This commit was manufactured by cvs2svn to create tag 'OpenSSL_0_9_6-beta2'.

This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_6-stable'.
2000-10-10 09:15:51 +00:00 · 2000-10-10 09:15:48 +00:00
364 changed files with 2406 additions and 16092 deletions
--- a/464
+++ b/464
@@ -2,468 +2,10 @@
 OpenSSL CHANGES
 _______________
- Changes between 0.9.6a and 0.9.6b  [9 Jul 2001]
+ Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
  *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
     to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
     Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
     PRNG state recovery was possible based on the output of
     one PRNG request appropriately sized to gain knowledge on
     'md' followed by enough consecutive 1-byte PRNG requests
     to traverse all of 'state'.
     1. When updating 'md_local' (the current thread's copy of 'md')
        during PRNG output generation, hash all of the previous
        'md_local' value, not just the half used for PRNG output.
     2. Make the number of bytes from 'state' included into the hash
        independent from the number of PRNG bytes requested.
     The first measure alone would be sufficient to avoid
     Markku-Juhani's attack.  (Actually it had never occurred
     to me that the half of 'md_local' used for chaining was the
     half from which PRNG output bytes were taken -- I had always
     assumed that the secret half would be used.)  The second
     measure makes sure that additional data from 'state' is never
     mixed into 'md_local' in small portions; this heuristically
     further strengthens the PRNG.
     [Bodo Moeller]
  *) Fix crypto/bn/asm/mips3.s.
     [Andy Polyakov]
  *) When only the key is given to "enc", the IV is undefined. Print out
     an error message in this case.
     [Lutz Jaenicke]
  *) Handle special case when X509_NAME is empty in X509 printing routines.
     [Steve Henson]
  *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
     positive and less than q.
     [Bodo Moeller]
  *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
     used: it isn't thread safe and the add_lock_callback should handle
     that itself.
     [Paul Rose <Paul.Rose@bridge.com>]
  *) Verify that incoming data obeys the block size in
     ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
     [Bodo Moeller]
  *) Fix OAEP check.
     [Ulf M<>ller, Bodo M<>ller]
  *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
     RSA encryption was accidentily removed in s3_srvr.c in OpenSSL 0.9.5
     when fixing the server behaviour for backwards-compatible 'client
     hello' messages.  (Note that the attack is impractical against
     SSL 3.0 and TLS 1.0 anyway because length and version checking
     means that the probability of guessing a valid ciphertext is
     around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
     paper.)
     Before 0.9.5, the countermeasure (hide the error by generating a
     random 'decryption result') did not work properly because
     ERR_clear_error() was missing, meaning that SSL_get_error() would
     detect the supposedly ignored error.
     Both problems are now fixed.
     [Bodo Moeller]
  *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
     (previously it was 1024).
     [Bodo Moeller]
  *) Fix for compatibility mode trust settings: ignore trust settings
     unless some valid trust or reject settings are present.
     [Steve Henson]
  *) Fix for blowfish EVP: its a variable length cipher.
     [Steve Henson]
  *) Fix various bugs related to DSA S/MIME verification. Handle missing
     parameters in DSA public key structures and return an error in the
     DSA routines if parameters are absent.
     [Steve Henson]
  *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
     in the current directory if neither $RANDFILE nor $HOME was set.
     RAND_file_name() in 0.9.6a returned NULL in this case.  This has
     caused some confusion to Windows users who haven't defined $HOME.
     Thus RAND_file_name() is changed again: e_os.h can define a
     DEFAULT_HOME, which will be used if $HOME is not set.
     For Windows, we use "C:"; on other platforms, we still require
     environment variables.
  *) Move 'if (!initialized) RAND_poll()' into regions protected by
     CRYPTO_LOCK_RAND.  This is not strictly necessary, but avoids
     having multiple threads call RAND_poll() concurrently.
     [Bodo Moeller]
  *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
     combination of a flag and a thread ID variable.
     Otherwise while one thread is in ssleay_rand_bytes (which sets the
     flag), *other* threads can enter ssleay_add_bytes without obeying
     the CRYPTO_LOCK_RAND lock (and may even illegaly release the lock
     that they do not hold after the first thread unsets add_do_not_lock).
     [Bodo Moeller]
  *) Change bctest again: '-x' expressions are not available in all
     versions of 'test'.
     [Bodo Moeller]
 Changes between 0.9.6 and 0.9.6a  [5 Apr 2001]
  *) Fix a couple of memory leaks in PKCS7_dataDecode()
     [Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>]
  *) Change Configure and Makefiles to provide EXE_EXT, which will contain
     the default extension for executables, if any.  Also, make the perl
     scripts that use symlink() to test if it really exists and use "cp"
     if it doesn't.  All this made OpenSSL compilable and installable in
     CygWin.
     [Richard Levitte]
  *) Fix for asn1_GetSequence() for indefinite length constructed data.
     If SEQUENCE is length is indefinite just set c->slen to the total
     amount of data available.
     [Steve Henson, reported by shige@FreeBSD.org]
     [This change does not apply to 0.9.7.]
  *) Change bctest to avoid here-documents inside command substitution
     (workaround for FreeBSD /bin/sh bug).
     For compatibility with Ultrix, avoid shell functions (introduced
     in the bctest version that searches along $PATH).
     [Bodo Moeller]
  *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes
     with des_encrypt() defined on some operating systems, like Solaris
     and UnixWare.
     [Richard Levitte]
  *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
     On the Importance of Eliminating Errors in Cryptographic
     Computations, J. Cryptology 14 (2001) 2, 101-119,
     http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
     [Ulf Moeller]
  *) MIPS assembler BIGNUM division bug fix. 
     [Andy Polyakov]
  *) Disabled incorrect Alpha assembler code.
     [Richard Levitte]
  *) Fix PKCS#7 decode routines so they correctly update the length
     after reading an EOC for the EXPLICIT tag.
     [Steve Henson]
     [This change does not apply to 0.9.7.]
  *) Fix bug in PKCS#12 key generation routines. This was triggered
     if a 3DES key was generated with a 0 initial byte. Include
     PKCS12_BROKEN_KEYGEN compilation option to retain the old
     (but broken) behaviour.
     [Steve Henson]
  *) Enhance bctest to search for a working bc along $PATH and print
     it when found.
     [Tim Rice <tim@multitalents.net> via Richard Levitte]
  *) Fix memory leaks in err.c: free err_data string if necessary;
     don't write to the wrong index in ERR_set_error_data.
     [Bodo Moeller]
  *) Implement ssl23_peek (analogous to ssl23_read), which previously
     did not exist.
     [Bodo Moeller]
  *) Replace rdtsc with _emit statements for VC++ version 5.
     [Jeremy Cooper <jeremy@baymoo.org>]
  *) Make it possible to reuse SSLv2 sessions.
     [Richard Levitte]
  *) In copy_email() check for >= 0 as a return value for
     X509_NAME_get_index_by_NID() since 0 is a valid index.
     [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
  *) Avoid coredump with unsupported or invalid public keys by checking if
     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
     PKCS7_verify() fails with non detached data.
     [Steve Henson]
  *) Don't use getenv in library functions when run as setuid/setgid.
     New function OPENSSL_issetugid().
     [Ulf Moeller]
  *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
     due to incorrect handling of multi-threading:
     1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
     2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
     3. Count how many times MemCheck_off() has been called so that
        nested use can be treated correctly.  This also avoids 
        inband-signalling in the previous code (which relied on the
        assumption that thread ID 0 is impossible).
     [Bodo Moeller]
  *) Add "-rand" option also to s_client and s_server.
     [Lutz Jaenicke]
  *) Fix CPU detection on Irix 6.x.
     [Kurt Hockenbury <khockenb@stevens-tech.edu> and
      "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
  *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
     was empty.
     [Steve Henson]
     [This change does not apply to 0.9.7.]
  *) Use the cached encoding of an X509_NAME structure rather than
     copying it. This is apparently the reason for the libsafe "errors"
     but the code is actually correct.
     [Steve Henson]
  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
     Bleichenbacher's DSA attack.
     Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
     to be set and top=0 forces the highest bit to be set; top=-1 is new
     and leaves the highest bit random.
     [Ulf Moeller, Bodo Moeller]
  *) In the NCONF_...-based implementations for CONF_... queries
     (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
     a temporary CONF structure with the data component set to NULL
     (which gives segmentation faults in lh_retrieve).
     Instead, use NULL for the CONF pointer in CONF_get_string and
     CONF_get_number (which may use environment variables) and directly
     return NULL from CONF_get_section.
     [Bodo Moeller]
  *) Fix potential buffer overrun for EBCDIC.
     [Ulf Moeller]
  *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
     keyUsage if basicConstraints absent for a CA.
     [Steve Henson]
  *) Make SMIME_write_PKCS7() write mail header values with a format that
     is more generally accepted (no spaces before the semicolon), since
     some programs can't parse those values properly otherwise.  Also make
     sure BIO's that break lines after each write do not create invalid
     headers.
     [Richard Levitte]
  *) Make the CRL encoding routines work with empty SEQUENCE OF. The
     macros previously used would not encode an empty SEQUENCE OF
     and break the signature.
     [Steve Henson]
     [This change does not apply to 0.9.7.]
  *) Zero the premaster secret after deriving the master secret in
     DH ciphersuites.
     [Steve Henson]
  *) Add some EVP_add_digest_alias registrations (as found in
     OpenSSL_add_all_digests()) to SSL_library_init()
     aka OpenSSL_add_ssl_algorithms().  This provides improved
     compatibility with peers using X.509 certificates
     with unconventional AlgorithmIdentifier OIDs.
     [Bodo Moeller]
  *) Fix for Irix with NO_ASM.
     ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
  *) ./config script fixes.
     [Ulf Moeller, Richard Levitte]
  *) Fix 'openssl passwd -1'.
     [Bodo Moeller]
  *) Change PKCS12_key_gen_asc() so it can cope with non null
     terminated strings whose length is passed in the passlen
     parameter, for example from PEM callbacks. This was done
     by adding an extra length parameter to asc2uni().
     [Steve Henson, reported by <oddissey@samsung.co.kr>]
  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
     call failed, free the DSA structure.
     [Bodo Moeller]
  *) Fix to uni2asc() to cope with zero length Unicode strings.
     These are present in some PKCS#12 files.
     [Steve Henson]
  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
     when writing a 32767 byte record.
     [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
     (RSA objects have a reference count access to which is protected
     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
     so they are meant to be shared between threads.)
     [Bodo Moeller, Geoff Thorpe; original patch submitted by
     "Reddie, Steven" <Steven.Reddie@ca.com>]
  *) Fix a deadlock in CRYPTO_mem_leaks().
     [Bodo Moeller]
  *) Use better test patterns in bntest.
     [Ulf M<>ller]
  *) rand_win.c fix for Borland C.
     [Ulf M<>ller]
  *) BN_rshift bugfix for n == 0.
     [Bodo Moeller]
  *) Add a 'bctest' script that checks for some known 'bc' bugs
     so that 'make test' does not abort just because 'bc' is broken.
     [Bodo Moeller]
  *) Store verify_result within SSL_SESSION also for client side to
     avoid potential security hole. (Re-used sessions on the client side
     always resulted in verify_result==X509_V_OK, not using the original
     result of the server certificate verification.)
     [Lutz Jaenicke]
  *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
     SSL3_RT_APPLICATION_DATA, return 0.
     Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
     [Bodo Moeller]
  *) Fix SSL_peek:
     Both ssl2_peek and ssl3_peek, which were totally broken in earlier
     releases, have been re-implemented by renaming the previous
     implementations of ssl2_read and ssl3_read to ssl2_read_internal
     and ssl3_read_internal, respectively, and adding 'peek' parameters
     to them.  The new ssl[23]_{read,peek} functions are calls to
     ssl[23]_read_internal with the 'peek' flag set appropriately.
     A 'peek' parameter has also been added to ssl3_read_bytes, which
     does the actual work for ssl3_read_internal.
     [Bodo Moeller]
  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
     the method-specific "init()" handler. Also clean up ex_data after
     calling the method-specific "finish()" handler. Previously, this was
     happening the other way round.
     [Geoff Thorpe]
  *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
     The previous value, 12, was not always sufficient for BN_mod_exp().
     [Bodo Moeller]
  *) Make sure that shared libraries get the internal name engine with
     the full version number and not just 0.  This should mark the
     shared libraries as not backward compatible.  Of course, this should
     be changed again when we can guarantee backward binary compatibility.
     [Richard Levitte]
  *) Fix typo in get_cert_by_subject() in by_dir.c
     [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
  *) Rework the system to generate shared libraries:
     - Make note of the expected extension for the shared libraries and
       if there is a need for symbolic links from for example libcrypto.so.0
       to libcrypto.so.0.9.7.  There is extended info in Configure for
       that.
     - Make as few rebuilds of the shared libraries as possible.
     - Still avoid linking the OpenSSL programs with the shared libraries.
     - When installing, install the shared libraries separately from the
       static ones.
     [Richard Levitte]
  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
     and not in SSL_clear because the latter is also used by the
     accept/connect functions; previously, the settings made by
     SSL_set_read_ahead would be lost during the handshake.
     [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]     
  *) Correct util/mkdef.pl to be selective about disabled algorithms.
     Previously, it would create entries for disableed algorithms no
     matter what.
     [Richard Levitte]
  *) Added several new manual pages for SSL_* function.
     [Lutz Jaenicke]
 Changes between 0.9.5a and 0.9.6  [24 Sep 2000]
  *) In ssl23_get_client_hello, generate an error message when faced
     with an initial SSL 3.0/TLS record that is too small to contain the
     first two bytes of the ClientHello message, i.e. client_version.
     (Note that this is a pathologic case that probably has never happened
     in real life.)  The previous approach was to use the version number
     from the record header as a substitute; but our protocol choice
     should not depend on that one because it is not authenticated
     by the Finished messages.
     [Bodo Moeller]
  *) More robust randomness gathering functions for Windows.
     [Jeffrey Altman <jaltman@columbia.edu>]
  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
     not set then we don't setup the error code for issuer check errors
     to avoid possibly overwriting other errors which the callback does
     handle. If an application does set the flag then we assume it knows
     what it is doing and can handle the new informational codes
     appropriately.
     [Steve Henson]
  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
     a general "ANY" type, as such it should be able to decode anything
     including tagged types. However it didn't check the class so it would
     wrongly interpret tagged types in the same way as their universal
     counterpart and unknown types were just rejected. Changed so that the
     tagged and unknown types are handled in the same way as a SEQUENCE:
     that is the encoding is stored intact. There is also a new type
     "V_ASN1_OTHER" which is used when the class is not universal, in this
     case we have no idea what the actual type is so we just lump them all
     together.
     [Steve Henson]
  *) On VMS, stdout may very well lead to a file that is written to
     in a record-oriented fashion.  That means that every write() will
     write a separate record, which will be read separately by the
     programs trying to read from it.  This can be very confusing.
     The solution is to put a BIO filter in the way that will buffer
     text until a linefeed is reached, and then write everything a
     line at a time, so every record written will be an actual line,
     not chunks of lines and not (usually doesn't happen, but I've
     seen it once) several lines in one record.  BIO_f_linebuffer() is
     the answer.
     Currently, it's a VMS-only method, because that's where it has
     been tested well enough.
     [Richard Levitte]
  *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
     it can return incorrect results.
     (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
     but it was in 0.9.6-beta[12].)
     [Bodo Moeller]
  *) Disable the check for content being present when verifying detached
     signatures in pk7_smime.c. Some versions of Netscape (wrongly)
     include zero length content when signing messages.
     [Steve Henson]
  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
     BIO_ctrl (for BIO pairs).
     [Bodo M<>ller]
  *) Add DSO method for VMS.
     [Richard Levitte]
@@ -697,7 +239,7 @@
     [Steve Henson]
  *) Changes needed for Tandem NSK.
-     [Scott Uroff <scott@xypro.com>]
+     [Scott Uroff scott@xypro.com]
  *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
     RSA_padding_check_SSLv23(), special padding was never detected
@@ -2475,7 +2017,7 @@
                                     copied!)
     [Bodo Moeller]
-  *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
+  *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode
     worked.
  *) Fix problems with no-hmac etc.
--- a/189
+++ b/189
@@ -10,7 +10,7 @@ use strict;
 # see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
 # Options:
 #
@@ -23,20 +23,11 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               default).  This needn't be set in advance, you can
 #               just as well use "make INSTALL_PREFIX=/whatever install".
 #
 # no-hw-xxx     do not compile support for specific crypto hardware.
 #               Generic OpenSSL-style methods relating to this support
 #               are always compiled but return NULL if the hardware
 #               support isn't compiled.
 # no-hw         do not compile support for any crypto hardware.
 # rsaref        use RSAref
 # [no-]threads  [don't] try to create a library that is suitable for
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
 # [no-]shared	[don't] try to create shared libraries when supported.
 #               IT IS NOT RECOMMENDED TO USE "shared"!  Since this is a
 #               development branch, the positions of the ENGINE symbols
 #               in the transfer vector are constantly moving, so binary
 #               backward compatibility can't be guaranteed in any way.
 # no-asm        do not use assembler
 # no-dso        do not compile in any native shared-library methods. This
 #               will ensure that all methods just return NULL.
@@ -98,11 +89,6 @@ my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm
 my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
 my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
 my $mips3_irix_asm="asm/mips3.o::::::::";
 # There seems to be boundary faults in asm/alpha.s.
 #my $alpha_asm="asm/alpha.o::::::::";
 my $alpha_asm="::::::::";
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
@@ -141,35 +127,32 @@ my %table=(
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC",
 #### Solaris x86 with Sun C setups
 "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC",
 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC",
 ####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC",
 #### SPARC Linux setups
 "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
@@ -195,11 +178,11 @@ my %table=(
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -233,16 +216,16 @@ my %table=(
 # Since there is mention of this in shlib/hpux10-cc.sh
 "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
 # Chris Ruemmler <ruemmler@cup.hp.com>
 # Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldl:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dl",
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
@@ -273,16 +256,13 @@ my %table=(
 #"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
 # Use unified settings above instead.
 #### HP MPE/iX http://jazz.external.hp.com/src/openssl/
 "MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared",
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
-"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
@@ -297,32 +277,31 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
 # assembler versions -- currently defunct:
-##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
 "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
@@ -332,27 +311,18 @@ my %table=(
 "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
 # Linux on ARM
-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC",
-# UnixWare 2.0x fails destest with -O
+# UnixWare 2.0
-"unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 # UnixWare 2.1
 "unixware-2.1","cc:-O -DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
 "unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 "unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 # UnixWare 7
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 "unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 "unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 # IBM's AIX.
 "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
 "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
 "aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
 #
 # Cray T90 (SDSC)
@@ -379,16 +349,12 @@ my %table=(
 # DGUX, 88100.
 "dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
 "dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 # SCO 3 - Tim Rice <tim@multitalents.net>
 "sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
 "sco5-cc",  "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 # Sinix/ReliantUNIX RM400
@@ -428,10 +394,10 @@ my %table=(
 ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",
 # Some OpenBSD from Bob Beck <beck@obtuse.com>
-"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn",
-"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
-"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
 ##### MacOS X (a.k.a. Rhapsody) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -446,7 +412,6 @@ my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
 my $prefix="";
 my $openssldir="";
 my $exe_ext="";
 my $install_prefix="";
 my $no_threads=0;
 my $no_shared=1;
@@ -474,10 +439,10 @@ my $md5_obj="";
 my $sha1_obj="";
 my $rmd160_obj="";
 my $processor="";
-my $default_ranlib;
+my $ranlib;
 my $perl;
-$default_ranlib= &which("ranlib") or $default_ranlib="true";
+$ranlib=&which("ranlib") or $ranlib="true";
 $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
  or $perl="perl";
@@ -522,18 +487,6 @@ PROCESS_ARGS:
 			$flags .= "-DNO_ASM ";
 			$openssl_other_defines .= "#define NO_ASM\n";
 			}
 		elsif (/^no-hw-(.+)$/)
 			{
 			my $hw=$1;
 			$hw =~ tr/[a-z]/[A-Z]/;
 			$flags .= "-DNO_HW_$hw ";
 			$openssl_other_defines .= "#define NO_HW_$hw\n";
 			}
 		elsif (/^no-hw$/)
 			{
 			$flags .= "-DNO_HW ";
 			$openssl_other_defines .= "#define NO_HW\n";
 			}
 		elsif (/^no-dso$/)
 			{ $no_dso=1; }
 		elsif (/^no-threads$/)
@@ -663,7 +616,6 @@ print "Configuring for $target\n";
 my $IsWindows=scalar grep /^$target$/,@WinTargets;
 $exe_ext=".exe" if ($target eq "CygWin32");
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";
@@ -677,8 +629,8 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
 print "IsWindows=$IsWindows\n";
 (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
- $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $shared_extension,my $ranlib)=
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
-	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+	split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
 $cflags="$flags$cflags" if ($flags ne "");
 # The DSO code currently always implements all functions so that no
@@ -753,27 +705,17 @@ if ($threads)
 	}
 # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
-my $shared_mark = "";
+my $shared_mark1 = "";
-if ($shared_target ne "")
+my $shared_mark2 = "";
-	{
+if ($shared_cflag ne "")
 	if ($shared_cflag ne "")
 	{
 	$cflags = "$shared_cflag $cflags";
 		}
 	if (!$no_shared)
 		{
-		#$shared_mark = "\$(SHARED_LIBS)";
+		$shared_mark1 = ".shlib-clean.";
 		$shared_mark2 = ".shlib.";
 		}
 	}
 else
 	{
 	$no_shared = 1;
 	}
 if ($ranlib eq "")
 	{
 	$ranlib = $default_ranlib;
 	}
 #my ($bn1)=split(/\s+/,$bn_obj);
 #$bn1 = "" unless defined $bn1;
@@ -855,7 +797,6 @@ while (<IN>)
 	s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
 	s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
 	s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
 	s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
 	s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
 	s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
 	s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
@@ -866,7 +807,6 @@ while (<IN>)
 	s/^CFLAG=.*$/CFLAG= $cflags/;
 	s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
 	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
 	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
 	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
@@ -880,9 +820,9 @@ while (<IN>)
 	s/^RANLIB=.*/RANLIB= $ranlib/;
 	s/^PERL=.*/PERL= $perl/;
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
-	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
+	s/^SHLIB_MARK1=.*/SHLIB_MARK1=$shared_mark1/;
-	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+	s/^SHLIB_MARK2=.*/SHLIB_MARK2=$shared_mark2/;
-	s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.so.\$(SHLIB_MAJOR) .so/ if ($shared_extension ne "" && $shared_extension !~ /^\.s[ol]$/);
+	s/^LIBS=.*/LIBS=libcrypto\.so\* libssl\.so\*/ if (!$no_shared);
 	print OUT $_."\n";
 	}
 close(IN);
@@ -1169,9 +1109,8 @@ sub print_table_entry
 	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
 	my $bn_obj,my $des_obj,my $bf_obj,
 	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
-	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
+	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
-	my $shared_extension,my $ranlib)=
+	split(/\s*:\s*/,$table{$target} . ":" x 22 , -1);
 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 	print <<EOF
@@ -1194,7 +1133,5 @@ sub print_table_entry
 \$dso_scheme   = $dso_scheme
 \$shared_target= $shared_target
 \$shared_cflag = $shared_cflag
 \$shared_extension = $shared_extension
 \$ranlib       = $ranlib
 EOF
 	}
--- a/479
+++ b/479
@@ -1,23 +1,20 @@
 OpenSSL  -  Frequently Asked Questions
 --------------------------------------
 [MISC] Miscellaneous questions
 * Which is the current version of OpenSSL?
 * Where is the documentation?
 * How can I contact the OpenSSL developers?
 * Where can I get a compiled version of OpenSSL?
 * Why aren't tools like 'autoconf' and 'libtool' used?
 [LEGAL] Legal questions
 * Do I need patent licenses to use OpenSSL?
-* Can I use OpenSSL with GPL software? 
+* Is OpenSSL thread-safe?
 [USER] Questions on using the OpenSSL applications
 * Why do I get a "PRNG not seeded" error message?
-* Why do I get an "unable to write 'random state'" error message?
+* Why does the linker complain about undefined symbols?
 * Where can I get a compiled version of OpenSSL?
 * I've compiled a program under Windows and it crashes: why?
 * How do I read or write a DER encoded buffer using the ASN1 functions?
 * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
 * I've called <some function> and it fails, why?
 * I just get a load of numbers for the error output, what do they mean?
 * Why do I get errors about unknown algorithms?
 * How do I create certificates or certificate requests?
 * Why can't I create certificate requests?
 * Why does <SSL program> fail with a certificate verify error?
@@ -25,39 +22,17 @@ OpenSSL  -  Frequently Asked Questions
 * How can I create DSA certificates?
 * Why can't I make an SSL connection using a DSA certificate?
 * How can I remove the passphrase on a private key?
-* Why can't I use OpenSSL certificates with SSL client authentication?
+* Why can't the OpenSSH configure script detect OpenSSL?
 * Why does my browser give a warning about a mismatched hostname?
 [BUILD] Questions about building and testing OpenSSL
 * Why does the linker complain about undefined symbols?
 * Why does the OpenSSL test fail with "bc: command not found"?
 * Why does the OpenSSL test fail with "bc: 1 no implemented"?
 * Why does the OpenSSL compilation fail on Alpha True64 Unix?
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 * Why does the OpenSSL compilation fail on Win32 with VC++?
 [PROG] Questions about programming with OpenSSL
 * Is OpenSSL thread-safe?
 * I've compiled a program under Windows and it crashes: why?
 * How do I read or write a DER encoded buffer using the ASN1 functions?
 * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
 * I've called <some function> and it fails, why?
 * I just get a load of numbers for the error output, what do they mean?
 * Why do I get errors about unknown algorithms?
 * Why can't the OpenSSH configure script detect OpenSSL?
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 * Why doesn't my server application receive a client certificate?
 ===============================================================================
 [MISC] ========================================================================
 * Which is the current version of OpenSSL?
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6b was released on July 9th, 2001.
+OpenSSL 0.9.5a was released on April 1st, 2000.
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -103,27 +78,6 @@ OpenSSL.  Information on the OpenSSL mailing lists is available from
 <URL: http://www.openssl.org>.
 * Where can I get a compiled version of OpenSSL?
 Some applications that use OpenSSL are distributed in binary form.
 When using such an application, you don't need to install OpenSSL
 yourself; the application will include the required parts (e.g. DLLs).
 If you want to install OpenSSL on a Windows system and you don't have
 a C compiler, read the "Mingw32" section of INSTALL.W32 for information
 on how to obtain and install the free GNU C compiler.
 A number of Linux and *BSD distributions include OpenSSL.
 * Why aren't tools like 'autoconf' and 'libtool' used?
 autoconf will probably be used in future OpenSSL versions. If it was
 less Unix-centric, it might have been used much earlier.
 [LEGAL] =======================================================================
 * Do I need patent licenses to use OpenSSL?
 The patents section of the README file lists patents that may apply to
@@ -135,25 +89,17 @@ You can configure OpenSSL so as not to use RC5 and IDEA by using
 ./config no-rc5 no-idea
-* Can I use OpenSSL with GPL software?
+* Is OpenSSL thread-safe?
-On many systems including the major Linux and BSD distributions, yes (the
+Yes (with limitations: an SSL connection may not concurrently be used
-GPL does not place restrictions on using libraries that are part of the
+by multiple threads).  On Windows and many Unix systems, OpenSSL
-normal operating system distribution).
+automatically uses the multi-threaded versions of the standard
 libraries.  If your platform is not one of these, consult the INSTALL
 file.
-On other systems, the situation is less clear. Some GPL software copyright
+Multi-threaded applications must provide two callback functions to
-holders claim that you infringe on their rights if you use OpenSSL with
+OpenSSL.  This is described in the threads(3) manpage.
 their software on operating systems that don't normally include OpenSSL.
 If you develop open source software that uses OpenSSL, you may find it
 useful to choose an other license than the GPL, or state explicitely that
 "This program is released under the GPL with the additional exemption that
 compiling, linking, and/or using OpenSSL is allowed."  If you are using
 GPL software developed by others, you may want to ask the copyright holder
 for permission to use their software with OpenSSL.
 [USER] ========================================================================
 * Why do I get a "PRNG not seeded" error message?
@@ -162,7 +108,6 @@ correctly.  Many open source operating systems provide a "randomness
 device" that serves this purpose.  On other systems, applications have
 to call the RAND_add() or RAND_seed() function with appropriate data
 before generating keys or performing public key encryption.
 (These functions initialize the pseudo-random number generator, PRNG.)
 Some broken applications do not do this.  As of version 0.9.5, the
 OpenSSL functions that need randomness report an error if the random
@@ -172,152 +117,27 @@ application you are using.  It is likely that it never worked
 correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
 to perform potentially insecure encryption.
-On systems without /dev/urandom and /dev/random, it is a good idea to
+On systems without /dev/urandom, it is a good idea to use the Entropy
-use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+Gathering Demon; see the RAND_egd() manpage for details.
 details.  Starting with version 0.9.7, OpenSSL will automatically look
 for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
 /etc/entropy.
-Most components of the openssl command line utility automatically try
+Most components of the openssl command line tool try to use the
-to seed the random number generator from a file.  The name of the
+file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
-default seeding file is determined as follows: If environment variable
+for seeding the PRNG.  If this file does not exist or is too short,
-RANDFILE is set, then it names the seeding file.  Otherwise if
+the "PRNG not seeded" error message may occur.
 environment variable HOME is set, then the seeding file is $HOME/.rnd.
 If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
 use file .rnd in the current directory while OpenSSL 0.9.6a uses no
 default seeding file at all.  OpenSSL 0.9.6b and later will behave
 similarly to 0.9.6a, but will use a default of "C:" for HOME on
 Windows systems if the environment variable has not been set.
-If the default seeding file does not exist or is too short, the "PRNG
+[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
-not seeded" error message may occur.
+0.9.5 does not do this and will fail on systems without /dev/urandom
-
+when trying to password-encrypt an RSA key!  This is a bug in the
-The openssl command line utility will write back a new state to the
+library; try a later version instead.]
 default seeding file (and create this file if necessary) unless
 there was no sufficient seeding.
 Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
 Use the "-rand" option of the OpenSSL command line tools instead.
 The $RANDFILE environment variable and $HOME/.rnd are only used by the
 OpenSSL command line tools. Applications using the OpenSSL library
 provide their own configuration options to specify the entropy source,
 please check out the documentation coming the with application.
 For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
 installing the SUNski package from Sun patch 105710-01 (Sparc) which
 adds a /dev/random device and make sure it gets used, usually through
 $RANDFILE.  There are probably similar patches for the other Solaris
 versions.  However, be warned that /dev/random is usually a blocking
-device, which may have some effects on OpenSSL.
+device, which may have som effects on OpenSSL.
 * Why do I get an "unable to write 'random state'" error message?
 Sometimes the openssl command line utility does not abort with
 a "PRNG not seeded" error message, but complains that it is
 "unable to write 'random state'".  This message refers to the
 default seeding file (see previous answer).  A possible reason
 is that no default filename is known because neither RANDFILE
 nor HOME is set.  (Versions up to 0.9.6 used file ".rnd" in the
 current directory in this case, but this has changed with 0.9.6a.)
 * How do I create certificates or certificate requests?
 Check out the CA.pl(1) manual page. This provides a simple wrapper round
 the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
 out the manual pages for the individual utilities and the certificate
 extensions documentation (currently in doc/openssl.txt).
 * Why can't I create certificate requests?
 You typically get the error:
 	unable to find 'distinguished_name' in config
 	problems making Certificate Request
 This is because it can't find the configuration file. Check out the
 DIAGNOSTICS section of req(1) for more information.
 * Why does <SSL program> fail with a certificate verify error?
 This problem is usually indicated by log messages saying something like
 "unable to get local issuer certificate" or "self signed certificate".
 When a certificate is verified its root CA must be "trusted" by OpenSSL
 this typically means that the CA certificate must be placed in a directory
 or file and the relevant program configured to read it. The OpenSSL program
 'verify' behaves in a similar way and issues similar error messages: check
 the verify(1) program manual page for more information.
 * Why can I only use weak ciphers when I connect to a server using OpenSSL?
 This is almost certainly because you are using an old "export grade" browser
 which only supports weak encryption. Upgrade your browser to support 128 bit
 ciphers.
 * How can I create DSA certificates?
 Check the CA.pl(1) manual page for a DSA certificate example.
 * Why can't I make an SSL connection to a server using a DSA certificate?
 Typically you'll see a message saying there are no shared ciphers when
 the same setup works fine with an RSA certificate. There are two possible
 causes. The client may not support connections to DSA servers most web
 browsers (including Netscape and MSIE) only support connections to servers
 supporting RSA cipher suites. The other cause is that a set of DH parameters
 has not been supplied to the server. DH parameters can be created with the
 dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
 check the source to s_server in apps/s_server.c for an example.
 * How can I remove the passphrase on a private key?
 Firstly you should be really *really* sure you want to do this. Leaving
 a private key unencrypted is a major security risk. If you decide that
 you do have to do this check the EXAMPLES sections of the rsa(1) and
 dsa(1) manual pages.
 * Why can't I use OpenSSL certificates with SSL client authentication?
 What will typically happen is that when a server requests authentication
 it will either not include your certificate or tell you that you have
 no client certificates (Netscape) or present you with an empty list box
 (MSIE). The reason for this is that when a server requests a client
 certificate it includes a list of CAs names which it will accept. Browsers
 will only let you select certificates from the list on the grounds that
 there is little point presenting a certificate which the server will
 reject.
 The solution is to add the relevant CA certificate to your servers "trusted
 CA list". How you do this depends on the server sofware in uses. You can
 print out the servers list of acceptable CAs using the OpenSSL s_client tool:
 openssl s_client -connect www.some.host:443 -prexit
 If your server only requests certificates on certain URLs then you may need
 to manually issue an HTTP GET command to get the list when s_client connects:
 GET /some/page/needing/a/certificate.html
 If your CA does not appear in the list then this confirms the problem.
 * Why does my browser give a warning about a mismatched hostname?
 Browsers expect the server's hostname to match the value in the commonName
 (CN) field of the certificate. If it does not then you get a warning.
 [BUILD] =======================================================================
 * Why does the linker complain about undefined symbols?
 Maybe the compilation was interrupted, and make doesn't notice that
@@ -342,99 +162,17 @@ If none of these helps, you may want to try using the current snapshot.
 If the problem persists, please submit a bug report.
-* Why does the OpenSSL test fail with "bc: command not found"?
+* Where can I get a compiled version of OpenSSL?
-You didn't install "bc", the Unix calculator.  If you want to run the
+Some applications that use OpenSSL are distributed in binary form.
-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
+When using such an application, you don't need to install OpenSSL
 yourself; the application will include the required parts (e.g. DLLs).
 If you want to install OpenSSL on a Windows system and you don't have
 a C compiler, read the "Mingw32" section of INSTALL.W32 for information
 on how to obtain and install the free GNU C compiler.
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+A number of Linux and *BSD distributions include OpenSSL.
 On some SCO installations or versions, bc has a bug that gets triggered
 when you run the test suite (using "make test").  The message returned is
 "bc: 1 not implemented".
 The best way to deal with this is to find another implementation of bc
 and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
 for download instructions) can be safely used, for example.
 * Why does the OpenSSL compilation fail on Alpha True64 Unix?
 On some Alpha installations running True64 Unix and Compaq C, the compilation
 of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
 memory to continue compilation.'  As far as the tests have shown, this may be
 a compiler bug.  What happens is that it eats up a lot of resident memory
 to build something, probably a table.  The problem is clearly in the
 optimization code, because if one eliminates optimization completely (-O0),
 the compilation goes through (and the compiler consumes about 2MB of resident
 memory instead of 240MB or whatever one's limit is currently).
 There are three options to solve this problem:
 1. set your current data segment size soft limit higher.  Experience shows
 that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do
 this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
 kbytes to set the limit to.
 2. If you have a hard limit that is lower than what you need and you can't
 get it changed, you can compile all of OpenSSL with -O0 as optimization
 level.  This is however not a very nice thing to do for those who expect to
 get the best result from OpenSSL.  A bit more complicated solution is the
 following:
 ----- snip:start -----
  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
       sed -e 's/ -O[0-9] / -O0 /'`"
  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
  make
 ----- snip:end -----
 This will only compile sha_dgst.c with -O0, the rest with the optimization
 level chosen by the configuration process.  When the above is done, do the
 test and installation and you're set.
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 Getting this message is quite usual on Solaris 2, because Sun has hidden
 away 'ar' and other development commands in directories that aren't in
 $PATH by default.  One of those directories is '/usr/ccs/bin'.  The
 quickest way to fix this is to do the following (it assumes you use sh
 or any sh-compatible shell):
 ----- snip:start -----
  PATH=${PATH}:/usr/ccs/bin; export PATH
 ----- snip:end -----
 and then redo the compilation.  What you should really do is make sure
 '/usr/ccs/bin' is permanently in your $PATH, for example through your
 '.profile' (again, assuming you use a sh-compatible shell).
 * Why does the OpenSSL compilation fail on Win32 with VC++?
 Sometimes, you may get reports from VC++ command line (cl) that it
 can't find standard include files like stdio.h and other weirdnesses.
 One possible cause is that the environment isn't correctly set up.
 To solve that problem, one should run VCVARS32.BAT which is found in
 the 'bin' subdirectory of the VC++ installation directory (somewhere
 under 'Program Files').  This needs to be done prior to running NMAKE,
 and the changes are only valid for the current DOS session.
 [PROG] ========================================================================
 * Is OpenSSL thread-safe?
 Yes (with limitations: an SSL connection may not concurrently be used
 by multiple threads).  On Windows and many Unix systems, OpenSSL
 automatically uses the multi-threaded versions of the standard
 libraries.  If your platform is not one of these, consult the INSTALL
 file.
 Multi-threaded applications must provide two callback functions to
 OpenSSL.  This is described in the threads(3) manpage.
 * I've compiled a program under Windows and it crashes: why?
@@ -456,7 +194,7 @@ unsigned char *buf, *p;
 int len;
 len = i2d_PKCS7(p7, NULL);
-buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
+buf = OPENSSL_Malloc(len); /* or Malloc, error checking omitted */
 p = buf;
 i2d_PKCS7(p7, &p);
@@ -521,6 +259,68 @@ is forgetting to load OpenSSL's table of algorithms with
 OpenSSL_add_all_algorithms(). See the manual page for more information.
 * How do I create certificates or certificate requests?
 Check out the CA.pl(1) manual page. This provides a simple wrapper round
 the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
 out the manual pages for the individual utilities and the certificate
 extensions documentation (currently in doc/openssl.txt).
 * Why can't I create certificate requests?
 You typically get the error:
 	unable to find 'distinguished_name' in config
 	problems making Certificate Request
 This is because it can't find the configuration file. Check out the
 DIAGNOSTICS section of req(1) for more information.
 * Why does <SSL program> fail with a certificate verify error?
 This problem is usually indicated by log messages saying something like
 "unable to get local issuer certificate" or "self signed certificate".
 When a certificate is verified its root CA must be "trusted" by OpenSSL
 this typically means that the CA certificate must be placed in a directory
 or file and the relevant program configured to read it. The OpenSSL program
 'verify' behaves in a similar way and issues similar error messages: check
 the verify(1) program manual page for more information.
 * Why can I only use weak ciphers when I connect to a server using OpenSSL?
 This is almost certainly because you are using an old "export grade" browser
 which only supports weak encryption. Upgrade your browser to support 128 bit
 ciphers.
 * How can I create DSA certificates?
 Check the CA.pl(1) manual page for a DSA certificate example.
 * Why can't I make an SSL connection to a server using a DSA certificate?
 Typically you'll see a message saying there are no shared ciphers when
 the same setup works fine with an RSA certificate. There are two possible
 causes. The client may not support connections to DSA servers most web
 browsers (including Netscape and MSIE) only support connections to servers
 supporting RSA cipher suites. The other cause is that a set of DH parameters
 has not been supplied to the server. DH parameters can be created with the
 dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
 check the source to s_server in apps/s_server.c for an example.
 * How can I remove the passphrase on a private key?
 Firstly you should be really *really* sure you want to do this. Leaving
 a private key unencrypted is a major security risk. If you decide that
 you do have to do this check the EXAMPLES sections of the rsa(1) and
 dsa(1) manual pages.
 * Why can't the OpenSSH configure script detect OpenSSL?
 There is a problem with OpenSSH 1.2.2p1, in that the configure script
@@ -562,26 +362,71 @@ applied to the OpenSSH distribution:
 ----- snip:end -----
-* Can I use OpenSSL's SSL library with non-blocking I/O?
+* Why does the OpenSSL test fail with "bc: command not found"?
-Yes; make sure to read the SSL_get_error(3) manual page!
+You didn't install "bc", the Unix calculator.  If you want to run the
-
+tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
 A pitfall to avoid: Don't assume that SSL_read() will just read from
 the underlying transport or that SSL_write() will just write to it --
 it is also possible that SSL_write() cannot do any useful work until
 there is data to read, or that SSL_read() cannot do anything until it
 is possible to send data.  One reason for this is that the peer may
 request a new TLS/SSL handshake at any time during the protocol,
 requiring a bi-directional message exchange; both SSL_read() and
 SSL_write() will try to continue any pending handshake.
-* Why doesn't my server application receive a client certificate?
+* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-Due to the TLS protocol definition, a client will only send a certificate,
+On some SCO installations or versions, bc has a bug that gets triggered when
-if explicitely asked by the server. Use the SSL_VERIFY_PEER flag of the
+you run the test suite (using "make test").  The message returned is "bc:
-SSL_CTX_set_verify() function to enable the use of client certificates.
+1 not implemented".  The best way to deal with this is to find another
 implementation of bc and compile/install it.  For example, GNU bc (see
 http://www.gnu.org/software/software.html for download instructions) can
 be safely used.
-===============================================================================
+* Why does the OpenSSL compilation fail on Alpha True64 Unix?
 On some Alpha installations running True64 Unix and Compaq C, the compilation
 of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
 memory to continue compilation.'  As far as the tests have shown, this may be
 a compiler bug.  What happens is that it eats up a lot of resident memory
 to build something, probably a table.  The problem is clearly in the
 optimization code, because if one eliminates optimization completely (-O0),
 the compilation goes through (and the compiler consumes about 2MB of resident
 memory instead of 240MB or whatever one's limit is currently).
 There are three options to solve this problem:
 1. set your current data segment size soft limit higher.  Experience shows
 that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do
 this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
 kbytes to set the limit to.
 2. If you have a hard limit that is lower than what you need and you can't
 get it changed, you can compile all of OpenSSL with -O0 as optimization
 level.  This is however not a very nice thing to do for those who expect to
 get the best result from OpenSSL.  A bit more complicated solution is the
 following:
 ----- snip:start -----
  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
       sed -e 's/ -O[0-9] / -O0 /'`"
  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
  make
 ----- snip:end -----
 This will only compile sha_dgst.c with -O0, the rest with the optimization
 level chosen by the configuration process.  When the above is done, do the
 test and installation and you're set.
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 Getting this message is quite usual on Solaris 2, because Sun has hidden
 away 'ar' and other development commands in directories that aren't in
 $PATH by default.  One of those directories is '/usr/ccs/bin'.  The
 quickest way to fix this is to do the following (it assumes you use sh
 or any sh-compatible shell):
 ----- snip:start -----
  PATH=${PATH}:/usr/ccs/bin; export PATH
 ----- snip:end -----
 and then redo the compilation.  What you should really do is make sure
 '/usr/ccs/bin' is permanently in your $PATH, for example through your
 '.profile' (again, assuming you use a sh-compatible shell).
--- a/13
+++ b/13
@@ -7,11 +7,8 @@
 To install OpenSSL, you will need:
  * make
  * Perl 5
  * an ANSI C compiler
  * a development environment in form of development libraries and C
    header files
  * a supported Unix operating system
 Quick Start
@@ -46,6 +43,9 @@
  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
                the library files and binaries are also installed there.
  rsaref        Build with RSADSI's RSAREF toolkit (this assumes that
                librsaref.a is in the library search path).
  no-threads    Don't try to build with support for multi-threaded
                applications.
@@ -57,10 +57,7 @@
  shared        In addition to the usual static libraries, create shared
                libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.  THIS IS NOT RECOMMENDED!  Since
+                shared libraries" below.
                this is a development branch, the positions of the ENGINE
                symbols in the transfer vector are constantly moving, so
                binary backward compatibility can't be guaranteed in any way.
  no-asm        Do not use assembler code.
@@ -128,7 +125,7 @@
     directory, and the binary will be in the "apps" directory.
     If "make" fails, look at the output.  There may be reasons for
-     the failure that aren't problems in OpenSSL itself (like missing
+     the failure that isn't a problem in OpenSSL itself (like missing
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
     message will be forwarded to a public mailing list).  Include the
--- a/INSTALL.VMS
+++ b/INSTALL.VMS
@@ -8,7 +8,6 @@ Intro:
 This file is divided in the following parts:
  Requirements			- Mandatory reading.
  Checking the distribution	- Mandatory reading.
  Compilation			- Mandatory reading.
  Logical names			- Mandatory reading.
@@ -20,15 +19,6 @@ This file is divided in the following parts:
  TODO				- Things that are to come.
 Requirements:
 =============
 To build and install OpenSSL, you will need:
 * DEC C or some other ANSI C compiler.  VAX C is *not* supported.
   [Note: OpenSSL has only been tested with DEC C.  Compiling with 
    a different ANSI C compiler may require some work]
 Checking the distribution:
 ==========================
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -108,8 +108,8 @@
 * Compiler installation:
-   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
+   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/
-   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at
+   mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at
   <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
   make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
   C:\egcs-1.1.2\mingw32.bat to set the PATH.
--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/Makefile.org
+++ b/Makefile.org
@@ -9,7 +9,6 @@ SHLIB_VERSION_NUMBER=
 SHLIB_VERSION_HISTORY=
 SHLIB_MAJOR=
 SHLIB_MINOR=
 SHLIB_EXT=
 PLATFORM=dist
 OPTIONS=
 CONFIGURE_ARGS=
@@ -57,14 +56,13 @@ CC= gcc
 #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 DEPFLAG= 
-PEX_LIBS= 
+PEX_LIBS= -L. -L.. -L../.. -L../../..
 EX_LIBS= 
 EXE_EXT= 
 AR=ar r
 RANLIB= ranlib
 PERL= perl
 TAR= tar
-TARFLAGS= --no-recursion
+TARFLAGS= --norecurse
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
@@ -151,18 +149,21 @@ RMD160_ASM_OBJ= asm/rm86-out.o
 #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
 # To do special treatment, use "directory names" starting with a period.
 # When we're prepared to use shared libraries in the programs we link here
-# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
+# we might have SHLIB_MARK1 get the value ".shlib." and SHLIB_MARK2 be empty,
-SHLIB_MARK=
+# or have that configurable.
 SHLIB_MARK1=.shlib-clean.
 SHLIB_MARK2=.shlib.
-DIRS=   crypto ssl rsaref $(SHLIB_MARK) apps test tools
+DIRS=   crypto ssl rsaref $(SHLIB_MARK1) apps test tools $(SHLIB_MARK2)
 SHLIBDIRS= crypto ssl
 # dirs in crypto to build
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso engine \
+	bn rsa dsa dh dso \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
@@ -179,10 +180,7 @@ ONEDIRS=out tmp
 EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
 WDIRS=  windows
 LIBS=   libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+SHARED_LIBS=libcrypto.so libssl.so
 SHARED_SSL=libssl$(SHLIB_EXT)
 SHARED_LIBS=
 SHARED_LIBS_LINK_EXTS=
 GENERAL=        Makefile
 BASENAME=       openssl
@@ -192,93 +190,108 @@ WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os.h e_os2.h
 HEADER=         e_os.h
-# When we're prepared to use shared libraries in the programs we link here
+all: Makefile.ssl
-# we might remove 'clean-shared' from the targets to perform at this stage
+	@need_shlib=true; \
-
+	for i in $(DIRS) ;\
 all: clean-shared Makefile.ssl sub_all
 sub_all:
 	@for i in $(DIRS); \
 	do \
-	if [ -d "$$i" ]; then \
+	if [ "$$i" = ".shlib-clean." ]; then \
-		(cd $$i && echo "making all in $$i..." && \
+		if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
+			$(MAKE) clean-shared; \
 		fi; \
 	elif [ "$$i" = ".shlib." ]; then \
 		if [ "$(SHLIB_TARGET)" != "" ]; then \
 			$(MAKE) $(SHARED_LIBS); \
 		fi; \
 		need_shlib=false; \
 	else \
-		$(MAKE) $$i; \
+		(cd $$i && echo "making all in $$i..." && \
 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
 	fi; \
 	done; \
-	if echo "$(DIRS)" | \
+	if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
 	    egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
 	   [ -n "$(SHARED_LIBS)" ]; then \
 		$(MAKE) $(SHARED_LIBS); \
 	fi
-libcrypto$(SHLIB_EXT): libcrypto.a
+sub_all:
 	@need_shlib=true; \
 	for i in $(DIRS) ;\
 	do \
 	if [ "$$i" = ".shlib-clean." ]; then \
 		if [ "$(SHLIB_TARGET)" != "" ]; then \
 			$(MAKE) clean-shared; \
 		fi; \
 	elif [ "$$i" = ".shlib." ]; then \
 		if [ "$(SHLIB_TARGET)" != "" ]; then \
 			$(MAKE) $(SHARED_LIBS); \
 		fi; \
 		need_shlib=false; \
 	else \
 		(cd $$i && echo "making all in $$i..." && \
 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
 	fi; \
 	done; \
 	if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
 		$(MAKE) $(SHARED_LIBS); \
 	fi
 libcrypto.so: libcrypto.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=crypto build-shared; \
+		$(MAKE) SHLIBDIRS=crypto $(SHLIB_TARGET); \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+libssl.so: libcrypto.so libssl.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' $(SHLIB_TARGET); \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
 clean-shared:
-	@for i in $(SHLIBDIRS); do \
+	for i in ${SHLIBDIRS}; do \
-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+	rm -f lib$$i.so \
-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+		lib$$i.so.${SHLIB_MAJOR} \
-			for j in $${tmp:-x}; do \
+		lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 				( set -x; rm -f lib$$i$$j ); \
 			done; \
 		fi; \
 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
 	done
-link-shared:
+linux-shared:
-	@for i in $(SHLIBDIRS); do \
+	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		prev=lib$$i$(SHLIB_EXT); \
+	rm -f lib$$i.so \
-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+		lib$$i.so.${SHLIB_MAJOR} \
-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+		lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 			for j in $${tmp:-x}; do \
 				( set -x; ln -f -s $$prev lib$$i$$j ); \
 				prev=lib$$i$$j; \
 			done; \
 		fi; \
 	done
 build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
 do_bsd-gcc-shared: do_gnu-shared
 do_linux-shared: do_gnu-shared
 do_gnu-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -l$$i"; \
+	libs="$$libs -L. -l$$i"; \
 	( set -x; \
 		ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			lib$$i.so.${SHLIB_MAJOR}; \
 		ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so ); \
 	done
 # This assumes that GNU utilities are *not* used
-do_tru64-shared:
+true64-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
 		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 		-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -l$$i"; \
+	libs="$$libs -L. -l$$i"; \
 	done
 # This assumes that GNU utilities are *not* used
-do_solaris-shared:
+solaris-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+	rm -f lib$$i.so \
-	  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		lib$$i.so.${SHLIB_MAJOR} \
-		-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	( set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-h lib$$i.so.${SHLIB_MAJOR} \
 		-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -l$$i"; \
+	libs="$$libs -L. -l$$i"; \
 	ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		lib$$i.so.${SHLIB_MAJOR}; \
 	ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so; \
 	done
 Makefile.ssl: Makefile.org
@@ -293,7 +306,7 @@ clean:
 	rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
+	if echo "$$i" | grep -v '^\.'; then \
 		(cd $$i && echo "making clean in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
 		rm -f $(LIBS); \
@@ -314,7 +327,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
+	if echo "$$i" | grep -v '^\.'; then \
 		(cd $$i && echo "making 'files' in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
 	fi; \
@@ -325,7 +338,7 @@ links:
 	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
 	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
 	@for i in $(DIRS); do \
-	if [ -d "$$i" ]; then \
+	if echo "$$i" | grep -v '^\.'; then \
 		(cd $$i && echo "making links in $$i..." && \
 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
 	fi; \
@@ -335,7 +348,7 @@ dclean:
 	rm -f *.bak
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
+	if echo "$$i" | grep -v '^\.'; then \
 		(cd $$i && echo "making dclean in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
 	fi; \
@@ -350,7 +363,7 @@ test:   tests
 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' EXE_EXT='${EXE_EXT}' tests );
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
 	@apps/openssl version -a
 report:
@@ -359,7 +372,7 @@ report:
 depend:
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
+	if echo "$$i" | grep -v '^\.'; then \
 		(cd $$i && echo "making dependencies $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
 	fi; \
@@ -368,7 +381,7 @@ depend:
 lint:
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
+	if echo "$$i" | grep -v '^\.'; then \
 		(cd $$i && echo "making lint $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
 	fi; \
@@ -377,7 +390,7 @@ lint:
 tags:
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
+	if echo "$$i" | grep -v '^\.'; then \
 		(cd $$i && echo "making tags $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
 	fi; \
@@ -439,9 +452,9 @@ install: all install_docs
 	done;
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
+	if echo "$$i" | grep -v '^\.'; then \
 		(cd $$i; echo "installing $$i..."; \
-		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
+		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
 	fi; \
 	done
 	@for i in $(LIBS) ;\
@@ -453,20 +466,6 @@ install: all install_docs
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 		fi \
 	done
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		tmp="$(SHARED_LIBS)"; \
 		for i in $${tmp:-x}; \
 		do \
 			if [ -f "$$i" ]; then \
 			(       echo installing $$i; \
 				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
 				chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 			fi \
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
 			make -f $$here/Makefile link-shared ); \
 	fi
 install_docs:
 	@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -474,23 +473,30 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
 	@echo installing man 1 and man 5
 	@for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
-		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
 			 --release=$(VERSION) `basename $$i`) \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
 	@echo installing man 3 and man 7
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
-		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`) \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
 shlib: all
 	if [ ! -d shlib_dir ] ; then mkdir shlib_dir ; else rm -f shlib_dir/* ; fi
 	cd shlib_dir ; ar -x ../libcrypto.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libcrypto.so.0.9 \
            -o ./libcrypto.so.0.9.4 && rm *.o
 	cd shlib_dir ; ar -x ../libssl.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libssl.so.0.9 \
            -o ./libssl.so.0.9.4 && rm *.o
 # DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/57
+++ b/57
@@ -5,63 +5,6 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
  Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
      o Security fix: PRNG improvements.
      o Security fix: RSA OAEP check.
      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
        attack.
      o MIPS bug fix in BIGNUM.
      o Bug fix in "openssl enc".
      o Bug fix in X.509 printing routine.
      o Bug fix in DSA verification routine and DSA S/MIME verification.
      o Bug fix to make PRNG thread-safe.
      o Bug fix in RAND_file_name().
      o Bug fix in compatibility mode trust settings.
      o Bug fix in blowfish EVP.
      o Increase default size for BIO buffering filter.
      o Compatibility fixes in some scripts.
  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
      o Security fix: change behavior of OpenSSL to avoid using
        environment variables when running as root.
      o Security fix: check the result of RSA-CRT to reduce the
        possibility of deducing the private key from an incorrectly
        calculated signature.
      o Security fix: prevent Bleichenbacher's DSA attack.
      o Security fix: Zero the premaster secret after deriving the
        master secret in DH ciphersuites.
      o Reimplement SSL_peek(), which had various problems.
      o Compatibility fix: the function des_encrypt() renamed to
        des_encrypt1() to avoid clashes with some Unixen libc.
      o Bug fixes for Win32, HP/UX and Irix.
      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
        memory checking routines.
      o Bug fixes for RSA operations in threaded enviroments.
      o Bug fixes in misc. openssl applications.
      o Remove a few potential memory leaks.
      o Add tighter checks of BIGNUM routines.
      o Shared library support has been reworked for generality.
      o More documentation.
      o New function BN_rand_range().
      o Add "-rand" option to openssl s_client and s_server.
  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
      o Some documentation for BIO and SSL libraries.
      o Enhanced chain verification using key identifiers.
      o New sign and verify options to 'dgst' application.
      o Support for DER and PEM encoded messages in 'smime' application.
      o New 'rsautl' application, low level RSA utility.
      o MD4 now included.
      o Bugfix for SSL rollback padding check.
      o Support for external crypto devices [1].
      o Enhanced EVP interface.
    [1] The support for external crypto devices is currently a separate
        distribution.  See the file README.ENGINE.
  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
--- a/7
+++ b/7
@@ -1,7 +1,7 @@
- OpenSSL 0.9.6b [engine]  9 Jul 2001
+ OpenSSL 0.9.6-beta2 17 Sep 2000
- Copyright (c) 1998-2001 The OpenSSL Project
+ Copyright (c) 1998-2000 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.
@@ -163,9 +163,6 @@
 the string "[PATCH]" in the subject. Please be sure to include a
 textual explanation of what your patch does.
 Note: For legal reasons, contributions from the US can be accepted only
 if a copy of the patch is sent to crypt@bxa.doc.gov
 The preferred format for changes is "diff -u" output. You might
 generate it like this:
--- a/README.ENGINE
+++ b/README.ENGINE
@@ -1,63 +0,0 @@
  ENGINE
  ======
  With OpenSSL 0.9.6, a new component has been added to support external 
  crypto devices, for example accelerator cards.  The component is called
  ENGINE, and has still a pretty experimental status and almost no
  documentation.  It's designed to be faily easily extensible by the
  calling programs.
  There's currently built-in support for the following crypto devices:
      o CryptoSwift
      o Compaq Atalla
      o nCipher CHIL
  A number of things are still needed and are being worked on:
      o An openssl utility command to handle or at least check available
        engines.
      o A better way of handling the methods that are handled by the
        engines.
      o Documentation!
  What already exists is fairly stable as far as it has been tested, but
  the test base has been a bit small most of the time.
  Because of this experimental status and what's lacking, the ENGINE
  component is not yet part of the default OpenSSL distribution.  However,
  we have made a separate kit for those who want to try this out, to be
  found in the same places as the default OpenSSL distribution, but with
  "-engine-" being part of the kit file name.  For example, version 0.9.6
  is distributed in the following two files:
      openssl-0.9.6.tar.gz
      openssl-engine-0.9.6.tar.gz
  NOTES
  =====
  openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
  not need to download both.
  openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
  crypto device.  The internal OpenSSL functions are contained in the
  engine "openssl", and will be used by default.
  No external crypto device is chosen unless you say so.  You have actively
  tell the openssl utility commands to use it through a new command line
  switch called "-engine".  And if you want to use the ENGINE library to
  do something similar, you must also explicitely choose an external crypto
  device, or the built-in crypto routines will be used, just as in the
  default OpenSSL distribution.
  PROBLEMS
  ========
  It seems like the ENGINE part doesn't work too well with Cryptoswift on
  Win32.  A quick test done right before the release showed that trying
  "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
  an attempt is made to write at memory address 0x00000002.
--- a/64
+++ b/64
@@ -1,11 +1,42 @@
  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2001/04/05 17:48:02 $
+  ______________                           $Date: 2000/09/17 11:56:53 $
  DEVELOPMENT STATE
-    o  OpenSSL 0.9.6a: Released on April      5th, 2001
+    o  OpenSSL 0.9.6:  Under development (in release cycle)...
-    o  OpenSSL 0.9.6:  Released on September 24th, 2000
+                       Proposed release date September 24, 2000
                       0.9.6-beta1 is available:
 			OpenBSD-x86 2.7			- failed
 				ftime not supported [FIXED]
 			hpux-parisc-cc 10.20		- passed
 			hpux-parisc-gcc 10.20		- passed
 			hpux-parisc-gcc 11.00		- passed
 			hpux-gcc			- passed
 			hpux-brokengcc			- failed
 				BN_sqr fails in test
 			linux-elf			- passed
 			linux-sparcv7			- passed
 			linux-ppc			- passed
 			Solaris [engine]		- failed
 				speed cswift gives odd errors [FIXED]
 			solaris-sparcv8-gcc		- passed
 			solaris-sparcv9-gcc		- passed
 			solaris-sparcv9-cc		- passed
 			solaris64-sparcv9-cc		- passed
 			sco5-gcc			- passed
 			sco5-cc				- passed
 			FreeBSD				- passed
 			Win32 VC++			- failed
 				PCURSORINFO not defined unless Win2000 [FIXED]
 				RAND_poll() problem on Win2000 [FIXED]
 				DSO method always DSO_METHOD_null [FIXED]
 			CygWin32			- test failed
 			MingW32				- failed
 				thelp32.h
 			aix-gcc (AIX 4.3.2)		- passed
 			VMS/Alpha			- failed
 				Some things were missing [FIXED]
    o  OpenSSL 0.9.5a: Released on April     1st, 2000
    o  OpenSSL 0.9.5:  Released on February 28th, 2000
    o  OpenSSL 0.9.4:  Released on August   09th, 1999
@@ -18,13 +49,14 @@
  AVAILABLE PATCHES
    o CA.pl patch (Damien Miller)
  IN PROGRESS
    o Steve is currently working on (in no particular order):
        ASN1 code redesign, butchery, replacement.
        OCSP
        EVP cipher enhancement.
-        Enhanced certificate chain verification.
+        Proper (or at least usable) certificate chain verification.
 	Private key, certificate and CRL API and implementation.
 	Developing and bugfixing PKCS#7 (S/MIME code).
        Various X509 issues: character sets, certificate request extensions.
@@ -33,29 +65,19 @@
    o Richard is currently working on:
 	UTIL (a new set of library functions to support some higher level
 	      functionality that is currently missing).
 	Dynamic thread-lock support.
 	Shared library support for VMS.
 	OCSP
 	Kerberos 5 authentication
 	Constification
  NEEDS PATCH
-    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
+    o  non-blocking socket on AIX
-
+    o  $(PERL) in */Makefile.ssl
-    o  OpenSSL_0_9_6-stable:
+    o  "Sign the certificate?" - "n" creates empty certificate file
       #include <openssl/e_os.h> in exported header files is illegal since
       e_os.h is suitable only for library-internal use.
    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
       or an error is reported
  OPEN ISSUES
-    o  crypto/ex_data.c is not really thread-safe and so must be used
+    o internal_verify doesn't know about X509.v3 (basicConstraints
-       with care (e.g., extra locking where necessary, or don't call
+      CA flag ...)
       CRYPTO_get_ex_new_index once multiple threads exist).
       The current API is not suitable for everything that it pretends
       to offer.
    o  The Makefile hierarchy and build mechanism is still not a round thing:
--- a/628
+++ b/628
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -18,7 +18,6 @@ RM=		rm -f
 PEX_LIBS=
 EX_LIBS= 
 EXE_EXT= 
 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
@@ -33,7 +32,7 @@ PROGRAM= openssl
 SCRIPTS=CA.sh CA.pl der_chop
-EXE= $(PROGRAM)$(EXE_EXT)
+EXE= $(PROGRAM)
 E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa rsautl dsa dsaparam \
@@ -78,7 +77,7 @@ top:
 all:	exe
-exe:	$(PROGRAM)
+exe:	$(EXE)
 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
@@ -210,15 +209,14 @@ ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
 ca.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ca.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+ca.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 ca.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -297,15 +295,14 @@ dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
 dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
+dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
-dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -317,15 +314,14 @@ dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
 dh.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-dh.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+dh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -339,15 +335,14 @@ dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 dsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -360,15 +355,14 @@ dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
 dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsaparam.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsaparam.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -381,20 +375,20 @@ enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 enc.o: ../include/openssl/des.h ../include/openssl/dh.h
 enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-enc.o: ../include/openssl/engine.h ../include/openssl/err.h
+enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
-enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
-enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+enc.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+enc.o: ../include/openssl/x509_vfy.h apps.h
 errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -425,20 +419,20 @@ gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
 gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/md2.h ../include/openssl/md4.h
-gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gendh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendh.o: ../include/openssl/x509_vfy.h apps.h
 gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -446,15 +440,14 @@ gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -467,15 +460,14 @@ genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+genrsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -552,15 +544,14 @@ pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs12.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs12.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
 pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 pkcs12.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -574,15 +565,14 @@ pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 pkcs7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -595,15 +585,14 @@ pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs8.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs8.o: ../include/openssl/md2.h ../include/openssl/md4.h
-pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
 pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 pkcs8.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -617,19 +606,19 @@ rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rand.o: ../include/openssl/des.h ../include/openssl/dh.h
 rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+rand.o: ../include/openssl/err.h ../include/openssl/evp.h
-rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/x509_vfy.h apps.h
 req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -637,15 +626,14 @@ req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 req.o: ../include/openssl/des.h ../include/openssl/dh.h
 req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 req.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-req.o: ../include/openssl/engine.h ../include/openssl/err.h
+req.o: ../include/openssl/err.h ../include/openssl/evp.h
-req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/md2.h ../include/openssl/md4.h
-req.o: ../include/openssl/md4.h ../include/openssl/md5.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -659,15 +647,14 @@ rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 rsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -680,15 +667,14 @@ rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
 rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 rsautl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsautl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsautl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsautl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 rsautl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 rsautl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 rsautl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -724,15 +710,14 @@ s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -749,15 +734,14 @@ s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -844,15 +828,14 @@ smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 smime.o: ../include/openssl/des.h ../include/openssl/dh.h
 smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-smime.o: ../include/openssl/engine.h ../include/openssl/err.h
+smime.o: ../include/openssl/err.h ../include/openssl/evp.h
-smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
+smime.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+smime.o: ../include/openssl/md2.h ../include/openssl/md4.h
-smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
+smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 smime.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -865,20 +848,20 @@ speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 speed.o: ../include/openssl/des.h ../include/openssl/dh.h
 speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-speed.o: ../include/openssl/engine.h ../include/openssl/err.h
+speed.o: ../include/openssl/err.h ../include/openssl/evp.h
-speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
-speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
+speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
-speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
-speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
+speed.o: ./testrsa.h apps.h
 spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -886,15 +869,14 @@ spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
 spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 spkac.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
+spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
-spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+spkac.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+spkac.o: ../include/openssl/md2.h ../include/openssl/md4.h
-spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
+spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 spkac.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -907,15 +889,14 @@ verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 verify.o: ../include/openssl/des.h ../include/openssl/dh.h
 verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-verify.o: ../include/openssl/engine.h ../include/openssl/err.h
+verify.o: ../include/openssl/err.h ../include/openssl/evp.h
-verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+verify.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+verify.o: ../include/openssl/md2.h ../include/openssl/md4.h
-verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
+verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 verify.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -948,15 +929,14 @@ x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 x509.o: ../include/openssl/des.h ../include/openssl/dh.h
 x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-x509.o: ../include/openssl/engine.h ../include/openssl/err.h
+x509.o: ../include/openssl/err.h ../include/openssl/evp.h
-x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+x509.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+x509.o: ../include/openssl/md2.h ../include/openssl/md4.h
-x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
+x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 x509.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -177,9 +177,7 @@ long app_RAND_load_files(char *name)
 		if (*n == '\0') break;
 		egd=RAND_egd(n);
-		if (egd > 0)
+		if (egd > 0) tot+=egd;
 			tot+=egd;
 		else
 		tot+=RAND_load_file(n,-1);
 		if (last) break;
 		}
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -170,8 +170,6 @@ int str2fmt(char *s)
 		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
 		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
 		return(FORMAT_PKCS12);
 	else if ((*s == 'E') || (*s == 'e'))
 		return(FORMAT_ENGINE);
 	else
 		return(FORMAT_UNDEF);
 	}
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -162,8 +162,6 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 #define FORMAT_NETSCAPE 4
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
 /* Since this is currently inofficial, let's give it a high number */
 #define FORMAT_ENGINE   127
 #define NETSCAPE_CERT_HDR	"certificate"
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -206,12 +206,6 @@ bad:
 		goto end;
 		}
 	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
 #ifdef VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	out = BIO_push(tmpbio, out);
 	}
 #endif
 	if (oidfile != NULL)
 		{
@@ -321,7 +315,7 @@ bad:
 end:
 	BIO_free(derout);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (b64 != NULL) BIO_free(b64);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
--- a/apps/ca-cert.srl
+++ b/apps/ca-cert.srl
@@ -1 +1 @@
-07
+05
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -74,7 +74,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #ifndef W_OK
 #  ifdef VMS
@@ -168,7 +167,6 @@ static char *ca_usage[]={
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
 " -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
@@ -218,7 +216,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	char *key=NULL,*passargin=NULL;
 	int total=0;
 	int total_done=0;
@@ -271,7 +268,6 @@ int MAIN(int argc, char **argv)
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
 	char *randfile=NULL;
 	char *engine = NULL;
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -423,11 +419,6 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			crl_ext= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else
 			{
 bad:
@@ -448,24 +439,6 @@ bad:
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto err;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto err;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	/*****************************************************************/
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
 	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
@@ -717,12 +690,6 @@ bad:
 	if (verbose)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		TXT_DB_write(out,db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
 			db->data->num);
@@ -757,15 +724,7 @@ bad:
 				}
 			}
 		else
 			{
 			BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
 #ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			Sout = BIO_push(tmpbio, Sout);
 			}
 #endif
 			}
 		}
 	if (req)
@@ -1061,7 +1020,7 @@ bad:
 #endif
 			BIO_free(in);
-			BIO_free_all(out);
+			BIO_free(out);
 			in=NULL;
 			out=NULL;
 			if (rename(serialfile,buf[2]) < 0)
@@ -1247,11 +1206,7 @@ bad:
 			X509_free(revcert);
 			strncpy(buf[0],dbfile,BSIZE-4);
 #ifndef VMS
 			strcat(buf[0],".new");
 #else
 			strcat(buf[0],"-new");
 #endif
 			if (BIO_write_filename(out,buf[0]) <= 0)
 				{
 				perror(dbfile);
@@ -1261,11 +1216,7 @@ bad:
 			j=TXT_DB_write(out,db);
 			if (j <= 0) goto err;
 			strncpy(buf[1],dbfile,BSIZE-4);
 #ifndef VMS
 			strcat(buf[1],".old");
 #else
 			strcat(buf[1],"-old");
 #endif
 			if (rename(dbfile,buf[1]) < 0)
 				{
 				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
@@ -1286,9 +1237,9 @@ bad:
 	ret=0;
 err:
 	BIO_free(hex);
-	BIO_free_all(Cout);
+	BIO_free(Cout);
-	BIO_free_all(Sout);
+	BIO_free(Sout);
-	BIO_free_all(out);
+	BIO_free(out);
 	BIO_free(in);
 	sk_X509_pop_free(cert_sk,X509_free);
@@ -1403,7 +1354,7 @@ static int save_serial(char *serialfile, BIGNUM *serial)
 	BIO_puts(out,"\n");
 	ret=1;
 err:
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (ai != NULL) ASN1_INTEGER_free(ai);
 	return(ret);
 	}
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -108,12 +108,6 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	STDout = BIO_push(tmpbio, STDout);
 	}
 #endif
 	argc--;
 	argv++;
@@ -201,7 +195,7 @@ err:
 end:
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (ssl != NULL) SSL_free(ssl);
-	if (STDout != NULL) BIO_free_all(STDout);
+	if (STDout != NULL) BIO_free(STDout);
 	EXIT(ret);
 	}
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -122,15 +122,7 @@ int MAIN(int argc, char **argv)
 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
 			{
 			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			bio_out = BIO_push(tmpbio, bio_out);
 			}
 #endif
 			}
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
@@ -322,15 +314,7 @@ bad:
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -356,8 +340,8 @@ bad:
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
-	BIO_free_all(out);
+	BIO_free(out);
-	BIO_free_all(bio_out);
+	BIO_free(bio_out);
 	bio_out=NULL;
 	X509_CRL_free(x);
 	if(store) {
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -239,15 +239,7 @@ bad:
 	sk_free(certflst);
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -274,7 +266,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (p7 != NULL) PKCS7_free(p7);
 	if (crl != NULL) X509_CRL_free(crl);
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -66,7 +66,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -74,14 +73,13 @@
 #undef PROG
 #define PROG	dgst_main
-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
-		EVP_PKEY *key, unsigned char *sigin, int siglen);
+		EVP_PKEY *key, unsigned char *sigin, unsigned int siglen);
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	unsigned char *buf=NULL;
 	int i,err=0;
 	const EVP_MD *md=NULL,*m;
@@ -95,11 +93,10 @@ int MAIN(int argc, char **argv)
 	int debug=0;
 	const char *outfile = NULL, *keyfile = NULL;
 	const char *sigfile = NULL, *randfile = NULL;
-	int out_bin = -1, want_pub = 0, do_verify = 0;
+	char out_bin = -1, want_pub = 0, do_verify = 0;
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
-	int siglen = 0;
+	unsigned int siglen = 0;
 	char *engine=NULL;
 	apps_startup();
@@ -157,11 +154,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			sigfile=*(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) break;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-hex") == 0)
 			out_bin = 0;
 		else if (strcmp(*argv,"-binary") == 0)
@@ -198,7 +190,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
@@ -218,24 +209,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)
@@ -263,15 +236,7 @@ int MAIN(int argc, char **argv)
 		if(out_bin)
 			out = BIO_new_file(outfile, "wb");
 		else    out = BIO_new_file(outfile, "w");
-	} else {
+	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 	}
 	if(!out) {
 		BIO_printf(bio_err, "Error opening output file %s\n", 
@@ -315,7 +280,7 @@ int MAIN(int argc, char **argv)
 		}
 		siglen = BIO_read(sigbio, sigbuf, siglen);
 		BIO_free(sigbio);
-		if(siglen <= 0) {
+		if(siglen == 0) {
 			BIO_printf(bio_err, "Error reading signature file %s\n",
 								sigfile);
 			ERR_print_errors(bio_err);
@@ -358,15 +323,15 @@ end:
 		OPENSSL_free(buf);
 		}
 	if (in != NULL) BIO_free(in);
-	BIO_free_all(out);
+	BIO_free(out);
 	EVP_PKEY_free(sigkey);
 	if(sigbuf) OPENSSL_free(sigbuf);
 	if (bmd != NULL) BIO_free(bmd);
 	EXIT(err);
 	}
-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
-			EVP_PKEY *key, unsigned char *sigin, int siglen)
+			EVP_PKEY *key, unsigned char *sigin, unsigned int siglen)
 	{
 	int len;
 	int i;
@@ -380,7 +345,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 		{
 		EVP_MD_CTX *ctx;
 		BIO_get_md_ctx(bp, &ctx);
-		i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 
+		i = EVP_VerifyFinal(ctx, sigin, siglen, key); 
 		if(i > 0) BIO_printf(out, "Verified OK\n");
 		else if(i == 0) BIO_printf(out, "Verification Failure\n");
 		else
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -69,7 +69,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	dh_main
@@ -88,12 +87,11 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;
 	apps_startup();
@@ -101,7 +99,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -132,11 +129,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -168,30 +160,11 @@ bad:
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -211,15 +184,7 @@ bad:
 			}
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -344,7 +309,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -121,7 +121,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #ifndef NO_DSA
 #include <openssl/dsa.h>
@@ -149,7 +148,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 #ifndef NO_DSA
@@ -158,7 +156,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
-	char *inrand=NULL,*engine=NULL;
+	char *inrand=NULL;
 	int num = 0, g = 0;
 	apps_startup();
@@ -197,11 +195,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -247,7 +240,6 @@ bad:
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
@@ -257,24 +249,6 @@ bad:
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (g && !num)
 		num = DEFBITS;
@@ -417,15 +391,7 @@ bad:
 		goto end;
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -530,7 +496,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -68,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	dsa_main
@@ -88,7 +87,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
@@ -96,7 +94,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	int modulus=0;
@@ -107,7 +105,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -148,11 +145,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -184,7 +176,6 @@ bad:
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
@@ -198,24 +189,6 @@ bad:
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
@@ -260,15 +233,7 @@ bad:
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -316,7 +281,7 @@ bad:
 		ret=0;
 end:
 	if(in != NULL) BIO_free(in);
-	if(out != NULL) BIO_free_all(out);
+	if(out != NULL) BIO_free(out);
 	if(dsa != NULL) DSA_free(dsa);
 	if(passin) OPENSSL_free(passin);
 	if(passout) OPENSSL_free(passout);
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -69,7 +69,6 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	dsaparam_main
@@ -91,12 +90,11 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*inrand=NULL,*engine=NULL;
+	char *infile,*outfile,*prog,*inrand=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
@@ -207,15 +205,7 @@ bad:
 			}
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -313,7 +303,7 @@ bad:
 		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
 			bits_p,bits_p);
 		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
-		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
+		printf("\t\treturn(NULL);\n");
 		printf("\treturn(dsa);\n\t}\n");
 		}
@@ -357,7 +347,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dsa != NULL) DSA_free(dsa);
 	EXIT(ret);
 	}
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -70,7 +70,6 @@
 #include <openssl/md5.h>
 #endif
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -85,7 +84,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	static const char magic[]="Salted__";
 	char mbuf[8];	/* should be 1 smaller than magic */
 	char *strbuf=NULL;
@@ -103,7 +101,6 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  16
 	char pname[PROG_NAME_SIZE];
 	char *engine = NULL;
 	apps_startup();
@@ -144,11 +141,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
@@ -249,7 +241,6 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
 			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 			BIO_printf(bio_err,"Cipher Types\n");
 			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
@@ -323,24 +314,6 @@ bad:
 		argv++;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -443,15 +416,7 @@ bad:
 	if (outf == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if (BIO_write_filename(out,outf) <= 0)
@@ -542,14 +507,6 @@ bad:
 			BIO_printf(bio_err,"invalid hex iv value\n");
 			goto end;
 			}
 		if ((hiv == NULL) && (str == NULL))
 			{
 			/* No IV was explicitly set and no IV was generated
 			 * during EVP_BytesToKey. Hence the IV is undefined,
 			 * making correct decryption impossible. */
 			BIO_printf(bio_err, "iv undefined\n");
 			goto end;
 			}
 		if ((hkey != NULL) && !set_hex(hkey,key,24))
 			{
 			BIO_printf(bio_err,"invalid hex key value\n");
@@ -627,7 +584,7 @@ end:
 	if (strbuf != NULL) OPENSSL_free(strbuf);
 	if (buff != NULL) OPENSSL_free(buff);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (benc != NULL) BIO_free(benc);
 	if (b64 != NULL) BIO_free(b64);
 	if(pass) OPENSSL_free(pass);
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -91,18 +91,12 @@ int MAIN(int argc, char **argv)
 		out=BIO_new(BIO_s_file());
 		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
 			{
 #ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
 			}
 #endif
 			lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
 			lh_stats_bio((LHASH *)ERR_get_string_table(),out);
 			lh_node_usage_stats_bio((LHASH *)
 				ERR_get_string_table(),out);
 			}
-		if (out != NULL) BIO_free_all(out);
+		if (out != NULL) BIO_free(out);
 		argc--;
 		argv++;
 		}
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -70,7 +70,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define DEFBITS	512
 #undef PROG
@@ -82,13 +81,11 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
 	char *inrand=NULL;
 	char *engine=NULL;
 	BIO *out=NULL;
 	apps_startup();
@@ -113,11 +110,6 @@ int MAIN(int argc, char **argv)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -133,34 +125,15 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
+		BIO_printf(bio_err," -2    use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
+	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
+		BIO_printf(bio_err," -5    use 5 as the generator value\n");
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -169,15 +142,7 @@ bad:
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -209,7 +174,7 @@ bad:
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -68,7 +68,6 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define DEFBITS	512
 #undef PROG
@@ -78,7 +77,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
@@ -86,7 +84,6 @@ int MAIN(int argc, char **argv)
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
 	EVP_CIPHER *enc=NULL;
 	char *engine=NULL;
 	apps_startup();
@@ -109,11 +106,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -153,7 +145,6 @@ bad:
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
@@ -162,24 +153,6 @@ bad:
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -205,15 +178,7 @@ bad:
 	if (out == NULL) goto end;
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -244,7 +209,7 @@ end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dsa != NULL) DSA_free(dsa);
 	if(passout) OPENSSL_free(passout);
 	EXIT(ret);
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -69,7 +69,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define DEFBITS	512
 #undef PROG
@@ -81,7 +80,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
@@ -90,7 +88,6 @@ int MAIN(int argc, char **argv)
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
 	char *engine=NULL;
 	char *inrand=NULL;
 	BIO *out=NULL;
@@ -119,11 +116,6 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -162,7 +154,6 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
@@ -176,34 +167,8 @@ bad:
 		goto err;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto err;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto err;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -213,8 +178,7 @@ bad:
 			}
 		}
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
 		&& !RAND_status())
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
@@ -248,7 +212,7 @@ bad:
 	ret=0;
 err:
 	if (rsa != NULL) RSA_free(rsa);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if(passout) OPENSSL_free(passout);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -119,15 +119,8 @@ int MAIN(int argc, char **argv)
 				 "Can't open output file %s\n", outfile);
 			goto end;
 		}
-	} else {
+	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 	}
 	if (toseq) {
 		seq = NETSCAPE_CERT_SEQUENCE_new();
 		seq->certs = sk_X509_new_null();
@@ -159,7 +152,7 @@ int MAIN(int argc, char **argv)
 	ret = 0;
 end:
 	BIO_free(in);
-	BIO_free_all(out);
+	BIO_free(out);
 	NETSCAPE_CERT_SEQUENCE_free(seq);
 	EXIT(ret);
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -238,19 +238,13 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 	else if ((strncmp(argv[0],"no-",3)) == 0)
 		{
 		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		bio_stdout = BIO_push(tmpbio, bio_stdout);
 		}
 #endif
 		f.name=argv[0]+3;
 		ret = (lh_retrieve(prog,&f) != NULL);
 		if (!ret)
 			BIO_printf(bio_stdout, "%s\n", argv[0]);
 		else
 			BIO_printf(bio_stdout, "%s\n", argv[0]+3);
-		BIO_free_all(bio_stdout);
+		BIO_free(bio_stdout);
 		goto end;
 		}
 	else if ((strcmp(argv[0],"quit") == 0) ||
@@ -275,17 +269,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
 			list_type = FUNC_TYPE_CIPHER;
 		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		bio_stdout = BIO_push(tmpbio, bio_stdout);
 		}
 #endif
 		for (fp=functions; fp->name != NULL; fp++)
 			if (fp->type == list_type)
 				BIO_printf(bio_stdout, "%s\n", fp->name);
-		BIO_free_all(bio_stdout);
+		BIO_free(bio_stdout);
 		ret=0;
 		goto end;
 		}
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -81,12 +81,6 @@ int MAIN(int argc, char **argv)
 	if (out == NULL)
 		goto err;
 	BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
 #ifdef VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	out = BIO_push(tmpbio, out);
 	}
 #endif
 	badopt = 0, opt_done = 0;
 	i = 0;
@@ -272,7 +266,6 @@ int MAIN(int argc, char **argv)
 			}
 		while (!done);
 		}
 	ret = 0;
 err:
 	ERR_print_errors(bio_err);
@@ -283,7 +276,7 @@ err:
 	if (in)
 		BIO_free(in);
 	if (out)
-		BIO_free_all(out);
+		BIO_free(out);
 	EXIT(ret);
 	}
@@ -316,7 +309,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	strncat(out_buf, "$", 1);
 	strncat(out_buf, salt, 8);
 	assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
-	salt_out = out_buf + 2 + strlen(magic);
+	salt_out = out_buf + 6;
 	salt_len = strlen(salt_out);
 	assert(salt_len <= 8);
--- a/apps/pca-cert.srl
+++ b/apps/pca-cert.srl
@@ -1 +1 @@
-07
+01
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -66,7 +66,6 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
 #include <openssl/engine.h>
 #define PROG pkcs12_main
@@ -93,7 +92,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
    ENGINE *e = NULL;
    char *infile=NULL, *outfile=NULL, *keyname = NULL;	
    char *certfile=NULL;
    BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -120,7 +118,6 @@ int MAIN(int argc, char **argv)
    char *passin = NULL, *passout = NULL;
    char *inrand = NULL;
    char *CApath = NULL, *CAfile = NULL;
    char *engine=NULL;
    apps_startup();
@@ -239,11 +236,6 @@ int MAIN(int argc, char **argv)
 			args++;	
 			CAfile = *args;
 		    } else badarg = 1;
 		} else if (!strcmp(*args,"-engine")) {
 		    if (args[1]) {
 			args++;	
 			engine = *args;
 		    } else badarg = 1;
 		} else badarg = 1;
 	} else badarg = 1;
@@ -287,27 +279,12 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
 	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
    	goto end;
    }
    if (engine != NULL) {
 	if((e = ENGINE_by_id(engine)) == NULL) {
 	    BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
 	    goto end;
 	}
 	if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
 	    BIO_printf(bio_err,"can't use that engine\n");
 	    goto end;
 	}
 	BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 	/* Free our "structural" reference. */
 	ENGINE_free(e);
    }
    if(passarg) {
 	if(export_cert) passargout = passarg;
 	else passargin = passarg;
@@ -373,15 +350,8 @@ int MAIN(int argc, char **argv)
    CRYPTO_push_info("write files");
 #endif
-    if (!outfile) {
+    if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE);
-	out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    else out = BIO_new_file(outfile, "wb");
 #ifdef VMS
 	{
 	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	    out = BIO_push(tmpbio, out);
 	}
 #endif
    } else out = BIO_new_file(outfile, "wb");
    if (!out) {
 	BIO_printf(bio_err, "Error opening output file %s\n",
 						outfile ? outfile : "<stdout>");
@@ -687,7 +657,7 @@ int MAIN(int argc, char **argv)
    CRYPTO_remove_all_info();
 #endif
    BIO_free(in);
-    BIO_free_all(out);
+    BIO_free(out);
    if (canames) sk_free(canames);
    if(passin) OPENSSL_free(passin);
    if(passout) OPENSSL_free(passout);
@@ -910,14 +880,14 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
 				break;
 				case V_ASN1_OCTET_STRING:
-				hex_prin(out, av->value.octet_string->data,
+				hex_prin(out, av->value.bit_string->data,
-					av->value.octet_string->length);
+					av->value.bit_string->length);
 				BIO_printf(out, "\n");	
 				break;
 				case V_ASN1_BIT_STRING:
-				hex_prin(out, av->value.bit_string->data,
+				hex_prin(out, av->value.octet_string->data,
-					av->value.bit_string->length);
+					av->value.octet_string->length);
 				BIO_printf(out, "\n");	
 				break;
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -67,7 +67,6 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	pkcs7_main
@@ -83,7 +82,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -91,7 +89,6 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
 	int ret=0;
 	char *engine=NULL;
 	apps_startup();
@@ -135,11 +132,6 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -162,30 +154,11 @@ bad:
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		EXIT(1);
 		}
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -223,15 +196,7 @@ bad:
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -315,6 +280,6 @@ bad:
 end:
 	if (p7 != NULL) PKCS7_free(p7);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	EXIT(ret);
 	}
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -62,7 +62,6 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
 #include <openssl/engine.h>
 #include "apps.h"
 #define PROG pkcs8_main
@@ -71,7 +70,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
 	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
 	BIO *in = NULL, *out = NULL;
@@ -87,13 +85,9 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey;
 	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
 	char *engine=NULL;
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
@@ -144,11 +138,6 @@ int MAIN(int argc, char **argv)
 			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
 		else if (strcmp(*args,"-engine") == 0)
 			{
 			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
@@ -181,28 +170,9 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
 		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
 		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		return (1);
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			return (1);
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			return (1);
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		return (1);
@@ -224,15 +194,8 @@ int MAIN(int argc, char **argv)
 				 "Can't open output file %s\n", outfile);
 			return (1);
 		}
-	} else {
+	} else out = BIO_new_fp (stdout, BIO_NOCLOSE);
-		out = BIO_new_fp (stdout, BIO_NOCLOSE);
+
 #ifdef VMS
 		{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
 		}
 #endif
 	}
 	if (topk8) {
 		if(informat == FORMAT_PEM)
 			pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
@@ -290,7 +253,7 @@ int MAIN(int argc, char **argv)
 		}
 		PKCS8_PRIV_KEY_INFO_free (p8inf);
 		EVP_PKEY_free(pkey);
-		BIO_free_all(out);
+		BIO_free(out);
 		if(passin) OPENSSL_free(passin);
 		if(passout) OPENSSL_free(passout);
 		return (0);
@@ -373,7 +336,7 @@ int MAIN(int argc, char **argv)
 	}
 	EVP_PKEY_free(pkey);
-	BIO_free_all(out);
+	BIO_free(out);
 	BIO_free(in);
 	if(passin) OPENSSL_free(passin);
 	if(passout) OPENSSL_free(passout);
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -9,7 +9,6 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG rand_main
@@ -24,7 +23,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
@@ -32,7 +30,6 @@ int MAIN(int argc, char **argv)
 	int base64 = 0;
 	BIO *out = NULL;
 	int num = -1;
 	char *engine=NULL;
 	apps_startup();
@@ -51,13 +48,6 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
 		if (strcmp(argv[i], "-engine") == 0)
 			{
 			if ((argv[i+1] != NULL) && (engine == NULL))
 				engine = argv[++i];
 			else
 				badopt = 1;
 			}
 		else if (strcmp(argv[i], "-rand") == 0)
 			{
 			if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -95,30 +85,11 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "Usage: rand [options] num\n");
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-out file            - write to file\n");
 		BIO_printf(bio_err," -engine e             - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err, "-rand file%cfile%c...  - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err, "-base64              - encode output\n");
 		goto err;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto err;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto err;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@@ -130,15 +101,7 @@ int MAIN(int argc, char **argv)
 	if (outfile != NULL)
 		r = BIO_write_filename(out, outfile);
 	else
 		{
 		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	if (r <= 0)
 		goto err;
--- a/apps/req.c
+++ b/apps/req.c
@@ -73,7 +73,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define SECTION		"req"
@@ -141,7 +140,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 #ifndef NO_DSA
 	DSA *dsa_params=NULL;
 #endif
@@ -154,7 +152,6 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0,newhdr=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
 	char *engine=NULL;
 	char *extensions = NULL;
 	char *req_exts = NULL;
 	EVP_CIPHER *cipher=NULL;
@@ -198,11 +195,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -383,7 +375,6 @@ bad:
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
 		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -key file	use the private key contained in file\n");
 		BIO_printf(bio_err," -keyform arg   key file format\n");
 		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
@@ -531,36 +522,7 @@ bad:
 	if ((in == NULL) || (out == NULL))
 		goto end;
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (keyfile != NULL)
 		{
 		if (keyform == FORMAT_ENGINE)
 			{
 			if (!e)
 				{
 				BIO_printf(bio_err,"no engine specified\n");
 				goto end;
 				}
 			pkey = ENGINE_load_private_key(e, keyfile, NULL);
 			}
 		else
 		{
 		if (BIO_read_filename(in,keyfile) <= 0)
 			{
@@ -572,15 +534,13 @@ bad:
 			pkey=d2i_PrivateKey_bio(in,NULL);
 		else if (keyform == FORMAT_PEM)
 			{
-				pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
+			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
 					passin);
 			}
 		else
 			{
 			BIO_printf(bio_err,"bad input format specified for X509 request\n");
 			goto end;
 			}
 			}
 		if (pkey == NULL)
 			{
@@ -649,12 +609,6 @@ bad:
 			{
 			BIO_printf(bio_err,"writing new private key to stdout\n");
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
 			}
 #endif
 			}
 		else
 			{
@@ -725,15 +679,16 @@ loop:
 	if (newreq || x509)
 		{
 #ifndef NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
 #endif
 		if (pkey == NULL)
 			{
 			BIO_printf(bio_err,"you need to specify a private key\n");
 			goto end;
 			}
 #ifndef NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
 #endif
 		if (req == NULL)
 			{
 			req=X509_REQ_new();
@@ -849,15 +804,7 @@ loop:
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
@@ -943,7 +890,7 @@ end:
 		}
 	if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
 	BIO_free(in);
-	BIO_free_all(out);
+	BIO_free(out);
 	EVP_PKEY_free(pkey);
 	X509_REQ_free(req);
 	X509_free(x509ss);
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -68,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	rsa_main
@@ -91,7 +90,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0, sgckey=0;
@@ -102,7 +100,6 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	char *engine=NULL;
 	int modulus=0;
 	apps_startup();
@@ -151,11 +148,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-sgckey") == 0)
 			sgckey=1;
 		else if (strcmp(*argv,"-pubin") == 0)
@@ -203,30 +195,11 @@ bad:
 		BIO_printf(bio_err," -check          verify key consistency\n");
 		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 	ERR_load_crypto_strings();
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
@@ -305,15 +278,7 @@ bad:
 		}
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
 		}
 #endif
 		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -412,7 +377,7 @@ bad:
 		ret=0;
 end:
 	if(in != NULL) BIO_free(in);
-	if(out != NULL) BIO_free_all(out);
+	if(out != NULL) BIO_free(out);
 	if(rsa != NULL) RSA_free(rsa);
 	if(passin) OPENSSL_free(passin);
 	if(passout) OPENSSL_free(passout);
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -55,14 +55,10 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #ifndef NO_RSA
 #include "apps.h"
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #define RSA_SIGN 	1
 #define RSA_VERIFY 	2
@@ -83,7 +79,6 @@ int MAIN(int argc, char **);
 int MAIN(int argc, char **argv)
 {
 	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
 	char *keyfile = NULL;
@@ -97,7 +92,6 @@ int MAIN(int argc, char **argv)
 	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
 	int rsa_inlen, rsa_outlen = 0;
 	int keysize;
 	char *engine=NULL;
 	int ret = 1;
@@ -120,9 +114,6 @@ int MAIN(int argc, char **argv)
 		} else if(!strcmp(*argv, "-inkey")) {
 			if (--argc < 1) badarg = 1;
 			keyfile = *(++argv);
 		} else if(!strcmp(*argv, "-engine")) {
 			if (--argc < 1) badarg = 1;
 			engine = *(++argv);
 		} else if(!strcmp(*argv, "-pubin")) {
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
@@ -157,24 +148,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
@@ -225,15 +198,7 @@ int MAIN(int argc, char **argv)
 			ERR_print_errors(bio_err);	
 			goto end;
 		}
-	} else {
+	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
 		}
 #endif
 	}
 	keysize = RSA_size(rsa);
@@ -290,7 +255,7 @@ int MAIN(int argc, char **argv)
 	end:
 	RSA_free(rsa);
 	BIO_free(in);
-	BIO_free_all(out);
+	BIO_free(out);
 	if(rsa_in) OPENSSL_free(rsa_in);
 	if(rsa_out) OPENSSL_free(rsa_out);
 	return ret;
@@ -304,7 +269,6 @@ static void usage()
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
 	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
 	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
 	BIO_printf(bio_err, "-raw            use no padding\n");
 	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
@@ -316,4 +280,3 @@ static void usage()
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
 }
 #endif
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -79,8 +79,6 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 #include "s_apps.h"
 #ifdef WINDOWS
@@ -154,8 +152,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
-	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}
 int MAIN(int, char **);
@@ -182,9 +179,6 @@ int MAIN(int argc, char **argv)
 	int prexit = 0;
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
 	char *inrand=NULL;
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
 #ifdef WINDOWS
 	struct timeval tv;
 #endif
@@ -322,16 +316,6 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-nbio") == 0)
 			{ c_nbio=1; }
 #endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 		else if	(strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine_id = *(++argv);
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -348,14 +332,7 @@ bad:
 		goto end;
 		}
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+	app_RAND_load_file(NULL, bio_err, 0);
 		&& !RAND_status())
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));
 	if (bio_c_out == NULL)
 		{
@@ -372,30 +349,6 @@ bad:
 	OpenSSL_add_ssl_algorithms();
 	SSL_load_error_strings();
 	if (engine_id != NULL)
 		{
 		if((e = ENGINE_by_id(engine_id)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (c_debug)
 			{
 			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
 				0, bio_err, 0);
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
 		ENGINE_free(e);
 		}
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -83,8 +83,6 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
 #include <openssl/engine.h>
 #include "s_apps.h"
 #ifdef WINDOWS
@@ -178,7 +176,6 @@ static int s_debug=0;
 static int s_quiet=0;
 static int hack=0;
 static char *engine_id=NULL;
 #ifdef MONOLITH
 static void s_server_init(void)
@@ -201,7 +198,6 @@ static void s_server_init(void)
 	s_debug=0;
 	s_quiet=0;
 	hack=0;
 	engine_id=NULL;
 	}
 #endif
@@ -246,8 +242,6 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}
 static int local_argc=0;
@@ -417,9 +411,6 @@ int MAIN(int argc, char *argv[])
 	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
 	char *inrand=NULL;
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
 #ifndef NO_DH
 	DH *dh=NULL;
 #endif
@@ -574,16 +565,6 @@ int MAIN(int argc, char *argv[])
 		else if	(strcmp(*argv,"-tls1") == 0)
 			{ meth=TLSv1_server_method(); }
 #endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine_id= *(++argv);
 			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -600,14 +581,7 @@ bad:
 		goto end;
 		}
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+	app_RAND_load_file(NULL, bio_err, 0);
 		&& !RAND_status())
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));
 	if (bio_s_out == NULL)
 		{
@@ -635,29 +609,6 @@ bad:
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 	if (engine_id != NULL)
 		{
 		if((e = ENGINE_by_id(engine_id)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (s_debug)
 			{
 			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
 				0, bio_err, 0);
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
 		ENGINE_free(e);
 		}
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -725,7 +676,6 @@ bad:
 #ifndef NO_RSA
 #if 1
 	if (!no_tmp_rsa)
 	SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
 #else
 	if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
@@ -1386,29 +1336,15 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			/* skip the '/' */
 			p= &(buf[5]);
-
+			dot=0;
 			dot = 1;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ')
+				if (e[0] == ' ') break;
-					break;
+				if (	(e[0] == '.') &&
 					(strncmp(&(e[-1]),"/../",4) == 0))
 					dot=1;
 				}
 				switch (dot)
 					{
 				case 1:
 					dot = (e[0] == '.') ? 2 : 0;
 					break;
 				case 2:
 					dot = (e[0] == '.') ? 3 : 0;
 					break;
 				case 3:
 					dot = (e[0] == '/') ? -1 : 0;
 					break;
 					}
 				if (dot == 0)
 					dot = (e[0] == '/') ? 1 : 0;
 				}
 			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
 			if (*e == '\0')
 				{
@@ -1432,11 +1368,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				break;
 				}
 #if 0
 			/* append if a directory lookup */
 			if (e[-1] == '/')
 				strcat(p,"index.html");
 #endif
 			/* if a directory, do the index thang */
 			if (stat(p,&st_buf) < 0)
@@ -1448,13 +1382,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				}
 			if (S_ISDIR(st_buf.st_mode))
 				{
 #if 0 /* must check buffer size */
 				strcat(p,"/index.html");
 #else
 				BIO_puts(io,text);
 				BIO_printf(io,"'%s' is a directory\r\n",p);
 				break;
 #endif
 				}
 			if ((file=BIO_new_file(p,"r")) == NULL)
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -209,11 +209,9 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 #ifndef MPE
 	i=0;
 	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 	if (i < 0) { perror("keepalive"); return(0); }
 #endif
 	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
 		{ close(s); perror("connect"); return(0); }
--- a/apps/server.pem
+++ b/apps/server.pem
@@ -1,17 +1,17 @@
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
 -----BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
-MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
 A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
 cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
 Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
-GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
+JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
-k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
+IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
-itAE+OjGF+PFKbwX8Q==
+FUGcPZf9ND22Etc+AQ==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -206,15 +206,7 @@ bad:
 			}
 		if (outfile == NULL)
 			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
 			}
 #endif
 			}
 		else
 			{
 			if (BIO_write_filename(out,outfile) <= 0)
@@ -270,7 +262,7 @@ bad:
 		}
 	ret=0;
 end:
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (x != NULL) SSL_SESSION_free(x);
 	EXIT(ret);
 	}
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -64,7 +64,6 @@
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG smime_main
@@ -82,7 +81,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
 	ENGINE *e = NULL;
 	int operation = 0;
 	int ret = 0;
 	char **args;
@@ -105,9 +103,8 @@ int MAIN(int argc, char **argv)
 	char *inrand = NULL;
 	int need_rand = 0;
 	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
 	char *engine=NULL;
 	args = argv + 1;
 	ret = 1;
 	while (!badarg && *args && *args[0] == '-') {
@@ -156,11 +153,6 @@ int MAIN(int argc, char **argv)
 				inrand = *args;
 			} else badarg = 1;
 			need_rand = 1;
 		} else if (!strcmp(*args,"-engine")) {
 			if (args[1]) {
 				args++;
 				engine = *args;
 			} else badarg = 1;
 		} else if (!strcmp(*args,"-passin")) {
 			if (args[1]) {
 				args++;
@@ -298,8 +290,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
 		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,  "               the random number generator\n");
@@ -307,24 +297,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -421,15 +393,7 @@ int MAIN(int argc, char **argv)
 				 "Can't open output file %s\n", outfile);
 			goto end;
 		}
-	} else {
+	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
 		}
 #endif
 	}
 	if(operation == SMIME_VERIFY) {
 		if(!(store = setup_verify(CAfile, CApath))) goto end;
@@ -526,7 +490,7 @@ end:
 	PKCS7_free(p7);
 	BIO_free(in);
 	BIO_free(indata);
-	BIO_free_all(out);
+	BIO_free(out);
 	if(passin) OPENSSL_free(passin);
 	return (ret);
 }
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -81,14 +81,13 @@
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
 #include <openssl/engine.h>
-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
+#if defined(__FreeBSD__)
 # define USE_TOD
 #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 # define TIMES
 #endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__)
+#if !defined(_UNICOS) && !defined(__OpenBSD__)
 # define TIMEB
 #endif
@@ -116,7 +115,7 @@
 #include <sys/timeb.h>
 #endif
-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD)
+#if !defined(TIMES) && !defined(TIMEB)
 #error "It seems neither struct tms nor struct timeb is supported in this platform!"
 #endif
@@ -311,7 +310,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e;
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
 #define ALGOR_NUM	15
@@ -472,37 +470,6 @@ int MAIN(int argc, char **argv)
 		{
 		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
 			usertime = 0;
 		else
 		if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
 			{
 			argc--;
 			argv++;
 			if(argc == 0)
 				{
 				BIO_printf(bio_err,"no engine given\n");
 				goto end;
 				}
 			if((e = ENGINE_by_id(*argv)) == NULL)
 				{
 				BIO_printf(bio_err,"invalid engine \"%s\"\n",
 					*argv);
 				goto end;
 				}
 			if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 				{
 				BIO_printf(bio_err,"can't use that engine\n");
 				goto end;
 				}
 			BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
 			/* Free our "structural" reference. */
 			ENGINE_free(e);
 			/* It will be increased again further down.  We just
 			   don't want speed to confuse an engine with an
 			   algorithm, especially when none is given (which
 			   means all of them should be run) */
 			j--;
 			}
 		else
 #ifndef NO_MD2
 		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
 		else
@@ -550,7 +517,7 @@ int MAIN(int argc, char **argv)
 #ifdef RSAref
 			if (strcmp(*argv,"rsaref") == 0) 
 			{
-			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
+			RSA_set_default_method(RSA_PKCS1_RSAref());
 			j--;
 			}
 		else
@@ -558,7 +525,7 @@ int MAIN(int argc, char **argv)
 #ifndef RSA_NULL
 			if (strcmp(*argv,"openssl") == 0) 
 			{
-			RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
+			RSA_set_default_method(RSA_PKCS1_SSLeay());
 			j--;
 			}
 		else
@@ -703,12 +670,11 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"\n");
 #endif
 #ifdef TIMES
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"Available options:\n");
 #ifdef TIMES
 			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
 			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 			goto end;
 			}
 		argc--;
@@ -865,7 +831,6 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 #ifndef NO_DSA
 	dsa_c[R_DSA_512][0]=count/1000;
 	dsa_c[R_DSA_512][1]=count/1000/2;
 	for (i=1; i<DSA_NUM; i++)
@@ -883,7 +848,6 @@ int MAIN(int argc, char **argv)
 				}
 			}				
 		}
 #endif
 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
@@ -1209,7 +1173,7 @@ int MAIN(int argc, char **argv)
 			{
 			BIO_printf(bio_err,"RSA verify failure.  No RSA verify will be done.\n");
 			ERR_print_errors(bio_err);
-			rsa_doit[j] = 0;
+			dsa_doit[j] = 0;
 			}
 		else
 			{
@@ -1415,7 +1379,6 @@ int MAIN(int argc, char **argv)
 #endif
 	mret=0;
 end:
 	ERR_print_errors(bio_err);
 	if (buf != NULL) OPENSSL_free(buf);
 	if (buf2 != NULL) OPENSSL_free(buf2);
 #ifndef NO_RSA
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -69,7 +69,6 @@
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	spkac_main
@@ -82,7 +81,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i,badops=0, ret = 1;
 	BIO *in = NULL,*out = NULL, *key = NULL;
 	int verify=0,noout=0,pubkey=0;
@@ -93,7 +91,6 @@ int MAIN(int argc, char **argv)
 	LHASH *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
 	char *engine=NULL;
 	apps_startup();
@@ -139,11 +136,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -169,7 +161,6 @@ bad:
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
 		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		goto end;
 		}
@@ -179,24 +170,6 @@ bad:
 		goto end;
 	}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if(keyfile) {
 		if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
 		else key = BIO_new_fp(stdin, BIO_NOCLOSE);
@@ -219,15 +192,7 @@ bad:
 		spkstr = NETSCAPE_SPKI_b64_encode(spki);
 		if (outfile) out = BIO_new_file(outfile, "w");
-		else {
+		else out = BIO_new_fp(stdout, BIO_NOCLOSE);
 			out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef VMS
 			{
 			    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			    out = BIO_push(tmpbio, out);
 			}
 #endif
 		}
 		if(!out) {
 			BIO_printf(bio_err, "Error opening output file\n");
@@ -276,15 +241,7 @@ bad:
 	}
 	if (outfile) out = BIO_new_file(outfile, "w");
-	else {
+	else out = BIO_new_fp(stdout, BIO_NOCLOSE);
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
 		}
 #endif
 	}
 	if(!out) {
 		BIO_printf(bio_err, "Error opening output file\n");
@@ -311,7 +268,7 @@ end:
 	CONF_free(conf);
 	NETSCAPE_SPKI_free(spki);
 	BIO_free(in);
-	BIO_free_all(out);
+	BIO_free(out);
 	BIO_free(key);
 	EVP_PKEY_free(pkey);
 	if(passin) OPENSSL_free(passin);
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -65,7 +65,6 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG	verify_main
@@ -79,7 +78,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int i,ret=1;
 	int purpose = -1;
 	char *CApath=NULL,*CAfile=NULL;
@@ -87,7 +85,6 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
 	char *engine=NULL;
 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
@@ -140,11 +137,6 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				trustfile= *(++argv);
 				}
 			else if (strcmp(*argv,"-engine") == 0)
 				{
 				if (--argc < 1) goto end;
 				engine= *(++argv);
 				}
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
 			else if (strcmp(*argv,"-issuer_checks") == 0)
@@ -162,24 +154,6 @@ int MAIN(int argc, char **argv)
 			break;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
 	if (CAfile) {
@@ -227,7 +201,7 @@ int MAIN(int argc, char **argv)
 	ret=0;
 end:
 	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -73,7 +73,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #undef PROG
 #define PROG x509_main
@@ -130,7 +129,6 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
 " -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
@@ -147,7 +145,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	int ret=1;
 	X509_REQ *req=NULL;
 	X509 *x=NULL,*xca=NULL;
@@ -178,7 +175,6 @@ int MAIN(int argc, char **argv)
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
 	unsigned long nmflag = 0;
 	char *engine=NULL;
 	reqfile=0;
@@ -187,12 +183,6 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	STDout = BIO_push(tmpbio, STDout);
 	}
 #endif
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
@@ -341,11 +331,6 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 		else if (strcmp(*argv,"-C") == 0)
 			C= ++num;
 		else if (strcmp(*argv,"-email") == 0)
@@ -429,24 +414,6 @@ bad:
 		goto end;
 		}
 	if (engine != NULL)
 		{
 		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
 		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
 		ENGINE_free(e);
 		}
 	if (need_rand)
 		app_RAND_load_file(NULL, bio_err, 0);
@@ -609,15 +576,7 @@ bad:
 			goto end;
 			}
 		if (outfile == NULL)
 			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
 			}
 #endif
 			}
 		else
 			{
 			if (BIO_write_filename(out,outfile) <= 0)
@@ -894,10 +853,8 @@ bad:
 				BIO_printf(bio_err,"Generating certificate request\n");
 #ifndef NO_DSA
 		                if (pk->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
 				rq=X509_to_X509_REQ(x,pk,digest);
 				EVP_PKEY_free(pk);
@@ -976,8 +933,8 @@ end:
 		app_RAND_write_file(NULL, bio_err);
 	OBJ_cleanup();
 	CONF_free(extconf);
-	BIO_free_all(out);
+	BIO_free(out);
-	BIO_free_all(STDout);
+	BIO_free(STDout);
 	X509_STORE_free(ctx);
 	X509_REQ_free(req);
 	X509_free(x);
--- a/certs/expired/rsa-ssca.pem
+++ b/certs/expired/rsa-ssca.pem
--- a/76
+++ b/76
@@ -49,18 +49,10 @@ if [ "x$XREL" != "x" ]; then
 		echo "whatever-whatever-sco5"; exit 0
 		;;
 	    4.2MP)
-		if [ "x$VERSION" = "x2.01" ]; then
+		if [ "x$VERSION" = "x2.1.1" ]; then
 		    echo "${MACHINE}-whatever-unixware201"; exit 0
 		elif [ "x$VERSION" = "x2.02" ]; then
 		    echo "${MACHINE}-whatever-unixware202"; exit 0
 		elif [ "x$VERSION" = "x2.03" ]; then
 		    echo "${MACHINE}-whatever-unixware203"; exit 0
 		elif [ "x$VERSION" = "x2.1.1" ]; then
 		    echo "${MACHINE}-whatever-unixware211"; exit 0
 		elif [ "x$VERSION" = "x2.1.2" ]; then
 		    echo "${MACHINE}-whatever-unixware212"; exit 0
 		elif [ "x$VERSION" = "x2.1.3" ]; then
 		    echo "${MACHINE}-whatever-unixware213"; exit 0
 		else
 		    echo "${MACHINE}-whatever-unixware2"; exit 0
 		fi
@@ -79,22 +71,10 @@ fi
 # Now we simply scan though... In most cases, the SYSTEM info is enough
 #
 case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
    MPE/iX:*)
 	MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'`
 	echo "parisc-hp-MPE/iX"; exit 0
 	;;
    A/UX:*)
 	echo "m68k-apple-aux3"; exit 0
 	;;
    AIX:[3456789]:4:*)
 	echo "${MACHINE}-ibm-aix43"; exit 0
 	;;
    AIX:*:[56789]:*)
 	echo "${MACHINE}-ibm-aix43"; exit 0
 	;;
    AIX:*)
 	echo "${MACHINE}-ibm-aix"; exit 0
 	;;
@@ -184,7 +164,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
        ;;
    NetBSD:*:*:*386*)
-        echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
+        echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
 	;;
    NetBSD:*)
@@ -409,16 +389,10 @@ case "$GUESSOS" in
 	;;
  mips4-sgi-irix64)
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
-	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+	echo "         invoke './Configre irix64-mips4-$CC' *manually*."
-	echo "         Type return if you want to continue, Ctrl-C to abort."
+	echo "         Type Ctrl-C if you don't want to continue."
 	read waste < /dev/tty
        CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
        CPU=${CPU:-0}
        if [ $CPU -ge 5000 ]; then
 	options="$options -mips4"
        else
                options="$options -mips3"
        fi
 	OUT="irix-mips3-$CC"
 	;;
  alpha-*-linux2)
@@ -445,11 +419,11 @@ case "$GUESSOS" in
 	#till 64-bit glibc for SPARC is operational:-(
 	#echo "WARNING! If you wish to build 64-bit library, then you have to"
 	#echo "         invoke './Configure linux64-sparcv9' *manually*."
-	#echo "         Type return if you want to continue, Ctrl-C to abort."
+	#echo "         Type Ctrl-C if you don't want to continue."
 	#read waste < /dev/tty
 	OUT="linux-sparcv9" ;;
  sparc-*-linux2)
-	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
+	KARCH=`awk '/type/{print$3}' /proc/cpuinfo`
 	case ${KARCH:-sun4} in
 	sun4u*)	OUT="linux-sparcv9" ;;
 	sun4m)	OUT="linux-sparcv8" ;;
@@ -457,7 +431,6 @@ case "$GUESSOS" in
 	*)	OUT="linux-sparcv7" ;;
 	esac ;;
  arm*-*-linux2) OUT="linux-elf-arm" ;;
  s390-*-linux2) OUT="linux-s390" ;;
  *-*-linux2) OUT="linux-elf" ;;
  *-*-linux1) OUT="linux-aout" ;;
  sun4u*-*-solaris2)
@@ -465,7 +438,7 @@ case "$GUESSOS" in
 	if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
-		echo "         Type return if you want to continue, Ctrl-C to abort."
+		echo "         Type Ctrl-C if you don't want to continue."
 		read waste < /dev/tty
 	fi
 	OUT="solaris-sparcv9-$CC" ;;
@@ -489,12 +462,9 @@ case "$GUESSOS" in
  *-*-unixware7) OUT="unixware-7" ;;
  *-*-UnixWare7) OUT="unixware-7" ;;
  *-*-Unixware7) OUT="unixware-7" ;;
-  *-*-unixware20*) OUT="unixware-2.0" ;;
+  *-*-unixware[1-2]*) OUT="unixware-2.0" ;;
-  *-*-unixware21*) OUT="unixware-2.1" ;;
+  *-*-UnixWare[1-2]*) OUT="unixware-2.0" ;;
-  *-*-UnixWare20*) OUT="unixware-2.0" ;;
+  *-*-Unixware[1-2]*) OUT="unixware-2.0" ;;
  *-*-UnixWare21*) OUT="unixware-2.1" ;;
  *-*-Unixware20*) OUT="unixware-2.0" ;;
  *-*-Unixware21*) OUT="unixware-2.1" ;;
  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
@@ -508,27 +478,11 @@ case "$GUESSOS" in
  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 # NB: This atalla support has been superceded by the ENGINE support
 # That contains its own header and definitions anyway. Support can
 # be enabled or disabled on any supported platform without external
 # headers, eg. by adding the "hw-atalla" switch to ./config or
 # perl Configure
 #
 # See whether we can compile Atalla support
-#if [ -f /usr/include/atasi.h ]
+if [ -f /usr/include/atasi.h ]
-#then
+then
-#  options="$options -DATALLA"
+  options="$options -DATALLA"
-#fi
+fi
 #get some basic shared lib support (behnke@trustcenter.de)
 case "$OUT" in
   solaris-*-gcc)
 	if  [ "$SHARED" = "true" ] 
 	 then
 	  options="$options -DPIC -fPIC"
        fi
     ;;
 esac
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
@@ -599,7 +553,7 @@ OUT="$PREFIX$OUT"
 $PERL ./Configure LIST | grep "$OUT" > /dev/null
 if [ $? = "0" ]; then
-  echo Configuring for $OUT
+  #echo Configuring for $OUT
  if [ "$TEST" = "true" ]; then
    echo $PERL ./Configure $OUT $options
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -27,15 +27,15 @@ LIBS=
 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso engine \
+	bn rsa dsa dh dso \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 GENERAL=Makefile README crypto-lib.com install.com
 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o
 SRC= $(LIBSRC)
@@ -90,8 +90,7 @@ links:
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
+	$(RANLIB) $(LIB)
 	- $(RANLIB) $(LIB)
 	@touch lib
 libs:
@@ -198,6 +197,3 @@ tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
 tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
 uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
 uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 uid.o: ../include/openssl/symhacks.h
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -75,8 +75,7 @@ all:	lib
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
+	$(RANLIB) $(LIB)
 	- $(RANLIB) $(LIB)
 	@touch lib
 files:
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -133,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 	if(tbl) {
 		mask = tbl->mask;
 		if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
-		ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
+		ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask,
 					tbl->minsize, tbl->maxsize);
 	} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
 	if(ret <= 0) return NULL;
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -123,8 +123,6 @@ int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
 		break;
 	case V_ASN1_SET:
 	case V_ASN1_SEQUENCE:
 	case V_ASN1_OTHER:
 	default:
 		if (a->value.set == NULL)
 			r=0;
 		else
@@ -161,8 +159,6 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
 	inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
 	if (inf & 0x80) goto err;
 	/* If not universal tag we've no idea what it is */
 	if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER;
 	ASN1_TYPE_component_free(ret);
@@ -249,8 +245,6 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
 		break;
 	case V_ASN1_SET:
 	case V_ASN1_SEQUENCE:
 	case V_ASN1_OTHER:
 	default:
 		/* Sets and sequences are left complete */
 		if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
 		ret->value.set->type=tag;
@@ -258,6 +252,9 @@ ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
 		if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
 		p+=len;
 		break;
 	default:
 		ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE);
 		goto err;
 		}
 	ret->type=tag;
@@ -315,8 +312,6 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
 		case V_ASN1_OBJECT:
 			ASN1_OBJECT_free(a->value.object);
 			break;
 		case V_ASN1_NULL:
 			break;
 		case V_ASN1_INTEGER:
 		case V_ASN1_NEG_INTEGER:
 		case V_ASN1_ENUMERATED:
@@ -338,10 +333,11 @@ static void ASN1_TYPE_component_free(ASN1_TYPE *a)
 		case V_ASN1_UNIVERSALSTRING:
 		case V_ASN1_BMPSTRING:
 		case V_ASN1_UTF8STRING:
 		case V_ASN1_OTHER:
 		default:
 			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
 			break;
 		default:
 			/* MEMORY LEAK */
 			break;
 			}
 		a->type=0;
 		a->value.ptr=NULL;
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -83,7 +83,6 @@ extern "C" {
 #define V_ASN1_PRIMATIVE_TAG		0x1f
 #define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */
 #define V_ASN1_OTHER			-3	/* used in ASN1_TYPE */
 #define V_ASN1_NEG			0x100	/* negative flag */
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -301,7 +301,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length)
 		return(0);
 		}
 	if (c->inf == (1|V_ASN1_CONSTRUCTED))
-		c->slen= *length;
+		c->slen= *length+ *(c->pp)-c->p;
 	c->eos=0;
 	return(1);
 	}
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -196,9 +196,6 @@ err:\
 	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
 #define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
 	if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
 #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
 	if ((c.slen != 0) && \
 		(M_ASN1_next == \
@@ -392,9 +389,6 @@ err:\
 		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
 #define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
 		if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
 #define M_ASN1_I2D_len_IMP_SET(a,f,x) \
 		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
@@ -458,15 +452,6 @@ err:\
 			ret+=ASN1_object_size(1,v,mtag); \
 			}
 #define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
 		if (a)\
 			{ \
 			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
 						 V_ASN1_UNIVERSAL, \
 						 IS_SEQUENCE); \
 			ret+=ASN1_object_size(1,v,mtag); \
 			}
 /* Put Macros */
 #define M_ASN1_I2D_put(a,f)	f(a,&p)
@@ -551,14 +536,6 @@ err:\
 					       IS_SEQUENCE); \
 			}
 #define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
 		if (a) \
 			{ \
 			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
 			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
 					       IS_SEQUENCE); \
 			}
 #define M_ASN1_I2D_seq_total() \
 		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
 		if (pp == NULL) return(r); \
--- a/crypto/asn1/p7_lib.c
+++ b/crypto/asn1/p7_lib.c
@@ -307,14 +307,12 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
 			}
 		if (Tinf == (1|V_ASN1_CONSTRUCTED))
 			{
 			c.q=c.p;
 			if (!ASN1_check_infinite_end(&c.p,c.slen))
 				{
 				c.error=ERR_R_MISSING_ASN1_EOS;
 				c.line=__LINE__;
 				goto err;
 				}
 			c.slen-=(c.p-c.q);
 			}
 		}
 	else
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -349,8 +349,6 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 	ll=80-2-obase;
 	s=X509_NAME_oneline(name,buf,256);
 	if (!*s)
 		return 1;
 	s++; /* skip the first slash */
 	l=ll;
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
 	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
 					 i2d_X509_EXTENSION);
 	M_ASN1_I2D_seq_total();
 	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
 					 i2d_X509_EXTENSION);
 	M_ASN1_I2D_finish();
@@ -121,7 +121,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
 	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
 					 i2d_X509_REVOKED);
-	M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
 					     i2d_X509_EXTENSION,0,
 					     V_ASN1_SEQUENCE,v1);
@@ -138,7 +138,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
 	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
 					 i2d_X509_REVOKED);
-	M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
 					     i2d_X509_EXTENSION,0,
 					     V_ASN1_SEQUENCE,v1);
@@ -260,7 +260,7 @@ X509_CRL_INFO *X509_CRL_INFO_new(void)
 	M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
 	ret->nextUpdate=NULL;
 	M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
-	ret->extensions = NULL;
+	M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null);
 	sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -141,12 +141,10 @@ static int i2d_X509_NAME_entries(X509_NAME *a)
 			}
 		size+=i2d_X509_NAME_ENTRY(ne,NULL);
 		}
-	if (fe != NULL)
+
 		{
 		/* SET OF needed only if entries is non empty */
 	ret+=ASN1_object_size(1,size,V_ASN1_SET);
 	if (fe != NULL)
 		fe->size=size;
 		}
 	r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -234,7 +234,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	a=key->algor;
 	if (ret->type == EVP_PKEY_DSA)
 		{
-		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+		if (a->parameter->type == V_ASN1_SEQUENCE)
 			{
 			ret->pkey.dsa->write_params=0;
 			p=a->parameter->value.sequence->data;
--- a/crypto/bf/Makefile.ssl
+++ b/crypto/bf/Makefile.ssl
@@ -44,8 +44,7 @@ all:	lib
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
+	$(RANLIB) $(LIB)
 	- $(RANLIB) $(LIB)
 	@touch lib
 # elf
--- a/crypto/bio/Makefile.ssl
+++ b/crypto/bio/Makefile.ssl
@@ -27,13 +27,11 @@ LIBSRC= bio_lib.c bio_cb.c bio_err.c \
 	bss_file.c bss_sock.c bss_conn.c \
 	bf_null.c bf_buff.c b_print.c b_dump.c \
 	b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
 #	bf_lbuf.c
 LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
 	bss_mem.o bss_null.o bss_fd.o \
 	bss_file.o bss_sock.o bss_conn.o \
 	bf_null.o bf_buff.o b_print.o b_dump.o \
 	b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o
 #	bf_lbuf.o
 SRC= $(LIBSRC)
@@ -49,8 +47,7 @@ all:	lib
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
+	$(RANLIB) $(LIB)
 	- $(RANLIB) $(LIB)
 	@touch lib
 files:
@@ -96,13 +93,13 @@ b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 b_dump.o: ../cryptlib.h
-b_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-b_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-b_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h
+b_print.o: ../cryptlib.h
 b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -69,7 +69,6 @@
 #ifndef NO_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #include <openssl/bn.h>         /* To get BN_LLONG properly defined */
 #include <openssl/bio.h>
 #ifdef BN_LLONG
@@ -109,11 +108,7 @@
 #endif
 #if HAVE_LONG_LONG
-# if defined(WIN32) && !defined(__GNUC__)
+#define LLONG long long
 # define LLONG _int64
 # else
 # define LLONG long long
 # endif
 #else
 #define LLONG long
 #endif
@@ -156,7 +151,7 @@ static void _dopr(char **sbuffer, char **buffer,
 /* some handy macros */
 #define char_to_int(p) (p - '0')
-#define OSSL_MAX(p,q) ((p >= q) ? p : q)
+#define MAX(p,q) ((p >= q) ? p : q)
 static void
 _dopr(
@@ -507,13 +502,13 @@ fmtint(
    convert[place] = 0;
    zpadlen = max - place;
-    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
+    spadlen = min - MAX(max, place) - (signvalue ? 1 : 0);
    if (zpadlen < 0)
        zpadlen = 0;
    if (spadlen < 0)
        spadlen = 0;
    if (flags & DP_F_ZERO) {
-        zpadlen = OSSL_MAX(zpadlen, spadlen);
+        zpadlen = MAX(zpadlen, spadlen);
        spadlen = 0;
    }
    if (flags & DP_F_MINUS)
@@ -645,7 +640,7 @@ fmtfp(
            (caps ? "0123456789ABCDEF"
              : "0123456789abcdef")[fracpart % 10];
        fracpart = (fracpart / 10);
-    } while (fplace < max);
+    } while (fracpart && (fplace < 20));
    if (fplace == 20)
        fplace--;
    fconvert[fplace] = 0;
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -113,8 +113,8 @@ int BIO_get_host_ip(const char *str, unsigned char *ip)
 	/* At this point, we have something that is most probably correct
 	   in some way, so let's init the socket. */
-	if (BIO_sock_init() != 1)
+	if (!BIO_sock_init())
-		return 0; /* don't generate another error code here */
+		return(0); /* don't generate another error code here */
 	/* If the string actually contained an IP address, we need not do
 	   anything more */
@@ -519,15 +519,15 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 	{
 	int ret=0;
 	struct sockaddr_in server,client;
-	int s=INVALID_SOCKET,cs;
+	int s= -1,cs;
 	unsigned char ip[4];
 	unsigned short port;
-	char *str=NULL,*e;
+	char *str,*e;
 	const char *h,*p;
 	unsigned long l;
 	int err_num;
-	if (BIO_sock_init() != 1) return(INVALID_SOCKET);
+	if (!BIO_sock_init()) return(INVALID_SOCKET);
 	if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
@@ -553,7 +553,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 		h="*";
 		}
-	if (!BIO_get_port(p,&port)) goto err;
+	if (!BIO_get_port(p,&port)) return(INVALID_SOCKET);
 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
@@ -563,7 +563,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 		server.sin_addr.s_addr=INADDR_ANY;
 	else
 		{
-                if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
+		if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
 		l=(unsigned long)
 			((unsigned long)ip[0]<<24L)|
 			((unsigned long)ip[1]<<16L)|
--- a/crypto/bio/bf_buff.c
+++ b/crypto/bio/bf_buff.c
@@ -70,7 +70,7 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int buffer_new(BIO *h);
 static int buffer_free(BIO *data);
 static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-#define DEFAULT_BUFFER_SIZE	4096
+#define DEFAULT_BUFFER_SIZE	1024
 static BIO_METHOD methods_buffer=
 	{
--- a/crypto/bio/bf_lbuf.c
+++ b/crypto/bio/bf_lbuf.c
@@ -1,397 +0,0 @@
 /* crypto/bio/bf_buff.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
 #include <openssl/bio.h>
 #include <openssl/evp.h>
 static int linebuffer_write(BIO *h, const char *buf,int num);
 static int linebuffer_read(BIO *h, char *buf, int size);
 static int linebuffer_puts(BIO *h, const char *str);
 static int linebuffer_gets(BIO *h, char *str, int size);
 static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int linebuffer_new(BIO *h);
 static int linebuffer_free(BIO *data);
 static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
 /* A 10k maximum should be enough for most purposes */
 #define DEFAULT_LINEBUFFER_SIZE	1024*10
 /* #define DEBUG */
 static BIO_METHOD methods_linebuffer=
 	{
 	BIO_TYPE_LINEBUFFER,
 	"linebuffer",
 	linebuffer_write,
 	linebuffer_read,
 	linebuffer_puts,
 	linebuffer_gets,
 	linebuffer_ctrl,
 	linebuffer_new,
 	linebuffer_free,
 	linebuffer_callback_ctrl,
 	};
 BIO_METHOD *BIO_f_linebuffer(void)
 	{
 	return(&methods_linebuffer);
 	}
 typedef struct bio_linebuffer_ctx_struct
 	{
 	char *obuf;		/* the output char array */
 	int obuf_size;		/* how big is the output buffer */
 	int obuf_len;		/* how many bytes are in it */
 	} BIO_LINEBUFFER_CTX;
 static int linebuffer_new(BIO *bi)
 	{
 	BIO_LINEBUFFER_CTX *ctx;
 	ctx=(BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX));
 	if (ctx == NULL) return(0);
 	ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
 	if (ctx->obuf == NULL) { OPENSSL_free(ctx); return(0); }
 	ctx->obuf_size=DEFAULT_LINEBUFFER_SIZE;
 	ctx->obuf_len=0;
 	bi->init=1;
 	bi->ptr=(char *)ctx;
 	bi->flags=0;
 	return(1);
 	}
 static int linebuffer_free(BIO *a)
 	{
 	BIO_LINEBUFFER_CTX *b;
 	if (a == NULL) return(0);
 	b=(BIO_LINEBUFFER_CTX *)a->ptr;
 	if (b->obuf != NULL) OPENSSL_free(b->obuf);
 	OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;
 	a->flags=0;
 	return(1);
 	}
 static int linebuffer_read(BIO *b, char *out, int outl)
 	{
 	int ret=0;
 	if (out == NULL) return(0);
 	if (b->next_bio == NULL) return(0);
 	ret=BIO_read(b->next_bio,out,outl);
 	BIO_clear_retry_flags(b);
 	BIO_copy_next_retry(b);
 	return(ret);
 	}
 static int linebuffer_write(BIO *b, const char *in, int inl)
 	{
 	int i,num=0,foundnl;
 	BIO_LINEBUFFER_CTX *ctx;
 	if ((in == NULL) || (inl <= 0)) return(0);
 	ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
 	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
 	BIO_clear_retry_flags(b);
 	do
 		{
 		const char *p;
 		for(p = in; p < in + inl && *p != '\n'; p++)
 			;
 		if (*p == '\n')
 			{
 			p++;
 			foundnl = 1;
 			}
 		else
 			foundnl = 0;
 		/* If a NL was found and we already have text in the save
 		   buffer, concatenate them and write */
 		while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
 			&& ctx->obuf_len > 0)
 			{
 			int orig_olen = ctx->obuf_len;
 			i = ctx->obuf_size - ctx->obuf_len;
 			if (p - in > 0)
 				{
 				if (i >= p - in)
 					{
 					memcpy(&(ctx->obuf[ctx->obuf_len]),
 						in,p - in);
 					ctx->obuf_len += p - in;
 					inl -= p - in;
 					num += p - in;
 					in = p;
 					}
 				else
 					{
 					memcpy(&(ctx->obuf[ctx->obuf_len]),
 						in,i);
 					ctx->obuf_len += i;
 					inl -= i;
 					in += i;
 					num += i;
 					}
 				}
 #ifdef DEBUG
 BIO_write(b->next_bio, "<*<", 3);
 #endif
 			i=BIO_write(b->next_bio,
 				ctx->obuf, ctx->obuf_len);
 			if (i <= 0)
 				{
 				ctx->obuf_len = orig_olen;
 				BIO_copy_next_retry(b);
 #ifdef DEBUG
 BIO_write(b->next_bio, ">*>", 3);
 #endif
 				if (i < 0) return((num > 0)?num:i);
 				if (i == 0) return(num);
 				}
 #ifdef DEBUG
 BIO_write(b->next_bio, ">*>", 3);
 #endif
 			if (i < ctx->obuf_len)
 				memmove(ctx->obuf, ctx->obuf + i,
 					ctx->obuf_len - i);
 			ctx->obuf_len-=i;
 			}
 		/* Now that the save buffer is emptied, let's write the input
 		   buffer if a NL was found and there is anything to write. */
 		if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
 			{
 #ifdef DEBUG
 BIO_write(b->next_bio, "<*<", 3);
 #endif
 			i=BIO_write(b->next_bio,in,p - in);
 			if (i <= 0)
 				{
 				BIO_copy_next_retry(b);
 #ifdef DEBUG
 BIO_write(b->next_bio, ">*>", 3);
 #endif
 				if (i < 0) return((num > 0)?num:i);
 				if (i == 0) return(num);
 				}
 #ifdef DEBUG
 BIO_write(b->next_bio, ">*>", 3);
 #endif
 			num+=i;
 			in+=i;
 			inl-=i;
 			}
 		}
 	while(foundnl && inl > 0);
 	/* We've written as much as we can.  The rest of the input buffer, if
 	   any, is text that doesn't and with a NL and therefore needs to be
 	   saved for the next trip. */
 	if (inl > 0)
 		{
 		memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
 		ctx->obuf_len += inl;
 		num += inl;
 		}
 	return num;
 	}
 static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	BIO *dbio;
 	BIO_LINEBUFFER_CTX *ctx;
 	long ret=1;
 	char *p;
 	int r;
 	int obs;
 	ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
 	switch (cmd)
 		{
 	case BIO_CTRL_RESET:
 		ctx->obuf_len=0;
 		if (b->next_bio == NULL) return(0);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
 	case BIO_CTRL_INFO:
 		ret=(long)ctx->obuf_len;
 		break;
 	case BIO_CTRL_WPENDING:
 		ret=(long)ctx->obuf_len;
 		if (ret == 0)
 			{
 			if (b->next_bio == NULL) return(0);
 			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 			}
 		break;
 	case BIO_C_SET_BUFF_SIZE:
 		obs=(int)num;
 		p=ctx->obuf;
 		if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size))
 			{
 			p=(char *)OPENSSL_malloc((int)num);
 			if (p == NULL)
 				goto malloc_error;
 			}
 		if (ctx->obuf != p)
 			{
 			if (ctx->obuf_len > obs)
 				{
 				ctx->obuf_len = obs;
 				}
 			memcpy(p, ctx->obuf, ctx->obuf_len);
 			OPENSSL_free(ctx->obuf);
 			ctx->obuf=p;
 			ctx->obuf_size=obs;
 			}
 		break;
 	case BIO_C_DO_STATE_MACHINE:
 		if (b->next_bio == NULL) return(0);
 		BIO_clear_retry_flags(b);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		BIO_copy_next_retry(b);
 		break;
 	case BIO_CTRL_FLUSH:
 		if (b->next_bio == NULL) return(0);
 		if (ctx->obuf_len <= 0)
 			{
 			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 			break;
 			}
 		for (;;)
 			{
 			BIO_clear_retry_flags(b);
 			if (ctx->obuf_len > 0)
 				{
 				r=BIO_write(b->next_bio,
 					ctx->obuf, ctx->obuf_len);
 #if 0
 fprintf(stderr,"FLUSH %3d -> %3d\n",ctx->obuf_len,r);
 #endif
 				BIO_copy_next_retry(b);
 				if (r <= 0) return((long)r);
 				if (r < ctx->obuf_len)
 					memmove(ctx->obuf, ctx->obuf + r,
 						ctx->obuf_len - r);
 				ctx->obuf_len-=r;
 				}
 			else
 				{
 				ctx->obuf_len=0;
 				ret=1;
 				break;
 				}
 			}
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
 	case BIO_CTRL_DUP:
 		dbio=(BIO *)ptr;
 		if (	!BIO_set_write_buffer_size(dbio,ctx->obuf_size))
 			ret=0;
 		break;
 	default:
 		if (b->next_bio == NULL) return(0);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
 		}
 	return(ret);
 malloc_error:
 	BIOerr(BIO_F_LINEBUFFER_CTRL,ERR_R_MALLOC_FAILURE);
 	return(0);
 	}
 static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
 	{
 	long ret=1;
 	if (b->next_bio == NULL) return(0);
 	switch (cmd)
 		{
 	default:
 		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
 		break;
 		}
 	return(ret);
 	}
 static int linebuffer_gets(BIO *b, char *buf, int size)
 	{
 	if (b->next_bio == NULL) return(0);
 	return(BIO_gets(b->next_bio,buf,size));
 	}
 static int linebuffer_puts(BIO *b, const char *str)
 	{
 	return(linebuffer_write(b,str,strlen(str)));
 	}
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -91,7 +91,6 @@ extern "C" {
 #define BIO_TYPE_NULL_FILTER	(17|0x0200)
 #define BIO_TYPE_BER		(18|0x0200)		/* BER -> bin filter */
 #define BIO_TYPE_BIO		(19|0x0400)		/* (half a) BIO pair */
 #define BIO_TYPE_LINEBUFFER	(20|0x0200)		/* filter */
 #define BIO_TYPE_DESCRIPTOR	0x0100	/* socket, fd, connect or accept */
 #define BIO_TYPE_FILTER		0x0200
@@ -555,9 +554,6 @@ BIO_METHOD *BIO_s_bio(void);
 BIO_METHOD *BIO_s_null(void);
 BIO_METHOD *BIO_f_null(void);
 BIO_METHOD *BIO_f_buffer(void);
 #ifdef VMS
 BIO_METHOD *BIO_f_linebuffer(void);
 #endif
 BIO_METHOD *BIO_f_nbio_test(void);
 /* BIO_METHOD *BIO_f_ber(void); */
@@ -644,7 +640,6 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args);
 #define BIO_F_CONN_CTRL					 127
 #define BIO_F_CONN_STATE				 115
 #define BIO_F_FILE_CTRL					 116
 #define BIO_F_LINEBUFFER_CTRL				 129
 #define BIO_F_MEM_READ					 128
 #define BIO_F_MEM_WRITE					 117
 #define BIO_F_SSL_NEW					 118
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
@@ -91,7 +91,6 @@ static ERR_STRING_DATA BIO_str_functs[]=
 {ERR_PACK(0,BIO_F_CONN_CTRL,0),	"CONN_CTRL"},
 {ERR_PACK(0,BIO_F_CONN_STATE,0),	"CONN_STATE"},
 {ERR_PACK(0,BIO_F_FILE_CTRL,0),	"FILE_CTRL"},
 {ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0),	"LINEBUFFER_CTRL"},
 {ERR_PACK(0,BIO_F_MEM_READ,0),	"MEM_READ"},
 {ERR_PACK(0,BIO_F_MEM_WRITE,0),	"MEM_WRITE"},
 {ERR_PACK(0,BIO_F_SSL_NEW,0),	"SSL_new"},
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -236,7 +236,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
 				}
 			c->state=BIO_CONN_S_CONNECT;
-#if defined(SO_KEEPALIVE) && !defined(MPE)
+#ifdef SO_KEEPALIVE
 			i=1;
 			i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 			if (i < 0)
--- a/crypto/bn/Makefile.ssl
+++ b/crypto/bn/Makefile.ssl
@@ -68,8 +68,7 @@ bnbug: bnbug.c ../../libcrypto.a top
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
+	$(RANLIB) $(LIB)
 	- $(RANLIB) $(LIB)
 	@touch lib
 # elf
--- a/crypto/bn/asm/mips3.s
+++ b/crypto/bn/asm/mips3.s
@@ -1,5 +1,5 @@
 .rdata
-.asciiz	"mips3.s, Version 1.1"
+.asciiz "mips3.s, Version 1.0"
 .asciiz	"MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
 /*
@@ -586,13 +586,13 @@ LEAF(bn_div_3_words)
 	ld	a0,(a3)
 	move	ta2,a1
 	ld	a1,-8(a3)
 	bne	a0,a2,.L_bn_div_3_words_proceed
 	li	v0,-1
 	jr	ra
 .L_bn_div_3_words_proceed:
 	move	ta3,ra
 	move	v1,zero
 	li	v0,-1
 	beq	a0,a2,.L_bn_div_3_words_skip_div
 	bal	bn_div_words
 	move	ra,ta3
 .L_bn_div_3_words_skip_div:
 	dmultu	ta2,v0
 	ld	t2,-16(a3)
 	move	ta0,zero
@@ -849,7 +849,6 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
 	sltu	c_3,c_2,t_2
 	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -857,8 +856,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
+	sltu	c_3,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -886,7 +884,6 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -894,8 +891,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
+	sltu	c_1,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -932,7 +928,6 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
 	sltu	c_2,c_1,t_2
 	dmultu	a_1,b_4		/* mul_add_c(a[1],b[4],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -940,8 +935,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
+	sltu	c_2,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -987,7 +981,6 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
 	sltu	c_3,c_2,t_2
 	dmultu	a_5,b_1		/* mul_add_c(a[5],b[1],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -995,8 +988,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
+	sltu	c_3,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_4,b_2		/* mul_add_c(a[4],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1051,7 +1043,6 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	dmultu	a_1,b_6		/* mul_add_c(a[1],b[6],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1059,8 +1050,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
+	sltu	c_1,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_2,b_5		/* mul_add_c(a[2],b[5],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1124,7 +1114,6 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
 	sltu	c_2,c_1,t_2
 	dmultu	a_6,b_2		/* mul_add_c(a[6],b[2],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1132,8 +1121,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
+	sltu	c_2,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_5,b_3		/* mul_add_c(a[5],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1188,7 +1176,6 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
 	sltu	c_3,c_2,t_2
 	dmultu	a_3,b_6		/* mul_add_c(a[3],b[6],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1196,8 +1183,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
+	sltu	c_3,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_4,b_5		/* mul_add_c(a[4],b[5],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1243,7 +1229,6 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	dmultu	a_6,b_4		/* mul_add_c(a[6],b[4],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1251,8 +1236,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
+	sltu	c_1,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_5,b_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1289,7 +1273,6 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
 	sltu	c_2,c_1,t_2
 	dmultu	a_5,b_6		/* mul_add_c(a[5],b[6],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1297,8 +1280,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
+	sltu	c_2,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_6,b_5		/* mul_add_c(a[6],b[5],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1326,7 +1308,6 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
 	sltu	c_3,c_2,t_2
 	dmultu	a_6,b_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1334,8 +1315,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
+	sltu	c_3,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_5,b_7		/* mul_add_c(a[5],b[7],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1354,7 +1334,6 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	dmultu	a_7,b_6		/* mul_add_c(a[7],b[6],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1362,8 +1341,7 @@ LEAF(bn_mul_comba8)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
+	sltu	c_1,c_3,t_2
 	daddu	c_1,AT
 	sd	c_2,104(a0)	/* r[13]=c2; */
 	dmultu	a_7,b_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -1452,7 +1430,6 @@ LEAF(bn_mul_comba4)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
 	sltu	c_3,c_2,t_2
 	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1460,8 +1437,7 @@ LEAF(bn_mul_comba4)
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
+	sltu	c_3,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1489,7 +1465,6 @@ LEAF(bn_mul_comba4)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1497,8 +1472,7 @@ LEAF(bn_mul_comba4)
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
+	sltu	c_1,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1517,7 +1491,6 @@ LEAF(bn_mul_comba4)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
 	sltu	c_2,c_1,t_2
 	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1525,8 +1498,7 @@ LEAF(bn_mul_comba4)
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
+	sltu	c_2,c_1,t_2
 	daddu	c_2,AT
 	sd	c_3,40(a0)
 	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
@@ -1571,30 +1543,28 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
 	slt	c_1,t_2,zero
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	c_3,t_2,AT
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	sd	c_2,8(a0)
 	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_2,t_2,zero
+	daddu	c_3,t_1
-	dsll	t_2,1
+	sltu	AT,c_3,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_1,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
+	sltu	c_2,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1609,26 +1579,24 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_3,t_2,zero
+	daddu	c_1,t_1
-	dsll	t_2,1
+	sltu	AT,c_1,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
+	sltu	c_3,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_1,a_2		/* mul_add_c2(a[1],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	a2,t_2,AT
 	daddu	c_2,a2
 	sltu	AT,c_2,a2
 	daddu	c_3,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
@@ -1640,26 +1608,24 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_4,a_0		/* mul_add_c2(a[4],b[0],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_1,t_2,zero
+	daddu	c_2,t_1
-	dsll	t_2,1
+	sltu	AT,c_2,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_3,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
+	sltu	c_1,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	a2,t_2,AT
 	daddu	c_3,a2
 	sltu	AT,c_3,a2
 	daddu	c_1,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
@@ -1680,26 +1646,24 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_0,a_5		/* mul_add_c2(a[0],b[5],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_2,t_2,zero
+	daddu	c_3,t_1
-	dsll	t_2,1
+	sltu	AT,c_3,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_1,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
+	sltu	c_2,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_1,a_4		/* mul_add_c2(a[1],b[4],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	a2,t_2,AT
 	daddu	c_1,a2
 	sltu	AT,c_1,a2
 	daddu	c_2,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
@@ -1709,12 +1673,12 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	a2,t_2,AT
 	daddu	c_1,a2
 	sltu	AT,c_1,a2
 	daddu	c_2,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
@@ -1726,26 +1690,24 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_6,a_0		/* mul_add_c2(a[6],b[0],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_3,t_2,zero
+	daddu	c_1,t_1
-	dsll	t_2,1
+	sltu	AT,c_1,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
+	sltu	c_3,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_5,a_1		/* mul_add_c2(a[5],b[1],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	a2,t_2,AT
 	daddu	c_2,a2
 	sltu	AT,c_2,a2
 	daddu	c_3,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
@@ -1755,12 +1717,12 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_4,a_2		/* mul_add_c2(a[4],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	a2,t_2,AT
 	daddu	c_2,a2
 	sltu	AT,c_2,a2
 	daddu	c_3,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
@@ -1781,26 +1743,24 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_0,a_7		/* mul_add_c2(a[0],b[7],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_1,t_2,zero
+	daddu	c_2,t_1
-	dsll	t_2,1
+	sltu	AT,c_2,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_3,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
+	sltu	c_1,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_1,a_6		/* mul_add_c2(a[1],b[6],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	a2,t_2,AT
 	daddu	c_3,a2
 	sltu	AT,c_3,a2
 	daddu	c_1,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
@@ -1810,12 +1770,12 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_2,a_5		/* mul_add_c2(a[2],b[5],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	a2,t_2,AT
 	daddu	c_3,a2
 	sltu	AT,c_3,a2
 	daddu	c_1,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
@@ -1825,12 +1785,12 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_3,a_4		/* mul_add_c2(a[3],b[4],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	a2,t_2,AT
 	daddu	c_3,a2
 	sltu	AT,c_3,a2
 	daddu	c_1,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
@@ -1842,26 +1802,24 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_7,a_1		/* mul_add_c2(a[7],b[1],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_2,t_2,zero
+	daddu	c_3,t_1
-	dsll	t_2,1
+	sltu	AT,c_3,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_1,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
+	sltu	c_2,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_6,a_2		/* mul_add_c2(a[6],b[2],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	a2,t_2,AT
 	daddu	c_1,a2
 	sltu	AT,c_1,a2
 	daddu	c_2,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
@@ -1871,12 +1829,12 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_5,a_3		/* mul_add_c2(a[5],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	a2,t_2,AT
 	daddu	c_1,a2
 	sltu	AT,c_1,a2
 	daddu	c_2,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
@@ -1897,26 +1855,24 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_2,a_7		/* mul_add_c2(a[2],b[7],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_3,t_2,zero
+	daddu	c_1,t_1
-	dsll	t_2,1
+	sltu	AT,c_1,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
+	sltu	c_3,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_3,a_6		/* mul_add_c2(a[3],b[6],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	a2,t_2,AT
 	daddu	c_2,a2
 	sltu	AT,c_2,a2
 	daddu	c_3,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
@@ -1926,12 +1882,12 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_4,a_5		/* mul_add_c2(a[4],b[5],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	a2,t_2,AT
 	daddu	c_2,a2
 	sltu	AT,c_2,a2
 	daddu	c_3,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
@@ -1943,26 +1899,24 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_7,a_3		/* mul_add_c2(a[7],b[3],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_1,t_2,zero
+	daddu	c_2,t_1
-	dsll	t_2,1
+	sltu	AT,c_2,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_3,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
+	sltu	c_1,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_6,a_4		/* mul_add_c2(a[6],b[4],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	a2,t_2,AT
 	daddu	c_3,a2
 	sltu	AT,c_3,a2
 	daddu	c_1,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
@@ -1983,26 +1937,24 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_4,a_7		/* mul_add_c2(a[4],b[7],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_2,t_2,zero
+	daddu	c_3,t_1
-	dsll	t_2,1
+	sltu	AT,c_3,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_1,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
+	sltu	c_2,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_5,a_6		/* mul_add_c2(a[5],b[6],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	a2,t_2,AT
 	daddu	c_1,a2
 	sltu	AT,c_1,a2
 	daddu	c_2,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
@@ -2014,17 +1966,15 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_7,a_5		/* mul_add_c2(a[7],b[5],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_3,t_2,zero
+	daddu	c_1,t_1
-	dsll	t_2,1
+	sltu	AT,c_1,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
+	sltu	c_3,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_6,a_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -2039,17 +1989,15 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_6,a_7		/* mul_add_c2(a[6],b[7],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_1,t_2,zero
+	daddu	c_2,t_1
-	dsll	t_2,1
+	sltu	AT,c_2,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_3,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
+	sltu	c_1,c_3,t_2
 	daddu	c_1,AT
 	sd	c_2,104(a0)
 	dmultu	a_7,a_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -2080,30 +2028,28 @@ LEAF(bn_sqr_comba4)
 	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
 	slt	c_1,t_2,zero
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	c_3,t_2,AT
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
 	sltu	c_1,c_3,t_2
 	sd	c_2,8(a0)
 	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_2,t_2,zero
+	daddu	c_3,t_1
-	dsll	t_2,1
+	sltu	AT,c_3,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_1,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
+	sltu	c_2,c_1,t_2
 	daddu	c_2,AT
 	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -2118,26 +2064,24 @@ LEAF(bn_sqr_comba4)
 	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_3,t_2,zero
+	daddu	c_1,t_1
-	dsll	t_2,1
+	sltu	AT,c_1,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
+	sltu	c_3,c_2,t_2
 	daddu	c_3,AT
 	dmultu	a_1,a_2		/* mul_add_c(a2[1],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
+	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	a2,t_2,AT
 	daddu	c_2,a2
 	sltu	AT,c_2,a2
 	daddu	c_3,AT
 	dsll	t_2,1
 	slt	a2,t_1,zero
 	daddu	t_2,a2
 	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
 	daddu	t_2,AT
@@ -2149,17 +2093,15 @@ LEAF(bn_sqr_comba4)
 	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_1,t_2,zero
+	daddu	c_2,t_1
-	dsll	t_2,1
+	sltu	AT,c_2,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_3,a2
 	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
 	daddu	t_2,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
+	sltu	c_1,c_3,t_2
 	daddu	c_1,AT
 	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -2174,17 +2116,15 @@ LEAF(bn_sqr_comba4)
 	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_2,t_2,zero
+	daddu	c_3,t_1
-	dsll	t_2,1
+	sltu	AT,c_3,t_1
-	slt	a2,t_1,zero
+	daddu	a2,t_2,AT
-	daddu	t_2,a2
+	daddu	c_1,a2
 	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
 	daddu	t_2,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
+	sltu	c_2,c_1,t_2
 	daddu	c_2,AT
 	sd	c_3,40(a0)
 	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
--- a/crypto/bn/asm/pa-risc2.s
+++ b/crypto/bn/asm/pa-risc2.s
@@ -1611,7 +1611,7 @@ bn_mul_comba4
 	.IMPORT	$global$,DATA
 	.SPACE	$TEXT$
 	.SUBSPA	$CODE$
-	.SUBSPA	$LIT$,ACCESS=0x2c
+	.SUBSPA	$LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16
 C$7
 	.ALIGN	8
 	.STRINGZ	"Division would overflow (%d)\n"
--- a/crypto/bn/asm/pa-risc2W.s
+++ b/crypto/bn/asm/pa-risc2W.s
@@ -1598,7 +1598,7 @@ bn_mul_comba4
 	.IMPORT	$global$,DATA
 	.SPACE	$TEXT$
 	.SUBSPA	$CODE$
-	.SUBSPA	$LIT$,ACCESS=0x2c
+	.SUBSPA	$LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16
 C$4
 	.ALIGN	8
 	.STRINGZ	"Division would overflow (%d)\n"
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -239,7 +239,7 @@ typedef struct bignum_st
 	} BIGNUM;
 /* Used for temp variables */
-#define BN_CTX_NUM	16
+#define BN_CTX_NUM	12
 #define BN_CTX_NUM_POS	12
 typedef struct bignum_ctx
 	{
@@ -328,7 +328,6 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx);
 void	BN_CTX_end(BN_CTX *ctx);
 int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
 int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
 int	BN_rand_range(BIGNUM *rnd, BIGNUM *range);
 int	BN_num_bits(const BIGNUM *a);
 int	BN_num_bits_word(BN_ULONG);
 BIGNUM *BN_new(void);
@@ -468,8 +467,6 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 # define bn_dump(a,b)
 #endif
 int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -496,19 +493,16 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
 #define BN_F_BN_MPI2BN					 112
 #define BN_F_BN_NEW					 113
 #define BN_F_BN_RAND					 114
 #define BN_F_BN_RAND_RANGE				 122
 #define BN_F_BN_USUB					 115
 /* Reason codes. */
 #define BN_R_ARG2_LT_ARG3				 100
 #define BN_R_BAD_RECIPROCAL				 101
 #define BN_R_BIGNUM_TOO_LONG				 114
 #define BN_R_CALLED_WITH_EVEN_MODULUS			 102
 #define BN_R_DIV_BY_ZERO				 103
 #define BN_R_ENCODING_ERROR				 104
 #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
 #define BN_R_INVALID_LENGTH				 106
 #define BN_R_INVALID_RANGE				 115
 #define BN_R_NOT_INITIALIZED				 107
 #define BN_R_NO_INVERSE					 108
 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -180,13 +180,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	BN_CTX_start(ctx);
 	tmp=BN_CTX_get(ctx);
 	tmp->neg=0;
 	snum=BN_CTX_get(ctx);
 	sdiv=BN_CTX_get(ctx);
 	if (dv == NULL)
 		res=BN_CTX_get(ctx);
 	else	res=dv;
-	if (sdiv==NULL || res == NULL) goto err;
+	if (res == NULL) goto err;
 	tmp->neg=0;
 	/* First we normalise the numbers */
 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@@ -237,8 +237,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	for (i=0; i<loop-1; i++)
 		{
 		BN_ULONG q,l0;
-#if defined(BN_DIV3W) && !defined(NO_ASM)
+#ifdef BN_DIV3W
 		BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
 		q=bn_div_3_words(wnump,d1,d0);
 #else
 		BN_ULONG n0,n1,rem=0;
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -84,7 +84,6 @@ static ERR_STRING_DATA BN_str_functs[]=
 {ERR_PACK(0,BN_F_BN_MPI2BN,0),	"BN_mpi2bn"},
 {ERR_PACK(0,BN_F_BN_NEW,0),	"BN_new"},
 {ERR_PACK(0,BN_F_BN_RAND,0),	"BN_rand"},
 {ERR_PACK(0,BN_F_BN_RAND_RANGE,0),	"BN_rand_range"},
 {ERR_PACK(0,BN_F_BN_USUB,0),	"BN_usub"},
 {0,NULL}
 	};
@@ -93,13 +92,11 @@ static ERR_STRING_DATA BN_str_reasons[]=
 	{
 {BN_R_ARG2_LT_ARG3                       ,"arg2 lt arg3"},
 {BN_R_BAD_RECIPROCAL                     ,"bad reciprocal"},
 {BN_R_BIGNUM_TOO_LONG                    ,"bignum too long"},
 {BN_R_CALLED_WITH_EVEN_MODULUS           ,"called with even modulus"},
 {BN_R_DIV_BY_ZERO                        ,"div by zero"},
 {BN_R_ENCODING_ERROR                     ,"encoding error"},
 {BN_R_EXPAND_ON_STATIC_BIGNUM_DATA       ,"expand on static bignum data"},
 {BN_R_INVALID_LENGTH                     ,"invalid length"},
 {BN_R_INVALID_RANGE                      ,"invalid range"},
 {BN_R_NOT_INITIALIZED                    ,"not initialized"},
 {BN_R_NO_INVERSE                         ,"no inverse"},
 {BN_R_TOO_MANY_TEMPORARY_VARIABLES       ,"too many temporary variables"},
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -113,6 +113,13 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 #ifdef ATALLA
 # include <alloca.h>
 # include <atasi.h>
 # include <assert.h>
 # include <dlfcn.h>
 #endif
 #define TABLE_SIZE	32
@@ -176,6 +183,174 @@ err:
 	}
 #ifdef ATALLA
 /*
 * This routine will dynamically check for the existance of an Atalla AXL-200
 * SSL accelerator module.  If one is found, the variable
 * asi_accelerator_present is set to 1 and the function pointers
 * ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
 */
 typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
 					    unsigned int *ret_buf);
 typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
 typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
 				     unsigned char *output,
 				     unsigned char *input,
 				     unsigned int modulus_len);
 static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
 static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
 static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
 static int asi_accelerator_present;
 static int tried_atalla;
 void atalla_initialize_accelerator_handle(void)
 	{
 	void *dl_handle;
 	int status;
 	unsigned int config_buf[1024]; 
 	static int tested;
 	if(tested)
 		return;
 	tested=1;
 	bzero((void *)config_buf, 1024);
 	/*
 	 * Check to see if the library is present on the system
 	 */
 	dl_handle = dlopen("atasi.so", RTLD_NOW);
 	if (dl_handle == (void *) NULL)
 		{
 /*		printf("atasi.so library is not present on the system\n");
 		printf("No HW acceleration available\n");*/
 		return;
 	        }
 	/*
 	 * The library is present.  Now we'll check to insure that the
 	 * LDM is up and running. First we'll get the address of the
 	 * function in the atasi library that we need to see if the
 	 * LDM is operating.
 	 */
 	ptr_ASI_GetHardwareConfig =
 	  (tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
 	if (ptr_ASI_GetHardwareConfig)
 		{
 		/*
 		 * We found the call, now we'll get our config
 		 * status.  If we get a non 0 result, the LDM is not
 		 * running and we cannot use the Atalla ASI *
 		 * library.
 		 */
 		status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
 		if (status != 0)
 			{
 			printf("atasi.so library is present but not initialized\n");
 			printf("No HW acceleration available\n");
 			return;
 			}    
 	        }
 	else
 		{
 /*		printf("We found the library, but not the function. Very Strange!\n");*/
 		return ;
 	      	}
 	/* 
 	 * It looks like we have acceleration capabilities.  Load up the
 	 * pointers to our ASI API calls.
 	 */
 	ptr_ASI_RSAPrivateKeyOpFn=
 	  (tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
 	if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
 		{
 /*		printf("We found the library, but no RSA function. Very Strange!\n");*/
 		return;
 	        }
 	ptr_ASI_GetPerformanceStatistics =
 	  (tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
 	if (ptr_ASI_GetPerformanceStatistics == NULL)
 		{
 /*		printf("We found the library, but no stat function. Very Strange!\n");*/
 		return;
 	      }
 	/*
 	 * Indicate that acceleration is available
 	 */
 	asi_accelerator_present = 1;
 /*	printf("This system has acceleration!\n");*/
 	return;
 	}
 /* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
 int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
 	{
 	unsigned char *abin;
 	unsigned char *pbin;
 	unsigned char *mbin;
 	unsigned char *rbin;
 	int an,pn,mn,ret;
 	RSAPrivateKey keydata;
 	atalla_initialize_accelerator_handle();
 	if(!asi_accelerator_present)
 		return 0;
 /* We should be able to run without size testing */
 # define ASIZE	128
 	an=BN_num_bytes(a);
 	pn=BN_num_bytes(p);
 	mn=BN_num_bytes(m);
 	if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
 	    {
 	    int size=mn;
 	    assert(an <= mn);
 	    abin=alloca(size);
 	    memset(abin,'\0',mn);
 	    BN_bn2bin(a,abin+size-an);
 	    pbin=alloca(pn);
 	    BN_bn2bin(p,pbin);
 	    mbin=alloca(size);
 	    memset(mbin,'\0',mn);
 	    BN_bn2bin(m,mbin+size-mn);
 	    rbin=alloca(size);
 	    memset(&keydata,'\0',sizeof keydata);
 	    keydata.privateExponent.data=pbin;
 	    keydata.privateExponent.len=pn;
 	    keydata.modulus.data=mbin;
 	    keydata.modulus.len=size;
 	    ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
 /*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
 	    if(!ret)
 	        {
 		BN_bin2bn(rbin,keydata.modulus.len,r);
 /*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
 		return 1;
 	        }
 	    }
 	return 0;
        }
 #endif /* def ATALLA */
 int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	       BN_CTX *ctx)
 	{
@@ -185,6 +360,13 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	bn_check_top(p);
 	bn_check_top(m);
 #ifdef ATALLA
 	if(BN_mod_exp_atalla(r,a,p,m))
 	    return 1;
 /* If it fails, try the other methods (but don't try atalla again) */
 	tried_atalla=1;
 #endif
 #ifdef MONT_MUL_MOD
 	/* I have finally been able to take out this pre-condition of
 	 * the top bit being set.  It was caused by an error in BN_div
@@ -210,6 +392,10 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 		{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
 #endif
 #ifdef ATALLA
 	tried_atalla=0;
 #endif
 	return(ret);
 	}
@@ -339,6 +525,12 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
 	bn_check_top(p);
 	bn_check_top(m);
 #ifdef ATALLA
 	if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
 	    return 1;
 /* If it fails, try the other methods */
 #endif
 	if (!(m->d[0] & 1))
 		{
 		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -501,6 +693,19 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
 	t = BN_CTX_get(ctx);
 	if (d == NULL || r == NULL || t == NULL) goto err;
 #ifdef ATALLA
 	if (!tried_atalla)
 		{
 		BN_set_word(t, a);
 		if (BN_mod_exp_atalla(rr, t, p, m))
 			{
 			BN_CTX_end(ctx);
 			return 1;
 			}
 		}
 /* If it fails, try the other methods */
 #endif
 	if (in_mont != NULL)
 		mont=in_mont;
 	else
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -62,7 +62,6 @@
 #endif
 #include <assert.h>
 #include <limits.h>
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
@@ -320,12 +319,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
 	if (words > b->dmax)
 		{
 		if (words > (INT_MAX/(4*BN_BITS2)))
 			{
 			BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG);
 			return NULL;
 			}
 		bn_check_top(b);	
 		if (BN_get_flags(b,BN_FLG_STATIC_DATA))
 			{
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -85,7 +85,16 @@ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
 	if (a == b)
 		{
 #if 1 
 		bn_wexpand(tmp,a->top*2);
 		bn_wexpand(tmp2,a->top*4);
 		bn_sqr_recursive(tmp->d,a->d,a->top,tmp2->d);
 		tmp->top=a->top*2;
 		if (tmp->top > 0 && tmp->d[tmp->top-1] == 0)
 			tmp->top--;
 #else
 		if (!BN_sqr(tmp,a,ctx)) goto err;
 #endif
 		}
 	else
 		{
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -76,7 +76,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 	bytes=(bits+7)/8;
 	bit=(bits-1)%8;
-	mask=0xff<<(bit+1);
+	mask=0xff<<bit;
 	buf=(unsigned char *)OPENSSL_malloc(bytes);
 	if (buf == NULL)
@@ -100,29 +100,6 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 			goto err;
 		}
 #if 1
 	if (pseudorand == 2)
 		{
 		/* generate patterns that are more likely to trigger BN
 		   library bugs */
 		int i;
 		unsigned char c;
 		for (i = 0; i < bytes; i++)
 			{
 			RAND_pseudo_bytes(&c, 1);
 			if (c >= 128 && i > 0)
 				buf[i] = buf[i-1];
 			else if (c < 42)
 				buf[i] = 0;
 			else if (c < 84)
 				buf[i] = 255;
 			}
 		}
 #endif
 	if (top != -1)
 		{
 	if (top)
 		{
 		if (bit == 0)
@@ -133,15 +110,15 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 		else
 			{
 			buf[0]|=(3<<(bit-1));
 			buf[0]&= ~(mask<<1);
 			}
 		}
 	else
 		{
 		buf[0]|=(1<<bit);
 		buf[0]&= ~(mask<<1);
 		}
-		}
+	if (bottom) /* set bottom bits to whatever odd is */
 	buf[0] &= ~mask;
 	if (bottom) /* set bottom bit if requested */
 		buf[bytes-1]|=1;
 	if (!BN_bin2bn(buf,bytes,rnd)) goto err;
 	ret=1;
@@ -163,61 +140,3 @@ int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
 	{
 	return bnrand(1, rnd, bits, top, bottom);
 	}
 #if 1
 int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
 	{
 	return bnrand(2, rnd, bits, top, bottom);
 	}
 #endif
 /* random number r:  0 <= r < range */
 int	BN_rand_range(BIGNUM *r, BIGNUM *range)
 	{
 	int n;
 	if (range->neg || BN_is_zero(range))
 		{
 		BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
 		return 0;
 		}
 	n = BN_num_bits(range); /* n > 0 */
 	if (n == 1)
 		{
 		if (!BN_zero(r)) return 0;
 		}
 	else if (BN_is_bit_set(range, n - 2))
 		{
 		do
 			{
 			/* range = 11..._2, so each iteration succeeds with probability >= .75 */
 			if (!BN_rand(r, n, -1, 0)) return 0;
 			}
 		while (BN_cmp(r, range) >= 0);
 		}
 	else
 		{
 		/* range = 10..._2,
 		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
 		do
 			{
 			if (!BN_rand(r, n + 1, -1, 0)) return 0;
 			/* If  r < 3*range,  use  r := r MOD range
 			 * (which is either  r, r - range,  or  r - 2*range).
 			 * Otherwise, iterate once more.
 			 * Since  3*range = 11..._2, each iteration succeeds with
 			 * probability >= .75. */
 			if (BN_cmp(r ,range) >= 0)
 				{
 				if (!BN_sub(r, r, range)) return 0;
 				if (BN_cmp(r, range) >= 0)
 					if (!BN_sub(r, r, range)) return 0;
 				}
 			}
 		while (BN_cmp(r, range) >= 0);
 		}
 	return 1;
 	}
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
@@ -172,11 +172,6 @@ int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
 		r->neg=a->neg;
 		if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
 		}
 	else
 		{
 		if (n == 0)
 			return 1; /* or the copying loop will go berserk */
 		}
 	f= &(a->d[nw]);
 	t=r->d;
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
@@ -188,7 +188,7 @@ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp)
 #ifdef BN_RECURSION
 /* r is 2*n words in size,
- * a and b are both n words in size.    (There's not actually a 'b' here ...)
+ * a and b are both n words in size.
 * n must be a power of 2.
 * We multiply and return the result.
 * t must be 2*n words in size
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -107,9 +107,11 @@ static const char rnd_seed[] = "string to make the random number generator think
 static void message(BIO *out, char *m)
 	{
 	fprintf(stderr, "test %s\n", m);
 #if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */
 	BIO_puts(out, "print \"test ");
 	BIO_puts(out, m);
 	BIO_puts(out, "\\n\"\n");
 #endif
 	}
 int main(int argc, char *argv[])
@@ -120,7 +122,9 @@ int main(int argc, char *argv[])
 	results = 0;
-	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
 	                                       * even check its return value
 	                                       * (which we should) */
 	argc--;
 	argv++;
@@ -249,10 +253,10 @@ int test_add(BIO *bp)
 	BN_init(&b);
 	BN_init(&c);
-	BN_bntest_rand(&a,512,0,0);
+	BN_rand(&a,512,0,0);
 	for (i=0; i<num0; i++)
 		{
-		BN_bntest_rand(&b,450+i,0,0);
+		BN_rand(&b,450+i,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -301,14 +305,14 @@ int test_sub(BIO *bp)
 		{
 		if (i < num1)
 			{
-			BN_bntest_rand(&a,512,0,0);
+			BN_rand(&a,512,0,0);
 			BN_copy(&b,&a);
 			if (BN_set_bit(&a,i)==0) return(0);
 			BN_add_word(&b,i);
 			}
 		else
 			{
-			BN_bntest_rand(&b,400+i-num1,0,0);
+			BN_rand(&b,400+i-num1,0,0);
 			a.neg=rand_neg();
 			b.neg=rand_neg();
 			}
@@ -358,13 +362,13 @@ int test_div(BIO *bp, BN_CTX *ctx)
 		{
 		if (i < num1)
 			{
-			BN_bntest_rand(&a,400,0,0);
+			BN_rand(&a,400,0,0);
 			BN_copy(&b,&a);
 			BN_lshift(&a,&a,i);
 			BN_add_word(&a,i);
 			}
 		else
-			BN_bntest_rand(&b,50+3*(i-num1),0,0);
+			BN_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -428,13 +432,13 @@ int test_div_recp(BIO *bp, BN_CTX *ctx)
 		{
 		if (i < num1)
 			{
-			BN_bntest_rand(&a,400,0,0);
+			BN_rand(&a,400,0,0);
 			BN_copy(&b,&a);
 			BN_lshift(&a,&a,i);
 			BN_add_word(&a,i);
 			}
 		else
-			BN_bntest_rand(&b,50+3*(i-num1),0,0);
+			BN_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		BN_RECP_CTX_set(&recp,&b,ctx);
@@ -505,11 +509,11 @@ int test_mul(BIO *bp)
 		{
 		if (i <= num1)
 			{
-			BN_bntest_rand(&a,100,0,0);
+			BN_rand(&a,100,0,0);
-			BN_bntest_rand(&b,100,0,0);
+			BN_rand(&b,100,0,0);
 			}
 		else
-			BN_bntest_rand(&b,i-num1,0,0);
+			BN_rand(&b,i-num1,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -558,7 +562,7 @@ int test_sqr(BIO *bp, BN_CTX *ctx)
 	for (i=0; i<num0; i++)
 		{
-		BN_bntest_rand(&a,40+i*10,0,0);
+		BN_rand(&a,40+i*10,0,0);
 		a.neg=rand_neg();
 		if (bp == NULL)
 			for (j=0; j<100; j++)
@@ -609,15 +613,15 @@ int test_mont(BIO *bp, BN_CTX *ctx)
 	mont=BN_MONT_CTX_new();
-	BN_bntest_rand(&a,100,0,0); /**/
+	BN_rand(&a,100,0,0); /**/
-	BN_bntest_rand(&b,100,0,0); /**/
+	BN_rand(&b,100,0,0); /**/
 	for (i=0; i<num2; i++)
 		{
 		int bits = (200*(i+1))/num2;
 		if (bits == 0)
 			continue;
-		BN_bntest_rand(&n,bits,0,1);
+		BN_rand(&n,bits,0,1);
 		BN_MONT_CTX_set(mont,&n,ctx);
 		BN_to_montgomery(&A,&a,mont,ctx);
@@ -679,10 +683,10 @@ int test_mod(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();
-	BN_bntest_rand(a,1024,0,0); /**/
+	BN_rand(a,1024,0,0); /**/
 	for (i=0; i<num0; i++)
 		{
-		BN_bntest_rand(b,450+i*10,0,0); /**/
+		BN_rand(b,450+i*10,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
 		if (bp == NULL)
@@ -728,11 +732,11 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();
-	BN_bntest_rand(c,1024,0,0); /**/
+	BN_rand(c,1024,0,0); /**/
 	for (i=0; i<num0; i++)
 		{
-		BN_bntest_rand(a,475+i*10,0,0); /**/
+		BN_rand(a,475+i*10,0,0); /**/
-		BN_bntest_rand(b,425+i*11,0,0); /**/
+		BN_rand(b,425+i*11,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
 	/*	if (bp == NULL)
@@ -790,11 +794,11 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();
-	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+	BN_rand(c,30,0,1); /* must be odd for montgomery */
 	for (i=0; i<num2; i++)
 		{
-		BN_bntest_rand(a,20+i*5,0,0); /**/
+		BN_rand(a,20+i*5,0,0); /**/
-		BN_bntest_rand(b,2+i,0,0); /**/
+		BN_rand(b,2+i,0,0); /**/
 		if (!BN_mod_exp(d,a,b,c,ctx))
 			return(00);
@@ -844,8 +848,8 @@ int test_exp(BIO *bp, BN_CTX *ctx)
 	for (i=0; i<num2; i++)
 		{
-		BN_bntest_rand(a,20+i*5,0,0); /**/
+		BN_rand(a,20+i*5,0,0); /**/
-		BN_bntest_rand(b,2+i,0,0); /**/
+		BN_rand(b,2+i,0,0); /**/
 		if (!BN_exp(d,a,b,ctx))
 			return(00);
@@ -895,7 +899,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
 	else
 	    {
 	    a=BN_new();
-	    BN_bntest_rand(a,200,0,0); /**/
+	    BN_rand(a,200,0,0); /**/
 	    a->neg=rand_neg();
 	    }
 	for (i=0; i<num0; i++)
@@ -947,7 +951,7 @@ int test_lshift1(BIO *bp)
 	b=BN_new();
 	c=BN_new();
-	BN_bntest_rand(a,200,0,0); /**/
+	BN_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
@@ -991,7 +995,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx)
 	e=BN_new();
 	BN_one(c);
-	BN_bntest_rand(a,200,0,0); /**/
+	BN_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
@@ -1034,7 +1038,7 @@ int test_rshift1(BIO *bp)
 	b=BN_new();
 	c=BN_new();
-	BN_bntest_rand(a,200,0,0); /**/
+	BN_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
--- a/crypto/buffer/Makefile.ssl
+++ b/crypto/buffer/Makefile.ssl
@@ -39,8 +39,7 @@ all:	lib
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
+	$(RANLIB) $(LIB)
 	- $(RANLIB) $(LIB)
 	@touch lib
 files:
--- a/crypto/cast/Makefile.ssl
+++ b/crypto/cast/Makefile.ssl
@@ -47,8 +47,7 @@ all:	lib
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
+	$(RANLIB) $(LIB)
 	- $(RANLIB) $(LIB)
 	@touch lib
 # elf
--- a/crypto/comp/Makefile.ssl
+++ b/crypto/comp/Makefile.ssl
@@ -42,8 +42,7 @@ all:	lib
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
+	$(RANLIB) $(LIB)
 	- $(RANLIB) $(LIB)
 	@touch lib
 files:
--- a/crypto/conf/Makefile.ssl
+++ b/crypto/conf/Makefile.ssl
@@ -40,8 +40,7 @@ all:	lib
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
+	$(RANLIB) $(LIB)
 	- $(RANLIB) $(LIB)
 	@touch lib
 files:
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -167,8 +167,6 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
 #define CONF_R_MISSING_EQUAL_SIGN			 101
 #define CONF_R_NO_CLOSE_BRACE				 102
 #define CONF_R_NO_CONF					 105
 #define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE		 106
 #define CONF_R_NO_SECTION				 107
 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
 #define CONF_R_VARIABLE_HAS_NO_VALUE			 104
--- a/crypto/conf/conf_err.c
+++ b/crypto/conf/conf_err.c
@@ -87,8 +87,6 @@ static ERR_STRING_DATA CONF_str_reasons[]=
 {CONF_R_MISSING_EQUAL_SIGN               ,"missing equal sign"},
 {CONF_R_NO_CLOSE_BRACE                   ,"no close brace"},
 {CONF_R_NO_CONF                          ,"no conf"},
 {CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE  ,"no conf or environment variable"},
 {CONF_R_NO_SECTION                       ,"no section"},
 {CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
 {CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
 {0,NULL}
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -130,12 +130,6 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
 	}
 STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
 	{
 	if (conf == NULL)
 		{
 		return NULL;
 		}
 	else
 	{
 	CONF ctmp;
@@ -146,15 +140,8 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
 	ctmp.data = conf;
 	return NCONF_get_section(&ctmp, section);
 	}
 	}
 char *CONF_get_string(LHASH *conf,char *group,char *name)
 	{
 	if (conf == NULL)
 		{
 		return NCONF_get_string(NULL, group, name);
 		}
 	else
 	{
 	CONF ctmp;
@@ -165,15 +152,8 @@ char *CONF_get_string(LHASH *conf,char *group,char *name)
 	ctmp.data = conf;
 	return NCONF_get_string(&ctmp, group, name);
 	}
 	}
 long CONF_get_number(LHASH *conf,char *group,char *name)
 	{
 	if (conf == NULL)
 		{
 		return NCONF_get_number(NULL, group, name);
 		}
 	else
 	{
 	CONF ctmp;
@@ -184,7 +164,6 @@ long CONF_get_number(LHASH *conf,char *group,char *name)
 	ctmp.data = conf;
 	return NCONF_get_number(&ctmp, group, name);
 	}
 	}
 void CONF_free(LHASH *conf)
 	{
@@ -320,46 +299,27 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section)
 		return NULL;
 		}
 	if (section == NULL)
 		{
 		CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
 		return NULL;
 		}
 	return _CONF_get_section_values(conf, section);
 	}
 char *NCONF_get_string(CONF *conf,char *group,char *name)
 	{
 	char *s = _CONF_get_string(conf, group, name);
        /* Since we may get a value from an environment variable even
           if conf is NULL, let's check the value first */
        if (s) return s;
 	if (conf == NULL)
 		{
-		CONFerr(CONF_F_NCONF_GET_STRING,
+		CONFerr(CONF_F_NCONF_GET_STRING,CONF_R_NO_CONF);
                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
 		return NULL;
 		}
-	return NULL;
+
 	return _CONF_get_string(conf, group, name);
 	}
 long NCONF_get_number(CONF *conf,char *group,char *name)
 	{
 #if 0 /* As with _CONF_get_string(), we rely on the possibility of finding
         an environment variable with a suitable name.  Unfortunately, there's
         no way with the current API to see if we found one or not...
         The meaning of this is that if a number is not found anywhere, it
         will always default to 0. */
 	if (conf == NULL)
 		{
-		CONFerr(CONF_F_NCONF_GET_NUMBER,
+		CONFerr(CONF_F_NCONF_GET_NUMBER,CONF_R_NO_CONF);
                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
 		return 0;
 		}
 #endif
 	return _CONF_get_number(conf, group, name);
 	}
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -100,8 +100,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"debug_malloc2",
 	"dso",
 	"dynlock",
-	"engine",
+#if CRYPTO_NUM_LOCKS != 28
 #if CRYPTO_NUM_LOCKS != 29
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
 	};
@@ -241,7 +240,7 @@ void CRYPTO_destroy_dynlockid(int i)
 			}
 		else
 #endif
-			if (pointer->references <= 0)
+			if (--(pointer->references) <= 0)
 				{
 				sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
 				}
@@ -396,15 +395,16 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
 #endif
 	if (type < 0)
 		{
 		int i = -type - 1;
 		struct CRYPTO_dynlock_value *pointer
-			= CRYPTO_get_dynlock_value(type);
+			= CRYPTO_get_dynlock_value(i);
-		if (pointer && dynlock_lock_callback)
+		if (pointer)
 			{
 			dynlock_lock_callback(mode, pointer, file, line);
 			}
-		CRYPTO_destroy_dynlockid(type);
+		CRYPTO_destroy_dynlockid(i);
 		}
 	else
 		if (locking_callback != NULL)
@@ -430,6 +430,7 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
 			CRYPTO_get_lock_name(type),
 			file,line);
 #endif
 		*pointer=ret;
 		}
 	else
 		{
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -88,7 +88,7 @@ $! Define The Different Encryption Types.
 $!
 $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
 		  "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
-		  "BN,RSA,DSA,DH,DSO,ENGINE,"+ -
+		  "BN,RSA,DSA,DH,DSO,"+ -
 		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
 		  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
 		  "CONF,TXT_DB,PKCS7,PKCS12,COMP"
@@ -174,7 +174,7 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid"
+$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
@@ -206,15 +206,12 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
 $ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err"
 $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
 	"dso_openssl,dso_win32,dso_vms"
 $ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
 	"hw_atalla,hw_cswift,hw_ncipher"
 $ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
 	"bss_mem,bss_null,bss_fd,"+ -
 	"bss_file,bss_sock,bss_conn,"+ -
 	"bf_null,bf_buff,b_print,b_dump,"+ -
-	"b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ -
+	"b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log"
 	"bf_lbuf"
 $ LIB_STACK = "stack"
 $ LIB_LHASH = "lhash,lh_stats"
 $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,rand_win"
@@ -1196,9 +1193,7 @@ $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + -
+           "/NOLIST/PREFIX=ALL/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
 	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
 	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -1230,8 +1225,7 @@ $	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
 $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST/INCLUDE=SYS$DISK:[]" + -
 	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
 	   CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1263,8 +1257,7 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+	   "/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
 	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
cvs2svn	978ac53398	This commit was manufactured by cvs2svn to create tag 'OpenSSL_0_9_6-beta2'.	2000-10-10 09:15:51 +00:00
cvs2svn	9beaae61ec	This commit was manufactured by cvs2svn to create branch 'OpenSSL_0_9_6-stable'.	2000-10-10 09:15:48 +00:00