This commit was manufactured by cvs2svn to create tag 'OpenSSL-engine-

0_9_6c'.
2002-02-15 07:41:44 +00:00
196 changed files with 2198 additions and 4605 deletions
--- a/173
+++ b/173
@@ -2,179 +2,6 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
-
-  *) Fix cipher selection routines: ciphers without encryption had no flags
-     for the cipher strength set and where therefore not handled correctly
-     by the selection routines (PR #130).
-     [Lutz Jaenicke]
-
-  *) Fix EVP_dsa_sha macro.
-     [Nils Larsch]
-
-  *) New option
-          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
-     that was added in OpenSSL 0.9.6d.
-
-     As the countermeasure turned out to be incompatible with some
-     broken SSL implementations, the new option is part of SSL_OP_ALL.
-     SSL_OP_ALL is usually employed when compatibility with weird SSL
-     implementations is desired (e.g. '-bugs' option to 's_client' and
-     's_server'), so the new option is automatically set in many
-     applications.
-     [Bodo Moeller]
-
-
-  *) Changes in security patch:
-
-     Changes marked "(CHATS)" were sponsored by the Defense Advanced
-     Research Projects Agency (DARPA) and Air Force Research Laboratory,
-     Air Force Materiel Command, USAF, under agreement number
-     F30602-01-2-0537.
-
-  *) Add various sanity checks to asn1_get_length() to reject
-     the ASN1 length bytes if they exceed sizeof(long), will appear
-     negative or the content length exceeds the length of the
-     supplied buffer.
-     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
-
-  *) Assertions for various potential buffer overflows, not known to
-     happen in practice.
-     [Ben Laurie (CHATS)]
-
-  *) Various temporary buffers to hold ASCII versions of integers were
-     too small for 64 bit platforms. (CAN-2002-0655)
-     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
-
-  *) Remote buffer overflow in SSL3 protocol - an attacker could
-     supply an oversized session ID to a client. (CAN-2002-0656)
-     [Ben Laurie (CHATS)]
-
-  *) Remote buffer overflow in SSL2 protocol - an attacker could
-     supply an oversized client master key. (CAN-2002-0656)
-     [Ben Laurie (CHATS)]
-
- Changes between 0.9.6c and 0.9.6d  [9 May 2002]
-
-  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
-     encoded as NULL) with id-dsa-with-sha1.
-     [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
-
-  *) Check various X509_...() return values in apps/req.c.
-     [Nils Larsch <nla@trustcenter.de>]
-
-  *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
-     an end-of-file condition would erronously be flagged, when the CRLF
-     was just at the end of a processed block. The bug was discovered when
-     processing data through a buffering memory BIO handing the data to a
-     BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
-     <ptsekov@syntrex.com> and Nedelcho Stanev.
-     [Lutz Jaenicke]
-
-  *) Implement a countermeasure against a vulnerability recently found
-     in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
-     before application data chunks to avoid the use of known IVs
-     with data potentially chosen by the attacker.
-     [Bodo Moeller]
-
-  *) Fix length checks in ssl3_get_client_hello().
-     [Bodo Moeller]
-
-  *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
-     to prevent ssl3_read_internal() from incorrectly assuming that
-     ssl3_read_bytes() found application data while handshake
-     processing was enabled when in fact s->s3->in_read_app_data was
-     merely automatically cleared during the initial handshake.
-     [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>]
-
-  *) Fix object definitions for Private and Enterprise: they were not
-     recognized in their shortname (=lowercase) representation. Extend
-     obj_dat.pl to issue an error when using undefined keywords instead
-     of silently ignoring the problem (Svenning Sorensen
-     <sss@sss.dnsalias.net>).
-     [Lutz Jaenicke]
-
-  *) Fix DH_generate_parameters() so that it works for 'non-standard'
-     generators, i.e. generators other than 2 and 5.  (Previously, the
-     code did not properly initialise the 'add' and 'rem' values to
-     BN_generate_prime().)
-
-     In the new general case, we do not insist that 'generator' is
-     actually a primitive root: This requirement is rather pointless;
-     a generator of the order-q subgroup is just as good, if not
-     better.
-     [Bodo Moeller]
- 
-  *) Map new X509 verification errors to alerts. Discovered and submitted by
-     Tom Wu <tom@arcot.com>.
-     [Lutz Jaenicke]
-
-  *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
-     returning non-zero before the data has been completely received
-     when using non-blocking I/O.
-     [Bodo Moeller; problem pointed out by John Hughes]
-
-  *) Some of the ciphers missed the strength entry (SSL_LOW etc).
-     [Ben Laurie, Lutz Jaenicke]
-
-  *) Fix bug in SSL_clear(): bad sessions were not removed (found by
-     Yoram Zahavi <YoramZ@gilian.com>).
-     [Lutz Jaenicke]
-
-  *) Add information about CygWin 1.3 and on, and preserve proper
-     configuration for the versions before that.
-     [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
-
-  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
-     check whether we deal with a copy of a session and do not delete from
-     the cache in this case. Problem reported by "Izhar Shoshani Levi"
-     <izhar@checkpoint.com>.
-     [Lutz Jaenicke]
-
-  *) Do not store session data into the internal session cache, if it
-     is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
-     flag is set). Proposed by Aslam <aslam@funk.com>.
-     [Lutz Jaenicke]
-
-  *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
-     value is 0.
-     [Richard Levitte]
-
-  *) [In 0.9.6c-engine release:]
-     Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
-     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
-
-  *) Add the configuration target linux-s390x.
-     [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
-
-  *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
-     ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
-     variable as an indication that a ClientHello message has been
-     received.  As the flag value will be lost between multiple
-     invocations of ssl3_accept when using non-blocking I/O, the
-     function may not be aware that a handshake has actually taken
-     place, thus preventing a new session from being added to the
-     session cache.
-
-     To avoid this problem, we now set s->new_session to 2 instead of
-     using a local variable.
-     [Lutz Jaenicke, Bodo Moeller]
-
-  *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
-     if the SSL_R_LENGTH_MISMATCH error is detected.
-     [Geoff Thorpe, Bodo Moeller]
-
-  *) New 'shared_ldflag' column in Configure platform table.
-     [Richard Levitte]
-
-  *) Fix EVP_CIPHER_mode macro.
-     ["Dan S. Camper" <dan@bti.net>]
-
-  *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
-     type, we must throw them away by setting rr->length to 0.
-     [D P Chang <dpc@qualys.com>]
-
 Changes between 0.9.6b and 0.9.6c  [21 dec 2001]

  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
--- a/275
+++ b/275
@@ -10,7 +10,7 @@ use strict;

 # see INSTALL for instructions.

-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";

 # Options:
 #
@@ -28,10 +28,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               are always compiled but return NULL if the hardware
 #               support isn't compiled.
 # no-hw         do not compile support for any crypto hardware.
-#
-# --test-sanity Make a number of sanity checks on the data in this file.
-#               This is a debugging tool for OpenSSL developers.
-#
 # rsaref        use RSAref
 # [no-]threads  [don't] try to create a library that is suitable for
 #               multithreaded applications (default is "threads" if we
@@ -110,7 +106,7 @@ my $alpha_asm="::::::::";
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined

-#config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib
+#config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag

 my %table=(
 # File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -145,45 +141,44 @@ my %table=(
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Linux setups
 "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
 # !!!Folowing can't be even tested yet!!!
 #    We have to wait till 64-bit glibc for SPARC is operational!!!
 #"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
@@ -194,17 +189,17 @@ my %table=(

 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -236,45 +231,44 @@ my %table=(
 #
 #!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
 # Chris Ruemmler <ruemmler@cup.hp.com>
 # Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
 # egcs.  gcc 2.8.1 is also broken.

-"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
 # please report your OS and compiler version to the openssl-bugs@openssl.org
 # mailing list.
-"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

-"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # If hpux-gcc fails, try this one:
-"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # HPUX 9.X on Motorola 68k platforms with gcc
 "hpux-m68k-gcc",  "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL:::",

 # HPUX 10.X config.  Supports threads.
-"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
-"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

-"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # If hpux10-gcc fails, try this one:
-"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # HPUX 11.X from www.globus.org.
 # Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
@@ -285,9 +279,6 @@ my %table=(
 #### HP MPE/iX http://jazz.external.hp.com/src/openssl/
 "MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",

-#### PARISC Linux setups
-"linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
-
 # Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion
 # from the older DEC C Compiler to the newer compiler.  It's now the
 # same as the preferred entry, alpha-cc.  If you are still using the
@@ -313,15 +304,15 @@ my %table=(
 #
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
 #
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
-"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
-"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared::.so",
+"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::.so",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath::.so",
 #
 # This probably belongs in a different section.
 #
-"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
@@ -336,8 +327,8 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",

@@ -346,24 +337,23 @@ my %table=(

 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
-"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
@@ -376,7 +366,7 @@ my %table=(
 "qnx6",	"cc:-DL_ENDIAN -DTERMIOS::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",

 # Linux on ARM
-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # UnixWare 2.0x fails destest with -O
 "unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
@@ -391,7 +381,7 @@ my %table=(
 "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 "unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 "unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # OpenUNIX 8
 "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
@@ -408,7 +398,7 @@ my %table=(
 "aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",

 #
-# Cray T90 and similar (SDSC)
+# Cray T90 (SDSC)
 # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
 # defined.  The T90 ints and longs are 8 bytes long, and apparently the
 # B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
@@ -418,10 +408,7 @@ my %table=(
 #'Taking the address of a bit field is not allowed. '
 #'An expression with bit field exists as the operand of "sizeof" '
 # (written by Wayne Schroeder <schroede@SDSC.EDU>)
-#
-# j90 is considered the base machine type for unicos machines,
-# so this configuration is now called "cray-j90" ...
-"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",

 #
 # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
@@ -443,11 +430,9 @@ my %table=(

 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
-"sco5-cc",  "cc:-belf::(unknown):-lsocket -lresolv:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-cc",  "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
-"sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
-"sco5-gcc-shared","gcc:-O3 -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...

 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
@@ -482,12 +467,8 @@ my %table=(
 # and its library files in util/pl/*)
 "Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",

-# UWIN 
-"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-
-# Cygwin
-"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+# CygWin32
+"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",

 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
@@ -496,49 +477,23 @@ my %table=(
 ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",

 # Some OpenBSD from Bob Beck <beck@obtuse.com>
-"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",

 ##### Sony NEWS-OS 4.x
 "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",

-##### VxWorks for various targets
-"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
-
 );

 my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
 	BC-16 Mingw32);

-my $idx = 0;
-my $idx_cc = $idx++;
-my $idx_cflags = $idx++;
-my $idx_unistd = $idx++;
-my $idx_thread_cflag = $idx++;
-my $idx_lflags = $idx++;
-my $idx_bn_ops = $idx++;
-my $idx_bn_obj = $idx++;
-my $idx_des_obj = $idx++;
-my $idx_bf_obj = $idx++;
-my $idx_md5_obj = $idx++;
-my $idx_sha1_obj = $idx++;
-my $idx_cast_obj = $idx++;
-my $idx_rc4_obj = $idx++;
-my $idx_rmd160_obj = $idx++;
-my $idx_rc5_obj = $idx++;
-my $idx_dso_scheme = $idx++;
-my $idx_shared_target = $idx++;
-my $idx_shared_cflag = $idx++;
-my $idx_shared_ldflag = $idx++;
-my $idx_shared_extension = $idx++;
-my $idx_ranlib = $idx++;
-
 my $prefix="";
 my $openssldir="";
 my $exe_ext="";
@@ -611,11 +566,7 @@ PROCESS_ARGS:
 	foreach (@argvcopy)
 		{
 		s /^-no-/no-/; # some people just can't read the instructions
-		if (/^--test-sanity$/)
-			{
-			exit(&test_sanity());
-			}
-		elsif (/^no-asm$/)
+		if (/^no-asm$/)
 		 	{
 			$no_asm=1;
 			$flags .= "-DNO_ASM ";
@@ -756,17 +707,13 @@ if ($target eq "LIST") {
 	exit 0;
 }

-if ($target =~ m/^CygWin32(-.*)$/) {
-	$target = "Cygwin".$1;
-}
-
 print "Configuring for $target\n";

 &usage if (!defined($table{$target}));

 my $IsWindows=scalar grep /^$target$/,@WinTargets;

-$exe_ext=".exe" if ($target eq "Cygwin");
+$exe_ext=".exe" if ($target eq "CygWin32");
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";

@@ -779,29 +726,9 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;

 print "IsWindows=$IsWindows\n";

-my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-my $cc = $fields[$idx_cc];
-my $cflags = $fields[$idx_cflags];
-my $unistd = $fields[$idx_unistd];
-my $thread_cflag = $fields[$idx_thread_cflag];
-my $lflags = $fields[$idx_lflags];
-my $bn_ops = $fields[$idx_bn_ops];
-my $bn_obj = $fields[$idx_bn_obj];
-my $des_obj = $fields[$idx_des_obj];
-my $bf_obj = $fields[$idx_bf_obj];
-my $md5_obj = $fields[$idx_md5_obj];
-my $sha1_obj = $fields[$idx_sha1_obj];
-my $cast_obj = $fields[$idx_cast_obj];
-my $rc4_obj = $fields[$idx_rc4_obj];
-my $rmd160_obj = $fields[$idx_rmd160_obj];
-my $rc5_obj = $fields[$idx_rc5_obj];
-my $dso_scheme = $fields[$idx_dso_scheme];
-my $shared_target = $fields[$idx_shared_target];
-my $shared_cflag = $fields[$idx_shared_cflag];
-my $shared_ldflag = $fields[$idx_shared_ldflag];
-my $shared_extension = $fields[$idx_shared_extension];
-my $ranlib = $fields[$idx_ranlib];
-
+(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $shared_extension,my $ranlib)=
+	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 $cflags="$flags$cflags" if ($flags ne "");

 # The DSO code currently always implements all functions so that no
@@ -926,10 +853,6 @@ if ($rmd160_obj =~ /\.o$/)
 	$cflags.=" -DRMD160_ASM";
 	}

-# "Stringify" the C flags string.  This permits it to be made part of a string
-# and works as well on command lines.
-$cflags =~ s/([\\\"])/\\\1/g;
-
 my $version = "unknown";
 my $major = "unknown";
 my $minor = "unknown";
@@ -1012,22 +935,13 @@ while (<IN>)
 	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
 		{
 		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
-		}
-	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
-		{
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/
 		}
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
 		{
 		my $sotmp = $1;
 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
 		}
-	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
-		{
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
-		}
-	s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
 	print OUT $_."\n";
 	}
 close(IN);
@@ -1315,7 +1229,7 @@ sub print_table_entry
 	my $bn_obj,my $des_obj,my $bf_obj,
 	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
 	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
-	my $shared_ldflag,my $shared_extension,my $ranlib)=
+	my $shared_extension,my $ranlib)=
 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 			
 	print <<EOF
@@ -1339,44 +1253,7 @@ sub print_table_entry
 \$dso_scheme   = $dso_scheme
 \$shared_target= $shared_target
 \$shared_cflag = $shared_cflag
-\$shared_ldflag = $shared_ldflag
 \$shared_extension = $shared_extension
 \$ranlib       = $ranlib
 EOF
 	}
-
-sub test_sanity
-	{
-	my $errorcnt = 0;
-
-	print STDERR "=" x 70, "\n";
-	print STDERR "=== SANITY TESTING!\n";
-	print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
-	print STDERR "=" x 70, "\n";
-
-	foreach $target (sort keys %table)
-		{
-		@fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-
-		if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/)
-			{
-			$errorcnt++;
-			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
-			print STDERR "              in the previous field\n";
-			}
-		elsif ($fields[$idx_dso_scheme+1] =~ /^(dl|dlfcn|win32|vms)$/)
-			{
-			$errorcnt++;
-			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
-			print STDERR "              in the following field\n";
-			}
-		elsif ($fields[$idx_dso_scheme] !~ /^(dl|dlfcn|win32|vms|)$/)
-			{
-			$errorcnt++;
-			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
-			print STDERR "              valid values are 'dl', 'dlfcn', 'win32' and 'vms'\n";
-			}
-		}
-	print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
-	return $errorcnt;
-	}
--- a/57
+++ b/57
@@ -38,8 +38,6 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 * Why does the OpenSSL compilation fail on Win32 with VC++?
-* What is special about OpenSSL on Redhat?
-* Why does the OpenSSL test suite fail on MacOS X?

 [PROG] Questions about programming with OpenSSL

@@ -61,7 +59,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6e was released on 30 May, 2002.
+OpenSSL 0.9.6c was released on December 21st, 2001.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -217,11 +215,8 @@ For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
 installing the SUNski package from Sun patch 105710-01 (Sparc) which
 adds a /dev/random device and make sure it gets used, usually through
 $RANDFILE.  There are probably similar patches for the other Solaris
-versions.  An official statement from Sun with respect to /dev/random
-support can be found at
-  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
-However, be warned that /dev/random is usually a blocking device, which
-may have some effects on OpenSSL.
+versions.  However, be warned that /dev/random is usually a blocking
+device, which may have some effects on OpenSSL.


 * Why do I get an "unable to write 'random state'" error message?
@@ -456,52 +451,6 @@ under 'Program Files').  This needs to be done prior to running NMAKE,
 and the changes are only valid for the current DOS session.


-* What is special about OpenSSL on Redhat?
-
-Red Hat Linux (release 7.0 and later) include a preinstalled limited
-version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
-is disabled in this version. The same may apply to other Linux distributions.
-Users may therefore wish to install more or all of the features left out.
-
-To do this you MUST ensure that you do not overwrite the openssl that is in
-/usr/bin on your Red Hat machine. Several packages depend on this file,
-including sendmail and ssh. /usr/local/bin is a good alternative choice. The
-libraries that come with Red Hat 7.0 onwards have different names and so are
-not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
-/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
-/lib/libcrypto.so.2 respectively).
-
-Please note that we have been advised by Red Hat attempting to recompile the
-openssl rpm with all the cryptography enabled will not work. All other
-packages depend on the original Red Hat supplied openssl package. It is also
-worth noting that due to the way Red Hat supplies its packages, updates to
-openssl on each distribution never change the package version, only the
-build number. For example, on Red Hat 7.1, the latest openssl package has
-version number 0.9.6 and build number 9 even though it contains all the
-relevant updates in packages up to and including 0.9.6b.
-
-A possible way around this is to persuade Red Hat to produce a non-US
-version of Red Hat Linux.
-
-FYI: Patent numbers and expiry dates of US patents:
-MDC-2: 4,908,861 13/03/2007
-IDEA:  5,214,703 25/05/2010
-RC5:   5,724,428 03/03/2015
-
-
-* Why does the OpenSSL test suite fail on MacOS X?
-
-If the failure happens when running 'make test' and the RC4 test fails,
-it's very probable that you have OpenSSL 0.9.6b delivered with the
-operating system (you can find out by running '/usr/bin/openssl version')
-and that you were trying to build OpenSSL 0.9.6d.  The problem is that
-the loader ('ld') in MacOS X has a misfeature that's quite difficult to
-go around and has linked the programs "openssl" and the test programs
-with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
-libraries you just built.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
 [PROG] ========================================================================

 * Is OpenSSL thread-safe?
--- a/15
+++ b/15
@@ -131,11 +131,8 @@
     the failure that aren't problems in OpenSSL itself (like missing
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
-     message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/rt2.html and will be forwarded to a public
-     mailing list). Include the output of "make report" in your message.
-     Please check out the request tracker. Maybe the bug was already
-     reported or has already been fixed.
+     message will be forwarded to a public mailing list).  Include the
+     output of "make report" in your message.

     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]
@@ -153,8 +150,7 @@
     try removing any compiler optimization flags from the CFLAGS line
     in Makefile.ssl and run "make clean; make". Please send a bug
     report to <openssl-bugs@openssl.org>, including the output of
-     "make report" in order to be added to the request tracker at
-     http://www.openssl.org/rt2.html.
+     "make report".

  4. If everything tests ok, install OpenSSL with

@@ -276,11 +272,6 @@
 Note on shared libraries
 ------------------------

- Shared library is currently an experimental feature.  The only reason to
- have them would be to conserve memory on systems where several program
- are using OpenSSL.  Binary backward compatibility can't be guaranteed
- before OpenSSL version 1.0.
-
 For some systems, the OpenSSL Configure script knows what is needed to
 build shared libraries for libcrypto and libssl.  On these systems,
 the shared libraries are currently not created by default, but giving
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -2,19 +2,16 @@
 INSTALLATION ON THE WIN32 PLATFORM
 ----------------------------------

- Heres a few comments about building OpenSSL in Windows environments.  Most
- of this is tested on Win32 but it may also work in Win 3.1 with some
+ Heres a few comments about building OpenSSL in Windows environments. Most of
+ this is tested on Win32 but it may also work in Win 3.1 with some
 modification.

- You need Perl for Win32.  Unless you will build on Cygwin, you will need
- ActiveState Perl, available from http://www.activestate.com/ActivePerl.
- For Cygwin users, there's more info in the Cygwin section.
-
+ You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
 and one of the following C compilers:

  * Visual C++
  * Borland C
-  * GNU C (Mingw32 or Cygwin)
+  * GNU C (Mingw32 or Cygwin32)

 If you want to compile in the assembly language routines with Visual C++ then
 you will need an assembler. This is worth doing because it will result in
@@ -81,7 +78,7 @@

 There are various changes you can make to the Win32 compile environment. By
 default the library is not compiled with debugging symbols. If you add 'debug'
- to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
+ to the mk1mk.pl lines in the do_* batch file then debugging symbols will be
 compiled in.

 The default Win32 environment is to leave out any Windows NT specific
@@ -94,18 +91,6 @@
 You can also build a static version of the library using the Makefile
 ms\nt.mak

- Borland C++ builder 5
- ---------------------
-
- * Configure for building with Borland Builder:
-   > perl Configure BC-32
-
- * Create the appropriate makefile
-   > ms\do_nasm
-
- * Build
-   > make -f ms\bcb.mak
-
 Borland C++ builder 3 and 4
 ---------------------------

@@ -149,30 +134,28 @@
   > cd out
   > ..\ms\test

- GNU C (Cygwin)
- --------------
+ GNU C (CygWin32)
+ ---------------

- Cygwin provides a bash shell and GNU tools environment running on
+ CygWin32 provides a bash shell and GNU tools environment running on
 NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL
- with Cygwin is closer to a GNU bash environment such as Linux rather
+ with CygWin is closer to a GNU bash environment such as Linux rather
 than other W32 makes that are based on a single makefile approach.
- Cygwin implements Posix/Unix calls through cygwin1.dll, and is
+ CygWin32 implements Posix/Unix calls through cygwin1.dll, and is
 contrasted to Mingw32 which links dynamically to msvcrt.dll or
 crtdll.dll.

- To build OpenSSL using Cygwin:
+ To build OpenSSL using CygWin32:

- * Install Cygwin (see http://sourceware.cygnus.com/cygwin)
+ * Install CygWin32 (see http://sourceware.cygnus.com/cygwin)

- * Install Perl and ensure it is in the path (recent Cygwin perl 
-   (version 5.6.1-2 of the latter has been reported to work) or
-   ActivePerl)
+ * Install Perl and ensure it is in the path

- * Run the Cygwin bash shell
+ * Run the CygWin bash shell

 * $ tar zxvf openssl-x.x.x.tar.gz
   $ cd openssl-x.x.x
-   $ ./config
+   $ ./Configure no-threads CygWin32
   [...]
   $ make
   [...]
@@ -181,28 +164,27 @@

 This will create a default install in /usr/local/ssl.

- Cygwin Notes:
+ CygWin32 Notes:

 "make test" and normal file operations may fail in directories
- mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
+ mounted as text (i.e. mount -t c:\somewhere /home) due to CygWin
 stripping of carriage returns. To avoid this ensure that a binary
 mount is used, e.g. mount -b c:\somewhere /home.

- As of version 1.1.1 Cygwin is relatively unstable in its handling
+ As of version 1.1.1 CygWin32 is relatively unstable in its handling
 of cr/lf issues. These make procedures succeeded with versions 1.1 and
 the snapshot 20000524 (Slow!).

- "bc" is not provided in the Cygwin distribution.  This causes a
+ "bc" is not provided in the CygWin32 distribution.  This causes a
 non-fatal error in "make test" but is otherwise harmless.  If
- desired, GNU bc can be built with Cygwin without change.
+ desired, GNU bc can be built with CygWin32 without change.


 Installation
 ------------

- If you used the Cygwin procedure above, you have already installed and
- can skip this section.  For all other procedures, there's currently no real
- installation procedure for Win32.  There are, however, some suggestions:
+ There's currently no real installation procedure for Win32.  There are,
+ however, some suggestions:

    - do nothing.  The include files are found in the inc32/ subdirectory,
      all binaries are found in out32dll/ or out32/ depending if you built
--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------

 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/Makefile.org
+++ b/Makefile.org
@@ -183,7 +183,6 @@ SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
 SHARED_LIBS=
 SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=

 GENERAL=        Makefile
 BASENAME=       openssl
@@ -236,22 +235,19 @@ clean-shared:
 			done; \
 		fi; \
 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
-		if [ "$(PLATFORM)" = "Cygwin" ]; then \
-			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
-		fi; \
 	done

 link-shared:
-	@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
-		tmp="$(SHARED_LIBS_LINK_EXTS)"; \
-		for i in $(SHLIBDIRS); do \
-			prev=lib$$i$(SHLIB_EXT); \
+	@for i in $(SHLIBDIRS); do \
+		prev=lib$$i$(SHLIB_EXT); \
+		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
 			for j in $${tmp:-x}; do \
 				( set -x; ln -f -s $$prev lib$$i$$j ); \
 				prev=lib$$i$$j; \
 			done; \
-		done; \
-	fi
+		fi; \
+	done

 build-shared: clean-shared do_$(SHLIB_TARGET) link-shared

@@ -259,10 +255,8 @@ do_bsd-gcc-shared: do_gnu-shared
 do_linux-shared: do_gnu-shared
 do_gnu-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC} ${SHARED_LDFLAGS} \
-		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
 	libs="$$libs -l$$i"; \
@@ -275,35 +269,13 @@ DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
 	[ -n "$$my_ld" ] && \
 	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1

-# For Darwin AKA Mac OS/X (dyld)
-do_darwin-shared: 
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
-		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
-		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
-	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
-	echo "" ; \
-	done
-
-do_cygwin-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC}  -shared -o cyg$$i.dll \
-		-Wl,-Bsymbolic \
-		-Wl,--whole-archive lib$$i.a \
-		-Wl,--out-implib,lib$$i.dll.a \
-		-Wl,--no-whole-archive $$libs ) || exit 1; \
-	libs="$$libs -l$$i"; \
-	done
-
 # This assumes that GNU utilities are *not* used
 do_alpha-osf1-shared:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		( set -x; ${CC} ${SHARED_LDFLAGS} \
-			-shared -o lib$$i.so \
+		( set -x; ${CC}  -shared -o lib$$i.so \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
@@ -318,8 +290,7 @@ do_tru64-shared:
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		( set -x; ${CC} ${SHARED_LDFLAGS} \
-			-shared -msym -o lib$$i.so \
+		( set -x; ${CC}  -shared -msym -o lib$$i.so \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
@@ -334,8 +305,7 @@ do_tru64-shared-rpath:
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		( set -x; ${CC} ${SHARED_LDFLAGS} \
-			-shared -msym -o lib$$i.so \
+		( set -x; ${CC}  -shared -msym -o lib$$i.so \
 			-rpath  ${INSTALLTOP}/lib \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
@@ -351,16 +321,15 @@ do_solaris-shared:
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
-			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="$$libs -l$$i"; \
 		done; \
 	fi

-# OpenServer 5 native compilers used
-do_svr3-shared:
+# UnixWare 7 and OpenUNIX 8 native compilers used
+do_svr5-shared:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
@@ -378,34 +347,13 @@ do_svr3-shared:
 		done; \
 	fi

-# UnixWare 7 and OpenUNIX 8 native compilers used
-do_svr5-shared:
-	if ${DETECT_GNU_LD}; then \
-		$(MAKE) do_gnu-shared; \
-	else \
-		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
-		  find . -name "*.o" -print > allobjs ; \
-		  OBJS= ; export OBJS ; \
-		  for obj in `ar t lib$$i.a` ; do \
-		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
-		  done ; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
-			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
-		libs="$$libs -l$$i"; \
-		done; \
-	fi
-
 # This assumes that GNU utilities are *not* used
 do_irix-shared:
 	if ${DETECT_GNU_LD}; then \
 		$(MAKE) do_gnu-shared; \
 	else \
 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		( set -x; ${CC} ${SHARED_LDFLAGS} \
-			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
 		libs="$$libs -l$$i"; \
@@ -414,24 +362,20 @@ do_irix-shared:

 # This assumes that GNU utilities are *not* used
 do_hpux-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-		+vnocompatwarnings \
+	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	( set -x; /usr/ccs/bin/ld +vnocompatwarnings \
 		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
 	libs="$$libs -L. -l$$i"; \
 	done

 # This assumes that GNU utilities are *not* used
 do_hpux64-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	( set -x; /usr/ccs/bin/ld -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
 	libs="$$libs -L. -l$$i"; \
 	done

@@ -465,7 +409,7 @@ do_hpux64-shared:
 #  HP/UX-64bit: /usr/ccs/bin/ld
 #  AIX:		$(CC)
 ALLSYMSFLAG=-bnogc
-SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
+SHAREDFLAGS=-G -bE:lib$$i.exp -bM:SRE
 SHAREDCMD=$(CC)
 do_aix-shared:
 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
@@ -547,7 +491,7 @@ test:   tests

 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' EXE_EXT='${EXE_EXT}' tests );
 	@apps/openssl version -a

 report:
@@ -558,7 +502,7 @@ depend:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
+		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
 	fi; \
 	done;

@@ -603,26 +547,20 @@ TABLE: Configure

 update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE

-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
 tar:
-	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
-	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+	@$(TAR) $(TARFLAGS) -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\
 	gzip --best >../$(TARFILE).gz; \
-	rm -f ../$(TARFILE).list; \
 	ls -l ../$(TARFILE).gz

 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+	@$(MAKE) tar

 dist_pem_h:
 	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
@@ -654,25 +592,17 @@ install: all install_docs
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
-		fi; \
+		fi \
 	done
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		tmp="$(SHARED_LIBS)"; \
 		for i in $${tmp:-x}; \
 		do \
-			if [ -f "$$i" -o -f "$$i.a" ]; then \
+			if [ -f "$$i" ]; then \
 			(       echo installing $$i; \
-				if [ "$(PLATFORM)" != "Cygwin" ]; then \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
-				else \
-					c=`echo $$i | sed 's/^lib/cyg/'`; \
-					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
-				fi ); \
-			fi; \
+				cp -f $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+				chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+			fi \
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
@@ -689,20 +619,18 @@ install_docs:
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`") \
+		(cd `dirname $$i`; \
+		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+			 --release=$(VERSION) `basename $$i`) \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`") \
+		(cd `dirname $$i`; \
+		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`) \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done

--- a/11
+++ b/11
@@ -5,12 +5,7 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
-
-      o Various SSL/TLS library bugfixes.
-      o Fix DH parameter generation for 'non-standard' generators.
-
-  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
+  Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:

      o Various SSL/TLS library bugfixes.
      o BIGNUM library fixes.
@@ -23,7 +18,7 @@
        Broadcom and Cryptographic Appliance's keyserver
        [in 0.9.6c-engine release].

-  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+  Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:

      o Security fix: PRNG improvements.
      o Security fix: RSA OAEP check.
@@ -56,7 +51,7 @@
      o Bug fixes for Win32, HP/UX and Irix.
      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
        memory checking routines.
-      o Bug fixes for RSA operations in threaded environments.
+      o Bug fixes for RSA operations in threaded enviroments.
      o Bug fixes in misc. openssl applications.
      o Remove a few potential memory leaks.
      o Add tighter checks of BIGNUM routines.
--- a/34
+++ b/34
@@ -1,34 +0,0 @@
-* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
-[NOTE: This is currently undergoing tests, and may be removed soon]
-
-This is really a misfeature in ld, which seems to look for .dylib libraries
-along the whole library path before it bothers looking for .a libraries.  This
-means that -L switches won't matter unless OpenSSL is built with shared
-library support.
-
-The workaround may be to change the following lines in apps/Makefile.ssl and
-test/Makefile.ssl:
-
-  LIBCRYPTO=-L.. -lcrypto
-  LIBSSL=-L.. -lssl
-
-to:
-
-  LIBCRYPTO=../libcrypto.a
-  LIBSSL=../libssl.a
-
-It's possible that something similar is needed for shared library support
-as well.  That hasn't been well tested yet.
-
-
-Another solution that many seem to recommend is to move the libraries
-/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
-directory, build and install OpenSSL and anything that depends on your
-build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
-original places.  Note that the version numbers on those two libraries
-may differ on your machine.
-
-
-As long as Apple doesn't fix the problem with ld, this problem building
-OpenSSL will remain as is.
-
--- a/21
+++ b/21
@@ -1,7 +1,7 @@

- OpenSSL 0.9.6e [engine] 30 July 2002
+ OpenSSL 0.9.6c [engine] 21 dec 2001

- Copyright (c) 1998-2002 The OpenSSL Project
+ Copyright (c) 1998-2001 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.

@@ -122,13 +122,6 @@
 lists the functions; you will probably have to look at the code to work out
 how to use them. Look at the example programs.

- PROBLEMS
- --------
-
- For some platforms, there are some known problems that may affect the user
- or application author.  We try to collect those in doc/PROBLEMS, with current
- thoughts on how they should be solved in a future of OpenSSL.
-
 SUPPORT 
 -------

@@ -153,13 +146,11 @@
    - Problem Description (steps that will reproduce the problem, if known)
    - Stack Traceback (if the application dumps core)

- Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/rt2.html) by mail to:
+ Report the bug to the OpenSSL project at:

    openssl-bugs@openssl.org

- Note that mail to openssl-bugs@openssl.org is recorded in the publicly
- readable request tracker database and is forwarded to a public
+ Note that mail to openssl-bugs@openssl.org is forwarded to a public
 mailing list. Confidential mail may be sent to openssl-security@openssl.org
 (PGP key available from the key servers).

@@ -173,9 +164,7 @@
 textual explanation of what your patch does.

 Note: For legal reasons, contributions from the US can be accepted only
- if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
- see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
- and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
+ if a copy of the patch is sent to crypt@bxa.doc.gov

 The preferred format for changes is "diff -u" output. You might
 generate it like this:
--- a/9
+++ b/9
@@ -1,13 +1,10 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/07/30 10:38:17 $
+  ______________                           $Date: 2001/11/15 08:15:00 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.7:  Under development...
-    o  OpenSSL 0.9.6e: Released on July      30th, 2002
-    o  OpenSSL 0.9.6d: Released on May        9th, 2002
-    o  OpenSSL 0.9.6c: Released on December  21st, 2001
    o  OpenSSL 0.9.6b: Released on July       9th, 2001
    o  OpenSSL 0.9.6a: Released on April      5th, 2001
    o  OpenSSL 0.9.6:  Released on September 24th, 2000
@@ -50,6 +47,10 @@

    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file

+    o  OpenSSL_0_9_6-stable:
+       #include <openssl/e_os.h> in exported header files is illegal since
+       e_os.h is suitable only for library-internal use.
+
    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
       or an error is reported

--- a/436
+++ b/436
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -230,16 +230,9 @@ void program_name(char *in, char *out, int size)

 	q=strrchr(p,'.');
 	if (q == NULL)
-		q = p + strlen(p);
-	strncpy(out,p,size-1);
-	if (q-p >= size)
-		{
-		out[size-1]='\0';
-		}
-	else
-		{
-		out[q-p]='\0';
-		}
+		q = in+size;
+	strncpy(out,p,q-p);
+	out[q-p]='\0';
 	}
 #else
 void program_name(char *in, char *out, int size)
@@ -764,7 +757,7 @@ int set_name_ex(unsigned long *flags, const char *arg)

 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 {
-	char *buf;
+	char buf[256];
 	char mline = 0;
 	int indent = 0;
 	if(title) BIO_puts(out, title);
@@ -773,10 +766,9 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 		indent = 4;
 	}
 	if(lflags == XN_FLAG_COMPAT) {
-		buf = X509_NAME_oneline(nm, 0, 0);
-		BIO_puts(out, buf);
+		X509_NAME_oneline(nm,buf,256);
+		BIO_puts(out,buf);
 		BIO_puts(out, "\n");
-		OPENSSL_free(buf);
 	} else {
 		if(mline) BIO_puts(out, "\n");
 		X509_NAME_print_ex(out, nm, indent, lflags);
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -181,7 +181,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
+		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   length of section in file\n");
@@ -192,6 +192,7 @@ bad:
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
+		BIO_printf(bio_err," -out filename output DER encoding to file\n");
 		goto end;
 		}

--- a/apps/ca.c
+++ b/apps/ca.c
@@ -83,7 +83,7 @@
 #    else
 #      include <unixlib.h>
 #    endif
-#  elif !defined(VXWORKS)
+#  else
 #    include <sys/file.h>
 #  endif
 #endif
@@ -1135,7 +1135,7 @@ bad:
 			}
 		if ((crldays == 0) && (crlhours == 0))
 			{
-			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
+			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
 			goto err;
 			}

--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -89,8 +89,8 @@ int MAIN(int argc, char **argv)
 	BIO *bmd=NULL;
 	BIO *out = NULL;
 	const char *name;
-#define PROG_NAME_SIZE  39
-	char pname[PROG_NAME_SIZE+1];
+#define PROG_NAME_SIZE  16
+	char pname[PROG_NAME_SIZE];
 	int separator=0;
 	int debug=0;
 	const char *outfile = NULL, *keyfile = NULL;
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -176,7 +176,7 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -text         print as text\n");
+		BIO_printf(bio_err," -text         print the key in text\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -101,8 +101,8 @@ int MAIN(int argc, char **argv)
 	const EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
-#define PROG_NAME_SIZE  39
-	char pname[PROG_NAME_SIZE+1];
+#define PROG_NAME_SIZE  16
+	char pname[PROG_NAME_SIZE];
 	char *engine = NULL;

 	apps_startup();
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -88,8 +88,8 @@ BIO *bio_err=NULL;
 int main(int Argc, char *Argv[])
 	{
 	ARGS arg;
-#define PROG_NAME_SIZE	39
-	char pname[PROG_NAME_SIZE+1];
+#define PROG_NAME_SIZE	16
+	char pname[PROG_NAME_SIZE];
 	FUNCTION f,*fp;
 	MS_STATIC char *prompt,buf[1024],config_name[256];
 	int n,i,ret=0;
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -772,10 +772,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
 				return 0;
-		if (!(pkey = EVP_PKCS82PKEY (p8))) {
-			PKCS8_PRIV_KEY_INFO_free(p8);
-			return 0;
-		}
+		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
 		print_attribs (out, p8->attributes, "Key Attributes");
 		PKCS8_PRIV_KEY_INFO_free(p8);
 		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -90,7 +90,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat;
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
-	int ret=1;
+	int ret=0;
 	char *engine=NULL;

 	apps_startup();
--- a/apps/req.c
+++ b/apps/req.c
@@ -291,7 +291,7 @@ int MAIN(int argc, char **argv)
 						goto end;
 						}

-					if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
+					dtmp=X509_get_pubkey(xtmp);
 					if (dtmp->type == EVP_PKEY_DSA)
 						dsa_params=DSAparams_dup(dtmp->pkey.dsa);
 					EVP_PKEY_free(dtmp);
@@ -758,14 +758,17 @@ loop:

 			/* Set version to V3 */
 			if(!X509_set_version(x509ss, 2)) goto end;
-			if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
+			ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);

-			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
-			if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
-			if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
-			if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
+			X509_set_issuer_name(x509ss,
+				X509_REQ_get_subject_name(req));
+			X509_gmtime_adj(X509_get_notBefore(x509ss),0);
+			X509_gmtime_adj(X509_get_notAfter(x509ss),
+				(long)60*60*24*days);
+			X509_set_subject_name(x509ss,
+				X509_REQ_get_subject_name(req));
 			tmppkey = X509_REQ_get_pubkey(req);
-			if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
+			X509_set_pubkey(x509ss,tmppkey);
 			EVP_PKEY_free(tmppkey);

 			/* Set up V3 context struct */
@@ -996,7 +999,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
 	if(!i) goto err;

-	if (!X509_REQ_set_pubkey(req,pkey)) goto err;
+	X509_REQ_set_pubkey(req,pkey);

 	ret=1;
 err:
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -91,7 +91,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *eng = NULL;
+	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0, sgckey=0;
@@ -211,20 +211,20 @@ bad:

 	if (engine != NULL)
 		{
-		if((eng = ENGINE_by_id(engine)) == NULL)
+		if((e = ENGINE_by_id(engine)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine \"%s\"\n",
 				engine);
 			goto end;
 			}
-		if(!ENGINE_set_default(eng, ENGINE_METHOD_ALL))
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
 			BIO_printf(bio_err,"can't use that engine\n");
 			goto end;
 			}
 		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
 		/* Free our "structural" reference. */
-		ENGINE_free(eng);
+		ENGINE_free(e);
 		}

 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -418,7 +418,7 @@ int MAIN(int argc, char *argv[])
 	int state=0;
 	SSL_METHOD *meth=NULL;
 	char *inrand=NULL;
-	char *engine=NULL;
+	char *engine_id=NULL;
 	ENGINE *e=NULL;
 #ifndef NO_DH
 	DH *dh=NULL;
@@ -582,7 +582,7 @@ int MAIN(int argc, char *argv[])
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
-			engine = *(++argv);
+			engine_id= *(++argv);
 			}
 		else
 			{
@@ -635,9 +635,9 @@ bad:
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();

-	if (engine != NULL)
+	if (engine_id != NULL)
 		{
-		if((e = ENGINE_by_id(engine)) == NULL)
+		if((e = ENGINE_by_id(engine_id)) == NULL)
 			{
 			BIO_printf(bio_err,"invalid engine\n");
 			ERR_print_errors(bio_err);
@@ -654,7 +654,7 @@ bad:
 			ERR_print_errors(bio_err);
 			goto end;
 			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
 		ENGINE_free(e);
 		}

--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -82,7 +82,7 @@
 #include "wintext.h"
 #endif

-#if !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) || defined (_DARWIN)
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif

@@ -102,7 +102,7 @@
 #undef TIMES
 #endif

-#if !defined(TIMES) && !defined(VXWORKS)
+#ifndef TIMES
 #include <sys/timeb.h>
 #endif

@@ -139,8 +139,6 @@
 #undef BUFSIZZ
 #define BUFSIZZ 1024*10

-#undef min
-#undef max
 #define min(a,b) (((a) < (b)) ? (a) : (b))
 #define max(a,b) (((a) > (b)) ? (a) : (b))

@@ -370,22 +368,6 @@ static double tm_Time_F(int s)
 		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
 		return((ret == 0.0)?1e-6:ret);
 	}
-#elif defined(VXWORKS)
-        {
-	static unsigned long tick_start, tick_end;
-
-	if( s == START )
-		{
-		tick_start = tickGet();
-		return 0;
-		}
-	else
-		{
-		tick_end = tickGet();
-		ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
-		return((ret == 0.0)?1e-6:ret);
-		}
-        }
 #else /* !times() */
 	static struct timeb tstart,tend;
 	long i;
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -441,10 +441,7 @@ int MAIN(int argc, char **argv)
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
 	} else if(operation == SMIME_SIGN) {
 		p7 = PKCS7_sign(signer, key, other, in, flags);
-		if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
-		  BIO_printf(bio_err, "Can't rewind input file\n");
-		  goto end;
-		}
+		BIO_reset(in);
 	} else {
 		if(informat == FORMAT_SMIME) 
 			p7 = SMIME_read_PKCS7(in, &indata);
@@ -484,9 +481,9 @@ int MAIN(int argc, char **argv)
 	} else if(operation == SMIME_VERIFY) {
 		STACK_OF(X509) *signers;
 		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
-			BIO_printf(bio_err, "Verification successful\n");
+			BIO_printf(bio_err, "Verification Successful\n");
 		} else {
-			BIO_printf(bio_err, "Verification failure\n");
+			BIO_printf(bio_err, "Verification Failure\n");
 			goto end;
 		}
 		signers = PKCS7_get0_signers(p7, other, flags);
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -83,12 +83,12 @@
 #include <openssl/err.h>
 #include <openssl/engine.h>

-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN)
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
 # define USE_TOD
-#elif !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC))
+#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 # define TIMES
 #endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) && !defined(_DARWIN) && !defined(VXWORKS)
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__)
 # define TIMEB
 #endif

@@ -116,7 +116,7 @@
 #include <sys/timeb.h>
 #endif

-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(VXWORKS)
+#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD)
 #error "It seems neither struct tms nor struct timeb is supported in this platform!"
 #endif

@@ -225,7 +225,7 @@ static double Time_F(int s, int usertime)

 #ifdef USE_TOD
 	if(usertime)
-		{
+	    {
 		static struct rusage tstart,tend;

 		if (s == START)
@@ -285,23 +285,7 @@ static double Time_F(int s, int usertime)
 # if defined(TIMES) && defined(TIMEB)
 	else
 # endif
-# ifdef VXWORKS
-		{
-		static unsigned long tick_start, tick_end;
-
-		if( s == START )
-			{
-			tick_start = tickGet();
-			return 0;
-			}
-		else
-			{
-			tick_end = tickGet();
-			ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
-			return((ret < 0.001)?0.001:ret);
-			}
-                }
-# elif defined(TIMEB)
+# ifdef TIMEB
 		{
 		static struct timeb tstart,tend;
 		long i;
@@ -320,7 +304,6 @@ static double Time_F(int s, int usertime)
 			}
 		}
 # endif
-
 #endif
 	}

@@ -337,9 +320,7 @@ int MAIN(int argc, char **argv)
 #define DSA_NUM		3
 	long count,rsa_count;
 	int i,j,k;
-#ifndef NO_RSA
 	unsigned rsa_num;
-#endif
 #ifndef NO_MD2
 	unsigned char md2[MD2_DIGEST_LENGTH];
 #endif
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -237,7 +237,7 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-CAkeyform") == 0)
 			{
 			if (--argc < 1) goto bad;
-			CAkeyformat=str2fmt(*(++argv));
+			CAformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
--- a/82
+++ b/82
@@ -299,24 +299,9 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	;;

    CYGWIN*)
-	case "$RELEASE" in
-	    [bB]*|1.0|1.[12].*)
-		echo "${MACHINE}-whatever-cygwin_pre1.3"
-		;;
-	    *)
-		echo "${MACHINE}-whatever-cygwin"
-		;;
-	esac
-	exit 0
+	echo "${MACHINE}-whatever-cygwin32"; exit 0
 	;;

-    *"CRAY T3E")
-       echo "t3e-cray-unicosmk"; exit 0;
-       ;;
-
-    *CRAY*)
-       echo "j90-cray-unicos"; exit 0;
-       ;;
 esac

 #
@@ -381,29 +366,17 @@ done

 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
-GCCVER=`(gcc -dumpversion) 2>/dev/null`
+GCCVER=`(gcc --version) 2>/dev/null`
 if [ "$GCCVER" != "" ]; then
  CC=gcc
-  # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
-  # does give us what we want though, so we use that.  We just just the
-  # major and minor version numbers.
+  # then strip off whatever prefix Cygnus prepends the number with...
+  GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
  # peak single digit before and after first dot, e.g. 2.95.1 gives 29
  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
 else
  CC=cc
 fi
-if [ "$SYSTEM" = "HP-UX" ];then
-  # By default gcc is a ILP32 compiler (with long long == 64).
-  GCC_BITS="32"
-  if [ $GCCVER -ge 30 ]; then
-    # PA64 support only came in with gcc 3.0.x.
-    # We look for the preprocessor symbol __LP64__ indicating
-    # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
-    if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
-      GCC_BITS="64"
-    fi
-  fi
-fi
+
 if [ "$SYSTEM" = "SunOS" ]; then
  # check for WorkShop C, expected output is "cc: blah-blah C x.x"
  CCVER=`(cc -V 2>&1) 2>/dev/null | \
@@ -509,10 +482,6 @@ EOF
 	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
 	rm dummy dummy.c
 	;;
-  ppc64-*-linux2)
-	#Use the standard target for PPC architecture until we create a
-	#special one for the 64bit architecture.
-	OUT="linux-ppc" ;;
  ppc-*-linux2) OUT="linux-ppc" ;;
  m68k-*-linux*) OUT="linux-m68k" ;;
  ia64-*-linux?) OUT="linux-ia64" ;;
@@ -534,29 +503,8 @@ EOF
 	sun4d)	OUT="linux-sparcv8" ;;
 	*)	OUT="linux-sparcv7" ;;
 	esac ;;
-  parisc-*-linux2)
-        CPUARCH=`awk '/cpu family/{print substr($5,1,3)}' /proc/cpuinfo`
-	CPUSCHEDULE=`awk '/^cpu.[ 	]: PA/{print substr($3,3)}' /proc/cpuinfo`
-
-	# ??TODO ??  Model transformations
-	# 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
-	#    assuming no further arch. identification will ever be used by GCC.
-	# 1. I'm most concerned about whether is a 7300LC is closer to a 7100 versus a 7100LC.
-	# 2. The variant 64-bit processors cause concern should GCC support explicit schedulers
-	#    for these chips in the future.
-	#         PA7300LC -> 7100LC (1.1)
-	#         PA8200   -> 8000   (2.0)
-	#         PA8500   -> 8000   (2.0)
-	#         PA8600   -> 8000   (2.0)
-
-	CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'`
-	# Finish Model transformations
-
-	options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH"
-	OUT="linux-parisc" ;;
  arm*-*-linux2) OUT="linux-elf-arm" ;;
  s390-*-linux2) OUT="linux-s390" ;;
-  s390x-*-linux?) OUT="linux-s390x" ;;
  *-*-linux2) OUT="linux-elf" ;;
  *-*-linux1) OUT="linux-aout" ;;
  sun4u*-*-solaris2)
@@ -605,27 +553,15 @@ EOF
  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
-  *-hpux1*)
-	if [ $CC = "gcc" ];
-	then
-	  if [ $GCC_BITS = "64" ]; then
-	    OUT="hpux64-parisc-gcc"
-	  else
-	    OUT="hpux-parisc-gcc"
-	  fi
-	else
-	  OUT="hpux-parisc-$CC"
-	fi
-	options="$options -D_REENTRANT" ;;
+  *-hpux1*)	OUT="hpux-parisc-$CC"
+		options="$options -D_REENTRANT" ;;
  *-hpux)	OUT="hpux-parisc-$CC" ;;
  # these are all covered by the catchall below
  # *-aix) OUT="aix-$CC" ;;
  # *-dgux) OUT="dgux" ;;
  mips-sony-newsos4) OUT="newsos4-gcc" ;;
-  *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
-  *-*-cygwin) OUT="Cygwin" ;;
-  t3e-cray-unicosmk) OUT="cray-t3e" ;;
-  j90-cray-unicos) OUT="cray-j90" ;;
+  *-*-cygwin32) OUT="CygWin32"
+		options="$options no-threads no-asm" ;;
  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac

--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -6,7 +6,7 @@ DIR=		crypto
 TOP=		..
 CC=		cc
 INCLUDE=	-I. -I../include
-INCLUDES=	-I.. -I../.. -I../../include
+INCLUDES=	-I.. -I../../include
 CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
@@ -51,11 +51,11 @@ all: buildinf.h lib subdirs

 buildinf.h: ../Makefile.ssl
 	( echo "#ifndef MK1MF_BUILD"; \
-	echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
-	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
-	echo '  #define PLATFORM "$(PLATFORM)"'; \
-	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
-	echo '#endif' ) >buildinf.h
+	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+	echo "  #define DATE \"`date`\""; \
+	echo "#endif" ) >buildinf.h

 testapps:
 	if echo ${SDIRS} | fgrep ' des '; \
@@ -134,7 +134,7 @@ depend:
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making depend in crypto/$$i..."; \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
 	done;

 clean:
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -936,40 +936,40 @@ t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../cryptlib.h
+t_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../cryptlib.h
+t_crl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
@@ -985,20 +985,20 @@ t_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_req.o: ../cryptlib.h
+t_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1024,20 +1024,20 @@ t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-t_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-t_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../cryptlib.h
+t_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1310,20 +1310,21 @@ x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 x_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
 x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-x_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-x_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-x_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x_x509.o: ../cryptlib.h
 x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -89,6 +89,8 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	if (a == NULL) return(0);

 	len=a->length;
+	ret=1+len;
+	if (pp == NULL) return(ret);

 	if (len > 0)
 		{
@@ -116,10 +118,6 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 		}
 	else
 		bits=0;
-
-	ret=1+len;
-	if (pp == NULL) return(ret);
-
 	p= *pp;

 	*(p++)=(unsigned char)bits;
@@ -226,7 +224,6 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 	w=n/8;
 	v=1<<(7-(n&0x07));
 	iv= ~v;
-	if (!value) v=0;

 	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */

--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -205,18 +205,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 	else ret->type=V_ASN1_ENUMERATED;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	if (ret->length < len+4)
-		{
-		unsigned char *new_data=
-			OPENSSL_realloc(ret->data, len+4);
-		if (!new_data)
-			{
-			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		ret->data=new_data;
-		}
-
+	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -203,7 +203,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	if (s == NULL)
 		return(NULL);

-#if defined(THREADS) && !defined(WIN32) && ! defined(_DARWIN)
+#if defined(THREADS) && !defined(WIN32)
 	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
 	ts=&data;
 #else
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -451,16 +451,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	if (ret->length < len+4)
-		{
-		unsigned char *new_data= OPENSSL_realloc(ret->data, len+4);
-		if (!new_data)
-			{
-			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		ret->data=new_data;
-		}
+	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:
--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -116,7 +116,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
 		}

        pStart  = p; /* Catch the beg of Setblobs*/
-        if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
+        rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
 we will store the SET blobs */

        for (i=0; i<sk_num(a); i++)
@@ -133,7 +133,7 @@ SetBlob
 /* Now we have to sort the blobs. I am using a simple algo.
    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-        if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
+        pTempMem = OPENSSL_malloc(totSize);

 /* Copy to temp mem */
        p = pTempMem;
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -55,59 +55,6 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */

 #include <stdio.h>
 #include <time.h>
@@ -140,14 +87,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 		else
 			a=algor2;
 		if (a == NULL) continue;
-                if (type->pkey_type == NID_dsaWithSHA1)
-			{
-			/* special case: RFC 2459 tells us to omit 'parameters'
-			 * with id-dsa-with-sha1 */
-			ASN1_TYPE_free(a->parameter);
-			a->parameter = NULL;
-			}
-		else if ((a->parameter == NULL) || 
+		if (	(a->parameter == NULL) || 
 			(a->parameter->type != V_ASN1_NULL))
 			{
 			ASN1_TYPE_free(a->parameter);
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -113,7 +113,7 @@ ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 	{
 	struct tm *ts;
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
 	struct tm data;

 	gmtime_r(&t,&data);
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -203,7 +203,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	if (s == NULL)
 		return(NULL);

-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
 	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
 	ts=&data;
 #else
@@ -270,9 +270,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	{
 	struct tm *tm;
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
-	struct tm data;
-#endif
 	int offset;
 	int year;

@@ -289,9 +286,8 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)

 	t -= offset*60; /* FIXME: may overflow in extreme cases */

-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
-	gmtime_r(&t, &data);
-	tm = &data;
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
+	{ struct tm data; gmtime_r(&t, &data); tm = &data; }
 #else
 	tm = gmtime(&t);
 #endif
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -124,13 +124,15 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
 		(int)(omax+ *pp));

 #endif
-	if (*plength > (omax - (*pp - p)))
+#if 0
+	if ((p+ *plength) > (omax+ *pp))
 		{
 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
 		/* Set this so that even if things are not long enough
 		 * the values are set correctly */
 		ret|=0x80;
 		}
+#endif
 	*pp=p;
 	return(ret|inf);
 err:
@@ -157,8 +159,6 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		i= *p&0x7f;
 		if (*(p++) & 0x80)
 			{
-			if (i > sizeof(long))
-				return 0;
 			if (max-- == 0) return(0);
 			while (i-- > 0)
 				{
@@ -170,8 +170,6 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		else
 			ret=i;
 		}
-	if (ret < 0)
-		return 0;
 	*pp=p;
 	*rl=ret;
 	return(1);
@@ -409,7 +407,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)

 void asn1_add_error(unsigned char *address, int offset)
 	{
-	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
+	char buf1[16],buf2[16];

 	sprintf(buf1,"%lu",(unsigned long)address);
 	sprintf(buf2,"%d",offset);
--- a/crypto/asn1/d2i_dhp.c
+++ b/crypto/asn1/d2i_dhp.c
@@ -87,7 +87,6 @@ DH *d2i_DHparams(DH **a, unsigned char **pp, long length)
 		}

 	M_ASN1_BIT_STRING_free(bs);
-	bs = NULL;

 	M_ASN1_D2I_Finish_2(a);

--- a/crypto/asn1/d2i_dsap.c
+++ b/crypto/asn1/d2i_dsap.c
@@ -84,7 +84,6 @@ DSA *d2i_DSAparams(DSA **a, unsigned char **pp, long length)
 	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;

 	M_ASN1_BIT_STRING_free(bs);
-	bs = NULL;

 	M_ASN1_D2I_Finish_2(a);

--- a/crypto/asn1/d2i_r_pr.c
+++ b/crypto/asn1/d2i_r_pr.c
@@ -108,7 +108,6 @@ RSA *d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length)
 		goto err_bn;

 	M_ASN1_INTEGER_free(bs);
-	bs = NULL;

 	M_ASN1_D2I_Finish_2(a);
 err_bn:
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -96,34 +96,10 @@ int RSA_print(BIO *bp, RSA *x, int off)
 	char str[128];
 	const char *s;
 	unsigned char *m=NULL;
-	int ret=0;
-	size_t buf_len=0, i;
+	int i,ret=0;

-	if (x->n)
-		buf_len = (size_t)BN_num_bytes(x->n);
-	if (x->e)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
-			buf_len = i;
-	if (x->d)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
-			buf_len = i;
-	if (x->p)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
-			buf_len = i;
-	if (x->q)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-			buf_len = i;
-	if (x->dmp1)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
-			buf_len = i;
-	if (x->dmq1)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
-			buf_len = i;
-	if (x->iqmp)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
-			buf_len = i;
-
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+	i=RSA_size(x);
+	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
 	if (m == NULL)
 		{
 		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
@@ -185,25 +161,22 @@ int DSA_print(BIO *bp, DSA *x, int off)
 	{
 	char str[128];
 	unsigned char *m=NULL;
-	int ret=0;
-	size_t buf_len=0,i;
+	int i,ret=0;
+	BIGNUM *bn=NULL;

-	if (x->p)
-		buf_len = (size_t)BN_num_bytes(x->p);
-	if (x->q)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-			buf_len = i;
-	if (x->g)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-			buf_len = i;
-	if (x->priv_key)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
-			buf_len = i;
-	if (x->pub_key)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
-			buf_len = i;
-
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+	if (x->p != NULL)
+		bn=x->p;
+	else if (x->priv_key != NULL)
+		bn=x->priv_key;
+	else if (x->pub_key != NULL)
+		bn=x->pub_key;
+		
+	/* larger than needed but what the hell :-) */
+	if (bn != NULL)
+		i=BN_num_bytes(bn)*2;
+	else
+		i=256;
+	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
 	if (m == NULL)
 		{
 		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
@@ -308,15 +281,10 @@ int DHparams_print_fp(FILE *fp, DH *x)
 int DHparams_print(BIO *bp, DH *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,ret=0;
-	size_t buf_len=0, i;
+	int reason=ERR_R_BUF_LIB,i,ret=0;

-	if (x->p)
-		buf_len = (size_t)BN_num_bytes(x->p);
-	if (x->g)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-			buf_len = i;
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+	i=BN_num_bytes(x->p);
+	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
 	if (m == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
@@ -366,18 +334,10 @@ int DSAparams_print_fp(FILE *fp, DSA *x)
 int DSAparams_print(BIO *bp, DSA *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,ret=0;
-	size_t buf_len=0, i;
+	int reason=ERR_R_BUF_LIB,i,ret=0;

-	if (x->p)
-		buf_len = (size_t)BN_num_bytes(x->p);
-	if (x->q)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-			buf_len = i;
-	if (x->g)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-			buf_len = i;
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+	i=BN_num_bytes(x->p);
+	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
 	if (m == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -156,7 +156,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		dsa->write_params=0;
 		ASN1_TYPE_free(a->parameter);
 		i=i2d_DSAparams(dsa,NULL);
-		if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
+		p=(unsigned char *)OPENSSL_malloc(i);
 		pp=p;
 		i2d_DSAparams(dsa,&pp);
 		a->parameter=ASN1_TYPE_new();
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -56,13 +56,6 @@
 * [including the GNU Public Licence.]
 */

-/* disable assert() unless BIO_DEBUG has been defined */
-#ifndef BIO_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
 /* 
 * Stolen from tjh's ssl/ssl_trc.c stuff.
 */
@@ -723,13 +716,12 @@ doapr_outch(
    if (buffer) {
 	while (*currlen >= *maxlen) {
 	    if (*buffer == NULL) {
+		assert(*sbuffer != NULL);
 		if (*maxlen == 0)
 		    *maxlen = 1024;
 		*buffer = OPENSSL_malloc(*maxlen);
-		if (*currlen > 0) {
-		    assert(*sbuffer != NULL);
+		if (*currlen > 0)
 		    memcpy(*buffer, *sbuffer, *currlen);
-		}
 		*sbuffer = NULL;
 	    } else {
 		*maxlen += 1024;
@@ -769,9 +761,7 @@ int BIO_vprintf (BIO *bio, const char *format, va_list args)
 	{
 	int ret;
 	size_t retlen;
-	char hugebuf[1024*2];	/* Was previously 10k, which is unreasonable
-				   in small-stack environments, like threads
-				   or DOS programs. */
+	MS_STATIC char hugebuf[1024*10];
 	char *hugebufp = hugebuf;
 	size_t hugebufsize = sizeof(hugebuf);
 	char *dynbuf = NULL;
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -72,9 +72,9 @@
 #endif

 #ifdef SO_MAXCONN
-#define MAX_LISTEN  SO_MAXCONN
-#elif defined(SOMAXCONN)
 #define MAX_LISTEN  SOMAXCONN
+#elif defined(SO_MAXCONN)
+#define MAX_LISTEN  SO_MAXCONN
 #else
 #define MAX_LISTEN  32
 #endif
--- a/crypto/bio/bf_lbuf.c
+++ b/crypto/bio/bf_lbuf.c
@@ -200,7 +200,7 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
 					}
 				}

-#if 0
+#ifdef DEBUG
 BIO_write(b->next_bio, "<*<", 3);
 #endif
 			i=BIO_write(b->next_bio,
@@ -210,13 +210,13 @@ BIO_write(b->next_bio, "<*<", 3);
 				ctx->obuf_len = orig_olen;
 				BIO_copy_next_retry(b);

-#if 0
+#ifdef DEBUG
 BIO_write(b->next_bio, ">*>", 3);
 #endif
 				if (i < 0) return((num > 0)?num:i);
 				if (i == 0) return(num);
 				}
-#if 0
+#ifdef DEBUG
 BIO_write(b->next_bio, ">*>", 3);
 #endif
 			if (i < ctx->obuf_len)
@@ -229,20 +229,20 @@ BIO_write(b->next_bio, ">*>", 3);
 		   buffer if a NL was found and there is anything to write. */
 		if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
 			{
-#if 0
+#ifdef DEBUG
 BIO_write(b->next_bio, "<*<", 3);
 #endif
 			i=BIO_write(b->next_bio,in,p - in);
 			if (i <= 0)
 				{
 				BIO_copy_next_retry(b);
-#if 0
+#ifdef DEBUG
 BIO_write(b->next_bio, ">*>", 3);
 #endif
 				if (i < 0) return((num > 0)?num:i);
 				if (i == 0) return(num);
 				}
-#if 0
+#ifdef DEBUG
 BIO_write(b->next_bio, ">*>", 3);
 #endif
 			num+=i;
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -104,7 +104,7 @@ static int nbiof_new(BIO *bi)
 	{
 	NBIO_TEST *nt;

-	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
+	nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
 	nt->lrn= -1;
 	nt->lwn= -1;
 	bi->ptr=(char *)nt;
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -356,8 +356,8 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
 #define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 #define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
-#define BIO_get_conn_ip(b) 		 BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)
+#define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
+#define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)


 #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -7,18 +7,9 @@
 * for which no specific BIO method is available.
 * See ssl/ssltest.c for some hints on how this can be used. */

-/* BIO_DEBUG implies BIO_PAIR_DEBUG */
-#ifdef BIO_DEBUG
-# ifndef BIO_PAIR_DEBUG
-#  define BIO_PAIR_DEBUG
-# endif
-#endif
-
-/* disable assert() unless BIO_PAIR_DEBUG has been defined */
 #ifndef BIO_PAIR_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
 #endif

 #include <assert.h>
@@ -32,12 +23,7 @@
 #include <openssl/crypto.h>

 #include "openssl/e_os.h"
-
-/* VxWorks defines SSiZE_MAX with an empty value causing compile errors */
-#if defined(VXWORKS)
-# undef SSIZE_MAX
-# define SSIZE_MAX INT_MAX
-#elif !defined(SSIZE_MAX)
+#ifndef SSIZE_MAX
 # define SSIZE_MAX INT_MAX
 #endif

--- a/crypto/bio/bss_log.c
+++ b/crypto/bio/bss_log.c
@@ -75,7 +75,7 @@
 #  include <starlet.h>
 #elif defined(__ultrix)
 #  include <sys/syslog.h>
-#elif !defined(MSDOS) && !defined(VXWORKS) /* Unix */
+#elif !defined(MSDOS) /* Unix */
 #  include <syslog.h>
 #endif

--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -155,7 +155,7 @@ extern "C" {
 #define BN_BYTES	4
 #define BN_BITS2	32
 #define BN_BITS4	16
-#ifdef _MSC_VER
+#ifdef WIN32
 /* VC++ doesn't like the LL suffix */
 #define BN_MASK		(0xffffffffffffffffL)
 #else
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -190,10 +190,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,

 	/* First we normalise the numbers */
 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
+	BN_lshift(sdiv,divisor,norm_shift);
 	sdiv->neg=0;
 	norm_shift+=BN_BITS2;
-	if (!(BN_lshift(snum,num,norm_shift))) goto err;
+	BN_lshift(snum,num,norm_shift);
 	snum->neg=0;
 	div_n=sdiv->top;
 	num_n=snum->top;
@@ -315,7 +315,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 		tmp->top=j;

 		j=wnum.top;
-		if (!BN_sub(&wnum,&wnum,tmp)) goto err;
+		BN_sub(&wnum,&wnum,tmp);

 		snum->top=snum->top+wnum.top-j;

@@ -323,7 +323,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 			{
 			q--;
 			j=wnum.top;
-			if (!BN_add(&wnum,&wnum,sdiv)) goto err;
+			BN_add(&wnum,&wnum,sdiv);
 			snum->top+=wnum.top-j;
 			}
 		*(resp--)=q;
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -168,8 +168,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
 		R=in;
 	if (R == NULL) goto err;

-	if (!BN_zero(X)) goto err;
-	if (!BN_one(Y)) goto err;
+	BN_zero(X);
+	BN_one(Y);
 	if (BN_copy(A,a) == NULL) goto err;
 	if (BN_copy(B,n) == NULL) goto err;
 	sign=1;
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -224,7 +224,7 @@ int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,

 	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
 	if (!BN_add(t2,a,t1)) goto err;
-	if (!BN_rshift(ret,t2,mont->ri)) goto err;
+	BN_rshift(ret,t2,mont->ri);
 #endif /* MONT_WORD */

 	if (BN_ucmp(ret, &(mont->N)) >= 0)
@@ -284,8 +284,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 		BN_ULONG buf[2];

 		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-		if (!(BN_zero(R))) goto err;
-		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */
+		BN_zero(R);
+		BN_set_bit(R,BN_BITS2);			/* R */

 		buf[0]=mod->d[0]; /* tmod = N mod word size */
 		buf[1]=0;
@@ -296,44 +296,36 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 							/* Ri = R^-1 mod N*/
 		if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
 			goto err;
-		/* R*Ri */
-		if (!(BN_lshift(&Ri,&Ri,BN_BITS2))) goto err;
+		BN_lshift(&Ri,&Ri,BN_BITS2);		/* R*Ri */
 		if (!BN_is_zero(&Ri))
-			{
-		   	if (!BN_sub_word(&Ri,1)) goto err;
-			}
+			BN_sub_word(&Ri,1);
 		else /* if N mod word size == 1 */
-		   	/* Ri-- (mod word size) */
-			{
-			if (!BN_set_word(&Ri,BN_MASK2)) goto err;
-			}
-		/* Ni = (R*Ri-1)/N, keep only least significant word: */
-                if (!(BN_div(&Ri,NULL,&Ri,&tmod,ctx))) goto err;
+			BN_set_word(&Ri,BN_MASK2);  /* Ri-- (mod word size) */
+		BN_div(&Ri,NULL,&Ri,&tmod,ctx);	/* Ni = (R*Ri-1)/N,
+		                                 * keep only least significant word: */
 		mont->n0=Ri.d[0];
 		BN_free(&Ri);
 		}
 #else /* !MONT_WORD */
 		{ /* bignum version */
 		mont->ri=BN_num_bits(mod);
-		if (!(BN_zero(R))) goto err;
-		/* R = 2^ri */
-		if (!(BN_set_bit(R,mont->ri))) goto err;
+		BN_zero(R);
+		BN_set_bit(R,mont->ri);			/* R = 2^ri */
 							/* Ri = R^-1 mod N*/
 		if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL)
 			goto err;
-		/* R*Ri */
-		if (!(BN_lshift(&Ri,&Ri,mont->ri))) goto err;
-		if (!(BN_sub_word(&Ri,1))) goto err;
+		BN_lshift(&Ri,&Ri,mont->ri);		/* R*Ri */
+		BN_sub_word(&Ri,1);
 							/* Ni = (R*Ri-1) / N */
-		if (!(BN_div(&(mont->Ni),NULL,&Ri,mod,ctx))) goto err;
+		BN_div(&(mont->Ni),NULL,&Ri,mod,ctx);
 		BN_free(&Ri);
 		}
 #endif

 	/* setup RR for conversions */
-	if (!(BN_zero(&(mont->RR)))) goto err;
-	if (!(BN_set_bit(&(mont->RR),mont->ri*2))) goto err;
-	if (!(BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx))) goto err;
+	BN_zero(&(mont->RR));
+	BN_set_bit(&(mont->RR),mont->ri*2);
+	BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx);

 	return(1);
 err:
@@ -344,9 +336,9 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 	{
 	if (to == from) return(to);

-	if (!(BN_copy(&(to->RR),&(from->RR)))) return NULL;
-	if (!(BN_copy(&(to->N),&(from->N)))) return NULL;
-	if (!(BN_copy(&(to->Ni),&(from->Ni)))) return NULL;
+	BN_copy(&(to->RR),&(from->RR));
+	BN_copy(&(to->N),&(from->N));
+	BN_copy(&(to->Ni),&(from->Ni));
 	to->ri=from->ri;
 	to->n0=from->n0;
 	return(to);
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -634,7 +634,7 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)

 	if ((al == 0) || (bl == 0))
 		{
-		if (!BN_zero(r)) goto err;
+		BN_zero(r);
 		return(1);
 		}
 	top=al+bl;
@@ -677,14 +677,14 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 		{
 		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
 			{
-			if (bn_wexpand(b,al) == NULL) goto err;
+			bn_wexpand(b,al);
 			b->d[bl]=0;
 			bl++;
 			i--;
 			}
 		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
 			{
-			if (bn_wexpand(a,bl) == NULL) goto err;
+			bn_wexpand(a,bl);
 			a->d[al]=0;
 			al++;
 			i++;
@@ -699,16 +699,16 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 			t = BN_CTX_get(ctx);
 			if (al == j) /* exact multiple */
 				{
-				if (bn_wexpand(t,k*2) == NULL) goto err;
-				if (bn_wexpand(rr,k*2) == NULL) goto err;
+				bn_wexpand(t,k*2);
+				bn_wexpand(rr,k*2);
 				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
 				}
 			else
 				{
-				if (bn_wexpand(a,k) == NULL ) goto err;
-				if (bn_wexpand(b,k) == NULL ) goto err;
-				if (bn_wexpand(t,k*4) == NULL ) goto err;
-				if (bn_wexpand(rr,k*4) == NULL ) goto err;
+				bn_wexpand(a,k);
+				bn_wexpand(b,k);
+				bn_wexpand(t,k*4);
+				bn_wexpand(rr,k*4);
 				for (i=a->top; i<k; i++)
 					a->d[i]=0;
 				for (i=b->top; i<k; i++)
--- a/crypto/conf/Makefile.ssl
+++ b/crypto/conf/Makefile.ssl
@@ -93,14 +93,17 @@ conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-conf_def.o: ../cryptlib.h conf_def.h
+conf_def.o: conf_def.h
 conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
-conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
-conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
-conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-conf_err.o: ../../include/openssl/symhacks.h
+conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+conf_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
 conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 conf_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+conf_lib.o: ../../include/openssl/opensslconf.h
 conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -56,13 +56,14 @@
 * [including the GNU Public Licence.]
 */

-#ifndef HEADER_CONF_H
+#ifndef  HEADER_CONF_H
 #define HEADER_CONF_H

 #include <openssl/bio.h>
 #include <openssl/lhash.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
+#include <openssl/e_os.h>

 #ifdef  __cplusplus
 extern "C" {
@@ -85,14 +86,14 @@ typedef struct conf_method_st CONF_METHOD;
 struct conf_method_st
 	{
 	const char *name;
-	CONF *(*create)(CONF_METHOD *meth);
-	int (*init)(CONF *conf);
-	int (*destroy)(CONF *conf);
-	int (*destroy_data)(CONF *conf);
-	int (*load)(CONF *conf, BIO *bp, long *eline);
-	int (*dump)(CONF *conf, BIO *bp);
-	int (*is_number)(CONF *conf, char c);
-	int (*to_int)(CONF *conf, char c);
+	CONF *(MS_FAR *create)(CONF_METHOD *meth);
+	int (MS_FAR *init)(CONF *conf);
+	int (MS_FAR *destroy)(CONF *conf);
+	int (MS_FAR *destroy_data)(CONF *conf);
+	int (MS_FAR *load)(CONF *conf, BIO *bp, long *eline);
+	int (MS_FAR *dump)(CONF *conf, BIO *bp);
+	int (MS_FAR *is_number)(CONF *conf, char c);
+	int (MS_FAR *to_int)(CONF *conf, char c);
 	};

 int CONF_set_default_method(CONF_METHOD *meth);
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -67,7 +67,6 @@
 #include <string.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
-#include "openssl/e_os.h"

 static void value_free_hash(CONF_VALUE *a, LHASH *conf);
 static void value_free_stack(CONF_VALUE *a,LHASH *conf);
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -67,7 +67,6 @@
 #include "conf_def.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
-#include "cryptlib.h"

 static char *eat_ws(CONF *conf, char *p);
 static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -181,12 +180,12 @@ static int def_destroy_data(CONF *conf)
 static int def_load(CONF *conf, BIO *in, long *line)
 	{
 #define BUFSIZE	512
+	char btmp[16];
 	int bufnum=0,i,ii;
 	BUF_MEM *buff=NULL;
 	char *s,*p,*end;
 	int again,n;
 	long eline=0;
-	char btmp[DECIMAL_SIZE(eline)+1];
 	CONF_VALUE *v=NULL,*tv;
 	CONF_VALUE *sv=NULL;
 	char *section=NULL,*buf;
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -71,7 +71,6 @@
 #define CONF_COMMENT		128
 #define CONF_FCOMMENT		2048
 #define CONF_EOF		8
-#define CONF_HIGHBIT		4096
 #define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
 #define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
 #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
@@ -79,102 +78,68 @@

 #define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
 #ifndef CHARSET_EBCDIC
-#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_FCOMMENT)
+#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_EOF)
+#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_ESC)
+#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_NUMBER)
+#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC)
 #define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+				(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_DQUOTE)

 #else /*CHARSET_EBCDIC*/

-#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
-#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_FCOMMENT)
+#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_EOF)
+#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ESC)
+#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_NUMBER)
+#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
 #define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+				(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_DQUOTE)
 #endif /*CHARSET_EBCDIC*/

-static unsigned short CONF_type_default[256]={
-	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
-	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040,
-	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
-	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
-	0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200,
-	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100,
-	0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+static unsigned short CONF_type_default[128]={
+	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x010,0x200,0x040,0x080,0x000,0x200,0x200,0x040,
+	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+	0x001,0x001,0x000,0x200,0x000,0x000,0x000,0x200,
+	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x002,0x002,0x002,0x000,0x020,0x000,0x200,0x100,
+	0x040,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
 	};

-static unsigned short CONF_type_win32[256]={
-	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
-	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000,
-	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
-	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
-	0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200,
-	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100,
-	0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+static unsigned short CONF_type_win32[128]={
+	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+	0x010,0x200,0x400,0x000,0x000,0x200,0x200,0x000,
+	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+	0x001,0x001,0x000,0xA00,0x000,0x000,0x000,0x200,
+	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+	0x002,0x002,0x002,0x000,0x000,0x000,0x200,0x100,
+	0x000,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
 	};

--- a/crypto/conf/keysets.pl
+++ b/crypto/conf/keysets.pl
@@ -12,9 +12,8 @@ $DQUOTE=0x400;
 $COMMENT=0x80;
 $FCOMMENT=0x800;
 $EOF=0x08;
-$HIGHBIT=0x1000;

-foreach (0 .. 255)
+foreach (0 .. 127)
 	{
 	$v=0;
 	$c=sprintf("%c",$_);
@@ -28,12 +27,11 @@ foreach (0 .. 255)
 	$v|=$QUOTE	if ($c =~ /['`"]/); # for emacs: "`'}/)
 	$v|=$COMMENT	if ($c =~ /\#/);
 	$v|=$EOF	if ($c =~ /\0/);
-	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);

 	push(@V_def,$v);
 	}

-foreach (0 .. 255)
+foreach (0 .. 127)
 	{
 	$v=0;
 	$c=sprintf("%c",$_);
@@ -46,7 +44,6 @@ foreach (0 .. 255)
 	$v|=$DQUOTE	if ($c =~ /["]/); # for emacs: "}/)
 	$v|=$FCOMMENT	if ($c =~ /;/);
 	$v|=$EOF	if ($c =~ /\0/);
-	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);

 	push(@V_w32,$v);
 	}
@@ -125,7 +122,6 @@ print <<"EOF";
 #define CONF_COMMENT		$COMMENT
 #define CONF_FCOMMENT		$FCOMMENT
 #define CONF_EOF		$EOF
-#define CONF_HIGHBIT		$HIGHBIT
 #define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
 #define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
 #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
@@ -133,53 +129,51 @@ print <<"EOF";

 #define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
 #ifndef CHARSET_EBCDIC
-#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_FCOMMENT)
+#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_EOF)
+#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_ESC)
+#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_NUMBER)
+#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC)
 #define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
-				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+				(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_DQUOTE)

 #else /*CHARSET_EBCDIC*/

-#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
-#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_FCOMMENT)
+#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_EOF)
+#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ESC)
+#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_NUMBER)
+#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
 #define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
-				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+				(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_DQUOTE)
 #endif /*CHARSET_EBCDIC*/

 EOF

-print "static unsigned short CONF_type_default[256]={";
+print "static unsigned short CONF_type_default[128]={";

-for ($i=0; $i<256; $i++)
+for ($i=0; $i<128; $i++)
 	{
 	print "\n\t" if ($i % 8) == 0;
-	printf "0x%04X,",$V_def[$i];
+	printf "0x%03X,",$V_def[$i];
 	}

 print "\n\t};\n\n";

-print "static unsigned short CONF_type_win32[256]={";
+print "static unsigned short CONF_type_win32[128]={";

-for ($i=0; $i<256; $i++)
+for ($i=0; $i<128; $i++)
 	{
 	print "\n\t" if ($i % 8) == 0;
-	printf "0x%04X,",$V_w32[$i];
+	printf "0x%03X,",$V_w32[$i];
 	}

 print "\n\t};\n\n";
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -491,11 +491,3 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
 #endif

 #endif
-
-void OpenSSLDie(const char *file,int line,const char *assertion)
-    {
-    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
-	    file,line,assertion);
-    abort();
-    }
-
--- a/crypto/cryptlib.h
+++ b/crypto/cryptlib.h
@@ -89,14 +89,6 @@ extern "C" {
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"

-/* size of string represenations */
-#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
-#define HEX_SIZE(type)         ((sizeof(type)*2)
-
-/* die if we have to */
-void OpenSSLDie(const char *file,int line,const char *assertion);
-#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
-
 #ifdef  __cplusplus
 }
 #endif
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -208,7 +208,7 @@ $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
 	"dso_openssl,dso_win32,dso_vms"
 $ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
 	"hw_atalla,hw_cswift,hw_ncipher,hw_aep,hw_sureware,"+ -
-	"hw_ubsec,hw_keyclient"
+	"hw_ubsec"
 $ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
 	"bss_mem,bss_null,bss_fd,"+ -
@@ -626,7 +626,6 @@ $   WRITE SYS$OUTPUT "	",APPLICATION,".exe"
 $!
 $! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
 $!
-$   ON ERROR THEN GOTO NEXT_APPLICATION
 $   IF (RSAREF.EQS."TRUE")
 $   THEN
 $!
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -189,7 +189,7 @@ int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched,
 		  des_cblock *iv);
 char *des_fcrypt(const char *buf,const char *salt, char *ret);
 char *des_crypt(const char *buf,const char *salt);
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_UWIN)
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
 char *crypt(const char *buf,const char *salt);
 #endif
 void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
--- a/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
@@ -61,7 +61,7 @@ static unsigned const char cov_2char[64]={
 void fcrypt_body(DES_LONG *out,des_key_schedule ks,
 	DES_LONG Eswap0, DES_LONG Eswap1);

-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_DARWIN)
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
 char *crypt(const char *buf, const char *salt)
 	{
 	return(des_crypt(buf, salt));
--- a/crypto/des/read_pwd.c
+++ b/crypto/des/read_pwd.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */

-#if !defined(MSDOS) && !defined(VMS) && !defined(WIN32) && !defined(VXWORKS)
+#if !defined(MSDOS) && !defined(VMS) && !defined(WIN32)
 #include <openssl/opensslconf.h>
 #ifdef OPENSSL_UNISTD
 # include OPENSSL_UNISTD
@@ -133,12 +133,6 @@
 #define SGTTY
 #endif

-#if defined(VXWORKS)
-#undef TERMIOS
-#undef TERMIO
-#undef SGTTY
-#endif
-
 #ifdef TERMIOS
 #include <termios.h>
 #define TTY_STRUCT		struct termios
@@ -246,7 +240,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 	long status;
 	unsigned short channel = 0;
 #else
-#if !defined(MSDOS) && !defined(VXWORKS)
+#ifndef MSDOS
 	TTY_STRUCT tty_orig,tty_new;
 #endif
 #endif
@@ -274,7 +268,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,
 #ifdef MSDOS
 	if ((tty=fopen("con","r")) == NULL)
 		tty=stdin;
-#elif defined(MAC_OS_pre_X) || defined(VXWORKS)
+#elif defined(MAC_OS_pre_X)
 	tty=stdin;
 #else
 #ifndef MPE
@@ -372,7 +366,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,

 error:
 	fprintf(stderr,"\n");
-#if 0
+#ifdef DEBUG
 	perror("fgets(tty)");
 #endif
 	/* What can we do if there is an error? */
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -204,7 +204,6 @@ void ERR_load_DH_strings(void);
 #define DH_F_DH_NEW					 105

 /* Reason codes. */
-#define DH_R_BAD_GENERATOR				 101
 #define DH_R_NO_PRIVATE_VALUE				 100

 #ifdef  __cplusplus
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -1,6 +1,6 @@
 /* crypto/dh/dh_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -77,7 +77,6 @@ static ERR_STRING_DATA DH_str_functs[]=

 static ERR_STRING_DATA DH_str_reasons[]=
 	{
-{DH_R_BAD_GENERATOR                      ,"bad generator"},
 {DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
 {0,NULL}
 	};
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -82,10 +82,7 @@
 * Since DH should be using a safe prime (both p and q are prime),
 * this generator function can take a very very long time to run.
 */
-/* Actually there is no reason to insist that 'generator' be a generator.
- * It's just as OK (and in some sense better) to use a generator of the
- * order-q subgroup.
- */
+
 DH *DH_generate_parameters(int prime_len, int generator,
 	     void (*callback)(int,int,void *), void *cb_arg)
 	{
@@ -103,43 +100,30 @@ DH *DH_generate_parameters(int prime_len, int generator,
 	t2 = BN_CTX_get(ctx);
 	if (t1 == NULL || t2 == NULL) goto err;
 	
-	if (generator <= 1)
-		{
-		DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
-		goto err;
-		}
 	if (generator == DH_GENERATOR_2)
 		{
-		if (!BN_set_word(t1,24)) goto err;
-		if (!BN_set_word(t2,11)) goto err;
+		BN_set_word(t1,24);
+		BN_set_word(t2,11);
 		g=2;
 		}
-#if 0 /* does not work for safe primes */
+#ifdef undef  /* does not work for safe primes */
 	else if (generator == DH_GENERATOR_3)
 		{
-		if (!BN_set_word(t1,12)) goto err;
-		if (!BN_set_word(t2,5)) goto err;
+		BN_set_word(t1,12);
+		BN_set_word(t2,5);
 		g=3;
 		}
 #endif
 	else if (generator == DH_GENERATOR_5)
 		{
-		if (!BN_set_word(t1,10)) goto err;
-		if (!BN_set_word(t2,3)) goto err;
+		BN_set_word(t1,10);
+		BN_set_word(t2,3);
 		/* BN_set_word(t3,7); just have to miss
 		 * out on these ones :-( */
 		g=5;
 		}
 	else
-		{
-		/* in the general case, don't worry if 'generator' is a
-		 * generator or not: since we are using safe primes,
-		 * it will generate either an order-q or an order-2q group,
-		 * which both is OK */
-		if (!BN_set_word(t1,2)) goto err;
-		if (!BN_set_word(t2,1)) goto err;
 		g=generator;
-		}
 	
 	p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
 	if (p == NULL) goto err;
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -66,7 +66,6 @@
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
-#include <openssl/err.h>

 #ifdef NO_DH
 int main(int argc, char *argv[])
@@ -113,16 +112,6 @@ int main(int argc, char *argv[])
 	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
 	if (a == NULL) goto err;

-	if (!DH_check(a, &i)) goto err;
-	if (i & DH_CHECK_P_NOT_PRIME)
-		BIO_puts(out, "p value is not prime\n");
-	if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-		BIO_puts(out, "p value is not a safe prime\n");
-	if (i & DH_UNABLE_TO_CHECK_GENERATOR)
-		BIO_puts(out, "unable to check the generator value\n");
-	if (i & DH_NOT_SUITABLE_GENERATOR)
-		BIO_puts(out, "the g value is not a generator\n");
-
 	BIO_puts(out,"\np    =");
 	BN_print(out,a->p);
 	BIO_puts(out,"\ng    =");
@@ -181,8 +170,6 @@ int main(int argc, char *argv[])
 	else
 		ret=0;
 err:
-	ERR_print_errors_fp(stderr);
-
 	if (abuf != NULL) OPENSSL_free(abuf);
 	if (bbuf != NULL) OPENSSL_free(bbuf);
 	if(b != NULL) DH_free(b);
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -84,7 +84,6 @@ DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length)
 	if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL)
 		goto err_bn;
 	M_ASN1_BIT_STRING_free(bs);
-	bs = NULL;
 	M_ASN1_D2I_Finish_2(a);

 err_bn:
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -112,7 +112,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 * as we don't have autoconf yet, I'm implementing a hack that could
 * be hacked further relatively easily to deal with cases as we find
 * them. Initially this is to cope with OpenBSD. */
-#if defined(__OpenBSD__) || defined(__NetBSD__)
+#ifdef __OpenBSD__
 #	ifdef DL_LAZY
 #		define DLOPEN_FLAG DL_LAZY
 #	else
--- a/crypto/ebcdic.c
+++ b/crypto/ebcdic.c
@@ -211,7 +211,7 @@ ascii2ebcdic(void *dest, const void *srce, size_t count)
 }

 #else /*CHARSET_EBCDIC*/
-#if defined(PEDANTIC) || defined(VMS) || defined(__VMS) || defined(_DARWIN)
+#if defined(PEDANTIC) || defined(VMS) || defined(__VMS)
 static void *dummy=&dummy;
 #endif
 #endif
--- a/crypto/engine/Makefile.ssl
+++ b/crypto/engine/Makefile.ssl
@@ -164,20 +164,19 @@ hw_aep.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 hw_aep.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 hw_aep.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
-hw_aep.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-hw_aep.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-hw_aep.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-hw_aep.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-hw_aep.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-hw_aep.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-hw_aep.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-hw_aep.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
-hw_aep.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-hw_aep.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-hw_aep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-hw_aep.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-hw_aep.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
-hw_aep.o: vendor_defns/aep.h
+hw_aep.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_aep.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_aep.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_aep.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_aep.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_aep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_aep.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hw_aep.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_aep.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_aep.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_aep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_aep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_aep.o: ../cryptlib.h engine_int.h vendor_defns/aep.h
 hw_atalla.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hw_atalla.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -414,15 +414,12 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_R_BN_CTX_FULL				 101
 #define ENGINE_R_BN_EXPAND_FAIL				 102
 #define ENGINE_R_CHIL_ERROR				 123
-#define ENGINE_R_CLOSE_HANDLES_FAILED			 140
 #define ENGINE_R_CONFLICTING_ENGINE_ID			 103
-#define ENGINE_R_CONNECTIONS_IN_USE			 141
 #define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED		 119
 #define ENGINE_R_DSO_FAILURE				 104
 #define ENGINE_R_ENGINE_IS_NOT_IN_LIST			 105
 #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY		 128
 #define ENGINE_R_FAILED_LOADING_PUBLIC_KEY		 129
-#define ENGINE_R_FINALIZE_FAILED			 142
 #define ENGINE_R_FINISH_FAILED				 106
 #define ENGINE_R_GET_HANDLE_FAILED			 107
 #define ENGINE_R_GET_RANDOM_FAILED			 133
--- a/crypto/engine/engine_err.c
+++ b/crypto/engine/engine_err.c
@@ -188,15 +188,12 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
 {ENGINE_R_BN_CTX_FULL                    ,"BN_CTX full"},
 {ENGINE_R_BN_EXPAND_FAIL                 ,"bn_expand fail"},
 {ENGINE_R_CHIL_ERROR                     ,"chil error"},
-{ENGINE_R_CLOSE_HANDLES_FAILED           ,"close handles failed"},
 {ENGINE_R_CONFLICTING_ENGINE_ID          ,"conflicting engine id"},
-{ENGINE_R_CONNECTIONS_IN_USE             ,"connections in use"},
 {ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
 {ENGINE_R_DSO_FAILURE                    ,"DSO failure"},
 {ENGINE_R_ENGINE_IS_NOT_IN_LIST          ,"engine is not in the list"},
 {ENGINE_R_FAILED_LOADING_PRIVATE_KEY     ,"failed loading private key"},
 {ENGINE_R_FAILED_LOADING_PUBLIC_KEY      ,"failed loading public key"},
-{ENGINE_R_FINALIZE_FAILED                ,"finalize failed"},
 {ENGINE_R_FINISH_FAILED                  ,"finish failed"},
 {ENGINE_R_GET_HANDLE_FAILED              ,"could not obtain hardware handle"},
 {ENGINE_R_GET_RANDOM_FAILED              ,"get random failed"},
--- a/crypto/engine/enginetest.c
+++ b/crypto/engine/enginetest.c
@@ -58,7 +58,6 @@

 #include <stdio.h>
 #include <string.h>
-#include <openssl/buffer.h>
 #include <openssl/engine.h>
 #include <openssl/err.h>

@@ -196,9 +195,9 @@ int main(int argc, char *argv[])
 	for(loop = 0; loop < 512; loop++)
 		{
 		sprintf(buf, "id%i", loop);
-		id = BUF_strdup(buf);
+		id = strdup(buf);
 		sprintf(buf, "Fake engine type %i", loop);
-		name = BUF_strdup(buf);
+		name = strdup(buf);
 		if(((block[loop] = ENGINE_new()) == NULL) ||
 				!ENGINE_set_id(block[loop], id) ||
 				!ENGINE_set_name(block[loop], name))
--- a/crypto/engine/hw_aep.c
+++ b/crypto/engine/hw_aep.c
@@ -58,14 +58,7 @@
 #include <stdio.h>
 #include <openssl/bn.h>
 #include <string.h>
-
-#include <openssl/e_os.h>
-#ifndef MSDOS
 #include <unistd.h>
-#else
-#include <process.h>
-typedef int pid_t;
-#endif

 #include <openssl/crypto.h>
 #include "cryptlib.h"
@@ -81,33 +74,23 @@ typedef int pid_t;
 #include "vendor_defns/aep.h"
 #endif

+
 static int aep_init(void);
 static int aep_finish(void);
-
-static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
-static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
-static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
-static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
+static int aep_get_connection(unsigned int *hConnection);
+static int aep_return_connection(unsigned int hConnection);

 /* BIGNUM stuff */
 static int aep_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		       const BIGNUM *m, BN_CTX *ctx);
-static AEP_RV aep_mod_exp_crt(BIGNUM *r, BIGNUM *a,
-			      const BIGNUM *p, const BIGNUM *q,
-			      const BIGNUM *dmp1, const BIGNUM *dmq1,
-			      const BIGNUM *iqmp, BN_CTX *ctx);

 /* RSA stuff */
-#ifndef NO_RSA
 static int aep_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
-#endif
-
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int aep_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 			    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

 /* DSA stuff */
-#ifndef NO_DSA
 static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
 			   BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
 			   BN_CTX *ctx, BN_MONT_CTX *in_mont);
@@ -115,30 +98,15 @@ static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
 static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
 			   const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
 			   BN_MONT_CTX *m_ctx);
-#endif

 /* DH stuff */
-#ifndef NO_DH
 /* This function is aliased to mod_exp (with the DH and mont dropped). */
 static int aep_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-	
-#ifdef AEPRAND
+		
 /* rand stuff   */
 static int aep_rand(unsigned char *buf, int num);
-static int aep_rand_status(void);
-#endif

-/* Bignum conversion stuff */
-static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize);
-static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
-			    unsigned char* AEP_BigNum);
-static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
-			       unsigned char* AEP_BigNum);
-
-
-#ifndef NO_RSA
 /* Our internal RSA_METHOD that we provide pointers to */
 static RSA_METHOD aep_rsa =
 {
@@ -156,9 +124,7 @@ static RSA_METHOD aep_rsa =
  NULL,                /*rsa_sign*/
  NULL                 /*rsa_verify*/
 };
-#endif

-#ifndef NO_DSA
 /* Our internal DSA_METHOD that we provide pointers to */
 static DSA_METHOD aep_dsa =
 {
@@ -173,9 +139,7 @@ static DSA_METHOD aep_dsa =
  0,                   /* flags */
  NULL                 /* app_data */
 };
-#endif

-#ifndef NO_DH
 /* Our internal DH_METHOD that we provide pointers to */
 static DH_METHOD aep_dh =
 {
@@ -188,9 +152,6 @@ static DH_METHOD aep_dh =
  0,
  NULL
 };
-#endif
-
-#ifdef AEPRAND
 /* our internal RAND_method that we provide pointers to  */
 static RAND_METHOD aep_random =
 {
@@ -200,10 +161,9 @@ static RAND_METHOD aep_random =
  NULL,
  NULL,
  aep_rand,
-  aep_rand_status,
+  NULL,
 };
-#endif
-
+	
 /* Our ENGINE structure. */
 static ENGINE engine_aep =
 {
@@ -212,11 +172,7 @@ static ENGINE engine_aep =
  &aep_rsa,
  &aep_dsa,
  &aep_dh,
-#ifdef AEPRAND
  &aep_random,
-#else
-  NULL,
-#endif
  aep_mod_exp,
  NULL,
  aep_init,
@@ -235,27 +191,20 @@ static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
 /*Used to determine if this is a new process*/
 static pid_t    recorded_pid = 0;

-#ifdef AEPRAND
+static int rnd_reference;
+
 static AEP_U8   rand_block[RAND_BLK_SIZE];
 static AEP_U32  rand_block_bytes = 0;
-#endif

-static int max_key_len = 2176;


 /* As this is only ever called once, there's no need for locking
 * (indeed - the lock will already be held by our caller!!!) */
 ENGINE *ENGINE_aep()
 {
-#ifndef NO_RSA
  RSA_METHOD  *meth1;
-#endif
-#ifndef NO_DSA
  DSA_METHOD  *meth2;
-#endif
-#ifndef NO_DH
  DH_METHOD   *meth3;
-#endif

  /* We know that the "PKCS1_SSLeay()" functions hook properly
   * to the aep-specific mod_exp and mod_exp_crt so we use
@@ -264,18 +213,15 @@ ENGINE *ENGINE_aep()
   * code may not hook properly, and if you own one of these
   * cards then you have the right to do RSA operations on it
   * anyway! */
-#ifndef NO_RSA
  meth1 = RSA_PKCS1_SSLeay();
  aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
  aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
  aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
  aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif


  /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
   * bits. */
-#ifndef NO_DSA
  meth2 = DSA_OpenSSL();
  aep_dsa.dsa_do_sign    = meth2->dsa_do_sign;
  aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
@@ -284,15 +230,12 @@ ENGINE *ENGINE_aep()
  aep_dsa = *DSA_get_default_openssl_method(); 
  aep_dsa.dsa_mod_exp = aep_dsa_mod_exp; 
  aep_dsa.bn_mod_exp = aep_mod_exp_dsa;      
-#endif

  /* Much the same for Diffie-Hellman */
-#ifndef NO_DH
  meth3 = DH_OpenSSL();
  aep_dh.generate_key = meth3->generate_key;
  aep_dh.compute_key  = meth3->compute_key;
  aep_dh.bn_mod_exp   = meth3->bn_mod_exp;
-#endif

  return &engine_aep;
 }
@@ -304,48 +247,28 @@ ENGINE *ENGINE_aep()
 * implicitly. */
 static DSO *aep_dso = NULL;

-/* These are the static string constants for the DSO file name and the function
- * symbol names to bind to. 
-*/
-static const char *AEP_LIBNAME = "aep";
-
-static const char *AEP_F1    = "AEP_ModExp";
-static const char *AEP_F2    = "AEP_ModExpCrt";
-#ifdef AEPRAND
-static const char *AEP_F3    = "AEP_GenRandom";
-#endif
-static const char *AEP_F4    = "AEP_Finalize";
-static const char *AEP_F5    = "AEP_Initialize";
-static const char *AEP_F6    = "AEP_OpenConnection";
-static const char *AEP_F7    = "AEP_SetBNCallBacks";
-static const char *AEP_F8    = "AEP_CloseConnection";
-
 /* These are the function pointers that are (un)set when the library has
 * successfully (un)loaded. */
 static t_AEP_OpenConnection    *p_AEP_OpenConnection  = NULL;
-static t_AEP_CloseConnection   *p_AEP_CloseConnection = NULL;
 static t_AEP_ModExp            *p_AEP_ModExp          = NULL;
 static t_AEP_ModExpCrt         *p_AEP_ModExpCrt       = NULL;
-#ifdef AEPRAND
 static t_AEP_GenRandom         *p_AEP_GenRandom       = NULL;
-#endif
 static t_AEP_Initialize        *p_AEP_Initialize      = NULL;
 static t_AEP_Finalize          *p_AEP_Finalize        = NULL;
 static t_AEP_SetBNCallBacks    *p_AEP_SetBNCallBacks  = NULL;

 /* (de)initialisation functions. */
-static int aep_init(void)
+static int aep_init()
 {
  t_AEP_ModExp          *p1;
  t_AEP_ModExpCrt       *p2;
-#ifdef AEPRAND
  t_AEP_GenRandom       *p3;
-#endif
  t_AEP_Finalize        *p4;
  t_AEP_Initialize      *p5;
  t_AEP_OpenConnection  *p6;
  t_AEP_SetBNCallBacks  *p7;
-  t_AEP_CloseConnection *p8;
+
+  unsigned int hConnection,rv;

  int to_return = 0;
 
@@ -368,14 +291,11 @@ static int aep_init(void)

  if(!(p1 = (t_AEP_ModExp *)         DSO_bind_func( aep_dso,AEP_F1))  ||
     !(p2 = (t_AEP_ModExpCrt*)       DSO_bind_func( aep_dso,AEP_F2))  ||
-#ifdef AEPRAND
     !(p3 = (t_AEP_GenRandom*)       DSO_bind_func( aep_dso,AEP_F3))  ||
-#endif
     !(p4 = (t_AEP_Finalize*)        DSO_bind_func( aep_dso,AEP_F4))  ||
     !(p5 = (t_AEP_Initialize*)      DSO_bind_func( aep_dso,AEP_F5))  ||
     !(p6 = (t_AEP_OpenConnection*)  DSO_bind_func( aep_dso,AEP_F6))  ||
-     !(p7 = (t_AEP_SetBNCallBacks*)  DSO_bind_func( aep_dso,AEP_F7))  ||
-     !(p8 = (t_AEP_CloseConnection*) DSO_bind_func( aep_dso,AEP_F8)))
+     !(p7 = (t_AEP_SetBNCallBacks*)  DSO_bind_func( aep_dso,AEP_F7)))
    {
     
      ENGINEerr(ENGINE_F_AEP_INIT,ENGINE_R_DSO_FAILURE);
@@ -386,14 +306,26 @@ static int aep_init(void)
  
  p_AEP_ModExp           = p1;
  p_AEP_ModExpCrt        = p2;
-#ifdef AEPRAND
  p_AEP_GenRandom        = p3;
-#endif
  p_AEP_Finalize         = p4;
  p_AEP_Initialize       = p5;
  p_AEP_OpenConnection   = p6;
  p_AEP_SetBNCallBacks   = p7;
-  p_AEP_CloseConnection  = p8;
+
+
+  /* Perform a basic test to see if there's actually any unit
+   * running. */
+	
+  CRYPTO_add(&rnd_reference, 1, CRYPTO_LOCK_DYNLOCK); 
+  
+  rv = aep_get_connection(&hConnection);
+     
+  if (rv != AEP_R_OK)     
+       goto err;
+   
+  /* Everything's fine. */
+ 
+  rv = aep_return_connection(hConnection);
 
  to_return = 1;
 
@@ -407,49 +339,24 @@ static int aep_init(void)
  p_AEP_OpenConnection    = NULL;
  p_AEP_ModExp            = NULL;
  p_AEP_ModExpCrt         = NULL;
-#ifdef AEPRAND
  p_AEP_GenRandom         = NULL;
-#endif
  p_AEP_Initialize        = NULL;
  p_AEP_Finalize          = NULL;
  p_AEP_SetBNCallBacks    = NULL;
-  p_AEP_CloseConnection   = NULL;

  return to_return;
 
 }

-static int aep_finish(void)
+static int aep_finish()
 {
-  int to_return = 0, in_use;
-  AEP_RV rv;
+  int to_return = 0;

  if(aep_dso == NULL)
    {
      ENGINEerr(ENGINE_F_AEP_FINISH,ENGINE_R_NOT_LOADED);
      goto err;
    }
-
-  rv = aep_close_all_connections(0, &in_use);
-  if (rv != AEP_R_OK)
-    {
-      ENGINEerr(ENGINE_F_AEP_FINISH,ENGINE_R_CLOSE_HANDLES_FAILED);
-      goto err;
-    }
-  if (in_use)
-    {
-      ENGINEerr(ENGINE_F_AEP_FINISH,ENGINE_R_CONNECTIONS_IN_USE);
-      goto err;
-    }
-
-  rv = p_AEP_Finalize();
-  if (rv != AEP_R_OK)
-    {
-      ENGINEerr(ENGINE_F_AEP_FINISH,ENGINE_R_FINALIZE_FAILED);
-      goto err;
-    }
-
-
  if(!DSO_free(aep_dso))
    {
      ENGINEerr(ENGINE_F_AEP_FINISH,ENGINE_R_DSO_FAILURE);
@@ -457,17 +364,16 @@ static int aep_finish(void)
    }

  aep_dso = NULL;
-  p_AEP_CloseConnection   = NULL;
  p_AEP_OpenConnection    = NULL;
  p_AEP_ModExp            = NULL;
  p_AEP_ModExpCrt         = NULL;
-#ifdef AEPRAND
  p_AEP_GenRandom         = NULL;
-#endif
  p_AEP_Initialize        = NULL;
  p_AEP_Finalize          = NULL;
  p_AEP_SetBNCallBacks    = NULL;

+  CRYPTO_add(&rnd_reference, -1, CRYPTO_LOCK_DYNLOCK);    
+
  to_return = 1;
 err:
  return to_return;
@@ -477,31 +383,14 @@ static int aep_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		       const BIGNUM *m, BN_CTX *ctx)
 {
  int to_return = 0;
-  int r_len = 0;
-  AEP_CONNECTION_HNDL hConnection;
-  AEP_RV rv;

-  r_len = BN_num_bits(m);
-
-  /* Perform in software if modulus is too large for hardware. */
-
-  if (r_len > max_key_len)
-    {
-      ENGINE *e;
-      e = ENGINE_openssl();
-      to_return = e->bn_mod_exp(r, a, p, m, ctx);
-      goto err;
-    }
+  unsigned int hConnection, rv;

  /*Grab a connection from the pool*/
  rv = aep_get_connection(&hConnection);
  if (rv != AEP_R_OK)
-    {
-      ENGINE *e;
+    {     
      ENGINEerr(ENGINE_F_AEP_MOD_EXP,ENGINE_R_GET_HANDLE_FAILED);
-
-      e = ENGINE_openssl();
-      to_return = e->bn_mod_exp(r, a, p, m, ctx);
      goto err;
    }

@@ -510,15 +399,8 @@ static int aep_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
                            
  if (rv !=  AEP_R_OK)
    {
-      ENGINE *e;
-
-      aep_close_connection(hConnection);
-
      ENGINEerr(ENGINE_F_AEP_MOD_EXP,ENGINE_R_MOD_EXP_FAILED);
-
-      e = ENGINE_openssl();
-      to_return = e->bn_mod_exp(r, a, p, m, ctx);
-
+      rv = aep_return_connection(hConnection);
      goto err;
    }

@@ -527,46 +409,25 @@ static int aep_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
  if (rv != AEP_R_OK)
  {
    ENGINEerr(ENGINE_F_AEP_RAND,ENGINE_R_RETURN_CONNECTION_FAILED); 
-    goto err;
+	goto err;
  }

  to_return = 1;
 err:
  return to_return;
 }
-
-static AEP_RV aep_mod_exp_crt(BIGNUM *r, BIGNUM *a,
-			      const BIGNUM *p, const BIGNUM *q ,
-			      const BIGNUM *dmp1,const BIGNUM *dmq1,
-			      const BIGNUM *iqmp, BN_CTX *ctx)
+	
+static int aep_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *q ,
+			   const BIGNUM *dmp1,const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)
 {
  AEP_RV rv = AEP_R_OK;
-  AEP_CONNECTION_HNDL hConnection;
-
-  /* Perform in software if modulus is too large for hardware. */
- 
-  if (BN_num_bits(p) > max_key_len || BN_num_bits(q) > max_key_len){
-    ENGINE *e;
-    e = ENGINE_openssl();
-    rv = e->bn_mod_exp_crt(r, a, p, q, dmp1, dmq1, iqmp, ctx);
-    goto err;
-  }
+  unsigned int hConnection;

  /*Grab a connection from the pool*/
  rv = aep_get_connection(&hConnection);
  if (rv != AEP_R_OK)
    {
-      ENGINE *e;
- 
      ENGINEerr(ENGINE_F_AEP_MOD_EXP_CRT,ENGINE_R_GET_HANDLE_FAILED);
- 	  
-      e = ENGINE_openssl();
- 
-      if (e->bn_mod_exp_crt(r, a, p, q, dmp1, dmq1, iqmp, ctx) > 0)
-	rv = AEP_R_OK;
-      else
-	rv = AEP_R_GENERAL_ERROR;
-  
      goto err;
    }

@@ -574,22 +435,11 @@ static AEP_RV aep_mod_exp_crt(BIGNUM *r, BIGNUM *a,
  rv = p_AEP_ModExpCrt(hConnection,(void*)a, (void*)p, (void*)q, (void*)dmp1,(void*)dmq1,
 		       (void*)iqmp,(void*)r,NULL);
  if (rv != AEP_R_OK)
-    {
-      ENGINE *e;
- 
-      aep_close_connection(hConnection);
- 	  
+  {
      ENGINEerr(ENGINE_F_AEP_MOD_EXP_CRT,ENGINE_R_MOD_EXP_CRT_FAILED);
- 
-      e = ENGINE_openssl();
- 
-      if (e->bn_mod_exp_crt(r, a, p, q, dmp1, dmq1, iqmp, ctx) > 0)
-	rv = AEP_R_OK;
-      else
-	rv = AEP_R_GENERAL_ERROR;
- 
+      rv = aep_return_connection(hConnection);
      goto err;
-    }
+  }

  /*Return the connection to the pool*/
  rv = aep_return_connection(hConnection);
@@ -602,60 +452,60 @@ static AEP_RV aep_mod_exp_crt(BIGNUM *r, BIGNUM *a,
 err:
  return rv;
 }
+	

-#ifdef AEPRAND
 static int aep_rand(unsigned char *buf,int len )
 {
  AEP_RV rv = AEP_R_OK;
-  AEP_CONNECTION_HNDL hConnection;
+  unsigned int hConnection;

-  CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+  int to_return = 0;
+
+  
+  CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);

  /*Can the request be serviced with what's already in the buffer?*/
  if (len <= rand_block_bytes)
    {
      memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
      rand_block_bytes -= len;
-      CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
    }
  else
  /*If not the get another block of random bytes*/
    {
-      CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
      rv = aep_get_connection(&hConnection);
      if (rv !=  AEP_R_OK)
 	  { 
          ENGINEerr(ENGINE_F_AEP_RAND,ENGINE_R_GET_HANDLE_FAILED);             
-	  goto err_nounlock;
+          CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+	  goto err;
 	  }

      if (len > RAND_BLK_SIZE)
 	  {
-	    rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
-	    if (rv !=  AEP_R_OK)
+		rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
+		if (rv !=  AEP_R_OK)
 	    {  
              ENGINEerr(ENGINE_F_AEP_RAND,ENGINE_R_GET_RANDOM_FAILED); 
-	      goto err_nounlock;
+	      CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+	      goto err;
 	    }
 	  }
      else
 	  {
-	    CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
-	    rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL);
-	    if (rv !=  AEP_R_OK)
+		rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL);
+		if (rv !=  AEP_R_OK)
 	    {       
              ENGINEerr(ENGINE_F_AEP_RAND,ENGINE_R_GET_RANDOM_FAILED); 
 	      
+              CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
 	      goto err;
 	    }

-	    rand_block_bytes = RAND_BLK_SIZE;
-	    memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
-	    rand_block_bytes -= len;
+		rand_block_bytes = RAND_BLK_SIZE;

-	    CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+		memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+		rand_block_bytes -= len;
 	  }

      rv = aep_return_connection(hConnection);
@@ -663,33 +513,26 @@ static int aep_rand(unsigned char *buf,int len )
 	  {
          ENGINEerr(ENGINE_F_AEP_RAND,ENGINE_R_RETURN_CONNECTION_FAILED); 
 	  
-	  goto err_nounlock;
+          CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+	  goto err;
 	  }
    }
  
-  return 1;
+     CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+  to_return = 1;
 err:
-  CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- err_nounlock:
-  return 0;
+  return to_return;
 }
 	
-static int aep_rand_status(void)
-{
-	return 1;
-}
-#endif

-#ifndef NO_RSA
 static int aep_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
 {
  BN_CTX *ctx = NULL;
+ 
  int to_return = 0;
+ 
  AEP_RV rv = AEP_R_OK;

-  if ((ctx = BN_CTX_new()) == NULL)
-    goto err;
-
  if (!aep_dso)
    {
      ENGINEerr(ENGINE_F_AEP_RSA_MOD_EXP,ENGINE_R_NOT_LOADED);
@@ -701,7 +544,7 @@ static int aep_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
    {
      rv =  aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);
      if (rv != AEP_R_OK)
-	goto err;
+       goto err;
    }
  else
    {
@@ -724,9 +567,8 @@ static int aep_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
    BN_CTX_free(ctx);
  return to_return;
 }
-#endif
 		
-#ifndef NO_DSA
+
 static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
 			   BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
 			   BN_CTX *ctx, BN_MONT_CTX *in_mont)
@@ -755,7 +597,6 @@ static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
  return aep_mod_exp(r, a, p, m, ctx); 
 
 }
-#endif

 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int aep_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
@@ -765,16 +606,15 @@ static int aep_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,

 }

-#ifndef NO_DH
 /* This function is aliased to mod_exp (with the dh and mont dropped). */
 static int aep_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 {
    return aep_mod_exp(r, a, p, m, ctx);
-}
-#endif

-static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
+}
+
+static int aep_get_connection(unsigned int *hConnection)
 {
  int count;
  AEP_RV rv = AEP_R_OK;
@@ -790,7 +630,6 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
    process*/
  if (recorded_pid != curr_pid)
    {
-      /*Remember our pid so we can check if we're in a new process*/
      recorded_pid = curr_pid;

      /*Call Finalize to make sure we have not inherited some data from a parent
@@ -804,7 +643,8 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
 	{
 	  ENGINEerr(ENGINE_F_AEP_INIT,ENGINE_R_AEP_INIT_FAILURE);
 	  recorded_pid = 0;
-	  goto end;
+	  CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);	 
+	  return rv;
 	}

      /*Set the AEP big num call back functions*/
@@ -813,15 +653,14 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
      if (rv != AEP_R_OK)
 	{
 	 
-	  ENGINEerr(ENGINE_F_AEP_INIT,ENGINE_R_SETBNCALLBACK_FAILURE);
-	  recorded_pid = 0;
-	  goto end;
+        ENGINEerr(ENGINE_F_AEP_INIT,ENGINE_R_SETBNCALLBACK_FAILURE);
+		recorded_pid = 0;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		return rv;
 	}

-#ifdef AEPRAND
      /*Reset the rand byte count*/
      rand_block_bytes = 0;
-#endif

      /*Init the structures*/
      for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
@@ -831,18 +670,22 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
 	}

      /*Open a connection*/
-      rv = p_AEP_OpenConnection(phConnection);
+      rv = p_AEP_OpenConnection(hConnection);

      if (rv != AEP_R_OK)
 	{
          ENGINEerr(ENGINE_F_AEP_INIT,ENGINE_R_UNIT_FAILURE);
-	  recorded_pid = 0;
-	  goto end;
+		  recorded_pid = 0;
+          CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	  return rv;
 	}

      aep_app_conn_table[0].conn_state = InUse;
-      aep_app_conn_table[0].conn_hndl = *phConnection;
-      goto end;
+
+      aep_app_conn_table[0].conn_hndl = *hConnection;
+      CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+     
+      return (rv);
    }
  /*Check the existing connections to see if we can find a free one*/
  for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
@@ -851,8 +694,9 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
      if (aep_app_conn_table[count].conn_state == Connected)
 	{
 	  aep_app_conn_table[count].conn_state = InUse;
-	  *phConnection = aep_app_conn_table[count].conn_hndl;
-	  goto end;
+	  *hConnection = aep_app_conn_table[count].conn_hndl;
+          CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); 
+	  return rv;
 	}
    }
  /*If no connections available, we're going to have to try to open a new one*/
@@ -861,37 +705,38 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
        if (aep_app_conn_table[count].conn_state == NotConnected)
 	{
 	  /*Open a connection*/
-	  rv = p_AEP_OpenConnection(phConnection);
+	  rv = p_AEP_OpenConnection(hConnection);

 	  if (rv != AEP_R_OK)
 	    {	      
               ENGINEerr(ENGINE_F_AEP_INIT,ENGINE_R_UNIT_FAILURE);
-	       goto end;
+               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	       return rv;
 	    }

 	  aep_app_conn_table[count].conn_state = InUse;

-	  aep_app_conn_table[count].conn_hndl = *phConnection;
-	  goto end;
+	  aep_app_conn_table[count].conn_hndl = *hConnection;
+          CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	   return rv;
 	}
    }
-
-  rv = AEP_R_GENERAL_ERROR;
- end:
+  
  CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-  return rv;
+  return AEP_R_GENERAL_ERROR;
 }


-static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
+static int aep_return_connection(unsigned int hConnection)
 {
  int count;

-  CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+   CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);

  /*Find the connection item that matches this connection handle*/
  for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
    {
+     
      if (aep_app_conn_table[count].conn_hndl == hConnection)
 	{
 	  aep_app_conn_table[count].conn_state = Connected;
@@ -899,71 +744,15 @@ static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
 	}
    }

-  CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+   CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);

  return AEP_R_OK;
 }

-static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
-{
-  int count;
-  AEP_RV rv = AEP_R_OK;
-
-  CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-
-  /*Find the connection item that matches this connection handle*/
-  for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
-    {
-      if (aep_app_conn_table[count].conn_hndl == hConnection)
-	{
-	  rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
-	  if (rv != AEP_R_OK)
-	    goto end;
-	  aep_app_conn_table[count].conn_state = NotConnected;
-	  aep_app_conn_table[count].conn_hndl  = 0;
-	  break;
-	}
-    }
-
- end:
-  CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-  return AEP_R_OK;
-}
-
-static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
-{
-  int count;
-  AEP_RV rv = AEP_R_OK;
-
-  *in_use = 0;
-  if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-  for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
-    {
-      switch (aep_app_conn_table[count].conn_state)
-	{
-	case Connected:
-	  rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
-	  if (rv != AEP_R_OK)
-	    goto end;
-	  aep_app_conn_table[count].conn_state = NotConnected;
-	  aep_app_conn_table[count].conn_hndl  = 0;
-	  break;
-	case InUse:
-	  (*in_use)++;
-	  break;
-	case NotConnected:
-	  break;
-	}
-    }
- end:
-  if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-  return AEP_R_OK;
-}
-
 /*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums.
-  Note only 32bit Openssl build support*/
+Note only 32bit Openssl build support*/

-static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)
+AEP_RV GetBigNumSize(void* ArbBigNum, AEP_U32* BigNumSize)
 {
  BIGNUM* bn;

@@ -973,16 +762,14 @@ static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)
 #ifdef SIXTY_FOUR_BIT_LONG
  *BigNumSize = bn->top << 3;
 #else
-  /*Size of the bignum in bytes is equal to the bn->top (no of 32 bit
-    words) multiplies by 4*/
+  /*Size of the bignum in bytes is equal to the bn->top (no of 32 bit words) multiplies by 4*/
  *BigNumSize = bn->top << 2;
 #endif

  return AEP_R_OK;
 }

-static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
-			    unsigned char* AEP_BigNum)
+AEP_RV MakeAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum)
 {
  BIGNUM* bn;

@@ -1003,8 +790,7 @@ static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
    {
      buf = (unsigned char*)&bn->d[i];

-      *((AEP_U32*)AEP_BigNum) = (AEP_U32)
-	((unsigned) buf[1] << 8 | buf[0]) |
+      *((AEP_U32*)AEP_BigNum) = (AEP_U32) ((unsigned) buf[1] << 8 | buf[0]) |
 	((unsigned) buf[3] << 8 | buf[2])  << 16;

      AEP_BigNum += 4;
@@ -1015,8 +801,7 @@ static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
 }

 /*Turn an AEP Big Num back to a user big num*/
-static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
-			       unsigned char* AEP_BigNum)
+AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum)
 {
  BIGNUM* bn;
 #ifndef SIXTY_FOUR_BIT_LONG
@@ -1042,8 +827,7 @@ static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
 
  for(i=0;i<bn->top;i++)
    {
-      bn->d[i] = (AEP_U32)
-	((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
+      bn->d[i] = (AEP_U32) ((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
 	((unsigned) AEP_BigNum[1] << 8 | AEP_BigNum[0]);
      AEP_BigNum += 4;
    }
--- a/crypto/engine/hw_ncipher.c
+++ b/crypto/engine/hw_ncipher.c
@@ -359,7 +359,7 @@ static int get_context(HWCryptoHook_ContextHandle *hac)
 	HWCryptoHook_ErrMsgBuf rmsg;

 	rmsg.buf = tempbuf;
-	rmsg.size = sizeof(tempbuf);
+	rmsg.size = 1024;

        *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
 		NULL);
@@ -576,12 +576,8 @@ static EVP_PKEY *hwcrhk_load_privkey(const char *key_id,
 	EVP_PKEY *res = NULL;
 	HWCryptoHook_MPI e, n;
 	HWCryptoHook_RSAKeyHandle *hptr;
- 	char tempbuf[1024];
 	HWCryptoHook_ErrMsgBuf rmsg;

- 	rmsg.buf = tempbuf;
- 	rmsg.size = sizeof(tempbuf);
-
 	if(!hwcrhk_context)
 		{
 		ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,
@@ -669,12 +665,9 @@ static EVP_PKEY *hwcrhk_load_pubkey(const char *key_id, const char *passphrase)
 			res->pkey.rsa = RSA_new();
 			res->pkey.rsa->n = rsa->n;
 			res->pkey.rsa->e = rsa->e;
- 			rsa->n = NULL;
- 			rsa->e = NULL;
 			CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
 			RSA_free(rsa);
 			}
-			break;
 		default:
 			ENGINEerr(ENGINE_F_HWCRHK_LOAD_PUBKEY,
 				ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
@@ -702,7 +695,7 @@ static int hwcrhk_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 
 	to_return = 0; /* expect failure */
 	rmsg.buf = tempbuf;
-	rmsg.size = sizeof(tempbuf);
+	rmsg.size = 1024;

 	if(!hwcrhk_context)
 		{
@@ -752,9 +745,6 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
 	HWCryptoHook_RSAKeyHandle *hptr;
 	int to_return = 0, ret;

-	rmsg.buf = tempbuf;
-	rmsg.size = sizeof(tempbuf);
-
 	if(!hwcrhk_context)
 		{
 		ENGINEerr(ENGINE_F_HWCRHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
@@ -776,6 +766,9 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
 			goto err;
 			}

+		rmsg.buf = tempbuf;
+		rmsg.size = 1024;
+
 		/* Prepare the params */
 		bn_expand2(r, rsa->n->top); /* Check for error !! */
 		BN2MPI(m_a, I);
@@ -816,6 +809,9 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, BIGNUM *I, RSA *rsa)
 			goto err;
 			}

+		rmsg.buf = tempbuf;
+		rmsg.size = 1024;
+
 		/* Prepare the params */
 		bn_expand2(r, rsa->n->top); /* Check for error !! */
 		BN2MPI(m_a, I);
@@ -880,7 +876,7 @@ static int hwcrhk_rand_bytes(unsigned char *buf, int num)
 	int ret;

 	rmsg.buf = tempbuf;
-	rmsg.size = sizeof(tempbuf);
+	rmsg.size = 1024;

 	if(!hwcrhk_context)
 		{
@@ -926,7 +922,7 @@ static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 	int ret;

 	rmsg.buf = tempbuf;
-	rmsg.size = sizeof(tempbuf);
+	rmsg.size = 1024;

 	hptr = (HWCryptoHook_RSAKeyHandle *) item;
 	if(!hptr) return;
@@ -1005,13 +1001,13 @@ static int hwcrhk_get_pass(const char *prompt_info,
 	return 0;
 	}

-static void hwcrhk_log_message(void *_logstream, const char *message)
+static void hwcrhk_log_message(void *logstream, const char *message)
 	{
 	BIO *lstream = NULL;

 	CRYPTO_w_lock(CRYPTO_LOCK_BIO);
-	if (_logstream)
-		lstream=*(BIO **)_logstream;
+	if (logstream)
+		lstream=*(BIO **)logstream;
 	if (lstream)
 		{
 		BIO_write(lstream, message, strlen(message));
--- a/crypto/engine/hw_sureware.c
+++ b/crypto/engine/hw_sureware.c
@@ -92,10 +92,8 @@ static EVP_PKEY *surewarehk_load_pubkey(const char *key_id,
 	const char *passphrase);
 static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 	int index,long argl, void *argp);
-#if 0
 static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 	int index,long argl, void *argp);
-#endif

 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int surewarehk_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
@@ -572,9 +570,7 @@ static EVP_PKEY* sureware_load_public(const char *key_id,char *hptr,unsigned lon
 		if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))|| 
 			!rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
 			goto err;
-		ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
-						 (unsigned long *)rsatmp->n->d,
-						 (unsigned long *)rsatmp->e->d);
+		ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,rsatmp->n->d, rsatmp->e->d);
 		surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
 		if (ret!=1)
 		{
@@ -612,10 +608,10 @@ static EVP_PKEY* sureware_load_public(const char *key_id,char *hptr,unsigned lon
 			goto err;

 		ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
-						 (unsigned long *)dsatmp->pub_key->d, 
-						 (unsigned long *)dsatmp->p->d,
-						 (unsigned long *)dsatmp->q->d,
-						 (unsigned long *)dsatmp->g->d);
+										dsatmp->pub_key->d, 
+										dsatmp->p->d,
+										dsatmp->q->d,
+										dsatmp->g->d);
 		surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
 		if (ret!=1)
 		{
@@ -719,8 +715,6 @@ static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 	else
 		p_surewarehk_Free((char *)item,0);
 }
-
-#if 0
 /* This cleans up an DH KM key (destroys the key into hardware), 
 called when ex_data is freed */
 static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
@@ -733,8 +727,6 @@ static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
 	else
 		p_surewarehk_Free((char *)item,1);
 }
-#endif
-
 /*
 * return number of decrypted bytes
 */
@@ -868,10 +860,7 @@ static	DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA
 		if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
 			!psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
 			goto err;
-		ret=p_surewarehk_Dsa_Sign(msg,flen,from,
-					  (unsigned long *)psign->r->d,
-					  (unsigned long *)psign->s->d,
-					  hptr);
+		ret=p_surewarehk_Dsa_Sign(msg,flen,from,psign->r->d,psign->s->d,hptr);
 		surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_DSA_DO_SIGN,ret);
 	}
 	psign->r->top=20/sizeof(BN_ULONG);
@@ -902,14 +891,8 @@ static int surewarehk_modexp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		if (r && r->dmax==m->top)
 		{
 			/* do it*/
-			ret=p_surewarehk_Mod_Exp(msg,
-						 m->top*sizeof(BN_ULONG),
-						 (unsigned long *)m->d,
-						 p->top*sizeof(BN_ULONG),
-						 (unsigned long *)p->d,
-						 a->top*sizeof(BN_ULONG),
-						 (unsigned long *)a->d,
-						 (unsigned long *)r->d);
+			ret=p_surewarehk_Mod_Exp(msg,m->top*sizeof(BN_ULONG),m->d,p->top*sizeof(BN_ULONG),
+									p->d,a->top*sizeof(BN_ULONG),a->d,r->d);
 			surewarehk_error_handling(msg,ENGINE_F_SUREWAREHK_MOD_EXP,ret);
 			if (ret==1)
 			{
--- a/crypto/engine/vendor_defns/aep.h
+++ b/crypto/engine/vendor_defns/aep.h
@@ -128,7 +128,7 @@ typedef AEP_TRANSACTION_ID 		*AEP_TRANSACTION_ID_PTR;
 /*Return value type*/
 typedef AEP_U32					AEP_RV;

-#define MAX_PROCESS_CONNECTIONS 256
+#define MAX_PROCESS_CONNECTIONS 5

 #define RAND_BLK_SIZE 1024

@@ -145,33 +145,47 @@ typedef struct AEP_CONNECTION_ENTRY{
 } AEP_CONNECTION_ENTRY;


-typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
-typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
+AEP_RV GetBigNumSize(void* ArbBigNum, AEP_U32* BigNumSize);
+AEP_RV MakeAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum);
+AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum);

-typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
-			    AEP_VOID_PTR pA, AEP_VOID_PTR pP,
-			    AEP_VOID_PTR pN,
-			    AEP_VOID_PTR pResult,
-			    AEP_TRANSACTION_ID* pidTransID);

-typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
-			       AEP_VOID_PTR pA, AEP_VOID_PTR pP,
-			       AEP_VOID_PTR pQ,
-			       AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
-			       AEP_VOID_PTR pIqmp,
-			       AEP_VOID_PTR pResult,
-			       AEP_TRANSACTION_ID* pidTransID);

-#ifdef AEPRAND
-typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
-			       AEP_U32 Len,
-			       AEP_U32 Type,
-			       AEP_VOID_PTR pResult,
-			       AEP_TRANSACTION_ID* pidTransID);
-#endif
+typedef unsigned int t_AEP_OpenConnection(unsigned int *phConnection);

-typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
-typedef AEP_RV t_AEP_Finalize();
-typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)(),
-				    AEP_RV (*MakeAEPBigNumFunc)(),
-				    AEP_RV (*ConverAEPBigNumFunc)());
+typedef unsigned int t_AEP_ModExp(unsigned int hConnection, void *a, void *p,
+                                  void *n, void *r,AEP_U64 *tranid);
+
+typedef unsigned int t_AEP_ModExpCrt(unsigned int hConnection,void *a, void *p,
+                                  void *q, void *dmp1, void *dmq1,void *iqmp,
+						  void *r,AEP_U64 *tranid);
+
+typedef unsigned int t_AEP_GenRandom(AEP_CONNECTION_HNDL             hConnection,
+                AEP_U32                                 Len,
+                AEP_U32                                 Type,
+                AEP_VOID_PTR                    pResult,
+                AEP_TRANSACTION_ID*             pidTransID
+        );
+
+
+
+typedef unsigned int t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
+typedef unsigned int t_AEP_Finalize();
+typedef unsigned int t_AEP_SetBNCallBacks(
+                AEP_RV (*GetBigNumSizeFunc)(),
+                AEP_RV (*MakeAEPBigNumFunc)(),
+                AEP_RV (*ConverAEPBigNumFunc)()
+        );
+
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. 
+*/
+static const char *AEP_LIBNAME = "aep";
+
+static const char *AEP_F1    = "AEP_ModExp";
+static const char *AEP_F2    = "AEP_ModExpCrt";
+static const char *AEP_F3    = "AEP_GenRandom";
+static const char *AEP_F4    = "AEP_Finalize";
+static const char *AEP_F5    = "AEP_Initialize";
+static const char *AEP_F6    = "AEP_OpenConnection";
+static const char *AEP_F7    = "AEP_SetBNCallBacks";
--- a/crypto/err/Makefile.ssl
+++ b/crypto/err/Makefile.ssl
@@ -92,21 +92,22 @@ err_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
 err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
-err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-err_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-err_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-err_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-err_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+err_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem2.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+err_all.o: ../../include/openssl/x509v3.h
 err_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 err_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -106,8 +106,8 @@ static int enc_new(BIO *bi)
 	BIO_ENC_CTX *ctx;

 	ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
-	if (ctx == NULL) return(0);
 	EVP_CIPHER_CTX_init(&ctx->cipher);
+	if (ctx == NULL) return(0);

 	ctx->buf_len=0;
 	ctx->buf_off=0;
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -64,10 +64,6 @@

 void OpenSSL_add_all_ciphers(void)
 	{
-	static int done=0;
-
-	if (done) return;
-	done=1;
 #ifndef NO_DES
 	EVP_add_cipher(EVP_des_cfb());
 	EVP_add_cipher(EVP_des_ede_cfb());
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -64,10 +64,6 @@

 void OpenSSL_add_all_digests(void)
 	{
-	static int done=0;
-
-	if (done) return;
-	done=1;
 #ifndef NO_MD2
 	EVP_add_digest(EVP_md2());
 #endif
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -277,13 +277,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 			eof++;
 			}

-		if (v == B64_CR)
-			{
-			ln = 0;
-			if (exp_nl)
-				continue;
-			}
-
 		/* eoln */
 		if (v == B64_EOLN)
 			{
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -228,7 +228,7 @@ typedef struct evp_pkey_md_st
 			EVP_rsa_octet_string(),EVP_mdc2())
 #define EVP_dsa_sha() \
 		EVP_PKEY_MD_add(NID_dsaWithSHA,\
-			EVP_dsa(),EVP_sha())
+			EVP_dsa(),EVP_mdc2())
 #define EVP_dsa_sha1() \
 		EVP_PKEY_MD_add(NID_dsaWithSHA1,\
 			EVP_dsa(),EVP_sha1())
@@ -499,7 +499,7 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_CIPHER_key_length(e)	((e)->key_len)
 #define EVP_CIPHER_iv_length(e)		((e)->iv_len)
 #define EVP_CIPHER_flags(e)		((e)->flags)
-#define EVP_CIPHER_mode(e)		(((e)->flags) & EVP_CIPH_MODE)
+#define EVP_CIPHER_mode(e)		((e)->flags) & EVP_CIPH_MODE)

 #define EVP_CIPHER_CTX_cipher(e)	((e)->cipher)
 #define EVP_CIPHER_CTX_nid(e)		((e)->cipher->nid)
--- a/crypto/lhash/lh_test.c
+++ b/crypto/lhash/lh_test.c
@@ -75,6 +75,7 @@ main()
 		buf[0]='\0';
 		fgets(buf,256,stdin);
 		if (buf[0] == '\0') break;
+		buf[256]='\0';
 		i=strlen(buf);
 		p=OPENSSL_malloc(i+1);
 		memcpy(p,buf,i+1);
--- a/crypto/md2/Makefile.ssl
+++ b/crypto/md2/Makefile.ssl
@@ -2,7 +2,7 @@
 # SSLeay/crypto/md/Makefile
 #

-DIR=	md2
+DIR=	md
 TOP=	../..
 CC=	cc
 INCLUDES=
--- a/crypto/objects/Makefile.ssl
+++ b/crypto/objects/Makefile.ssl
@@ -14,7 +14,6 @@ MAKE=		make -f Makefile.ssl
 MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
-PERL=		perl

 CFLAGS= $(INCLUDES) $(CFLAG)

@@ -45,11 +44,11 @@ lib:	$(LIBOBJ)
 	@touch lib

 obj_dat.h: obj_dat.pl obj_mac.h
-	$(PERL) obj_dat.pl obj_mac.h obj_dat.h
+	perl obj_dat.pl obj_mac.h obj_dat.h

 # objects.pl both reads and writes obj_mac.num
 obj_mac.h: objects.pl objects.txt obj_mac.num
-	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+	perl objects.pl objects.txt obj_mac.num obj_mac.h

 files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -61,8 +61,6 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
 		{
 		MemCheck_off();
 		name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
-		MemCheck_on();
-		if (!name_funcs) return(0);
 		name_funcs->hash_func = lh_strhash;
 		name_funcs->cmp_func = (int (*)())strcmp;
 		name_funcs->free_func = 0; /* NULL is often declared to
@@ -70,7 +68,6 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
 					    * to Compaq C is not really
 					    * compatible with a function
 					    * pointer.  -- Richard Levitte*/
-		MemCheck_off();
 		sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
 		MemCheck_on();
 		}
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -228,7 +228,7 @@ int OBJ_add_object(ASN1_OBJECT *obj)
 	if (added == NULL)
 		if (!init_added()) return(0);
 	if ((o=OBJ_dup(obj)) == NULL) goto err;
-	if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err;
+	ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
 	if ((o->length != 0) && (obj->data != NULL))
 		ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
 	if (o->sn != NULL)
@@ -428,7 +428,7 @@ int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
 	unsigned long l;
 	unsigned char *p;
 	const char *s;
-	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
+	char tbuf[32];

 	if (buf_len <= 0) return(0);

@@ -437,7 +437,8 @@ int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
 		return(0);
 	}

-	if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
+	nid=OBJ_obj2nid(a);
+	if ((nid == NID_undef) || no_name) {
 		len=a->length;
 		p=a->data;

@@ -644,8 +645,6 @@ int OBJ_create(char *oid, char *sn, char *ln)
 		return(0);
 		}
 	i=a2d_ASN1_OBJECT(buf,i,oid,-1);
-	if (i == 0)
-		goto err;
 	op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln);
 	if (op == NULL) 
 		goto err;
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -63,11 +63,11 @@
 */

 #define NUM_NID 404
-#define NUM_SN 402
-#define NUM_LN 402
-#define NUM_OBJ 376
+#define NUM_SN 403
+#define NUM_LN 403
+#define NUM_OBJ 377

-static unsigned char lvalues[2951]={
+static unsigned char lvalues[2949]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -391,59 +391,60 @@ static unsigned char lvalues[2951]={
 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2583] OBJ_id_on_personalData */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2591] OBJ_id_pda_dateOfBirth */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2599] OBJ_id_pda_placeOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2607] OBJ_id_pda_gender */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2615] OBJ_id_pda_countryOfCitizenship */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2623] OBJ_id_pda_countryOfResidence */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2631] OBJ_id_aca_authenticationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2639] OBJ_id_aca_accessIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2647] OBJ_id_aca_chargingIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2655] OBJ_id_aca_group */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2663] OBJ_id_aca_role */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2679] OBJ_id_cct_crs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2687] OBJ_id_cct_PKIData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2695] OBJ_id_cct_PKIResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2703] OBJ_ad_timeStamping */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2711] OBJ_ad_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */
-0x2B,0x0E,0x03,0x02,                         /* [2818] OBJ_algorithm */
-0x2B,0x0E,0x03,0x02,0x0B,                    /* [2822] OBJ_rsaSignature */
-0x55,0x08,                                   /* [2827] OBJ_X500algorithms */
-0x2B,                                        /* [2829] OBJ_org */
-0x2B,0x06,                                   /* [2830] OBJ_dod */
-0x2B,0x06,0x01,                              /* [2832] OBJ_iana */
-0x2B,0x06,0x01,0x01,                         /* [2835] OBJ_Directory */
-0x2B,0x06,0x01,0x02,                         /* [2839] OBJ_Management */
-0x2B,0x06,0x01,0x03,                         /* [2843] OBJ_Experimental */
-0x2B,0x06,0x01,0x04,                         /* [2847] OBJ_Private */
-0x2B,0x06,0x01,0x05,                         /* [2851] OBJ_Security */
-0x2B,0x06,0x01,0x06,                         /* [2855] OBJ_SNMPv2 */
-0x2B,0x06,0x01,0x07,                         /* [2859] OBJ_Mail */
-0x2B,0x06,0x01,0x04,0x01,                    /* [2863] OBJ_Enterprises */
-0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */
-0x50,                                        /* [2897] OBJ_joint_iso_ccitt */
-0x55,0x01,0x05,                              /* [2898] OBJ_selected_attribute_types */
-0x55,0x01,0x05,0x37,                         /* [2901] OBJ_clearance */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2905] OBJ_md4WithRSAEncryption */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2914] OBJ_ac_proxying */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2922] OBJ_sinfo_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2930] OBJ_id_aca_encAttrs */
-0x55,0x04,0x48,                              /* [2938] OBJ_role */
-0x55,0x1D,0x24,                              /* [2941] OBJ_policy_constraints */
-0x55,0x1D,0x37,                              /* [2944] OBJ_target_information */
-0x55,0x1D,0x38,                              /* [2947] OBJ_no_rev_avail */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2607] OBJ_id_pda_pseudonym */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2615] OBJ_id_pda_gender */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2623] OBJ_id_pda_countryOfCitizenship */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x06,     /* [2631] OBJ_id_pda_countryOfResidence */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2639] OBJ_id_aca_authenticationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2647] OBJ_id_aca_accessIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2655] OBJ_id_aca_chargingIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2663] OBJ_id_aca_group */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2671] OBJ_id_aca_role */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2679] OBJ_id_qcs_pkixQCSyntax_v1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2687] OBJ_id_cct_crs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2695] OBJ_id_cct_PKIData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2703] OBJ_id_cct_PKIResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2711] OBJ_ad_timeStamping */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2719] OBJ_ad_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2727] OBJ_id_pkix_OCSP_basic */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2736] OBJ_id_pkix_OCSP_Nonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2745] OBJ_id_pkix_OCSP_CrlID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2754] OBJ_id_pkix_OCSP_acceptableResponses */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2763] OBJ_id_pkix_OCSP_noCheck */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2772] OBJ_id_pkix_OCSP_archiveCutoff */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2781] OBJ_id_pkix_OCSP_serviceLocator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2790] OBJ_id_pkix_OCSP_extendedStatus */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2799] OBJ_id_pkix_OCSP_valid */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2808] OBJ_id_pkix_OCSP_path */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2817] OBJ_id_pkix_OCSP_trustRoot */
+0x2B,0x0E,0x03,0x02,                         /* [2826] OBJ_algorithm */
+0x2B,0x0E,0x03,0x02,0x0B,                    /* [2830] OBJ_rsaSignature */
+0x55,0x08,                                   /* [2835] OBJ_X500algorithms */
+0x2B,                                        /* [2837] OBJ_org */
+0x2B,0x06,                                   /* [2838] OBJ_dod */
+0x2B,0x06,0x01,                              /* [2840] OBJ_iana */
+0x2B,0x06,0x01,0x01,                         /* [2843] OBJ_Directory */
+0x2B,0x06,0x01,0x02,                         /* [2847] OBJ_Management */
+0x2B,0x06,0x01,0x03,                         /* [2851] OBJ_Experimental */
+0x2B,0x06,0x01,0x04,                         /* [2855] OBJ_Private */
+0x2B,0x06,0x01,0x05,                         /* [2859] OBJ_Security */
+0x2B,0x06,0x01,0x06,                         /* [2863] OBJ_SNMPv2 */
+0x2B,0x06,0x01,0x07,                         /* [2867] OBJ_Mail */
+0x01,                                        /* [2871] OBJ_Enterprises */
+0xBA,0x82,0x58,                              /* [2872] OBJ_dcObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2875] OBJ_domainComponent */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2885] OBJ_Domain */
+0x50,                                        /* [2895] OBJ_joint_iso_ccitt */
+0x55,0x01,0x05,                              /* [2896] OBJ_selected_attribute_types */
+0x55,0x01,0x05,0x37,                         /* [2899] OBJ_clearance */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2903] OBJ_md4WithRSAEncryption */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2912] OBJ_ac_proxying */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2920] OBJ_sinfo_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2928] OBJ_id_aca_encAttrs */
+0x55,0x04,0x48,                              /* [2936] OBJ_role */
+0x55,0x1D,0x24,                              /* [2939] OBJ_policy_constraints */
+0x55,0x1D,0x37,                              /* [2942] OBJ_target_information */
+0x55,0x1D,0x38,                              /* [2945] OBJ_no_rev_avail */
 };

 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -997,84 +998,85 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 	&(lvalues[2591]),0},
 {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
 	8,&(lvalues[2599]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0},
+{"id-pda-pseudonym","id-pda-pseudonym",NID_id_pda_pseudonym,8,
+	&(lvalues[2607]),0},
+{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2615]),0},
 {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
-	NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0},
+	NID_id_pda_countryOfCitizenship,8,&(lvalues[2623]),0},
 {"id-pda-countryOfResidence","id-pda-countryOfResidence",
-	NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0},
+	NID_id_pda_countryOfResidence,8,&(lvalues[2631]),0},
 {"id-aca-authenticationInfo","id-aca-authenticationInfo",
-	NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0},
+	NID_id_aca_authenticationInfo,8,&(lvalues[2639]),0},
 {"id-aca-accessIdentity","id-aca-accessIdentity",
-	NID_id_aca_accessIdentity,8,&(lvalues[2639]),0},
+	NID_id_aca_accessIdentity,8,&(lvalues[2647]),0},
 {"id-aca-chargingIdentity","id-aca-chargingIdentity",
-	NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0},
-{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0},
-{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0},
+	NID_id_aca_chargingIdentity,8,&(lvalues[2655]),0},
+{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2663]),0},
+{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2671]),0},
 {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
-	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0},
-{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0},
+	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2679]),0},
+{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2687]),0},
 {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
-	&(lvalues[2687]),0},
-{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
 	&(lvalues[2695]),0},
-{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
+{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
 	&(lvalues[2703]),0},
-{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0},
+{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
+	&(lvalues[2711]),0},
+{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2719]),0},
 {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
-	&(lvalues[2719]),0},
-{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0},
-{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0},
+	&(lvalues[2727]),0},
+{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2736]),0},
+{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2745]),0},
 {"acceptableResponses","Acceptable OCSP Responses",
-	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0},
-{"noCheck","noCheck",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0},
+	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2754]),0},
+{"noCheck","noCheck",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2763]),0},
 {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
-	9,&(lvalues[2764]),0},
+	9,&(lvalues[2772]),0},
 {"serviceLocator","OCSP Service Locator",
-	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0},
+	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2781]),0},
 {"extendedStatus","Extended OCSP Status",
-	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0},
-{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0},
-{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0},
+	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2790]),0},
+{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2799]),0},
+{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2808]),0},
 {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
-	&(lvalues[2809]),0},
-{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0},
-{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0},
+	&(lvalues[2817]),0},
+{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2826]),0},
+{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2830]),0},
 {"X500algorithms","directory services - algorithms",
-	NID_X500algorithms,2,&(lvalues[2827]),0},
-{"ORG","org",NID_org,1,&(lvalues[2829]),0},
-{"DOD","dod",NID_dod,2,&(lvalues[2830]),0},
-{"IANA","iana",NID_iana,3,&(lvalues[2832]),0},
-{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0},
-{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0},
-{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0},
-{"private","Private",NID_Private,4,&(lvalues[2847]),0},
-{"security","Security",NID_Security,4,&(lvalues[2851]),0},
-{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0},
-{"mail","Mail",NID_Mail,4,&(lvalues[2859]),0},
-{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0},
-{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0},
-{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0},
-{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0},
+	NID_X500algorithms,2,&(lvalues[2835]),0},
+{"ORG","org",NID_org,1,&(lvalues[2837]),0},
+{"DOD","dod",NID_dod,2,&(lvalues[2838]),0},
+{"IANA","iana",NID_iana,3,&(lvalues[2840]),0},
+{"directory","Directory",NID_Directory,4,&(lvalues[2843]),0},
+{"mgmt","Management",NID_Management,4,&(lvalues[2847]),0},
+{"experimental","Experimental",NID_Experimental,4,&(lvalues[2851]),0},
+{"private","Private",NID_Private,4,&(lvalues[2855]),0},
+{"security","Security",NID_Security,4,&(lvalues[2859]),0},
+{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2863]),0},
+{"mail","Mail",NID_Mail,4,&(lvalues[2867]),0},
+{"enterprises","Enterprises",NID_Enterprises,1,&(lvalues[2871]),0},
+{"dcobject","dcObject",NID_dcObject,3,&(lvalues[2872]),0},
+{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2875]),0},
+{"domain","Domain",NID_Domain,10,&(lvalues[2885]),0},
 {"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1,
-	&(lvalues[2897]),0},
+	&(lvalues[2895]),0},
 {"selected-attribute-types","Selected Attribute Types",
-	NID_selected_attribute_types,3,&(lvalues[2898]),0},
-{"clearance","clearance",NID_clearance,4,&(lvalues[2901]),0},
+	NID_selected_attribute_types,3,&(lvalues[2896]),0},
+{"clearance","clearance",NID_clearance,4,&(lvalues[2899]),0},
 {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
-	&(lvalues[2905]),0},
-{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2914]),0},
+	&(lvalues[2903]),0},
+{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2912]),0},
 {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
-	&(lvalues[2922]),0},
+	&(lvalues[2920]),0},
 {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
-	&(lvalues[2930]),0},
-{"role","role",NID_role,3,&(lvalues[2938]),0},
+	&(lvalues[2928]),0},
+{"role","role",NID_role,3,&(lvalues[2936]),0},
 {"policyConstraints","X509v3 Policy Constraints",
-	NID_policy_constraints,3,&(lvalues[2941]),0},
+	NID_policy_constraints,3,&(lvalues[2939]),0},
 {"targetInformation","X509v3 AC Targeting",NID_target_information,3,
-	&(lvalues[2944]),0},
+	&(lvalues[2942]),0},
 {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
-	&(lvalues[2947]),0},
+	&(lvalues[2945]),0},
 };

 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -1309,6 +1311,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[348]),/* "id-pda-dateOfBirth" */
 &(nid_objs[351]),/* "id-pda-gender" */
 &(nid_objs[349]),/* "id-pda-placeOfBirth" */
+&(nid_objs[350]),/* "id-pda-pseudonym" */
 &(nid_objs[175]),/* "id-pe" */
 &(nid_objs[261]),/* "id-pkip" */
 &(nid_objs[258]),/* "id-pkix-mod" */
@@ -1700,6 +1703,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[348]),/* "id-pda-dateOfBirth" */
 &(nid_objs[351]),/* "id-pda-gender" */
 &(nid_objs[349]),/* "id-pda-placeOfBirth" */
+&(nid_objs[350]),/* "id-pda-pseudonym" */
 &(nid_objs[175]),/* "id-pe" */
 &(nid_objs[261]),/* "id-pkip" */
 &(nid_objs[258]),/* "id-pkix-mod" */
@@ -1889,6 +1893,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={

 static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 0]),/* OBJ_undef                        0 */
+&(nid_objs[389]),/* OBJ_Enterprises                   1 */
 &(nid_objs[181]),/* OBJ_iso                          1 */
 &(nid_objs[182]),/* OBJ_member_body                  1 2 */
 &(nid_objs[379]),/* OBJ_org                          1 3 */
@@ -1934,6 +1939,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
 &(nid_objs[402]),/* OBJ_target_information           2 5 29 55 */
 &(nid_objs[403]),/* OBJ_no_rev_avail                 2 5 29 56 */
+&(nid_objs[390]),/* OBJ_dcObject                      1466 344 */
 &(nid_objs[382]),/* OBJ_Directory                    1 3 6 1 1 */
 &(nid_objs[383]),/* OBJ_Management                   1 3 6 1 2 */
 &(nid_objs[384]),/* OBJ_Experimental                 1 3 6 1 3 */
@@ -1947,7 +1953,6 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
 &(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
 &(nid_objs[184]),/* OBJ_X9_57                        1 2 840 10040 */
-&(nid_objs[389]),/* OBJ_Enterprises                  1 3 6 1 4 1 */
 &(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
 &(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
 &(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
@@ -2085,9 +2090,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[347]),/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
 &(nid_objs[348]),/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
 &(nid_objs[349]),/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
-&(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
-&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
-&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
+&(nid_objs[350]),/* OBJ_id_pda_pseudonym             1 3 6 1 5 5 7 9 3 */
+&(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 4 */
+&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 5 */
+&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 6 */
 &(nid_objs[354]),/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
 &(nid_objs[355]),/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
 &(nid_objs[356]),/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
@@ -2141,7 +2147,6 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[188]),/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
 &(nid_objs[156]),/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
 &(nid_objs[157]),/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
-&(nid_objs[390]),/* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
 &(nid_objs[91]),/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
 &(nid_objs[315]),/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
 &(nid_objs[316]),/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -1257,17 +1257,21 @@
 #define NID_id_pda_placeOfBirth		349
 #define OBJ_id_pda_placeOfBirth		OBJ_id_pda,2L

+#define SN_id_pda_pseudonym		"id-pda-pseudonym"
+#define NID_id_pda_pseudonym		350
+#define OBJ_id_pda_pseudonym		OBJ_id_pda,3L
+
 #define SN_id_pda_gender		"id-pda-gender"
 #define NID_id_pda_gender		351
-#define OBJ_id_pda_gender		OBJ_id_pda,3L
+#define OBJ_id_pda_gender		OBJ_id_pda,4L

 #define SN_id_pda_countryOfCitizenship		"id-pda-countryOfCitizenship"
 #define NID_id_pda_countryOfCitizenship		352
-#define OBJ_id_pda_countryOfCitizenship		OBJ_id_pda,4L
+#define OBJ_id_pda_countryOfCitizenship		OBJ_id_pda,5L

 #define SN_id_pda_countryOfResidence		"id-pda-countryOfResidence"
 #define NID_id_pda_countryOfResidence		353
-#define OBJ_id_pda_countryOfResidence		OBJ_id_pda,5L
+#define OBJ_id_pda_countryOfResidence		OBJ_id_pda,6L

 #define SN_id_aca_authenticationInfo		"id-aca-authenticationInfo"
 #define NID_id_aca_authenticationInfo		354
@@ -1817,12 +1821,12 @@
 #define SN_Enterprises		"enterprises"
 #define LN_Enterprises		"Enterprises"
 #define NID_Enterprises		389
-#define OBJ_Enterprises		OBJ_Private,1L
+#define OBJ_Enterprises		OBJ_private,1L

 #define SN_dcObject		"dcobject"
 #define LN_dcObject		"dcObject"
 #define NID_dcObject		390
-#define OBJ_dcObject		OBJ_Enterprises,1466L,344L
+#define OBJ_dcObject		OBJ_enterprises,1466L,344L

 #define SN_domainComponent		"DC"
 #define LN_domainComponent		"domainComponent"
--- a/crypto/objects/objects.pl
+++ b/crypto/objects/objects.pl
@@ -208,8 +208,6 @@ sub process_oid
 	if (!($a[0] =~ /^[0-9]+$/))
 		{
 		$a[0] =~ s/-/_/g;
-		if (!defined($obj{$a[0]}))
-			{ die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; }
 		$pref_oid = "OBJ_" . $a[0];
 		$pref_sep = ",";
 		shift @a;
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -406,9 +406,10 @@ id-on 1			: id-on-personalData
 # personal data attributes
 id-pda 1		: id-pda-dateOfBirth
 id-pda 2		: id-pda-placeOfBirth
-id-pda 3		: id-pda-gender
-id-pda 4		: id-pda-countryOfCitizenship
-id-pda 5		: id-pda-countryOfResidence
+id-pda 3		: id-pda-pseudonym
+id-pda 4		: id-pda-gender
+id-pda 5		: id-pda-countryOfCitizenship
+id-pda 6		: id-pda-countryOfResidence

 # attribute certificate attributes
 id-aca 1		: id-aca-authenticationInfo
@@ -593,10 +594,10 @@ internet 5		: security		: Security
 internet 6		: snmpv2		: SNMPv2
 internet 7		: mail			: Mail

-Private 1		: enterprises		: Enterprises
+private 1		: enterprises		: Enterprises

 # RFC 2247
-Enterprises 1466 344	: dcobject		: dcObject
+enterprises 1466 344	: dcobject		: dcObject

 # Stray OIDs we don't know the full name of each step for
 # RFC 2247
--- a/Show More
+++ b/Show More