237,9 @@ static int fd_write(BIO *b, const char *in, int inl)
 	}

 #ifndef BIO_FD
-static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long sock_ctrl(BIO *b, int cmd, long num, char *ptr)
 #else
-static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long fd_ctrl(BIO *b, int cmd, long num, char *ptr)
 #endif
 	{
 	long ret=1;
@@ -313,9 +313,9 @@ static int sock_gets(BIO *bp, char *buf,int size)
 #endif

 #ifndef BIO_FD
-static int sock_puts(BIO *bp, const char *str)
+static int sock_puts(BIO *bp, char *str)
 #else
-static int fd_puts(BIO *bp, const char *str)
+static int fd_puts(BIO *bp, char *str)
 #endif
 	{
 	int n,ret;
--- a/crypto/bn/Makefile.ssl
+++ b/crypto/bn/Makefile.ssl
@@ -5,7 +5,6 @@
 DIR=	bn
 TOP=	../..
 CC=	cc
-CPP=    $(CC) -E
 INCLUDES= -I.. -I../../include
 CFLAG=-g
 INSTALL_PREFIX=
@@ -73,10 +72,10 @@ lib:	$(LIBOBJ)

 # elf
 asm/bn86-elf.o: asm/bn86unix.cpp
-	$(CPP) -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o
+	$(CPP) -DELF asm/bn86unix.cpp | as -o asm/bn86-elf.o

 asm/co86-elf.o: asm/co86unix.cpp
-	$(CPP) -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o
+	$(CPP) -DELF asm/co86unix.cpp | as -o asm/co86-elf.o

 # solaris
 asm/bn86-sol.o: asm/bn86unix.cpp
@@ -103,10 +102,10 @@ asm/bn86bsdi.o: asm/bn86unix.cpp
 asm/co86bsdi.o: asm/co86unix.cpp
 	$(CPP) -DBSDI asm/co86unix.cpp | sed 's/ :/:/' | as -o asm/co86bsdi.o

-asm/bn86unix.cpp: asm/bn-586.pl ../perlasm/x86asm.pl
+asm/bn86unix.cpp: asm/bn-586.pl
 	(cd asm; $(PERL) bn-586.pl cpp >bn86unix.cpp )

-asm/co86unix.cpp: asm/co-586.pl ../perlasm/x86asm.pl
+asm/co86unix.cpp: asm/co-586.pl
 	(cd asm; $(PERL) co-586.pl cpp >co86unix.cpp )

 asm/sparcv8.o: asm/sparcv8.S
--- a/crypto/bn/asm/bn-win32.asm
+++ b/crypto/bn/asm/bn-win32.asm
--- a/crypto/bn/asm/x86w16.asm
+++ b/crypto/bn/asm/x86w16.asm
@@ -0,0 +1,297 @@
+;	Static Name Aliases
+;
+	TITLE   bn_mulw.c
+	.8087
+F_TEXT	SEGMENT  WORD PUBLIC 'CODE'
+F_TEXT	ENDS
+_DATA	SEGMENT  WORD PUBLIC 'DATA'
+_DATA	ENDS
+_CONST	SEGMENT  WORD PUBLIC 'CONST'
+_CONST	ENDS
+_BSS	SEGMENT  WORD PUBLIC 'BSS'
+_BSS	ENDS
+DGROUP	GROUP	_CONST, _BSS, _DATA
+	ASSUME DS: DGROUP, SS: DGROUP
+F_TEXT      SEGMENT
+	ASSUME	CS: F_TEXT
+	PUBLIC	_bn_mul_add_words
+_bn_mul_add_words	PROC FAR
+; Line 58
+	push	bp
+	push	bx
+	push	si
+	push	di
+	push	ds
+	push	es
+	mov	bp,sp
+;	w = 26
+;	num = 24
+;	ap = 20
+;	rp = 16
+	xor	si,si			;c=0;
+	mov	di,WORD PTR [bp+16]	; load r
+	mov	ds,WORD PTR [bp+18]	; load r
+	mov	bx,WORD PTR [bp+20]	; load a
+	mov	es,WORD PTR [bp+22]	; load a
+	mov	cx,WORD PTR [bp+26]	; load w
+	mov	bp,WORD PTR [bp+24]	; load num
+
+	shr	bp,1	; div count by 4 and do groups of 4
+	shr	bp,1
+	je	$L555
+
+$L546:
+	mov	ax,cx
+	mul	WORD PTR es:[bx]	; w* *a
+	add	ax,WORD PTR ds:[di]	; + *r
+	adc	dx,0
+	adc	ax,si
+	adc	dx,0
+	mov	WORD PTR ds:[di],ax
+	mov	si,dx
+	;
+	mov	ax,cx
+	mul	WORD PTR es:[bx+2]	; w* *a
+	add	ax,WORD PTR ds:[di+2]	; + *r
+	adc	dx,0
+	adc	ax,si
+	adc	dx,0
+	mov	WORD PTR ds:[di+2],ax
+	mov	si,dx
+	;
+	mov	ax,cx
+	mul	WORD PTR es:[bx+4]	; w* *a
+	add	ax,WORD PTR ds:[di+4]	; + *r
+	adc	dx,0
+	adc	ax,si
+	adc	dx,0
+	mov	WORD PTR ds:[di+4],ax
+	mov	si,dx
+	;
+	mov	ax,cx
+	mul	WORD PTR es:[bx+6]	; w* *a
+	add	ax,WORD PTR ds:[di+6]	; + *r
+	adc	dx,0
+	adc	ax,si
+	adc	dx,0
+	mov	WORD PTR ds:[di+6],ax
+	mov	si,dx
+	;
+	add	bx,8
+	add	di,8
+	;
+	dec	bp
+	je	$L555
+	jmp	$L546
+;
+;
+$L555:
+	mov	bp,sp
+	mov	bp,WORD PTR [bp+24]	; load num
+	and	bp,3
+	dec	bp
+	js	$L547
+
+	mov	ax,cx
+	mul	WORD PTR es:[bx]	; w* *a
+	add	ax,WORD PTR ds:[di]	; + *r
+	adc	dx,0
+	adc	ax,si
+	adc	dx,0
+	mov	WORD PTR ds:[di],ax
+	mov	si,dx
+	dec	bp
+	js	$L547			; Note that we are now testing for -1
+	;
+	mov	ax,cx
+	mul	WORD PTR es:[bx+2]	; w* *a
+	add	ax,WORD PTR ds:[di+2]	; + *r
+	adc	dx,0
+	adc	ax,si
+	adc	dx,0
+	mov	WORD PTR ds:[di+2],ax
+	mov	si,dx
+	dec	bp
+	js	$L547
+	;
+	mov	ax,cx
+	mul	WORD PTR es:[bx+4]	; w* *a
+	add	ax,WORD PTR ds:[di+4]	; + *r
+	adc	dx,0
+	adc	ax,si
+	adc	dx,0
+	mov	WORD PTR ds:[di+4],ax
+	mov	si,dx
+$L547:
+	mov	ax,si
+	pop	es
+	pop	ds
+	pop	di
+	pop	si
+	pop	bx
+	pop	bp
+	ret	
+	nop	
+
+_bn_mul_add_words	ENDP
+	PUBLIC	_bn_mul_words
+_bn_mul_words	PROC FAR
+; Line 76
+	push	bp
+	push	bx
+	push	si
+	push	di
+	push	ds
+	push	es
+	xor	si,si
+	mov	bp,sp
+	mov	di,WORD PTR [bp+16]	; r
+	mov	ds,WORD PTR [bp+18]
+	mov	bx,WORD PTR [bp+20]	; a
+	mov	es,WORD PTR [bp+22]
+	mov	cx,WORD PTR [bp+26]	; w
+	mov	bp,WORD PTR [bp+24]	; num 
+$FC743:
+	mov	ax,cx
+	mul	WORD PTR es:[bx]
+	add	ax,si
+	adc	dx,0
+	mov	WORD PTR ds:[di],ax
+	mov	si,dx
+	dec	bp
+	je	$L764
+	;
+	mov	ax,cx
+	mul	WORD PTR es:[bx+2]
+	add	ax,si
+	adc	dx,0
+	mov	WORD PTR ds:[di+2],ax
+	mov	si,dx
+	dec	bp
+	je	$L764
+	;
+	mov	ax,cx
+	mul	WORD PTR es:[bx+4]
+	add	ax,si
+	adc	dx,0
+	mov	WORD PTR ds:[di+4],ax
+	mov	si,dx
+	dec	bp
+	je	$L764
+	;
+	mov	ax,cx
+	mul	WORD PTR es:[bx+6]
+	add	ax,si
+	adc	dx,0
+	mov	WORD PTR ds:[di+6],ax
+	mov	si,dx
+	dec	bp
+	je	$L764
+	;
+	add	bx,8
+	add	di,8
+	jmp	$FC743
+	nop
+$L764:
+	mov	ax,si
+	pop	es
+	pop	ds
+	pop	di
+	pop	si
+	pop	bx
+	pop	bp
+	ret	
+	nop	
+_bn_mul_words	ENDP
+	PUBLIC	_bn_sqr_words
+_bn_sqr_words	PROC FAR
+; Line 92
+	push	bp
+	push	bx
+	push	si
+	push	di
+	push	ds
+	push	es
+	mov	bp,sp
+	mov	si,WORD PTR [bp+16]
+	mov	ds,WORD PTR [bp+18]
+	mov	di,WORD PTR [bp+20]
+	mov	es,WORD PTR [bp+22]
+	mov	bx,WORD PTR [bp+24]
+
+	mov	bp,bx	; save a memory lookup later
+	shr	bx,1	; div count by 4 and do groups of 4
+	shr	bx,1
+	je	$L666
+
+$L765:
+	mov	ax,WORD PTR es:[di]
+	mul	ax
+	mov	WORD PTR ds:[si],ax
+	mov	WORD PTR ds:[si+2],dx
+	;
+	mov	ax,WORD PTR es:[di+2]
+	mul	ax
+	mov	WORD PTR ds:[si+4],ax
+	mov	WORD PTR ds:[si+6],dx
+	;
+	mov	ax,WORD PTR es:[di+4]
+	mul	ax
+	mov	WORD PTR ds:[si+8],ax
+	mov	WORD PTR ds:[si+10],dx
+	;
+	mov	ax,WORD PTR es:[di+6]
+	mul	ax
+	mov	WORD PTR ds:[si+12],ax
+	mov	WORD PTR ds:[si+14],dx
+	;
+	add	di,8
+	add	si,16
+	dec	bx
+	je	$L666
+	jmp	$L765
+$L666:
+	and	bp,3
+	dec	bp	; The copied value of bx (num)
+	js	$L645
+	;
+	mov	ax,WORD PTR es:[di]
+	mul	ax
+	mov	WORD PTR ds:[si],ax
+	mov	WORD PTR ds:[si+2],dx
+	dec	bp
+	js	$L645
+	;
+	mov	ax,WORD PTR es:[di+2]
+	mul	ax
+	mov	WORD PTR ds:[si+4],ax
+	mov	WORD PTR ds:[si+6],dx
+	dec	bp
+	js	$L645
+	;
+	mov	ax,WORD PTR es:[di+4]
+	mul	ax
+	mov	WORD PTR ds:[si+8],ax
+	mov	WORD PTR ds:[si+10],dx
+$L645:
+	pop	es
+	pop	ds
+	pop	di
+	pop	si
+	pop	bx
+	pop	bp
+	ret	
+
+_bn_sqr_words	ENDP
+	PUBLIC	_bn_div64
+_bn_div64	PROC FAR
+	push	bp
+	mov	bp,sp
+	mov	dx, WORD PTR [bp+6]
+	mov	ax, WORD PTR [bp+8]
+	div	WORD PTR [bp+10]
+	pop	bp
+	ret	
+_bn_div64	ENDP
+F_TEXT	ENDS
+END
--- a/crypto/bn/asm/x86w32.asm
+++ b/crypto/bn/asm/x86w32.asm
@@ -0,0 +1,360 @@
+;	Static Name Aliases
+;
+	TITLE   bn_mulw.c
+	.386
+F_TEXT	SEGMENT  WORD USE16 PUBLIC 'CODE'
+F_TEXT	ENDS
+_DATA	SEGMENT  WORD USE16 PUBLIC 'DATA'
+_DATA	ENDS
+_CONST	SEGMENT  WORD USE16 PUBLIC 'CONST'
+_CONST	ENDS
+_BSS	SEGMENT  WORD USE16 PUBLIC 'BSS'
+_BSS	ENDS
+DGROUP	GROUP	_CONST, _BSS, _DATA
+	ASSUME DS: DGROUP, SS: DGROUP
+F_TEXT      SEGMENT
+	ASSUME	CS: F_TEXT
+	PUBLIC	_bn_mul_add_words
+_bn_mul_add_words	PROC FAR
+; Line 58
+	push	bp
+	push	bx
+	push	esi
+	push	di
+	push	ds
+	push	es
+	mov	bp,sp
+;	w = 28
+;	num = 26
+;	ap = 22
+;	rp = 18
+	xor	esi,esi			;c=0;
+	mov	di,WORD PTR [bp+18]	; load r
+	mov	ds,WORD PTR [bp+20]	; load r
+	mov	bx,WORD PTR [bp+22]	; load a
+	mov	es,WORD PTR [bp+24]	; load a
+	mov	ecx,DWORD PTR [bp+28]	; load w
+	mov	bp,WORD PTR [bp+26]	; load num
+	shr	bp,1	; div count by 4 and do groups of 4
+	shr	bp,1
+	je	$L555
+
+$L546:
+	mov	eax,ecx
+	mul	DWORD PTR es:[bx]	; w* *a
+	add	eax,DWORD PTR ds:[di]	; + *r
+	adc	edx,0
+	adc	eax,esi
+	adc	edx,0
+	mov	DWORD PTR ds:[di],eax
+	mov	esi,edx
+	;
+	mov	eax,ecx
+	mul	DWORD PTR es:[bx+4]	; w* *a
+	add	eax,DWORD PTR ds:[di+4]	; + *r
+	adc	edx,0
+	adc	eax,esi
+	adc	edx,0
+	mov	DWORD PTR ds:[di+4],eax
+	mov	esi,edx
+	;
+	mov	eax,ecx
+	mul	DWORD PTR es:[bx+8]	; w* *a
+	add	eax,DWORD PTR ds:[di+8]	; + *r
+	adc	edx,0
+	adc	eax,esi
+	adc	edx,0
+	mov	DWORD PTR ds:[di+8],eax
+	mov	esi,edx
+	;
+	mov	eax,ecx
+	mul	DWORD PTR es:[bx+12]	; w* *a
+	add	eax,DWORD PTR ds:[di+12]	; + *r
+	adc	edx,0
+	adc	eax,esi
+	adc	edx,0
+	mov	DWORD PTR ds:[di+12],eax
+	mov	esi,edx
+	;
+	add	bx,16
+	add	di,16
+	;
+	dec	bp
+	je	$L555
+	jmp	$L546
+;
+;
+$L555:
+	mov	bp,sp
+	mov	bp,WORD PTR [bp+26]	; load num
+	and	bp,3
+	dec	bp
+	js	$L547m
+
+	mov	eax,ecx
+	mul	DWORD PTR es:[bx]	; w* *a
+	add	eax,DWORD PTR ds:[di]	; + *r
+	adc	edx,0
+	adc	eax,esi
+	adc	edx,0
+	mov	DWORD PTR ds:[di],eax
+	mov	esi,edx
+	dec	bp
+	js	$L547m			; Note that we are now testing for -1
+	;
+	mov	eax,ecx
+	mul	DWORD PTR es:[bx+4]	; w* *a
+	add	eax,DWORD PTR ds:[di+4]	; + *r
+	adc	edx,0
+	adc	eax,esi
+	adc	edx,0
+	mov	DWORD PTR ds:[di+4],eax
+	mov	esi,edx
+	dec	bp
+	js	$L547m
+	;
+	mov	eax,ecx
+	mul	DWORD PTR es:[bx+8]	; w* *a
+	add	eax,DWORD PTR ds:[di+8]	; + *r
+	adc	edx,0
+	adc	eax,esi
+	adc	edx,0
+	mov	DWORD PTR ds:[di+8],eax
+	mov	esi,edx
+$L547m:
+	mov	eax,esi
+	mov	edx,esi
+	shr	edx,16
+	pop	es
+	pop	ds
+	pop	di
+	pop	esi
+	pop	bx
+	pop	bp
+	ret	
+	nop	
+_bn_mul_add_words	ENDP
+
+	PUBLIC	_bn_mul_words
+_bn_mul_words	PROC FAR
+; Line 76
+	push	bp
+	push	bx
+	push	esi
+	push	di
+	push	ds
+	push	es
+	xor	esi,esi
+	mov	bp,sp
+	mov	di,WORD PTR [bp+18]	; r
+	mov	ds,WORD PTR [bp+20]
+	mov	bx,WORD PTR [bp+22]	; a
+	mov	es,WORD PTR [bp+24]
+	mov	ecx,DWORD PTR [bp+28]	; w
+	mov	bp,WORD PTR [bp+26]	; num 
+
+$FC743:
+	mov	eax,ecx
+	mul	DWORD PTR es:[bx]
+	add	eax,esi
+	adc	edx,0
+	mov	DWORD PTR ds:[di],eax
+	mov	esi,edx
+	dec	bp
+	je	$L764
+	;
+	mov	eax,ecx
+	mul	DWORD PTR es:[bx+4]
+	add	eax,esi
+	adc	edx,0
+	mov	DWORD PTR ds:[di+4],eax
+	mov	esi,edx
+	dec	bp
+	je	$L764
+	;
+	mov	eax,ecx
+	mul	DWORD PTR es:[bx+8]
+	add	eax,esi
+	adc	edx,0
+	mov	DWORD PTR ds:[di+8],eax
+	mov	esi,edx
+	dec	bp
+	je	$L764
+	;
+	mov	eax,ecx
+	mul	DWORD PTR es:[bx+12]
+	add	eax,esi
+	adc	edx,0
+	mov	DWORD PTR ds:[di+12],eax
+	mov	esi,edx
+	dec	bp
+	je	$L764
+	;
+	add	bx,16
+	add	di,16
+	jmp	$FC743
+	nop
+$L764:
+	mov	eax,esi
+	mov	edx,esi
+	shr	edx,16
+	pop	es
+	pop	ds
+	pop	di
+	pop	esi
+	pop	bx
+	pop	bp
+	ret	
+	nop	
+_bn_mul_words	ENDP
+	PUBLIC	_bn_sqr_words
+_bn_sqr_words	PROC FAR
+; Line 92
+	push	bp
+	push	bx
+	push	si
+	push	di
+	push	ds
+	push	es
+	mov	bp,sp
+	mov	si,WORD PTR [bp+16]
+	mov	ds,WORD PTR [bp+18]
+	mov	di,WORD PTR [bp+20]
+	mov	es,WORD PTR [bp+22]
+	mov	bx,WORD PTR [bp+24]
+
+	mov	bp,bx	; save a memory lookup later
+	shr	bx,1	; div count by 4 and do groups of 4
+	shr	bx,1
+	je	$L666
+
+$L765:
+	mov	eax,DWORD PTR es:[di]
+	mul	eax
+	mov	DWORD PTR ds:[si],eax
+	mov	DWORD PTR ds:[si+4],edx
+	;
+	mov	eax,DWORD PTR es:[di+4]
+	mul	eax
+	mov	DWORD PTR ds:[si+8],eax
+	mov	DWORD PTR ds:[si+12],edx
+	;
+	mov	eax,DWORD PTR es:[di+8]
+	mul	eax
+	mov	DWORD PTR ds:[si+16],eax
+	mov	DWORD PTR ds:[si+20],edx
+	;
+	mov	eax,DWORD PTR es:[di+12]
+	mul	eax
+	mov	DWORD PTR ds:[si+24],eax
+	mov	DWORD PTR ds:[si+28],edx
+	;
+	add	di,16
+	add	si,32
+	dec	bx
+	je	$L666
+	jmp	$L765
+$L666:
+	and	bp,3
+	dec	bp	; The copied value of bx (num)
+	js	$L645
+	;
+	mov	eax,DWORD PTR es:[di]
+	mul	eax
+	mov	DWORD PTR ds:[si],eax
+	mov	DWORD PTR ds:[si+4],edx
+	dec	bp
+	js	$L645
+	;
+	mov	eax,DWORD PTR es:[di+4]
+	mul	eax
+	mov	DWORD PTR ds:[si+8],eax
+	mov	DWORD PTR ds:[si+12],edx
+	dec	bp
+	js	$L645
+	;
+	mov	eax,DWORD PTR es:[di+8]
+	mul	eax
+	mov	DWORD PTR ds:[si+16],eax
+	mov	DWORD PTR ds:[si+20],edx
+$L645:
+	pop	es
+	pop	ds
+	pop	di
+	pop	si
+	pop	bx
+	pop	bp
+	ret	
+_bn_sqr_words	ENDP
+
+	PUBLIC	_bn_div64
+_bn_div64	PROC FAR
+	push	bp
+	mov	bp,sp
+	mov	edx, DWORD PTR [bp+6]
+	mov	eax, DWORD PTR [bp+10]
+	div	DWORD PTR [bp+14]
+	mov	edx,eax
+	shr	edx,16
+	pop	bp
+	ret	
+_bn_div64	ENDP
+
+	PUBLIC	_bn_add_words
+_bn_add_words	PROC FAR
+; Line 58
+	push	bp
+	push	bx
+	push	esi
+	push	di
+	push	ds
+	push	es
+	mov	bp,sp
+;	w = 28
+;	num = 26
+;	ap = 22
+;	rp = 18
+	xor	esi,esi			;c=0;
+	mov	bx,WORD PTR [bp+18]	; load low r
+	mov	si,WORD PTR [bp+22]	; load a
+	mov	es,WORD PTR [bp+24]	; load a
+	mov	di,WORD PTR [bp+26]	; load b
+	mov	ds,WORD PTR [bp+28]	; load b
+
+	mov	dx,WORD PTR [bp+30]	; load num
+	xor	ecx,ecx
+	dec	dx
+	js	$L547a
+
+$L5477:
+	mov	eax,DWORD PTR es:[si]	; *a
+	add	eax,ecx
+	mov	ecx,0
+	adc	ecx,0
+	add	si,4			; a++
+	add	eax,DWORD PTR ds:[di]	; + *b
+	adc	ecx,0
+	mov	ds,WORD PTR [bp+20]
+	add	di,4
+	mov	DWORD PTR ds:[bx],eax
+	mov	ds,WORD PTR [bp+28]
+	add	bx,4
+	dec	dx
+	js	$L547a			; Note that we are now testing for -1
+	jmp	$L5477
+	;
+$L547a:
+	mov	eax,ecx
+	mov	edx,ecx
+	shr	edx,16
+	pop	es
+	pop	ds
+	pop	di
+	pop	esi
+	pop	bx
+	pop	bp
+	ret	
+	nop	
+_bn_add_words	ENDP
+F_TEXT	ENDS
+END
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -89,7 +89,7 @@ extern "C" {
 * For machines with only one compiler (or shared libraries), this should
 * be on.  Again this in only really a problem on machines
 * using "long long's", are 32bit, and are not using my assembler code. */
-#if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux)
+#if defined(MSDOS) || defined(WINDOWS) || defined(linux)
 #define BN_DIV2W
 #endif

--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -54,8 +54,7 @@
 */

 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * made to it will be overwritten when the script next updates this file.
 */

 #include <stdio.h>
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -73,7 +73,6 @@ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
 			  BN_MONT_CTX *mont, BN_CTX *ctx)
 	{
 	BIGNUM *tmp,*tmp2;
-	int ret=0;

 	BN_CTX_start(ctx);
 	tmp = BN_CTX_get(ctx);
@@ -102,10 +101,10 @@ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
 		}
 	/* reduce from aRR to aR */
 	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
-	ret=1;
-err:
 	BN_CTX_end(ctx);
-	return(ret);
+	return(1);
+err:
+	return(0);
 	}

 int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -61,9 +61,6 @@
 #include "bn_lcl.h"

 #ifdef BN_RECURSION
-/* Karatsuba recursive multiplication algorithm
- * (cf. Knuth, The Art of Computer Programming, Vol. 2) */
-
 /* r is 2*n2 words in size,
 * a and b are both n2 words in size.
 * n2 must be a power of 2.
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -234,8 +234,7 @@ int main(int argc, char *argv[])
 /**/
 	exit(0);
 err:
-	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
-	                      * the failure, see test_bn in test/Makefile.ssl*/
+	BIO_puts(out,"1\n"); /* make sure bc fails if we are piping to it */
 	BIO_flush(out);
 	ERR_load_crypto_strings();
 	ERR_print_errors_fp(stderr);
--- a/crypto/buffer/buf_err.c
+++ b/crypto/buffer/buf_err.c
@@ -54,8 +54,7 @@
 */

 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * made to it will be overwritten when the script next updates this file.
 */

 #include <stdio.h>
--- a/crypto/cast/Makefile.ssl
+++ b/crypto/cast/Makefile.ssl
@@ -52,7 +52,7 @@ lib:	$(LIBOBJ)

 # elf
 asm/cx86-elf.o: asm/cx86unix.cpp
-	$(CPP) -DELF -x c asm/cx86unix.cpp | as -o asm/cx86-elf.o
+	$(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o

 # solaris
 asm/cx86-sol.o: asm/cx86unix.cpp
@@ -68,7 +68,7 @@ asm/cx86-out.o: asm/cx86unix.cpp
 asm/cx86bsdi.o: asm/cx86unix.cpp
 	$(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o

-asm/cx86unix.cpp: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+asm/cx86unix.cpp: asm/cast-586.pl
 	(cd asm; $(PERL) cast-586.pl cpp $(PROCESSOR) >cx86unix.cpp)

 files:
--- a/crypto/cast/Makefile.uni
+++ b/crypto/cast/Makefile.uni
@@ -0,0 +1,124 @@
+# Targets
+# make          - twidle the options yourself :-)
+# make cc       - standard cc options
+# make gcc      - standard gcc options
+# make x86-elf  - linux-elf etc
+# make x86-out  - linux-a.out, FreeBSD etc
+# make x86-solaris
+# make x86-bdsi
+
+# There are 3 possible performance options, experiment :-)
+#OPTS= -DBF_PTR
+#OPTS= -DBF_PTR2
+OPTS=
+
+DIR=    cast
+TOP=    .
+CC=     gcc
+CFLAG=	-O3 -fomit-frame-pointer
+
+CPP=    $(CC) -E
+INCLUDES=
+INSTALLTOP=/usr/local/lib
+MAKE=           make
+MAKEDEPEND=     makedepend
+MAKEFILE=       Makefile.uni
+AR=             ar r
+RANLIB=         ranlib
+
+CAST_ENC=c_enc.o
+# or use
+#CAST_ENC=asm/cx86-elf.o
+#CAST_ENC=asm/cx86-out.o
+#CAST_ENC=asm/cx86-sol.o
+#CAST_ENC=asm/cx86bdsi.o
+
+CFLAGS= $(OPTS) $(INCLUDES) $(CFLAG) -DFULL_TEST
+
+GENERAL=Makefile
+TEST=casttest
+APP1=cast_spd
+APP2=castopts
+APPS=$(APP1) $(APP2)
+
+LIB=libcast.a
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
+LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= cast.h
+HEADER= cast_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+all:    $(LIB) $(TEST) $(APPS)
+
+$(LIB):    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+# elf
+asm/cx86-elf.o: asm/cx86unix.cpp
+	$(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o
+
+# solaris
+asm/cx86-sol.o: asm/cx86unix.cpp
+	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+	as -o asm/cx86-sol.o asm/cx86-sol.s
+	rm -f asm/cx86-sol.s
+
+# a.out
+asm/cx86-out.o: asm/cx86unix.cpp
+	$(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+
+# bsdi
+asm/cx86bsdi.o: asm/cx86unix.cpp
+	$(CPP) -DBSDI asm/cx86unix.cpp | as -o asm/cx86bsdi.o
+
+asm/cx86unix.cpp:
+	(cd asm; perl cast-586.pl cpp >cx86unix.cpp)
+
+test:	$(TEST)
+	./$(TEST)
+
+$(TEST): $(TEST).c $(LIB)
+	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+
+$(APP1): $(APP1).c $(LIB)
+	$(CC) -o $(APP1) $(CFLAGS) $(APP1).c $(LIB)
+
+$(APP2): $(APP2).c $(LIB)
+	$(CC) -o $(APP2) $(CFLAGS) $(APP2).c $(LIB)
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+
+dclean:
+	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+cc:
+	$(MAKE) CC="cc" CFLAG="-O" all
+
+gcc:
+	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+
+x86-elf:
+	$(MAKE) CAST_ENC="asm/cx86-elf.o" CFLAG="-DELF $(CFLAGS)" all
+
+x86-out:
+	$(MAKE) CAST_ENC="asm/cx86-out.o" CFLAG="-DOUT $(CFLAGS)" all
+
+x86-solaris:
+	$(MAKE) CAST_ENC="asm/cx86-sol.o" CFLAG="-DSOL $(CFLAGS)" all
+
+x86-bdsi:
+	$(MAKE) CAST_ENC="asm/cx86-bdsi.o" CFLAG="-DBDSI $(CFLAGS)" all
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/crypto/cast/asm/c-win32.asm
+++ b/crypto/cast/asm/c-win32.asm
@@ -0,0 +1,953 @@
+	; Don't even think of reading this code
+	; It was automatically generated by cast-586.pl
+	; Which is a perl program used to generate the x86 assember for
+	; any of elf, a.out, BSDI,Win32, or Solaris
+	; eric <eay@cryptsoft.com>
+	; 
+	TITLE	cast-586.asm
+        .486
+.model FLAT
+_TEXT	SEGMENT
+PUBLIC	_CAST_encrypt
+EXTERN	_CAST_S_table0:DWORD
+EXTERN	_CAST_S_table1:DWORD
+EXTERN	_CAST_S_table2:DWORD
+EXTERN	_CAST_S_table3:DWORD
+
+_CAST_encrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	mov	ebx,		DWORD PTR 12[esp]
+	mov	ebp,		DWORD PTR 16[esp]
+	push	esi
+	push	edi
+	; Load the 2 words
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	; Get short key flag
+	mov	eax,		DWORD PTR 128[ebp]
+	push	eax
+	xor	eax,		eax
+	; round 0
+	mov	edx,		DWORD PTR [ebp]
+	mov	ecx,		DWORD PTR 4[ebp]
+	add	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	add	ecx,		ebx
+	xor	edi,		ecx
+	; round 1
+	mov	edx,		DWORD PTR 8[ebp]
+	mov	ecx,		DWORD PTR 12[ebp]
+	xor	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	xor	ecx,		ebx
+	xor	esi,		ecx
+	; round 2
+	mov	edx,		DWORD PTR 16[ebp]
+	mov	ecx,		DWORD PTR 20[ebp]
+	sub	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	sub	ecx,		ebx
+	xor	edi,		ecx
+	; round 3
+	mov	edx,		DWORD PTR 24[ebp]
+	mov	ecx,		DWORD PTR 28[ebp]
+	add	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	add	ecx,		ebx
+	xor	esi,		ecx
+	; round 4
+	mov	edx,		DWORD PTR 32[ebp]
+	mov	ecx,		DWORD PTR 36[ebp]
+	xor	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	xor	ecx,		ebx
+	xor	edi,		ecx
+	; round 5
+	mov	edx,		DWORD PTR 40[ebp]
+	mov	ecx,		DWORD PTR 44[ebp]
+	sub	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	sub	ecx,		ebx
+	xor	esi,		ecx
+	; round 6
+	mov	edx,		DWORD PTR 48[ebp]
+	mov	ecx,		DWORD PTR 52[ebp]
+	add	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	add	ecx,		ebx
+	xor	edi,		ecx
+	; round 7
+	mov	edx,		DWORD PTR 56[ebp]
+	mov	ecx,		DWORD PTR 60[ebp]
+	xor	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	xor	ecx,		ebx
+	xor	esi,		ecx
+	; round 8
+	mov	edx,		DWORD PTR 64[ebp]
+	mov	ecx,		DWORD PTR 68[ebp]
+	sub	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	sub	ecx,		ebx
+	xor	edi,		ecx
+	; round 9
+	mov	edx,		DWORD PTR 72[ebp]
+	mov	ecx,		DWORD PTR 76[ebp]
+	add	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	add	ecx,		ebx
+	xor	esi,		ecx
+	; round 10
+	mov	edx,		DWORD PTR 80[ebp]
+	mov	ecx,		DWORD PTR 84[ebp]
+	xor	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	xor	ecx,		ebx
+	xor	edi,		ecx
+	; round 11
+	mov	edx,		DWORD PTR 88[ebp]
+	mov	ecx,		DWORD PTR 92[ebp]
+	sub	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	sub	ecx,		ebx
+	xor	esi,		ecx
+	; test short key flag
+	pop	edx
+	or	edx,		edx
+	jnz	$L000cast_enc_done
+	; round 12
+	mov	edx,		DWORD PTR 96[ebp]
+	mov	ecx,		DWORD PTR 100[ebp]
+	add	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	add	ecx,		ebx
+	xor	edi,		ecx
+	; round 13
+	mov	edx,		DWORD PTR 104[ebp]
+	mov	ecx,		DWORD PTR 108[ebp]
+	xor	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	xor	ecx,		ebx
+	xor	esi,		ecx
+	; round 14
+	mov	edx,		DWORD PTR 112[ebp]
+	mov	ecx,		DWORD PTR 116[ebp]
+	sub	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	sub	ecx,		ebx
+	xor	edi,		ecx
+	; round 15
+	mov	edx,		DWORD PTR 120[ebp]
+	mov	ecx,		DWORD PTR 124[ebp]
+	add	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	add	ecx,		ebx
+	xor	esi,		ecx
+$L000cast_enc_done:
+	nop
+	mov	eax,		DWORD PTR 20[esp]
+	mov	DWORD PTR 4[eax],edi
+	mov	DWORD PTR [eax],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_CAST_encrypt ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_CAST_decrypt
+EXTERN	_CAST_S_table0:DWORD
+EXTERN	_CAST_S_table1:DWORD
+EXTERN	_CAST_S_table2:DWORD
+EXTERN	_CAST_S_table3:DWORD
+
+_CAST_decrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	mov	ebx,		DWORD PTR 12[esp]
+	mov	ebp,		DWORD PTR 16[esp]
+	push	esi
+	push	edi
+	; Load the 2 words
+	mov	edi,		DWORD PTR [ebx]
+	mov	esi,		DWORD PTR 4[ebx]
+	; Get short key flag
+	mov	eax,		DWORD PTR 128[ebp]
+	or	eax,		eax
+	jnz	$L001cast_dec_skip
+	xor	eax,		eax
+	; round 15
+	mov	edx,		DWORD PTR 120[ebp]
+	mov	ecx,		DWORD PTR 124[ebp]
+	add	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	add	ecx,		ebx
+	xor	edi,		ecx
+	; round 14
+	mov	edx,		DWORD PTR 112[ebp]
+	mov	ecx,		DWORD PTR 116[ebp]
+	sub	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	sub	ecx,		ebx
+	xor	esi,		ecx
+	; round 13
+	mov	edx,		DWORD PTR 104[ebp]
+	mov	ecx,		DWORD PTR 108[ebp]
+	xor	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	xor	ecx,		ebx
+	xor	edi,		ecx
+	; round 12
+	mov	edx,		DWORD PTR 96[ebp]
+	mov	ecx,		DWORD PTR 100[ebp]
+	add	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	add	ecx,		ebx
+	xor	esi,		ecx
+$L001cast_dec_skip:
+	; round 11
+	mov	edx,		DWORD PTR 88[ebp]
+	mov	ecx,		DWORD PTR 92[ebp]
+	sub	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	sub	ecx,		ebx
+	xor	edi,		ecx
+	; round 10
+	mov	edx,		DWORD PTR 80[ebp]
+	mov	ecx,		DWORD PTR 84[ebp]
+	xor	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	xor	ecx,		ebx
+	xor	esi,		ecx
+	; round 9
+	mov	edx,		DWORD PTR 72[ebp]
+	mov	ecx,		DWORD PTR 76[ebp]
+	add	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	add	ecx,		ebx
+	xor	edi,		ecx
+	; round 8
+	mov	edx,		DWORD PTR 64[ebp]
+	mov	ecx,		DWORD PTR 68[ebp]
+	sub	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	sub	ecx,		ebx
+	xor	esi,		ecx
+	; round 7
+	mov	edx,		DWORD PTR 56[ebp]
+	mov	ecx,		DWORD PTR 60[ebp]
+	xor	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	xor	ecx,		ebx
+	xor	edi,		ecx
+	; round 6
+	mov	edx,		DWORD PTR 48[ebp]
+	mov	ecx,		DWORD PTR 52[ebp]
+	add	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	add	ecx,		ebx
+	xor	esi,		ecx
+	; round 5
+	mov	edx,		DWORD PTR 40[ebp]
+	mov	ecx,		DWORD PTR 44[ebp]
+	sub	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	sub	ecx,		ebx
+	xor	edi,		ecx
+	; round 4
+	mov	edx,		DWORD PTR 32[ebp]
+	mov	ecx,		DWORD PTR 36[ebp]
+	xor	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	xor	ecx,		ebx
+	xor	esi,		ecx
+	; round 3
+	mov	edx,		DWORD PTR 24[ebp]
+	mov	ecx,		DWORD PTR 28[ebp]
+	add	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	add	ecx,		ebx
+	xor	edi,		ecx
+	; round 2
+	mov	edx,		DWORD PTR 16[ebp]
+	mov	ecx,		DWORD PTR 20[ebp]
+	sub	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	sub	ecx,		ebx
+	xor	esi,		ecx
+	; round 1
+	mov	edx,		DWORD PTR 8[ebp]
+	mov	ecx,		DWORD PTR 12[ebp]
+	xor	edx,		esi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	add	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	xor	ecx,		ebx
+	xor	edi,		ecx
+	; round 0
+	mov	edx,		DWORD PTR [ebp]
+	mov	ecx,		DWORD PTR 4[ebp]
+	add	edx,		edi
+	rol	edx,		cl
+	mov	ebx,		edx
+	xor	ecx,		ecx
+	mov	cl,		dh
+	and	ebx,		255
+	shr	edx,		16
+	xor	eax,		eax
+	mov	al,		dh
+	and	edx,		255
+	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
+	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
+	xor	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
+	sub	ecx,		ebx
+	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
+	add	ecx,		ebx
+	xor	esi,		ecx
+	nop
+	mov	eax,		DWORD PTR 20[esp]
+	mov	DWORD PTR 4[eax],edi
+	mov	DWORD PTR [eax],esi
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_CAST_decrypt ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_CAST_cbc_encrypt
+
+_CAST_cbc_encrypt PROC NEAR
+	; 
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	mov	ebp,		DWORD PTR 28[esp]
+	; getting iv ptr from parameter 4
+	mov	ebx,		DWORD PTR 36[esp]
+	mov	esi,		DWORD PTR [ebx]
+	mov	edi,		DWORD PTR 4[ebx]
+	push	edi
+	push	esi
+	push	edi
+	push	esi
+	mov	ebx,		esp
+	mov	esi,		DWORD PTR 36[esp]
+	mov	edi,		DWORD PTR 40[esp]
+	; getting encrypt flag from parameter 5
+	mov	ecx,		DWORD PTR 56[esp]
+	; get and push parameter 3
+	mov	eax,		DWORD PTR 48[esp]
+	push	eax
+	push	ebx
+	cmp	ecx,		0
+	jz	$L002decrypt
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	jz	$L003encrypt_finish
+L004encrypt_loop:
+	mov	ecx,		DWORD PTR [esi]
+	mov	edx,		DWORD PTR 4[esi]
+	xor	eax,		ecx
+	xor	ebx,		edx
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR 8[esp],eax
+	mov	DWORD PTR 12[esp],ebx
+	call	_CAST_encrypt
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L004encrypt_loop
+$L003encrypt_finish:
+	mov	ebp,		DWORD PTR 52[esp]
+	and	ebp,		7
+	jz	$L005finish
+	xor	ecx,		ecx
+	xor	edx,		edx
+	mov	ebp,		DWORD PTR $L006cbc_enc_jmp_table[ebp*4]
+	jmp	 ebp
+L007ej7:
+	xor	edx,		edx
+	mov	dh,		BYTE PTR 6[esi]
+	shl	edx,		8
+L008ej6:
+	mov	dh,		BYTE PTR 5[esi]
+L009ej5:
+	mov	dl,		BYTE PTR 4[esi]
+L010ej4:
+	mov	ecx,		DWORD PTR [esi]
+	jmp	$L011ejend
+L012ej3:
+	mov	ch,		BYTE PTR 2[esi]
+	xor	ecx,		ecx
+	shl	ecx,		8
+L013ej2:
+	mov	ch,		BYTE PTR 1[esi]
+L014ej1:
+	mov	cl,		BYTE PTR [esi]
+$L011ejend:
+	xor	eax,		ecx
+	xor	ebx,		edx
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR 8[esp],eax
+	mov	DWORD PTR 12[esp],ebx
+	call	_CAST_encrypt
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR [edi],eax
+	mov	DWORD PTR 4[edi],ebx
+	jmp	$L005finish
+$L002decrypt:
+	and	ebp,		4294967288
+	mov	eax,		DWORD PTR 16[esp]
+	mov	ebx,		DWORD PTR 20[esp]
+	jz	$L015decrypt_finish
+L016decrypt_loop:
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR 8[esp],eax
+	mov	DWORD PTR 12[esp],ebx
+	call	_CAST_decrypt
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	bswap	eax
+	bswap	ebx
+	mov	ecx,		DWORD PTR 16[esp]
+	mov	edx,		DWORD PTR 20[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	mov	DWORD PTR [edi],ecx
+	mov	DWORD PTR 4[edi],edx
+	mov	DWORD PTR 16[esp],eax
+	mov	DWORD PTR 20[esp],ebx
+	add	esi,		8
+	add	edi,		8
+	sub	ebp,		8
+	jnz	L016decrypt_loop
+$L015decrypt_finish:
+	mov	ebp,		DWORD PTR 52[esp]
+	and	ebp,		7
+	jz	$L005finish
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+	bswap	eax
+	bswap	ebx
+	mov	DWORD PTR 8[esp],eax
+	mov	DWORD PTR 12[esp],ebx
+	call	_CAST_decrypt
+	mov	eax,		DWORD PTR 8[esp]
+	mov	ebx,		DWORD PTR 12[esp]
+	bswap	eax
+	bswap	ebx
+	mov	ecx,		DWORD PTR 16[esp]
+	mov	edx,		DWORD PTR 20[esp]
+	xor	ecx,		eax
+	xor	edx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	mov	ebx,		DWORD PTR 4[esi]
+L017dj7:
+	ror	edx,		16
+	mov	BYTE PTR 6[edi],dl
+	shr	edx,		16
+L018dj6:
+	mov	BYTE PTR 5[edi],dh
+L019dj5:
+	mov	BYTE PTR 4[edi],dl
+L020dj4:
+	mov	DWORD PTR [edi],ecx
+	jmp	$L021djend
+L022dj3:
+	ror	ecx,		16
+	mov	BYTE PTR 2[edi],cl
+	shl	ecx,		16
+L023dj2:
+	mov	BYTE PTR 1[esi],ch
+L024dj1:
+	mov	BYTE PTR [esi],	cl
+$L021djend:
+	jmp	$L005finish
+$L005finish:
+	mov	ecx,		DWORD PTR 60[esp]
+	add	esp,		24
+	mov	DWORD PTR [ecx],eax
+	mov	DWORD PTR 4[ecx],ebx
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+$L006cbc_enc_jmp_table:
+	DD	0
+	DD	L014ej1
+	DD	L013ej2
+	DD	L012ej3
+	DD	L010ej4
+	DD	L009ej5
+	DD	L008ej6
+	DD	L007ej7
+L025cbc_dec_jmp_table:
+	DD	0
+	DD	L024dj1
+	DD	L023dj2
+	DD	L022dj3
+	DD	L020dj4
+	DD	L019dj5
+	DD	L018dj6
+	DD	L017dj7
+_CAST_cbc_encrypt ENDP
+_TEXT	ENDS
+END
--- a/crypto/cast/cast_lcl.h
+++ b/crypto/cast/cast_lcl.h
@@ -151,7 +151,7 @@
                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
                         *((c)++)=(unsigned char)(((l)     )&0xff))

-#if defined(WIN32) && defined(_MSC_VER)
+#if defined(WIN32)
 #define ROTL(a,n)     (_lrotl(a,n))
 #else
 #define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))
--- a/crypto/comp/comp.h
+++ b/crypto/comp/comp.h
@@ -2,12 +2,12 @@
 #ifndef HEADER_COMP_H
 #define HEADER_COMP_H

-#include <openssl/crypto.h>
-
 #ifdef  __cplusplus
 extern "C" {
 #endif

+#include <openssl/crypto.h>
+
 typedef struct comp_method_st
 	{
 	int type;		/* NID for compression library */
--- a/crypto/comp/comp_err.c
+++ b/crypto/comp/comp_err.c
@@ -54,8 +54,7 @@
 */

 /* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * made to it will be overwritten when the script next updates this file.
 */

 #include <stdio.h>
--- a/Show More
+++ b/Show More