This commit was manufactured by cvs2svn to create tag 'OpenSSL_0_9_5'.

2000-05-25 13:20:13 +00:00
872 changed files with 37481 additions and 70491 deletions
--- a/.cvsignore
+++ b/.cvsignore
@@ -7,9 +7,5 @@ outinc
 rehash.time
 testlog
 make.log
-maketest.log
 cctest
 cctest.c
-cctest.a
-libcrypto.so.*
-libssl.so.*
--- a/1645
+++ b/1645
--- a/777
+++ b/777
--- a/663
+++ b/663
@@ -1,67 +1,20 @@
 OpenSSL  -  Frequently Asked Questions
 --------------------------------------

-[MISC] Miscellaneous questions
-
 * Which is the current version of OpenSSL?
 * Where is the documentation?
 * How can I contact the OpenSSL developers?
-* Where can I get a compiled version of OpenSSL?
-* Why aren't tools like 'autoconf' and 'libtool' used?
-* What is an 'engine' version?
-
-[LEGAL] Legal questions
-
 * Do I need patent licenses to use OpenSSL?
-* Can I use OpenSSL with GPL software? 
-
-[USER] Questions on using the OpenSSL applications
-
-* Why do I get a "PRNG not seeded" error message?
-* Why do I get an "unable to write 'random state'" error message?
-* How do I create certificates or certificate requests?
-* Why can't I create certificate requests?
-* Why does <SSL program> fail with a certificate verify error?
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-* How can I create DSA certificates?
-* Why can't I make an SSL connection using a DSA certificate?
-* How can I remove the passphrase on a private key?
-* Why can't I use OpenSSL certificates with SSL client authentication?
-* Why does my browser give a warning about a mismatched hostname?
-* How do I install a CA certificate into a browser?
-
-[BUILD] Questions about building and testing OpenSSL
-
-* Why does the linker complain about undefined symbols?
-* Why does the OpenSSL test fail with "bc: command not found"?
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-* What is special about OpenSSL on Redhat?
-* Why does the OpenSSL test suite fail on MacOS X?
-
-[PROG] Questions about programming with OpenSSL
-
 * Is OpenSSL thread-safe?
-* I've compiled a program under Windows and it crashes: why?
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-* I've called <some function> and it fails, why?
-* I just get a load of numbers for the error output, what do they mean?
-* Why do I get errors about unknown algorithms?
-* Why can't the OpenSSH configure script detect OpenSSL?
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-* Why doesn't my server application receive a client certificate?
+* Why do I get a "PRNG not seeded" error message?
+* Why does the linker complain about undefined symbols?
+* Where can I get a compiled version of OpenSSL?

-===============================================================================
-
-[MISC] ========================================================================

 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6g was released on 9 August 2002.
+OpenSSL 0.9.5 was released on February 28th, 2000.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -107,6 +60,63 @@ OpenSSL.  Information on the OpenSSL mailing lists is available from
 <URL: http://www.openssl.org>.


+* Do I need patent licenses to use OpenSSL?
+
+The patents section of the README file lists patents that may apply to
+you if you want to use OpenSSL.  For information on intellectual
+property rights, please consult a lawyer.  The OpenSSL team does not
+offer legal advice.
+
+You can configure OpenSSL so as not to use RC5 and IDEA by using
+ ./config no-rc5 no-idea
+
+Until the RSA patent expires, U.S. users may want to use
+ ./config no-rc5 no-idea no-rsa
+
+Please note that you will *not* be able to communicate with most of
+the popular web browsers without RSA support.
+
+
+* Is OpenSSL thread-safe?
+
+Yes.  On Windows and many Unix systems, OpenSSL automatically uses the
+multi-threaded versions of the standard libraries.  If your platform
+is not one of these, consult the INSTALL file.
+
+Multi-threaded applications must provide two callback functions to
+OpenSSL.  This is described in the threads(3) manpage.
+
+
+* Why do I get a "PRNG not seeded" error message?
+
+Cryptographic software needs a source of unpredictable data to work
+correctly.  Many open source operating systems provide a "randomness
+device" that serves this purpose.  On other systems, applications have
+to call the RAND_add() or RAND_seed() function with appropriate data
+before generating keys or performing public key encryption.
+
+Some broken applications do not do this.  As of version 0.9.5, the
+OpenSSL functions that need randomness report an error if the random
+number generator has not been seeded with at least 128 bits of
+randomness.  If this error occurs, please contact the author of the
+application you are using.  It is likely that it never worked
+correctly.  OpenSSL 0.9.5 makes the error visible by refusing to
+perform potentially insecure encryption.
+
+
+* Why does the linker complain about undefined symbols?
+
+Maybe the compilation was interrupted, and make doesn't notice that
+something is missing.  Run "make clean; make".
+
+If you used ./Configure instead of ./config, make sure that you
+selected the right target.  File formats may differ slightly between
+OS versions (for example sparcv8/sparcv9, or a.out/elf).
+
+If that doesn't help, you may want to try using the current snapshot.
+If the problem persists, please submit a bug report.
+
+
 * Where can I get a compiled version of OpenSSL?

 Some applications that use OpenSSL are distributed in binary form.
@@ -118,554 +128,3 @@ a C compiler, read the "Mingw32" section of INSTALL.W32 for information
 on how to obtain and install the free GNU C compiler.

 A number of Linux and *BSD distributions include OpenSSL.
-
-
-* Why aren't tools like 'autoconf' and 'libtool' used?
-
-autoconf will probably be used in future OpenSSL versions. If it was
-less Unix-centric, it might have been used much earlier.
-
-* What is an 'engine' version?
-
-With version 0.9.6 OpenSSL was extended to interface to external crypto
-hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 (not yet released) the changes were merged into the main
-development line, so that the special release is no longer necessary.
-
-[LEGAL] =======================================================================
-
-* Do I need patent licenses to use OpenSSL?
-
-The patents section of the README file lists patents that may apply to
-you if you want to use OpenSSL.  For information on intellectual
-property rights, please consult a lawyer.  The OpenSSL team does not
-offer legal advice.
-
-You can configure OpenSSL so as not to use RC5 and IDEA by using
- ./config no-rc5 no-idea
-
-
-* Can I use OpenSSL with GPL software?
-
-On many systems including the major Linux and BSD distributions, yes (the
-GPL does not place restrictions on using libraries that are part of the
-normal operating system distribution).
-
-On other systems, the situation is less clear. Some GPL software copyright
-holders claim that you infringe on their rights if you use OpenSSL with
-their software on operating systems that don't normally include OpenSSL.
-
-If you develop open source software that uses OpenSSL, you may find it
-useful to choose an other license than the GPL, or state explicitly that
-"This program is released under the GPL with the additional exemption that
-compiling, linking, and/or using OpenSSL is allowed."  If you are using
-GPL software developed by others, you may want to ask the copyright holder
-for permission to use their software with OpenSSL.
-
-
-[USER] ========================================================================
-
-* Why do I get a "PRNG not seeded" error message?
-
-Cryptographic software needs a source of unpredictable data to work
-correctly.  Many open source operating systems provide a "randomness
-device" that serves this purpose.  On other systems, applications have
-to call the RAND_add() or RAND_seed() function with appropriate data
-before generating keys or performing public key encryption.
-(These functions initialize the pseudo-random number generator, PRNG.)
-
-Some broken applications do not do this.  As of version 0.9.5, the
-OpenSSL functions that need randomness report an error if the random
-number generator has not been seeded with at least 128 bits of
-randomness.  If this error occurs, please contact the author of the
-application you are using.  It is likely that it never worked
-correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
-to perform potentially insecure encryption.
-
-On systems without /dev/urandom and /dev/random, it is a good idea to
-use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
-details.  Starting with version 0.9.7, OpenSSL will automatically look
-for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
-/etc/entropy.
-
-Most components of the openssl command line utility automatically try
-to seed the random number generator from a file.  The name of the
-default seeding file is determined as follows: If environment variable
-RANDFILE is set, then it names the seeding file.  Otherwise if
-environment variable HOME is set, then the seeding file is $HOME/.rnd.
-If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
-use file .rnd in the current directory while OpenSSL 0.9.6a uses no
-default seeding file at all.  OpenSSL 0.9.6b and later will behave
-similarly to 0.9.6a, but will use a default of "C:\" for HOME on
-Windows systems if the environment variable has not been set.
-
-If the default seeding file does not exist or is too short, the "PRNG
-not seeded" error message may occur.
-
-The openssl command line utility will write back a new state to the
-default seeding file (and create this file if necessary) unless
-there was no sufficient seeding.
-
-Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
-Use the "-rand" option of the OpenSSL command line tools instead.
-The $RANDFILE environment variable and $HOME/.rnd are only used by the
-OpenSSL command line tools. Applications using the OpenSSL library
-provide their own configuration options to specify the entropy source,
-please check out the documentation coming the with application.
-
-For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
-installing the SUNski package from Sun patch 105710-01 (Sparc) which
-adds a /dev/random device and make sure it gets used, usually through
-$RANDFILE.  There are probably similar patches for the other Solaris
-versions.  An official statement from Sun with respect to /dev/random
-support can be found at
-  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
-However, be warned that /dev/random is usually a blocking device, which
-may have some effects on OpenSSL.
-
-
-* Why do I get an "unable to write 'random state'" error message?
-
-
-Sometimes the openssl command line utility does not abort with
-a "PRNG not seeded" error message, but complains that it is
-"unable to write 'random state'".  This message refers to the
-default seeding file (see previous answer).  A possible reason
-is that no default filename is known because neither RANDFILE
-nor HOME is set.  (Versions up to 0.9.6 used file ".rnd" in the
-current directory in this case, but this has changed with 0.9.6a.)
-
-
-* How do I create certificates or certificate requests?
-
-Check out the CA.pl(1) manual page. This provides a simple wrapper round
-the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
-out the manual pages for the individual utilities and the certificate
-extensions documentation (currently in doc/openssl.txt).
-
-
-* Why can't I create certificate requests?
-
-You typically get the error:
-
-	unable to find 'distinguished_name' in config
-	problems making Certificate Request
-
-This is because it can't find the configuration file. Check out the
-DIAGNOSTICS section of req(1) for more information.
-
-
-* Why does <SSL program> fail with a certificate verify error?
-
-This problem is usually indicated by log messages saying something like
-"unable to get local issuer certificate" or "self signed certificate".
-When a certificate is verified its root CA must be "trusted" by OpenSSL
-this typically means that the CA certificate must be placed in a directory
-or file and the relevant program configured to read it. The OpenSSL program
-'verify' behaves in a similar way and issues similar error messages: check
-the verify(1) program manual page for more information.
-
-
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-
-This is almost certainly because you are using an old "export grade" browser
-which only supports weak encryption. Upgrade your browser to support 128 bit
-ciphers.
-
-
-* How can I create DSA certificates?
-
-Check the CA.pl(1) manual page for a DSA certificate example.
-
-
-* Why can't I make an SSL connection to a server using a DSA certificate?
-
-Typically you'll see a message saying there are no shared ciphers when
-the same setup works fine with an RSA certificate. There are two possible
-causes. The client may not support connections to DSA servers most web
-browsers (including Netscape and MSIE) only support connections to servers
-supporting RSA cipher suites. The other cause is that a set of DH parameters
-has not been supplied to the server. DH parameters can be created with the
-dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
-check the source to s_server in apps/s_server.c for an example.
-
-
-* How can I remove the passphrase on a private key?
-
-Firstly you should be really *really* sure you want to do this. Leaving
-a private key unencrypted is a major security risk. If you decide that
-you do have to do this check the EXAMPLES sections of the rsa(1) and
-dsa(1) manual pages.
-
-
-* Why can't I use OpenSSL certificates with SSL client authentication?
-
-What will typically happen is that when a server requests authentication
-it will either not include your certificate or tell you that you have
-no client certificates (Netscape) or present you with an empty list box
-(MSIE). The reason for this is that when a server requests a client
-certificate it includes a list of CAs names which it will accept. Browsers
-will only let you select certificates from the list on the grounds that
-there is little point presenting a certificate which the server will
-reject.
-
-The solution is to add the relevant CA certificate to your servers "trusted
-CA list". How you do this depends on the server software in uses. You can
-print out the servers list of acceptable CAs using the OpenSSL s_client tool:
-
-openssl s_client -connect www.some.host:443 -prexit
-
-If your server only requests certificates on certain URLs then you may need
-to manually issue an HTTP GET command to get the list when s_client connects:
-
-GET /some/page/needing/a/certificate.html
-
-If your CA does not appear in the list then this confirms the problem.
-
-
-* Why does my browser give a warning about a mismatched hostname?
-
-Browsers expect the server's hostname to match the value in the commonName
-(CN) field of the certificate. If it does not then you get a warning.
-
-
-* How do I install a CA certificate into a browser?
-
-The usual way is to send the DER encoded certificate to the browser as
-MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
-link. On MSIE certain extensions such as .der or .cacert may also work, or you
-can import the certificate using the certificate import wizard.
-
-You can convert a certificate to DER form using the command:
-
-openssl x509 -in ca.pem -outform DER -out ca.der
-
-Occasionally someone suggests using a command such as:
-
-openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
-
-DO NOT DO THIS! This command will give away your CAs private key and
-reduces its security to zero: allowing anyone to forge certificates in
-whatever name they choose.
-
-
-[BUILD] =======================================================================
-
-* Why does the linker complain about undefined symbols?
-
-Maybe the compilation was interrupted, and make doesn't notice that
-something is missing.  Run "make clean; make".
-
-If you used ./Configure instead of ./config, make sure that you
-selected the right target.  File formats may differ slightly between
-OS versions (for example sparcv8/sparcv9, or a.out/elf).
-
-In case you get errors about the following symbols, use the config
-option "no-asm", as described in INSTALL:
-
- BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
- CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
- RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
- bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
- bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
- des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
- des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
-
-If none of these helps, you may want to try using the current snapshot.
-If the problem persists, please submit a bug report.
-
-
-* Why does the OpenSSL test fail with "bc: command not found"?
-
-You didn't install "bc", the Unix calculator.  If you want to run the
-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
-
-
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-
-On some SCO installations or versions, bc has a bug that gets triggered
-when you run the test suite (using "make test").  The message returned is
-"bc: 1 not implemented".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-
-On some Alpha installations running Tru64 Unix and Compaq C, the compilation
-of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
-memory to continue compilation.'  As far as the tests have shown, this may be
-a compiler bug.  What happens is that it eats up a lot of resident memory
-to build something, probably a table.  The problem is clearly in the
-optimization code, because if one eliminates optimization completely (-O0),
-the compilation goes through (and the compiler consumes about 2MB of resident
-memory instead of 240MB or whatever one's limit is currently).
-
-There are three options to solve this problem:
-
-1. set your current data segment size soft limit higher.  Experience shows
-that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do
-this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
-kbytes to set the limit to.
-
-2. If you have a hard limit that is lower than what you need and you can't
-get it changed, you can compile all of OpenSSL with -O0 as optimization
-level.  This is however not a very nice thing to do for those who expect to
-get the best result from OpenSSL.  A bit more complicated solution is the
-following:
-
----- snip:start -----
-  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
-       sed -e 's/ -O[0-9] / -O0 /'`"
-  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
-  make
----- snip:end -----
-
-This will only compile sha_dgst.c with -O0, the rest with the optimization
-level chosen by the configuration process.  When the above is done, do the
-test and installation and you're set.
-
-
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-
-Getting this message is quite usual on Solaris 2, because Sun has hidden
-away 'ar' and other development commands in directories that aren't in
-$PATH by default.  One of those directories is '/usr/ccs/bin'.  The
-quickest way to fix this is to do the following (it assumes you use sh
-or any sh-compatible shell):
-
----- snip:start -----
-  PATH=${PATH}:/usr/ccs/bin; export PATH
----- snip:end -----
-
-and then redo the compilation.  What you should really do is make sure
-'/usr/ccs/bin' is permanently in your $PATH, for example through your
-'.profile' (again, assuming you use a sh-compatible shell).
-
-
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-
-Sometimes, you may get reports from VC++ command line (cl) that it
-can't find standard include files like stdio.h and other weirdnesses.
-One possible cause is that the environment isn't correctly set up.
-To solve that problem, one should run VCVARS32.BAT which is found in
-the 'bin' subdirectory of the VC++ installation directory (somewhere
-under 'Program Files').  This needs to be done prior to running NMAKE,
-and the changes are only valid for the current DOS session.
-
-
-* What is special about OpenSSL on Redhat?
-
-Red Hat Linux (release 7.0 and later) include a preinstalled limited
-version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
-is disabled in this version. The same may apply to other Linux distributions.
-Users may therefore wish to install more or all of the features left out.
-
-To do this you MUST ensure that you do not overwrite the openssl that is in
-/usr/bin on your Red Hat machine. Several packages depend on this file,
-including sendmail and ssh. /usr/local/bin is a good alternative choice. The
-libraries that come with Red Hat 7.0 onwards have different names and so are
-not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
-/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
-/lib/libcrypto.so.2 respectively).
-
-Please note that we have been advised by Red Hat attempting to recompile the
-openssl rpm with all the cryptography enabled will not work. All other
-packages depend on the original Red Hat supplied openssl package. It is also
-worth noting that due to the way Red Hat supplies its packages, updates to
-openssl on each distribution never change the package version, only the
-build number. For example, on Red Hat 7.1, the latest openssl package has
-version number 0.9.6 and build number 9 even though it contains all the
-relevant updates in packages up to and including 0.9.6b.
-
-A possible way around this is to persuade Red Hat to produce a non-US
-version of Red Hat Linux.
-
-FYI: Patent numbers and expiry dates of US patents:
-MDC-2: 4,908,861 13/03/2007
-IDEA:  5,214,703 25/05/2010
-RC5:   5,724,428 03/03/2015
-
-
-* Why does the OpenSSL test suite fail on MacOS X?
-
-If the failure happens when running 'make test' and the RC4 test fails,
-it's very probable that you have OpenSSL 0.9.6b delivered with the
-operating system (you can find out by running '/usr/bin/openssl version')
-and that you were trying to build OpenSSL 0.9.6d.  The problem is that
-the loader ('ld') in MacOS X has a misfeature that's quite difficult to
-go around and has linked the programs "openssl" and the test programs
-with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
-libraries you just built.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-[PROG] ========================================================================
-
-* Is OpenSSL thread-safe?
-
-Yes (with limitations: an SSL connection may not concurrently be used
-by multiple threads).  On Windows and many Unix systems, OpenSSL
-automatically uses the multi-threaded versions of the standard
-libraries.  If your platform is not one of these, consult the INSTALL
-file.
-
-Multi-threaded applications must provide two callback functions to
-OpenSSL.  This is described in the threads(3) manpage.
-
-
-* I've compiled a program under Windows and it crashes: why?
-
-This is usually because you've missed the comment in INSTALL.W32.
-Your application must link against the same version of the Win32
-C-Runtime against which your openssl libraries were linked.  The
-default version for OpenSSL is /MD - "Multithreaded DLL".
-
-If you are using Microsoft Visual C++'s IDE (Visual Studio), in
-many cases, your new project most likely defaulted to "Debug
-Singlethreaded" - /ML.  This is NOT interchangeable with /MD and your
-program will crash, typically on the first BIO related read or write
-operation.
-
-For each of the six possible link stage configurations within Win32,
-your application must link  against the same by which OpenSSL was
-built.  If you are using MS Visual C++ (Studio) this can be changed
-by:
-
-1.  Select Settings... from the Project Menu.
-2.  Select the C/C++ Tab.
-3.  Select "Code Generation from the "Category" drop down list box
-4.  Select the Appropriate library (see table below) from the "Use
-    run-time library" drop down list box.  Perform this step for both
-    your debug and release versions of your application (look at the
-    top left of the settings panel to change between the two)
-
-    Single Threaded           /ML        -  MS VC++ often defaults to
-                                            this for the release
-                                            version of a new project.
-    Debug Single Threaded     /MLd       -  MS VC++ often defaults to
-                                            this for the debug version
-                                            of a new project.
-    Multithreaded             /MT
-    Debug Multithreaded       /MTd
-    Multithreaded DLL         /MD        -  OpenSSL defaults to this.
-    Debug Multithreaded DLL   /MDd
-
-Note that debug and release libraries are NOT interchangeable.  If you
-built OpenSSL with /MD your application must use /MD and cannot use /MDd.
-
-
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-
-You have two options. You can either use a memory BIO in conjunction
-with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
-i2d_XXX(), d2i_XXX() functions directly. Since these are often the
-cause of grief here are some code fragments using PKCS7 as an example:
-
-unsigned char *buf, *p;
-int len;
-
-len = i2d_PKCS7(p7, NULL);
-buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
-p = buf;
-i2d_PKCS7(p7, &p);
-
-At this point buf contains the len bytes of the DER encoding of
-p7.
-
-The opposite assumes we already have len bytes in buf:
-
-unsigned char *p;
-p = buf;
-p7 = d2i_PKCS7(NULL, &p, len);
-
-At this point p7 contains a valid PKCS7 structure of NULL if an error
-occurred. If an error occurred ERR_print_errors(bio) should give more
-information.
-
-The reason for the temporary variable 'p' is that the ASN1 functions
-increment the passed pointer so it is ready to read or write the next
-structure. This is often a cause of problems: without the temporary
-variable the buffer pointer is changed to point just after the data
-that has been read or written. This may well be uninitialized data
-and attempts to free the buffer will have unpredictable results
-because it no longer points to the same address.
-
-
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-
-This usually happens when you try compiling something using the PKCS#12
-macros with a C++ compiler. There is hardly ever any need to use the
-PKCS#12 macros in a program, it is much easier to parse and create
-PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
-documented in doc/openssl.txt and with examples in demos/pkcs12. The
-'pkcs12' application has to use the macros because it prints out 
-debugging information.
-
-
-* I've called <some function> and it fails, why?
-
-Before submitting a report or asking in one of the mailing lists, you
-should try to determine the cause. In particular, you should call
-ERR_print_errors() or ERR_print_errors_fp() after the failed call
-and see if the message helps. Note that the problem may occur earlier
-than you think -- you should check for errors after every call where
-it is possible, otherwise the actual problem may be hidden because
-some OpenSSL functions clear the error state.
-
-
-* I just get a load of numbers for the error output, what do they mean?
-
-The actual format is described in the ERR_print_errors() manual page.
-You should call the function ERR_load_crypto_strings() before hand and
-the message will be output in text form. If you can't do this (for example
-it is a pre-compiled binary) you can use the errstr utility on the error
-code itself (the hex digits after the second colon).
-
-
-* Why do I get errors about unknown algorithms?
-
-This can happen under several circumstances such as reading in an
-encrypted private key or attempting to decrypt a PKCS#12 file. The cause
-is forgetting to load OpenSSL's table of algorithms with
-OpenSSL_add_all_algorithms(). See the manual page for more information.
-
-
-* Why can't the OpenSSH configure script detect OpenSSL?
-
-Several reasons for problems with the automatic detection exist.
-OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
-Sometimes the distribution has installed an older version in the system
-locations that is detected instead of a new one installed. The OpenSSL
-library might have been compiled for another CPU or another mode (32/64 bits).
-Permissions might be wrong.
-
-The general answer is to check the config.log file generated when running
-the OpenSSH configure script. It should contain the detailed information
-on why the OpenSSL library was not detected or considered incompatible.
-
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-
-Yes; make sure to read the SSL_get_error(3) manual page!
-
-A pitfall to avoid: Don't assume that SSL_read() will just read from
-the underlying transport or that SSL_write() will just write to it --
-it is also possible that SSL_write() cannot do any useful work until
-there is data to read, or that SSL_read() cannot do anything until it
-is possible to send data.  One reason for this is that the peer may
-request a new TLS/SSL handshake at any time during the protocol,
-requiring a bi-directional message exchange; both SSL_read() and
-SSL_write() will try to continue any pending handshake.
-
-
-* Why doesn't my server application receive a client certificate?
-
-Due to the TLS protocol definition, a client will only send a certificate,
-if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
-SSL_CTX_set_verify() function to enable the use of client certificates.
-
-
-===============================================================================
-
--- a/62
+++ b/62
@@ -2,16 +2,13 @@
 INSTALLATION ON THE UNIX PLATFORM
 ---------------------------------

- [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
-  in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
+ [See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
+  and INSTALL.VMS for installing on OpenVMS systems.]

 To install OpenSSL, you will need:

-  * make
  * Perl 5
  * an ANSI C compiler
-  * a development environment in form of development libraries and C
-    header files
  * a supported Unix operating system

 Quick Start
@@ -36,8 +33,7 @@
 Configuration Options
 ---------------------

- There are several options to ./config (or ./Configure) to customize
- the build:
+ There are several options to ./config to customize the build:

  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
 	        Configuration files used by OpenSSL will be in DIR/ssl
@@ -46,6 +42,9 @@
  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
                the library files and binaries are also installed there.

+  rsaref        Build with RSADSI's RSAREF toolkit (this assumes that
+                librsaref.a is in the library search path).
+
  no-threads    Don't try to build with support for multi-threaded
                applications.

@@ -53,15 +52,6 @@
                This will usually require additional system-dependent options!
                See "Note on multi-threading" below.

-  no-shared     Don't try to create shared libraries.
-
-  shared        In addition to the usual static libraries, create shared
-                libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.  THIS IS NOT RECOMMENDED!  Since
-                this is a development branch, the positions of the ENGINE
-                symbols in the transfer vector are constantly moving, so
-                binary backward compatibility can't be guaranteed in any way.
-
  no-asm        Do not use assembler code.

  386           Use the 80386 instruction set only (the default x86 code is
@@ -127,15 +117,9 @@
     OpenSSL binary ("openssl"). The libraries will be built in the top-level
     directory, and the binary will be in the "apps" directory.

-     If "make" fails, look at the output.  There may be reasons for
-     the failure that aren't problems in OpenSSL itself (like missing
-     standard headers).  If it is a problem with OpenSSL itself, please
-     report the problem to <openssl-bugs@openssl.org> (note that your
-     message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/rt2.html and will be forwarded to a public
-     mailing list). Include the output of "make report" in your message.
-     Please check out the request tracker. Maybe the bug was already
-     reported or has already been fixed.
+     If "make" fails, please report the problem to <openssl-bugs@openssl.org>
+     (note that your message will be forwarded to a public mailing list).
+     Include the output of "make report" in your message.

     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]
@@ -147,14 +131,10 @@

       $ make test

-     If a test fails, look at the output.  There may be reasons for
-     the failure that isn't a problem in OpenSSL itself (like a missing
-     or malfunctioning bc).  If it is a problem with OpenSSL itself,
-     try removing any compiler optimization flags from the CFLAGS line
-     in Makefile.ssl and run "make clean; make". Please send a bug
-     report to <openssl-bugs@openssl.org>, including the output of
-     "make report" in order to be added to the request tracker at
-     http://www.openssl.org/rt2.html.
+    If a test fails, try removing any compiler optimization flags from
+    the CFLAGS line in Makefile.ssl and run "make clean; make". Please
+    send a bug report to <openssl-bugs@openssl.org>, including the
+    output of "make report".

  4. If everything tests ok, install OpenSSL with

@@ -272,19 +252,3 @@
 you can still use "no-threads" to suppress an annoying warning message
 from the Configure script.)

-
- Note on shared libraries
- ------------------------
-
- Shared library is currently an experimental feature.  The only reason to
- have them would be to conserve memory on systems where several program
- are using OpenSSL.  Binary backward compatibility can't be guaranteed
- before OpenSSL version 1.0.
-
- For some systems, the OpenSSL Configure script knows what is needed to
- build shared libraries for libcrypto and libssl.  On these systems,
- the shared libraries are currently not created by default, but giving
- the option "shared" will get them created.  This method supports Makefile
- targets for shared library creation, like linux-shared.  Those targets
- can currently be used on their own just as well, but this is expected
- to change in future versions of OpenSSL.
--- a/INSTALL.MacOS
+++ b/INSTALL.MacOS
@@ -1,7 +1,7 @@
-OpenSSL - Port To The Macintosh OS 9 or Earlier
-===============================================
+OpenSSL - Port To The Macintosh
+===============================

-Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
+Thanks to Roy Wood <roy@centricsystems.ca> initial support for MacOS (pre
 X) is now provided. "Initial" means that unlike other platforms where you
 get an SDK and a "swiss army" openssl application, on Macintosh you only
 get one sample application which fetches a page over HTTPS(*) and dumps it
@@ -42,7 +42,7 @@ Installation procedure:
 	BSD sockets and some other POSIX APIs. The GUSI distribution is
 	expected to be found in the same directory as openssl source tree,
 	i.e. in the parent directory to the one where this very file,
-	namely INSTALL.MacOS. For more information about GUSI, see
+	namely INSTALL.MacOS. For more informations about GUSI, see
 	http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html

 Finally some essential comments from our generous contributor:-)
--- a/INSTALL.VMS
+++ b/INSTALL.VMS
@@ -8,7 +8,6 @@ Intro:

 This file is divided in the following parts:

-  Requirements			- Mandatory reading.
  Checking the distribution	- Mandatory reading.
  Compilation			- Mandatory reading.
  Logical names			- Mandatory reading.
@@ -20,15 +19,6 @@ This file is divided in the following parts:
  TODO				- Things that are to come.


-Requirements:
-=============
-
-To build and install OpenSSL, you will need:
-
- * DEC C or some other ANSI C compiler.  VAX C is *not* supported.
-   [Note: OpenSSL has only been tested with DEC C.  Compiling with 
-    a different ANSI C compiler may require some work]
-
 Checking the distribution:
 ==========================

@@ -92,17 +82,12 @@ directory.  The syntax is trhe following:
      RSAREF    compile using the RSAREF Library
      NORSAREF  compile without using RSAREF

-Note 0: The RASREF library IS NO LONGER NEEDED.  The RSA patent
-        expires September 20, 2000, and RSA Security chose to make
-        the algorithm public domain two weeks before that.
-
-Note 1: If you still want to use RSAREF, the library is NOT INCLUDED
-        and you have to download it.  RSA Security doesn't carry it
-        any more, but there are a number of places where you can find
-        it.  You have to get the ".tar-Z" file as the ".zip" file
-        doesn't have the directory structure stored.  You have to
-        extract the file into the [.RSAREF] directory as that is where
-        the scripts will look for the files.
+Note 1: The RSAREF libraries are NOT INCLUDED and you have to
+        download it from "ftp://ftp.rsa.com/rsaref".  You have to
+        get the ".tar-Z" file as the ".zip" file doesn't have the
+        directory structure stored.  You have to extract the file
+        into the [.RSAREF] directory as that is where the scripts
+        will look for the files.

 Note 2: I have never done this, so I've no idea if it works or not.

@@ -144,7 +129,7 @@ Currently, the logical names supported are:
                        used.  This is good to try if something doesn't work.
      OPENSSL_NO_'alg'  with value YES, the corresponding crypto algorithm
                        will not be implemented.  Supported algorithms to
-                        do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
+                        do this with are: RSA, DSA, DH, MD2, MD5, RIPEMD,
                        SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
                        SSL2.  So, for example, having the logical name
                        OPENSSL_NO_RSA with the value YES means that the
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -2,19 +2,16 @@
 INSTALLATION ON THE WIN32 PLATFORM
 ----------------------------------

- Heres a few comments about building OpenSSL in Windows environments.  Most
- of this is tested on Win32 but it may also work in Win 3.1 with some
+ Heres a few comments about building OpenSSL in Windows environments. Most of
+ this is tested on Win32 but it may also work in Win 3.1 with some
 modification.

- You need Perl for Win32.  Unless you will build on Cygwin, you will need
- ActiveState Perl, available from http://www.activestate.com/ActivePerl.
- For Cygwin users, there's more info in the Cygwin section.
-
+ You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
 and one of the following C compilers:

  * Visual C++
  * Borland C
-  * GNU C (Mingw32 or Cygwin)
+  * GNU C (Mingw32 or Cygwin32)

 If you want to compile in the assembly language routines with Visual C++ then
 you will need an assembler. This is worth doing because it will result in
@@ -81,7 +78,7 @@

 There are various changes you can make to the Win32 compile environment. By
 default the library is not compiled with debugging symbols. If you add 'debug'
- to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
+ to the mk1mk.pl lines in the do_* batch file then debugging symbols will be
 compiled in.

 The default Win32 environment is to leave out any Windows NT specific
@@ -94,18 +91,6 @@
 You can also build a static version of the library using the Makefile
 ms\nt.mak

- Borland C++ builder 5
- ---------------------
-
- * Configure for building with Borland Builder:
-   > perl Configure BC-32
-
- * Create the appropriate makefile
-   > ms\do_nasm
-
- * Build
-   > make -f ms\bcb.mak
-
 Borland C++ builder 3 and 4
 ---------------------------

@@ -123,20 +108,18 @@

 * Compiler installation:

-   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
-   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at
+   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/
+   mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at
   <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
   make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
   C:\egcs-1.1.2\mingw32.bat to set the PATH.

 * Compile OpenSSL:

-   > ms\mingw32
+   > perl Configure Mingw32
+   > ms\mw.bat

-   This will create the library and binaries in out. In case any problems
-   occur, try
-   > ms\mingw32 no-asm
-   instead.
+   This will create the library and binaries in out.

   libcrypto.a and libssl.a are the static libraries. To use the DLLs,
   link with libeay32.a and libssl32.a instead.
@@ -149,84 +132,6 @@
   > cd out
   > ..\ms\test

- GNU C (Cygwin)
- --------------
-
- Cygwin provides a bash shell and GNU tools environment running on
- NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL
- with Cygwin is closer to a GNU bash environment such as Linux rather
- than other W32 makes that are based on a single makefile approach.
- Cygwin implements Posix/Unix calls through cygwin1.dll, and is
- contrasted to Mingw32 which links dynamically to msvcrt.dll or
- crtdll.dll.
-
- To build OpenSSL using Cygwin:
-
- * Install Cygwin (see http://sourceware.cygnus.com/cygwin)
-
- * Install Perl and ensure it is in the path (recent Cygwin perl 
-   (version 5.6.1-2 of the latter has been reported to work) or
-   ActivePerl)
-
- * Run the Cygwin bash shell
-
- * $ tar zxvf openssl-x.x.x.tar.gz
-   $ cd openssl-x.x.x
-   $ ./config
-   [...]
-   $ make
-   [...]
-   $ make test
-   $ make install
-
- This will create a default install in /usr/local/ssl.
-
- Cygwin Notes:
-
- "make test" and normal file operations may fail in directories
- mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
- stripping of carriage returns. To avoid this ensure that a binary
- mount is used, e.g. mount -b c:\somewhere /home.
-
- As of version 1.1.1 Cygwin is relatively unstable in its handling
- of cr/lf issues. These make procedures succeeded with versions 1.1 and
- the snapshot 20000524 (Slow!).
-
- "bc" is not provided in the Cygwin distribution.  This causes a
- non-fatal error in "make test" but is otherwise harmless.  If
- desired, GNU bc can be built with Cygwin without change.
-
-
- Installation
- ------------
-
- If you used the Cygwin procedure above, you have already installed and
- can skip this section.  For all other procedures, there's currently no real
- installation procedure for Win32.  There are, however, some suggestions:
-
-    - do nothing.  The include files are found in the inc32/ subdirectory,
-      all binaries are found in out32dll/ or out32/ depending if you built
-      dynamic or static libraries.
-
-    - do as is written in INSTALL.Win32 that comes with modssl:
-
-	$ md c:\openssl 
-	$ md c:\openssl\bin
-	$ md c:\openssl\lib
-	$ md c:\openssl\include
-	$ md c:\openssl\include\openssl
-	$ copy /b inc32\*               c:\openssl\include\openssl
-	$ copy /b out32dll\ssleay32.lib c:\openssl\lib
-	$ copy /b out32dll\libeay32.lib c:\openssl\lib
-	$ copy /b out32dll\ssleay32.dll c:\openssl\bin
-	$ copy /b out32dll\libeay32.dll c:\openssl\bin
-	$ copy /b out32dll\openssl.exe  c:\openssl\bin
-
-      Of course, you can choose another device than c:.  C: is used here
-      because that's usually the first (and often only) harddisk device.
-      Note: in the modssl INSTALL.Win32, p: is used rather than c:.
-
-
 Troubleshooting
 ---------------

--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------

 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/MacOS/GetHTTPS.src/GetHTTPS.cpp
+++ b/MacOS/GetHTTPS.src/GetHTTPS.cpp
@@ -19,7 +19,6 @@
 *				are installed!  Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
 */
 /* modified to seed the PRNG */
-/* modified to use CRandomizer for seeding */


 //	Include some funky libs I've developed over time
@@ -27,13 +26,14 @@
 #include "CPStringUtils.hpp"
 #include "ErrorHandling.hpp"
 #include "MacSocket.h"
-#include "Randomizer.h"
+

 //	We use the OpenSSL implementation of SSL....
 //	This was a lot of work to finally get going, though you wouldn't know it by the results!

 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <openssl/rand.h>

 #include <timer.h>

@@ -48,6 +48,10 @@

 OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr);

+
+
+
+
 //	My idle-wait callback.  Doesn't do much, does it?  Silly cooperative multitasking.

 OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
@@ -55,33 +59,31 @@ OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
 #pragma unused(inUserRefPtr)

 EventRecord		theEvent;
+
 	::EventAvail(everyEvent,&theEvent);
-	
-	CRandomizer *randomizer = (CRandomizer*)inUserRefPtr;
-	if (randomizer)
-		randomizer->PeriodicAction();

 	return(noErr);
 }


+
 //	Finally!

 void main(void)
 {
-	OSErr				errCode;
-	int					theSocket = -1;
-	int					theTimeout = 30;
+OSErr				errCode;
+int					theSocket = -1;
+int					theTimeout = 30;

-	SSL_CTX				*ssl_ctx = nil;
-	SSL					*ssl = nil;
+SSL_CTX				*ssl_ctx = nil;
+SSL					*ssl = nil;

-	char				tempString[256];
-	UnsignedWide		microTickCount;
-
-
-	CRandomizer randomizer;
+char				tempString[256];
+UnsignedWide		microTickCount;
 	
+#warning   -- USE A TRUE RANDOM SEED, AND ADD ENTROPY WHENEVER POSSIBLE. --
+const char seed[] = "uyq9,7-b(VHGT^%$&^F/,876;,;./lkJHGFUY{PO*";	// Just gobbledygook
+
 	printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
 	
 	BailIfError(errCode = MacSocket_Startup());
@@ -90,7 +92,7 @@ void main(void)

 	//	Create a socket-like object
 	
-	BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,&randomizer));
+	BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,nil));

 	
 	//	Set up the connect string and try to connect
@@ -116,6 +118,10 @@ void main(void)
 //	ssl_ctx = SSL_CTX_new(SSLv3_client_method());
 			

+	RAND_seed (seed, sizeof (seed));
+	Microseconds (&microTickCount);
+	RAND_add (&microTickCount, sizeof (microTickCount), 0);		// Entropy is actually > 0, needs an estimate
+
 	//	Create an SSL thingey and try to negotiate the connection
 	
 	ssl = SSL_new(ssl_ctx);
--- a/MacOS/OpenSSL.mcp.hqx
+++ b/MacOS/OpenSSL.mcp.hqx
--- a/MacOS/Randomizer.cpp
+++ b/MacOS/Randomizer.cpp
@@ -1,476 +0,0 @@
-/* 
------- Strong random data generation on a Macintosh (pre - OS X) ------
-		
--	GENERAL: We aim to generate unpredictable bits without explicit
-	user interaction. A general review of the problem may be found
-	in RFC 1750, "Randomness Recommendations for Security", and some
-	more discussion, of general and Mac-specific issues has appeared
-	in "Using and Creating Cryptographic- Quality Random Numbers" by
-	Jon Callas (www.merrymeet.com/jon/usingrandom.html).
-
-	The data and entropy estimates provided below are based on my
-	limited experimentation and estimates, rather than by any
-	rigorous study, and the entropy estimates tend to be optimistic.
-	They should not be considered absolute.
-
-	Some of the information being collected may be correlated in
-	subtle ways. That includes mouse positions, timings, and disk
-	size measurements. Some obvious correlations will be eliminated
-	by the programmer, but other, weaker ones may remain. The
-	reliability of the code depends on such correlations being
-	poorly understood, both by us and by potential interceptors.
-
-	This package has been planned to be used with OpenSSL, v. 0.9.5.
-	It requires the OpenSSL function RAND_add. 
-
--	OTHER WORK: Some source code and other details have been
-	published elsewhere, but I haven't found any to be satisfactory
-	for the Mac per se:
-
-	* The Linux random number generator (by Theodore Ts'o, in
-	  drivers/char/random.c), is a carefully designed open-source
-	  crypto random number package. It collects data from a variety
-	  of sources, including mouse, keyboard and other interrupts.
-	  One nice feature is that it explicitly estimates the entropy
-	  of the data it collects. Some of its features (e.g. interrupt
-	  timing) cannot be reliably exported to the Mac without using
-	  undocumented APIs.
-
-	* Truerand by Don P. Mitchell and Matt Blaze uses variations
-	  between different timing mechanisms on the same system. This
-	  has not been tested on the Mac, but requires preemptive
-	  multitasking, and is hardware-dependent, and can't be relied
-	  on to work well if only one oscillator is present.
-
-	* Cryptlib's RNG for the Mac (RNDMAC.C by Peter Gutmann),
-	  gathers a lot of information about the machine and system
-	  environment. Unfortunately, much of it is constant from one
-	  startup to the next. In other words, the random seed could be
-	  the same from one day to the next. Some of the APIs are
-	  hardware-dependent, and not all are compatible with Carbon (OS
-	  X). Incidentally, the EGD library is based on the UNIX entropy
-	  gathering methods in cryptlib, and isn't suitable for MacOS
-	  either.
-
-	* Mozilla (and perhaps earlier versions of Netscape) uses the
-	  time of day (in seconds) and an uninitialized local variable
-	  to seed the random number generator. The time of day is known
-	  to an outside interceptor (to within the accuracy of the
-	  system clock). The uninitialized variable could easily be
-	  identical between subsequent launches of an application, if it
-	  is reached through the same path.
-
-	* OpenSSL provides the function RAND_screen(), by G. van
-	  Oosten, which hashes the contents of the screen to generate a
-	  seed. This is not useful for an extension or for an
-	  application which launches at startup time, since the screen
-	  is likely to look identical from one launch to the next. This
-	  method is also rather slow.
-
-	* Using variations in disk drive seek times has been proposed
-	  (Davis, Ihaka and Fenstermacher, world.std.com/~dtd/;
-	  Jakobsson, Shriver, Hillyer and Juels,
-	  www.bell-labs.com/user/shriver/random.html). These variations
-	  appear to be due to air turbulence inside the disk drive
-	  mechanism, and are very strongly unpredictable. Unfortunately
-	  this technique is slow, and some implementations of it may be
-	  patented (see Shriver's page above.) It of course cannot be
-	  used with a RAM disk.
-
--	TIMING: On the 601 PowerPC the time base register is guaranteed
-	to change at least once every 10 addi instructions, i.e. 10
-	cycles. On a 60 MHz machine (slowest PowerPC) this translates to
-	a resolution of 1/6 usec. Newer machines seem to be using a 10
-	cycle resolution as well.
-	
-	For 68K Macs, the Microseconds() call may be used. See Develop
-	issue 29 on the Apple developer site
-	(developer.apple.com/dev/techsupport/develop/issue29/minow.html)
-	for information on its accuracy and resolution. The code below
-	has been tested only on PowerPC based machines.
-
-	The time from machine startup to the launch of an application in
-	the startup folder has a variance of about 1.6 msec on a new G4
-	machine with a defragmented and optimized disk, most extensions
-	off and no icons on the desktop. This can be reasonably taken as
-	a lower bound on the variance. Most of this variation is likely
-	due to disk seek time variability. The distribution of startup
-	times is probably not entirely even or uncorrelated. This needs
-	to be investigated, but I am guessing that it not a majpor
-	problem. Entropy = log2 (1600/0.166) ~= 13 bits on a 60 MHz
-	machine, ~16 bits for a 450 MHz machine.
-
-	User-launched application startup times will have a variance of
-	a second or more relative to machine startup time. Entropy >~22
-	bits.
-
-	Machine startup time is available with a 1-second resolution. It
-	is predictable to no better a minute or two, in the case of
-	people who show up punctually to work at the same time and
-	immediately start their computer. Using the scheduled startup
-	feature (when available) will cause the machine to start up at
-	the same time every day, making the value predictable. Entropy
-	>~7 bits, or 0 bits with scheduled startup.
-
-	The time of day is of course known to an outsider and thus has 0
-	entropy if the system clock is regularly calibrated.
-
--	KEY TIMING: A  very fast typist (120 wpm) will have a typical
-	inter-key timing interval of 100 msec. We can assume a variance
-	of no less than 2 msec -- maybe. Do good typists have a constant
-	rhythm, like drummers? Since what we measure is not the
-	key-generated interrupt but the time at which the key event was
-	taken off the event queue, our resolution is roughly the time
-	between process switches, at best 1 tick (17 msec). I  therefore
-	consider this technique questionable and not very useful for
-	obtaining high entropy data on the Mac.
-
--	MOUSE POSITION AND TIMING: The high bits of the mouse position
-	are far from arbitrary, since the mouse tends to stay in a few
-	limited areas of the screen. I am guessing that the position of
-	the mouse is arbitrary within a 6 pixel square. Since the mouse
-	stays still for long periods of time, it should be sampled only
-	after it was moved, to avoid correlated data. This gives an
-	entropy of log2(6*6) ~= 5 bits per measurement.
-
-	The time during which the mouse stays still can vary from zero
-	to, say, 5 seconds (occasionally longer). If the still time is
-	measured by sampling the mouse during null events, and null
-	events are received once per tick, its resolution is 1/60th of a
-	second, giving an entropy of log2 (60*5) ~= 8 bits per
-	measurement. Since the distribution of still times is uneven,
-	this estimate is on the high side.
-
-	For simplicity and compatibility across system versions, the
-	mouse is to be sampled explicitly (e.g. in the event loop),
-	rather than in a time manager task.
-
--	STARTUP DISK TOTAL FILE SIZE: Varies typically by at least 20k
-	from one startup to the next, with 'minimal' computer use. Won't
-	vary at all if machine is started again immediately after
-	startup (unless virtual memory is on), but any application which
-	uses the web and caches information to disk is likely to cause
-	this much variation or more. The variation is probably not
-	random, but I don't know in what way. File sizes tend to be
-	divisible by 4 bytes since file format fields are often
-	long-aligned. Entropy > log2 (20000/4) ~= 12 bits.
-	
--	STARTUP DISK FIRST AVAILABLE ALLOCATION BLOCK: As the volume
-	gets fragmented this could be anywhere in principle. In a
-	perfectly unfragmented volume this will be strongly correlated
-	with the total file size on the disk. With more fragmentation
-	comes less certainty. I took the variation in this value to be
-	1/8 of the total file size on the volume.
-
--	SYSTEM REQUIREMENTS: The code here requires System 7.0 and above
-	(for Gestalt and Microseconds calls). All the calls used are
-	Carbon-compatible.
-*/
-
-/*------------------------------ Includes ----------------------------*/
-
-#include "Randomizer.h"
-
-// Mac OS API
-#include <Files.h>
-#include <Folders.h>
-#include <Events.h>
-#include <Processes.h>
-#include <Gestalt.h>
-#include <Resources.h>
-#include <LowMem.h>
-
-// Standard C library
-#include <stdlib.h>
-#include <math.h>
-
-/*---------------------- Function declarations -----------------------*/
-
-// declared in OpenSSL/crypto/rand/rand.h
-extern "C" void RAND_add (const void *buf, int num, double entropy);
-
-unsigned long GetPPCTimer (bool is601);	// Make it global if needed
-					// elsewhere
-
-/*---------------------------- Constants -----------------------------*/
-
-#define kMouseResolution 6		// Mouse position has to differ
-					// from the last one by this
-					// much to be entered
-#define kMousePositionEntropy 5.16	// log2 (kMouseResolution**2)
-#define kTypicalMouseIdleTicks 300.0	// I am guessing that a typical
-					// amount of time between mouse
-					// moves is 5 seconds
-#define kVolumeBytesEntropy 12.0	// about log2 (20000/4),
-					// assuming a variation of 20K
-					// in total file size and
-					// long-aligned file formats.
-#define kApplicationUpTimeEntropy 6.0	// Variance > 1 second, uptime
-					// in ticks  
-#define kSysStartupEntropy 7.0		// Entropy for machine startup
-					// time
-
-
-/*------------------------ Function definitions ----------------------*/
-
-CRandomizer::CRandomizer (void)
-{
-	long	result;
-	
-	mSupportsLargeVolumes =
-		(Gestalt(gestaltFSAttr, &result) == noErr) &&
-		((result & (1L << gestaltFSSupports2TBVols)) != 0);
-	
-	if (Gestalt (gestaltNativeCPUtype, &result) != noErr)
-	{
-		mIsPowerPC = false;
-		mIs601 = false;
-	}
-	else
-	{
-		mIs601 = (result == gestaltCPU601);
-		mIsPowerPC = (result >= gestaltCPU601);
-	}
-	mLastMouse.h = mLastMouse.v = -10;	// First mouse will
-						// always be recorded
-	mLastPeriodicTicks = TickCount();
-	GetTimeBaseResolution ();
-	
-	// Add initial entropy
-	AddTimeSinceMachineStartup ();
-	AddAbsoluteSystemStartupTime ();
-	AddStartupVolumeInfo ();
-	AddFiller ();
-}
-
-void CRandomizer::PeriodicAction (void)
-{
-	AddCurrentMouse ();
-	AddNow (0.0);	// Should have a better entropy estimate here
-	mLastPeriodicTicks = TickCount();
-}
-
-/*------------------------- Private Methods --------------------------*/
-
-void CRandomizer::AddCurrentMouse (void)
-{
-	Point mouseLoc;
-	unsigned long lastCheck;	// Ticks since mouse was last
-					// sampled
-
-#if TARGET_API_MAC_CARBON
-	GetGlobalMouse (&mouseLoc);
-#else
-	mouseLoc = LMGetMouseLocation();
-#endif
-	
-	if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
-	    labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
-		AddBytes (&mouseLoc, sizeof (mouseLoc),
-				kMousePositionEntropy);
-	
-	if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
-		mMouseStill ++;
-	else
-	{
-		double entropy;
-		
-		// Mouse has moved. Add the number of measurements for
-		// which it's been still. If the resolution is too
-		// coarse, assume the entropy is 0.
-
-		lastCheck = TickCount() - mLastPeriodicTicks;
-		if (lastCheck <= 0)
-			lastCheck = 1;
-		entropy = log2l
-			(kTypicalMouseIdleTicks/(double)lastCheck);
-		if (entropy < 0.0)
-			entropy = 0.0;
-		AddBytes (&mMouseStill, sizeof (mMouseStill), entropy);
-		mMouseStill = 0;
-	}
-	mLastMouse = mouseLoc;
-}
-
-void CRandomizer::AddAbsoluteSystemStartupTime (void)
-{
-	unsigned long	now;		// Time in seconds since
-					// 1/1/1904
-	GetDateTime (&now);
-	now -= TickCount() / 60;	// Time in ticks since machine
-					// startup
-	AddBytes (&now, sizeof (now), kSysStartupEntropy);
-}
-
-void CRandomizer::AddTimeSinceMachineStartup (void)
-{
-	AddNow (1.5);			// Uncertainty in app startup
-					// time is > 1.5 msec (for
-					// automated app startup).
-}
-
-void CRandomizer::AddAppRunningTime (void)
-{
-	ProcessSerialNumber PSN;
-	ProcessInfoRec		ProcessInfo;
-	
-	ProcessInfo.processInfoLength = sizeof (ProcessInfoRec);
-	ProcessInfo.processName = nil;
-	ProcessInfo.processAppSpec = nil;
-	
-	GetCurrentProcess (&PSN);
-	GetProcessInformation (&PSN, &ProcessInfo);
-
-	// Now add the amount of time in ticks that the current process
-	// has been active
-
-	AddBytes (&ProcessInfo, sizeof (ProcessInfoRec),
-			kApplicationUpTimeEntropy);
-}
-
-void CRandomizer::AddStartupVolumeInfo (void)
-{
-	short			vRefNum;
-	long			dirID;
-	XVolumeParam	pb;
-	OSErr			err;
-	
-	if (!mSupportsLargeVolumes)
-		return;
-		
-	FindFolder (kOnSystemDisk, kSystemFolderType, kDontCreateFolder,
-			&vRefNum, &dirID);
-	pb.ioVRefNum = vRefNum;
-	pb.ioCompletion = 0;
-	pb.ioNamePtr = 0;
-	pb.ioVolIndex = 0;
-	err = PBXGetVolInfoSync (&pb);
-	if (err != noErr)
-		return;
-		
-	// Base the entropy on the amount of space used on the disk and
-	// on the next available allocation block. A lot else might be
-	// unpredictable, so might as well toss the whole block in. See
-	// comments for entropy estimate justifications.
-
-	AddBytes (&pb, sizeof (pb),
-		kVolumeBytesEntropy +
-		log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
-				* 4294967296.0D +
-			(pb.ioVTotalBytes.lo - pb.ioVFreeBytes.lo))
-				/ pb.ioVAlBlkSiz - 3.0));
-}
-
-/*
-	On a typical startup CRandomizer will come up with about 60
-	bits of good, unpredictable data. Assuming no more input will
-	be available, we'll need some more lower-quality data to give
-	OpenSSL the 128 bits of entropy it desires. AddFiller adds some
-	relatively predictable data into the soup.
-*/
-
-void CRandomizer::AddFiller (void)
-{
-	struct
-	{
-		ProcessSerialNumber psn;	// Front process serial
-						// number
-		RGBColor	hiliteRGBValue;	// User-selected
-						// highlight color
-		long		processCount;	// Number of active
-						// processes
-		long		cpuSpeed;	// Processor speed
-		long		totalMemory;	// Total logical memory
-						// (incl. virtual one)
-		long		systemVersion;	// OS version
-		short		resFile;	// Current resource file
-	} data;
-	
-	GetNextProcess ((ProcessSerialNumber*) kNoProcess);
-	while (GetNextProcess (&data.psn) == noErr)
-		data.processCount++;
-	GetFrontProcess (&data.psn);
-	LMGetHiliteRGB (&data.hiliteRGBValue);
-	Gestalt (gestaltProcClkSpeed, &data.cpuSpeed);
-	Gestalt (gestaltLogicalRAMSize, &data.totalMemory);
-	Gestalt (gestaltSystemVersion, &data.systemVersion);
-	data.resFile = CurResFile ();
-	
-	// Here we pretend to feed the PRNG completely random data. This
-	// is of course false, as much of the above data is predictable
-	// by an outsider. At this point we don't have any more
-	// randomness to add, but with OpenSSL we must have a 128 bit
-	// seed before we can start. We just add what we can, without a
-	// real entropy estimate, and hope for the best.
-
-	AddBytes (&data, sizeof(data), 8.0 * sizeof(data));
-	AddCurrentMouse ();
-	AddNow (1.0);
-}
-
-//-------------------  LOW LEVEL ---------------------
-
-void CRandomizer::AddBytes (void *data, long size, double entropy)
-{
-	RAND_add (data, size, entropy * 0.125);	// Convert entropy bits
-						// to bytes
-}
-
-void CRandomizer::AddNow (double millisecondUncertainty)
-{
-	long time = SysTimer();
-	AddBytes (&time, sizeof (time), log2l (millisecondUncertainty *
-			mTimebaseTicksPerMillisec));
-}
-
-//----------------- TIMING SUPPORT ------------------
-
-void CRandomizer::GetTimeBaseResolution (void)
-{	
-#ifdef __powerc
-	long speed;
-	
-	// gestaltProcClkSpeed available on System 7.5.2 and above
-	if (Gestalt (gestaltProcClkSpeed, &speed) != noErr)
-		// Only PowerPCs running pre-7.5.2 are 60-80 MHz
-		// machines.
-		mTimebaseTicksPerMillisec =  6000.0D;
-	// Assume 10 cycles per clock update, as in 601 spec. Seems true
-	// for later chips as well.
-	mTimebaseTicksPerMillisec = speed / 1.0e4D;
-#else
-	// 68K VIA-based machines (see Develop Magazine no. 29)
-	mTimebaseTicksPerMillisec = 783.360D;
-#endif
-}
-
-unsigned long CRandomizer::SysTimer (void)	// returns the lower 32
-						// bit of the chip timer
-{
-#ifdef __powerc
-	return GetPPCTimer (mIs601);
-#else
-	UnsignedWide usec;
-	Microseconds (&usec);
-	return usec.lo;
-#endif
-}
-
-#ifdef __powerc
-// The timebase is available through mfspr on 601, mftb on later chips.
-// Motorola recommends that an 601 implementation map mftb to mfspr
-// through an exception, but I haven't tested to see if MacOS actually
-// does this. We only sample the lower 32 bits of the timer (i.e. a
-// few minutes of resolution)
-
-asm unsigned long GetPPCTimer (register bool is601)
-{
-	cmplwi	is601, 0	// Check if 601
-	bne	_601		// if non-zero goto _601
-	mftb  	r3		// Available on 603 and later.
-	blr			// return with result in r3
-_601:
-	mfspr r3, spr5  	// Available on 601 only.
-				// blr inserted automatically
-}
-#endif
--- a/MacOS/Randomizer.h
+++ b/MacOS/Randomizer.h
@@ -1,43 +0,0 @@
-
-//	Gathers unpredictable system data to be used for generating
-//	random bits
-
-#include <MacTypes.h>
-
-class CRandomizer
-{
-public:
-	CRandomizer (void);
-	void PeriodicAction (void);
-	
-private:
-
-	// Private calls
-
-	void		AddTimeSinceMachineStartup (void);
-	void		AddAbsoluteSystemStartupTime (void);
-	void		AddAppRunningTime (void);
-	void		AddStartupVolumeInfo (void);
-	void		AddFiller (void);
-
-	void		AddCurrentMouse (void);
-	void		AddNow (double millisecondUncertainty);
-	void		AddBytes (void *data, long size, double entropy);
-	
-	void		GetTimeBaseResolution (void);
-	unsigned long	SysTimer (void);
-
-	// System Info	
-	bool		mSupportsLargeVolumes;
-	bool		mIsPowerPC;
-	bool		mIs601;
-	
-	// Time info
-	double		mTimebaseTicksPerMillisec;
-	unsigned long	mLastPeriodicTicks;
-	
-	// Mouse info
-	long		mSamplePeriod;
-	Point		mLastMouse;
-	long		mMouseStill;
-};
--- a/Makefile.org
+++ b/Makefile.org
@@ -5,16 +5,8 @@
 VERSION=
 MAJOR=
 MINOR=
-SHLIB_VERSION_NUMBER=
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=
-SHLIB_MINOR=
-SHLIB_EXT=
 PLATFORM=dist
 OPTIONS=
-CONFIGURE_ARGS=
-SHLIB_TARGET=
-
 # INSTALL_PREFIX is for package builders so that they can configure
 # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
 # Normally it is left empty.
@@ -36,6 +28,8 @@ OPENSSLDIR=/usr/local/ssl
 # DEVRANDOM - Give this the value of the 'random device' if your OS supports
 #           one.  32 bytes will be read from this when the random
 #           number generator is initalised.
+# SSL_ALLOW_ADH - define if you want the server to be able to use the
+#           SSLv3 anon-DH ciphers.
 # SSL_FORBID_ENULL - define if you want the server to be not able to use the
 #           NULL encryption ciphers.
 #
@@ -57,14 +51,13 @@ CC= gcc
 #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 DEPFLAG= 
-PEX_LIBS= 
+PEX_LIBS= -L. -L.. -L../.. -L../../..
 EX_LIBS= 
-EXE_EXT= 
 AR=ar r
 RANLIB= ranlib
 PERL= perl
 TAR= tar
-TARFLAGS= --no-recursion
+TARFLAGS= --norecurse

 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
@@ -151,18 +144,14 @@ RMD160_ASM_OBJ= asm/rm86-out.o
 #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi

-# When we're prepared to use shared libraries in the programs we link here
-# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
-SHLIB_MARK=
-
-DIRS=   crypto ssl rsaref $(SHLIB_MARK) apps test tools
+DIRS=   crypto ssl rsaref apps test tools
 SHLIBDIRS= crypto ssl

 # dirs in crypto to build
 SDIRS=  \
-	md2 md4 md5 sha mdc2 hmac ripemd \
+	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso engine \
+	bn rsa dsa dh \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

@@ -178,12 +167,7 @@ TOP=    .
 ONEDIRS=out tmp
 EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
 WDIRS=  windows
-LIBS=   libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
+LIBS=   libcrypto.a libssl.a 

 GENERAL=        Makefile
 BASENAME=       openssl
@@ -193,291 +177,38 @@ WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os.h e_os2.h
 HEADER=         e_os.h

-# When we're prepared to use shared libraries in the programs we link here
-# we might remove 'clean-shared' from the targets to perform at this stage
-
-all: clean-shared Makefile.ssl sub_all
+all: Makefile.ssl
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making all in $$i..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+	done
+	-@# cd crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
+	-@# cd perl; $(PERL) Makefile.PL; make

 sub_all:
-	@for i in $(DIRS); \
+	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
-	else \
-		$(MAKE) $$i; \
-	fi; \
-	done; \
-	if echo "$(DIRS)" | \
-	    egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \
-	   [ -n "$(SHARED_LIBS)" ]; then \
-		$(MAKE) $(SHARED_LIBS); \
-	fi
+	(cd $$i && echo "making all in $$i..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+	done;

-libcrypto$(SHLIB_EXT): libcrypto.a
-	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=crypto build-shared; \
-	else \
-		echo "There's no support for shared libraries on this platform" >&2; \
-	fi
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
-	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-	else \
-		echo "There's no support for shared libraries on this platform" >&2; \
-	fi
-
-clean-shared:
-	@for i in $(SHLIBDIRS); do \
-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
-			for j in $${tmp:-x}; do \
-				( set -x; rm -f lib$$i$$j ); \
-			done; \
-		fi; \
-		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
-		if [ "$(PLATFORM)" = "Cygwin" ]; then \
-			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
-		fi; \
-	done
-
-link-shared:
-	@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
-		tmp="$(SHARED_LIBS_LINK_EXTS)"; \
-		for i in $(SHLIBDIRS); do \
-			prev=lib$$i$(SHLIB_EXT); \
-			for j in $${tmp:-x}; do \
-				( set -x; \
-				rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
-				prev=lib$$i$$j; \
-			done; \
-		done; \
-	fi
-
-build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
-
-do_bsd-gcc-shared: do_gnu-shared
-do_linux-shared: do_gnu-shared
-do_gnu-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC} ${SHARED_LDFLAGS} \
-		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Wl,-Bsymbolic \
+linux-shared:
+	for i in ${SHLIBDIRS}; do \
+	rm -f lib$$i.a lib$$i.so \
+		lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
+	${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
+	( set -x; ${CC}  -shared -o lib$$i.so.${MAJOR}.${MINOR} \
+		-Wl,-S,-soname=lib$$i.so.${MAJOR} \
 		-Wl,--whole-archive lib$$i.a \
-		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -l$$i"; \
-	done
-
-DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
-	collect2=`gcc -print-prog-name=collect2 2>&1` && \
-	[ -n "$$collect2" ] && \
-	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
-	[ -n "$$my_ld" ] && \
-	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
-
-# For Darwin AKA Mac OS/X (dyld)
-do_darwin-shared: 
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
-		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
-		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
-	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
-	echo "" ; \
-	done
-
-do_cygwin-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC}  -shared -o cyg$$i.dll \
-		-Wl,-Bsymbolic \
-		-Wl,--whole-archive lib$$i.a \
-		-Wl,--out-implib,lib$$i.dll.a \
-		-Wl,--no-whole-archive $$libs ) || exit 1; \
-	libs="$$libs -l$$i"; \
-	done
-
-# This assumes that GNU utilities are *not* used
-do_alpha-osf1-shared:
-	if ${DETECT_GNU_LD}; then \
-		$(MAKE) do_gnu-shared; \
-	else \
-		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		( set -x; ${CC} ${SHARED_LDFLAGS} \
-			-shared -o lib$$i.so \
-			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
-		libs="$$libs -l$$i"; \
-		done; \
-	fi
-
-# This assumes that GNU utilities are *not* used
-# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
-# option passed to the linker.
-do_tru64-shared:
-	if ${DETECT_GNU_LD}; then \
-		$(MAKE) do_gnu-shared; \
-	else \
-		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		( set -x; ${CC} ${SHARED_LDFLAGS} \
-			-shared -msym -o lib$$i.so \
-			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
-		libs="$$libs -l$$i"; \
-		done; \
-	fi
-
-# This assumes that GNU utilities are *not* used
-# The difference between tru64-shared and tru64-shared-rpath is the
-# -rpath ${INSTALLTOP}/lib passed to the linker.
-do_tru64-shared-rpath:
-	if ${DETECT_GNU_LD}; then \
-		$(MAKE) do_gnu-shared; \
-	else \
-		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		( set -x; ${CC} ${SHARED_LDFLAGS} \
-			-shared -msym -o lib$$i.so \
-			-rpath  ${INSTALLTOP}/lib \
-			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
-		libs="$$libs -l$$i"; \
-		done; \
-	fi
-
-
-# This assumes that GNU utilities are *not* used
-do_solaris-shared:
-	if ${DETECT_GNU_LD}; then \
-		$(MAKE) do_gnu-shared; \
-	else \
-		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
-			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-		libs="$$libs -l$$i"; \
-		done; \
-	fi
-
-# OpenServer 5 native compilers used
-do_svr3-shared:
-	if ${DETECT_GNU_LD}; then \
-		$(MAKE) do_gnu-shared; \
-	else \
-		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
-		  find . -name "*.o" -print > allobjs ; \
-		  OBJS= ; export OBJS ; \
-		  for obj in `ar t lib$$i.a` ; do \
-		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
-		  done ; \
-		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
-		libs="$$libs -l$$i"; \
-		done; \
-	fi
-
-# UnixWare 7 and OpenUNIX 8 native compilers used
-do_svr5-shared:
-	if ${DETECT_GNU_LD}; then \
-		$(MAKE) do_gnu-shared; \
-	else \
-		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
-		  find . -name "*.o" -print > allobjs ; \
-		  OBJS= ; export OBJS ; \
-		  for obj in `ar t lib$$i.a` ; do \
-		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
-		  done ; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
-			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
-		libs="$$libs -l$$i"; \
-		done; \
-	fi
-
-# This assumes that GNU utilities are *not* used
-do_irix-shared:
-	if ${DETECT_GNU_LD}; then \
-		$(MAKE) do_gnu-shared; \
-	else \
-		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-		( set -x; ${CC} ${SHARED_LDFLAGS} \
-			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
-		libs="$$libs -l$$i"; \
-		done; \
-	fi
-
-# This assumes that GNU utilities are *not* used
-do_hpux-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-		+vnocompatwarnings \
-		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
-	libs="$$libs -L. -l$$i"; \
-	done
-
-# This assumes that GNU utilities are *not* used
-do_hpux64-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
-	libs="$$libs -L. -l$$i"; \
-	done
-
-# The following method is said to work on all platforms.  Tests will
-# determine if that's how it's gong to be used.
-# This assumes that for all but GNU systems, GNU utilities are *not* used.
-# ALLSYMSFLAGS would be:
-#  GNU systems: --whole-archive
-#  Tru64 Unix:  -all
-#  Solaris:     -z allextract
-#  Irix:        -all
-#  HP/UX-32bit: -Fl
-#  HP/UX-64bit: +forceload
-#  AIX:		-bnogc
-# SHAREDFLAGS would be:
-#  GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
-#  Tru64 Unix:  -shared \
-#		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
-#  Solaris:     -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
-#  Irix:        -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
-#  HP/UX-32bit: +vnocompatwarnings -b -z +s \
-#		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
-#  HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
-#  AIX:		-G -bE:lib$$i.exp -bM:SRE
-# SHAREDCMD would be:
-#  GNU systems: $(CC)
-#  Tru64 Unix:  $(CC)
-#  Solaris:     $(CC)
-#  Irix:        $(CC)
-#  HP/UX-32bit: /usr/ccs/bin/ld
-#  HP/UX-64bit: /usr/ccs/bin/ld
-#  AIX:		$(CC)
-ALLSYMSFLAG=-bnogc
-SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
-SHAREDCMD=$(CC)
-do_aix-shared:
-	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; \
-	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
-	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
-	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
-		$$libs ${EX_LIBS} ) ) \
-	|| exit 1; \
-	libs="$$libs -l$$i"; \
-	done
+		-Wl,--no-whole-archive -lc ) || exit 1; \
+	rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
+	done;
+	@set -x; \
+	for i in ${SHLIBDIRS}; do \
+	ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
+	ln -s lib$$i.so.${MAJOR} lib$$i.so; \
+	done;

 Makefile.ssl: Makefile.org
 	@echo "Makefile.ssl is older than Makefile.org."
@@ -491,11 +222,9 @@ clean:
 	rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making clean in $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
-		rm -f $(LIBS); \
-	fi; \
+	(cd $$i && echo "making clean in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
+	rm -f $(LIBS); \
 	done;
 	rm -f *.a *.o speed.* *.map *.so .pure core
 	rm -f $(TARFILE)
@@ -512,10 +241,8 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making 'files' in $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
-	fi; \
+	(cd $$i && echo "making 'files' in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
 	done;

 links:
@@ -523,32 +250,28 @@ links:
 	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
 	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
 	@for i in $(DIRS); do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making links in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
-	fi; \
+	(cd $$i && echo "making links in $$i..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
 	done;

 dclean:
 	rm -f *.bak
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making dclean in $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
-	fi; \
+	(cd $$i && echo "making dclean in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
 	done;

 rehash: rehash.time
 rehash.time: certs
-	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
+	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
 	touch rehash.time

 test:   tests

 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
 	@apps/openssl version -a

 report:
@@ -557,73 +280,56 @@ report:
 depend:
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making dependencies $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
-	fi; \
+	(cd $$i && echo "making dependencies $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
 	done;

 lint:
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making lint $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
-	fi; \
+	(cd $$i && echo "making lint $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
 	done;

 tags:
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making tags $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
-	fi; \
+	(cd $$i && echo "making tags $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
 	done;

 errors:
-	$(PERL) util/mkerr.pl -recurse -write
-
-stacks:
-	$(PERL) util/mkstack.pl -write
+	perl util/mkerr.pl -recurse -write

 util/libeay.num::
-	$(PERL) util/mkdef.pl crypto update
+	perl util/mkdef.pl crypto update

 util/ssleay.num::
-	$(PERL) util/mkdef.pl ssl update
+	perl util/mkdef.pl ssl update

-crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
-	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
-	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+crypto/objects/obj_dat.h: crypto/objects/objects.h crypto/objects/obj_dat.pl
+	perl crypto/objects/obj_dat.pl crypto/objects/objects.h crypto/objects/obj_dat.h

 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
-	$(PERL) Configure TABLE) > TABLE
+	perl Configure TABLE) > TABLE

-update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
+update: depend errors util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE

-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
 tar:
-	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
-	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+	@$(TAR) $(TARFLAGS) -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\
 	gzip --best >../$(TARFILE).gz; \
-	rm -f ../$(TARFILE).list; \
 	ls -l ../$(TARFILE).gz

 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+	@$(MAKE) tar

 dist_pem_h:
 	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
@@ -643,43 +349,16 @@ install: all install_docs
 	done;
 	@for i in $(DIRS) ;\
 	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i; echo "installing $$i..."; \
-		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
-	fi; \
+	(cd $$i; echo "installing $$i..."; \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
 	done
 	@for i in $(LIBS) ;\
 	do \
-		if [ -f "$$i" ]; then \
-		(       echo installing $$i; \
-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
-		fi; \
+	(       echo installing $$i; \
+		cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+		$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+		chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 	done
-	@if [ -n "$(SHARED_LIBS)" ]; then \
-		tmp="$(SHARED_LIBS)"; \
-		for i in $${tmp:-x}; \
-		do \
-			if [ -f "$$i" -o -f "$$i.a" ]; then \
-			(       echo installing $$i; \
-				if [ "$(PLATFORM)" != "Cygwin" ]; then \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
-				else \
-					c=`echo $$i | sed 's/^lib/cyg/'`; \
-					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
-				fi ); \
-			fi; \
-		done; \
-		(	here="`pwd`"; \
-			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			set $(MAKE); \
-			$$1 -f $$here/Makefile link-shared ); \
-	fi

 install_docs:
 	@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -687,26 +366,23 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
-	@pod2man=`cd util; ./pod2mantest ignore`; \
-	for i in doc/apps/*.pod; do \
+	@echo installing man 1 and man 5
+	@for i in doc/apps/*.pod; do \
+		(cd `dirname $$i`; \
 		fn=`basename $$i .pod`; \
-		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
-		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$(PERL) $$pod2man \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
-	done; \
-	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
+		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+			 --release=$(VERSION) `basename $$i` \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \
+	done
+	@echo installing man 3 and man 7
+	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+		(cd `dirname $$i`; \
 		fn=`basename $$i .pod`; \
-		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
-		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$(PERL) $$pod2man \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
+		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i` \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \
 	done

 # DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/97
+++ b/97
@@ -5,103 +5,6 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
-
-      o Important building fixes on Unix.
-
-  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
-
-      o Various important bugfixes.
-
-  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
-
-      o Important security related bugfixes.
-      o Various SSL/TLS library bugfixes.
-
-  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
-
-      o Various SSL/TLS library bugfixes.
-      o Fix DH parameter generation for 'non-standard' generators.
-
-  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
-
-      o Various SSL/TLS library bugfixes.
-      o BIGNUM library fixes.
-      o RSA OAEP and random number generation fixes.
-      o Object identifiers corrected and added.
-      o Add assembler BN routines for IA64.
-      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
-        MIPS Linux; shared library support for Irix, HP-UX.
-      o Add crypto accelerator support for AEP, Baltimore SureWare,
-        Broadcom and Cryptographic Appliance's keyserver
-        [in 0.9.6c-engine release].
-
-  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
-
-      o Security fix: PRNG improvements.
-      o Security fix: RSA OAEP check.
-      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
-        attack.
-      o MIPS bug fix in BIGNUM.
-      o Bug fix in "openssl enc".
-      o Bug fix in X.509 printing routine.
-      o Bug fix in DSA verification routine and DSA S/MIME verification.
-      o Bug fix to make PRNG thread-safe.
-      o Bug fix in RAND_file_name().
-      o Bug fix in compatibility mode trust settings.
-      o Bug fix in blowfish EVP.
-      o Increase default size for BIO buffering filter.
-      o Compatibility fixes in some scripts.
-
-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
-
-      o Security fix: change behavior of OpenSSL to avoid using
-        environment variables when running as root.
-      o Security fix: check the result of RSA-CRT to reduce the
-        possibility of deducing the private key from an incorrectly
-        calculated signature.
-      o Security fix: prevent Bleichenbacher's DSA attack.
-      o Security fix: Zero the premaster secret after deriving the
-        master secret in DH ciphersuites.
-      o Reimplement SSL_peek(), which had various problems.
-      o Compatibility fix: the function des_encrypt() renamed to
-        des_encrypt1() to avoid clashes with some Unixen libc.
-      o Bug fixes for Win32, HP/UX and Irix.
-      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
-        memory checking routines.
-      o Bug fixes for RSA operations in threaded environments.
-      o Bug fixes in misc. openssl applications.
-      o Remove a few potential memory leaks.
-      o Add tighter checks of BIGNUM routines.
-      o Shared library support has been reworked for generality.
-      o More documentation.
-      o New function BN_rand_range().
-      o Add "-rand" option to openssl s_client and s_server.
-
-  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
-
-      o Some documentation for BIO and SSL libraries.
-      o Enhanced chain verification using key identifiers.
-      o New sign and verify options to 'dgst' application.
-      o Support for DER and PEM encoded messages in 'smime' application.
-      o New 'rsautl' application, low level RSA utility.
-      o MD4 now included.
-      o Bugfix for SSL rollback padding check.
-      o Support for external crypto devices [1].
-      o Enhanced EVP interface.
-
-    [1] The support for external crypto devices is currently a separate
-        distribution.  See the file README.ENGINE.
-
-  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
-
-      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
-      o Shared library support for HPUX and Solaris-gcc
-      o Support of Linux/IA64
-      o Assembler support for Mingw32
-      o New 'rand' application
-      o New way to check for existence of algorithms from scripts
-
  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:

      o S/MIME support in new 'smime' command
--- a/42
+++ b/42
@@ -1,42 +0,0 @@
-* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
-[NOTE: This is currently undergoing tests, and may be removed soon]
-
-This is really a misfeature in ld, which seems to look for .dylib libraries
-along the whole library path before it bothers looking for .a libraries.  This
-means that -L switches won't matter unless OpenSSL is built with shared
-library support.
-
-The workaround may be to change the following lines in apps/Makefile.ssl and
-test/Makefile.ssl:
-
-  LIBCRYPTO=-L.. -lcrypto
-  LIBSSL=-L.. -lssl
-
-to:
-
-  LIBCRYPTO=../libcrypto.a
-  LIBSSL=../libssl.a
-
-It's possible that something similar is needed for shared library support
-as well.  That hasn't been well tested yet.
-
-
-Another solution that many seem to recommend is to move the libraries
-/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
-directory, build and install OpenSSL and anything that depends on your
-build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
-original places.  Note that the version numbers on those two libraries
-may differ on your machine.
-
-
-As long as Apple doesn't fix the problem with ld, this problem building
-OpenSSL will remain as is.
-
-
-* Parallell make leads to errors
-
-While running tests, running a parallell make is a bad idea.  Many test
-scripts use the same name for output and input files, which means different
-will interfere with each other and lead to test failure.
-
-The solution is simple for now: don't run parallell make when testing.
--- a/57
+++ b/57
@@ -1,7 +1,7 @@

- OpenSSL 0.9.6g [engine] 9 August 2002
+ OpenSSL 0.9.5  28 Feb 2000

- Copyright (c) 1998-2002 The OpenSSL Project
+ Copyright (c) 1998-2000 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.

@@ -11,10 +11,9 @@
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
 Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
- protocols as well as a full-strength general purpose cryptography library.
- The project is managed by a worldwide community of volunteers that use the
- Internet to communicate, plan, and develop the OpenSSL toolkit and its
- related documentation. 
+ protocols with full-strength cryptography world-wide. The project is managed
+ by a worldwide community of volunteers that use the Internet to communicate,
+ plan, and develop the OpenSSL toolkit and its related documentation. 

 OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
 and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
@@ -62,7 +61,7 @@

     X.509v3 certificates
        X509 encoding/decoding into/from binary ASN1 and a PEM
-             based ASCII-binary encoding which supports encryption with a
+             based ascii-binary encoding which supports encryption with a
             private key.  Program to generate RSA and DSA certificate
             requests and to generate RSA and DSA certificates.

@@ -97,18 +96,19 @@
 locations around the world. _YOU_ are responsible for ensuring that your use
 of any algorithms is legal by checking if there are any patents in your
 country.  The file contains some of the patents that we know about or are
- rumored to exist. This is not a definitive list.
+ rumoured to exist. This is not a definitive list.

- RSA Security holds software patents on the RC5 algorithm.  If you
- intend to use this cipher, you must contact RSA Security for
- licensing conditions. Their web page is http://www.rsasecurity.com/.
+ RSA Data Security holds software patents on the RSA and RC5 algorithms.  If
+ their ciphers are used used inside the USA (and Japan?), you must contact RSA
+ Data Security for licensing conditions. Their web page is
+ http://www.rsa.com/.

- RC4 is a trademark of RSA Security, so use of this label should perhaps
- only be used with RSA Security's permission. 
+ RC4 is a trademark of RSA Data Security, so use of this label should perhaps
+ only be used with RSA Data Security's permission. 

 The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
- Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They
- should be contacted if that algorithm is to be used; their web page is
+ Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They should
+ be contacted if that algorithm is to be used, their web page is
 http://www.ascom.ch/.

 INSTALLATION
@@ -118,16 +118,12 @@
 a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read
 INSTALL.VMS.

+ For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
+ public key library, RSAREF, by configuring OpenSSL with the option "rsaref".
+
 Read the documentation in the doc/ directory.  It is quite rough, but it
- lists the functions; you will probably have to look at the code to work out
- how to use them. Look at the example programs.
-
- PROBLEMS
- --------
-
- For some platforms, there are some known problems that may affect the user
- or application author.  We try to collect those in doc/PROBLEMS, with current
- thoughts on how they should be solved in a future of OpenSSL.
+ lists the functions, you will probably have to look at the code to work out
+ how to used them. Look at the example programs.

 SUPPORT 
 -------
@@ -153,13 +149,11 @@
    - Problem Description (steps that will reproduce the problem, if known)
    - Stack Traceback (if the application dumps core)

- Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/rt2.html) by mail to:
+ Report the bug to the OpenSSL project at:

    openssl-bugs@openssl.org

- Note that mail to openssl-bugs@openssl.org is recorded in the publicly
- readable request tracker database and is forwarded to a public
+ Note that mail to openssl-bugs@openssl.org is forwarded to a public
 mailing list. Confidential mail may be sent to openssl-security@openssl.org
 (PGP key available from the key servers).

@@ -172,11 +166,6 @@
 the string "[PATCH]" in the subject. Please be sure to include a
 textual explanation of what your patch does.

- Note: For legal reasons, contributions from the US can be accepted only
- if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
- see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
- and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
-
 The preferred format for changes is "diff -u" output. You might
 generate it like this:

@@ -184,4 +173,4 @@
 # [your changes]
 # ./Configure dist; make clean
 # cd ..
- # diff -ur openssl-orig openssl-work > mydiffs.patch
+ # diff -urN openssl-orig openssl-work > mydiffs.patch
--- a/README.ENGINE
+++ b/README.ENGINE
@@ -1,63 +0,0 @@
-
-  ENGINE
-  ======
-
-  With OpenSSL 0.9.6, a new component has been added to support external 
-  crypto devices, for example accelerator cards.  The component is called
-  ENGINE, and has still a pretty experimental status and almost no
-  documentation.  It's designed to be fairly easily extensible by the
-  calling programs.
-
-  There's currently built-in support for the following crypto devices:
-
-      o CryptoSwift
-      o Compaq Atalla
-      o nCipher CHIL
-
-  A number of things are still needed and are being worked on:
-
-      o An openssl utility command to handle or at least check available
-        engines.
-      o A better way of handling the methods that are handled by the
-        engines.
-      o Documentation!
-
-  What already exists is fairly stable as far as it has been tested, but
-  the test base has been a bit small most of the time.
-
-  Because of this experimental status and what's lacking, the ENGINE
-  component is not yet part of the default OpenSSL distribution.  However,
-  we have made a separate kit for those who want to try this out, to be
-  found in the same places as the default OpenSSL distribution, but with
-  "-engine-" being part of the kit file name.  For example, version 0.9.6
-  is distributed in the following two files:
-
-      openssl-0.9.6.tar.gz
-      openssl-engine-0.9.6.tar.gz
-
-  NOTES
-  =====
-
-  openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
-  not need to download both.
-
-  openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
-  crypto device.  The internal OpenSSL functions are contained in the
-  engine "openssl", and will be used by default.
-
-  No external crypto device is chosen unless you say so.  You have actively
-  tell the openssl utility commands to use it through a new command line
-  switch called "-engine".  And if you want to use the ENGINE library to
-  do something similar, you must also explicitly choose an external crypto
-  device, or the built-in crypto routines will be used, just as in the
-  default OpenSSL distribution.
-
-
-  PROBLEMS
-  ========
-
-  It seems like the ENGINE part doesn't work too well with CryptoSwift on
-  Win32.  A quick test done right before the release showed that trying
-  "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
-  an attempt is made to write at memory address 0x00000002.
-
--- a/81
+++ b/81
@@ -1,64 +1,43 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/08/09 11:49:13 $
+  ______________                           $Date: 2000/02/28 11:59:02 $

  DEVELOPMENT STATE

-    o  OpenSSL 0.9.7:  Under development...
-    o  OpenSSL 0.9.6g: Released on August     9th, 2002
-    o  OpenSSL 0.9.6f: Released on August     8th, 2002
-    o  OpenSSL 0.9.6e: Released on July      30th, 2002
-    o  OpenSSL 0.9.6d: Released on May        9th, 2002
-    o  OpenSSL 0.9.6c: Released on December  21st, 2001
-    o  OpenSSL 0.9.6b: Released on July       9th, 2001
-    o  OpenSSL 0.9.6a: Released on April      5th, 2001
-    o  OpenSSL 0.9.6:  Released on September 24th, 2000
-    o  OpenSSL 0.9.5a: Released on April      1st, 2000
-    o  OpenSSL 0.9.5:  Released on February  28th, 2000
-    o  OpenSSL 0.9.4:  Released on August    09th, 1999
-    o  OpenSSL 0.9.3a: Released on May       29th, 1999
-    o  OpenSSL 0.9.3:  Released on May       25th, 1999
-    o  OpenSSL 0.9.2b: Released on March     22th, 1999
-    o  OpenSSL 0.9.1c: Released on December  23th, 1998
+    o  OpenSSL 0.9.5:  Released on February 28th, 2000
+    o  OpenSSL 0.9.4:  Released on August   09th, 1999
+    o  OpenSSL 0.9.3a: Released on May      29th, 1999
+    o  OpenSSL 0.9.3:  Released on May      25th, 1999
+    o  OpenSSL 0.9.2b: Released on March    22th, 1999
+    o  OpenSSL 0.9.1c: Released on December 23th, 1998

  RELEASE SHOWSTOPPERS

  AVAILABLE PATCHES

-    o 
+    o shared libraries <behnke@trustcenter.de>
+    o CA.pl patch (Damien Miller)

  IN PROGRESS

    o Steve is currently working on (in no particular order):
-        ASN1 code redesign, butchery, replacement.
-        OCSP
-        EVP cipher enhancement.
-        Enhanced certificate chain verification.
+        Proper (or at least usable) certificate chain verification.
 	Private key, certificate and CRL API and implementation.
 	Developing and bugfixing PKCS#7 (S/MIME code).
        Various X509 issues: character sets, certificate request extensions.
-    o Geoff and Richard are currently working on:
-	ENGINE (the new code that gives hardware support among others).
-    o Richard is currently working on:
-	UI (User Interface)
-	UTIL (a new set of library functions to support some higher level
-	      functionality that is currently missing).
-	Shared library support for VMS.
-	Kerberos 5 authentication
-	Constification
-	OCSP
+	Documentation for the openssl utility.

  NEEDS PATCH

-    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
-
-    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
-       or an error is reported
-
-    o  "OpenSSL STATUS" is never up-to-date.
+    o  non-blocking socket on AIX
+    o  $(PERL) in */Makefile.ssl
+    o  "Sign the certificate?" - "n" creates empty certificate file

  OPEN ISSUES

+    o internal_verify doesn't know about X509.v3 (basicConstraints
+      CA flag ...)
+
    o  The Makefile hierarchy and build mechanism is still not a round thing:

       1. The config vs. Configure scripts
@@ -99,16 +78,20 @@
               to date.
               Paul +1

+    o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER
+      structure for each cipher. This may make sense for things like DES but
+      for variable length ciphers like RC2 and RC4 it is NBG. Need a way to
+      use the EVP interface and set up the cipher parameters. The ASN1 stuff
+      is also foo wrt ciphers whose AlgorithmIdentifier has more than just
+      an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open
+      don't work unless the key length matches the fixed value (some vendors
+      use a key length decided by the size of the RSA encrypted key and expect
+      RC2 to adapt).
+
+    o ERR_error_string(..., buf) does not know how large buf is,
+      there should be ERR_error_string_n(..., buf, bufsize)
+      or similar.
+
  WISHES

-    o  SRP in TLS.
-       [wished by:
-        Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
-        Tom Holroyd <tomh@po.crl.go.jp>]
-
-       See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
-       as well as http://www-cs-students.stanford.edu/~tjw/srp/.
-
-       Tom Holroyd tells us there is a SRP patch for OpenSSH at
-       http://members.tripod.com/professor_tom/archives/, that could
-       be useful.
+    o 
--- a/1829
+++ b/1829
--- a/VMS/install.com
+++ b/VMS/install.com
@@ -34,8 +34,10 @@ $	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
 $	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
 	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
 $
-$	IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN -
-	   DELETE WRK_SSLINCLUDE:vms_idhacks.h;*
+$	EXHEADER := vms_idhacks.h
+$
+$	COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG
+$	SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER'
 $
 $	OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
 $	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
--- a/VMS/vms_idhacks.h
+++ b/VMS/vms_idhacks.h
@@ -0,0 +1,198 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_VMS_IDHACKS_H
+#define HEADER_VMS_IDHACKS_H
+
+#ifdef VMS
+
+/* Hack a long name in crypto/asn1/a_mbstr.c */
+#define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc
+/* Hack the names created with DECLARE_STACK_OF(PKCS7_SIGNER_INFO) */
+#define sk_PKCS7_SIGNER_INFO_new		sk_PKCS7_SIGINF_new
+#define sk_PKCS7_SIGNER_INFO_new_null		sk_PKCS7_SIGINF_new_null
+#define sk_PKCS7_SIGNER_INFO_free		sk_PKCS7_SIGINF_free
+#define sk_PKCS7_SIGNER_INFO_num		sk_PKCS7_SIGINF_num
+#define sk_PKCS7_SIGNER_INFO_value		sk_PKCS7_SIGINF_value
+#define sk_PKCS7_SIGNER_INFO_set		sk_PKCS7_SIGINF_set
+#define sk_PKCS7_SIGNER_INFO_zero		sk_PKCS7_SIGINF_zero
+#define sk_PKCS7_SIGNER_INFO_push		sk_PKCS7_SIGINF_push
+#define sk_PKCS7_SIGNER_INFO_unshift		sk_PKCS7_SIGINF_unshift
+#define sk_PKCS7_SIGNER_INFO_find		sk_PKCS7_SIGINF_find
+#define sk_PKCS7_SIGNER_INFO_delete		sk_PKCS7_SIGINF_delete
+#define sk_PKCS7_SIGNER_INFO_delete_ptr		sk_PKCS7_SIGINF_delete_ptr
+#define sk_PKCS7_SIGNER_INFO_insert		sk_PKCS7_SIGINF_insert
+#define sk_PKCS7_SIGNER_INFO_set_cmp_func	sk_PKCS7_SIGINF_set_cmp_func
+#define sk_PKCS7_SIGNER_INFO_dup		sk_PKCS7_SIGINF_dup
+#define sk_PKCS7_SIGNER_INFO_pop_free		sk_PKCS7_SIGINF_pop_free
+#define sk_PKCS7_SIGNER_INFO_shift		sk_PKCS7_SIGINF_shift
+#define sk_PKCS7_SIGNER_INFO_pop		sk_PKCS7_SIGINF_pop
+#define sk_PKCS7_SIGNER_INFO_sort		sk_PKCS7_SIGINF_sort
+
+/* Hack the names created with DECLARE_STACK_OF(PKCS7_RECIP_INFO) */
+#define sk_PKCS7_RECIP_INFO_new			sk_PKCS7_RECINF_new
+#define sk_PKCS7_RECIP_INFO_new_null		sk_PKCS7_RECINF_new_null
+#define sk_PKCS7_RECIP_INFO_free		sk_PKCS7_RECINF_free
+#define sk_PKCS7_RECIP_INFO_num			sk_PKCS7_RECINF_num
+#define sk_PKCS7_RECIP_INFO_value		sk_PKCS7_RECINF_value
+#define sk_PKCS7_RECIP_INFO_set			sk_PKCS7_RECINF_set
+#define sk_PKCS7_RECIP_INFO_zero		sk_PKCS7_RECINF_zero
+#define sk_PKCS7_RECIP_INFO_push		sk_PKCS7_RECINF_push
+#define sk_PKCS7_RECIP_INFO_unshift		sk_PKCS7_RECINF_unshift
+#define sk_PKCS7_RECIP_INFO_find		sk_PKCS7_RECINF_find
+#define sk_PKCS7_RECIP_INFO_delete		sk_PKCS7_RECINF_delete
+#define sk_PKCS7_RECIP_INFO_delete_ptr		sk_PKCS7_RECINF_delete_ptr
+#define sk_PKCS7_RECIP_INFO_insert		sk_PKCS7_RECINF_insert
+#define sk_PKCS7_RECIP_INFO_set_cmp_func	sk_PKCS7_RECINF_set_cmp_func
+#define sk_PKCS7_RECIP_INFO_dup			sk_PKCS7_RECINF_dup
+#define sk_PKCS7_RECIP_INFO_pop_free		sk_PKCS7_RECINF_pop_free
+#define sk_PKCS7_RECIP_INFO_shift		sk_PKCS7_RECINF_shift
+#define sk_PKCS7_RECIP_INFO_pop			sk_PKCS7_RECINF_pop
+#define sk_PKCS7_RECIP_INFO_sort		sk_PKCS7_RECINF_sort
+
+/* Hack the names created with DECLARE_STACK_OF(ASN1_STRING_TABLE) */
+#define sk_ASN1_STRING_TABLE_new		sk_ASN1_STRTAB_new
+#define sk_ASN1_STRING_TABLE_new_null		sk_ASN1_STRTAB_new_null
+#define sk_ASN1_STRING_TABLE_free		sk_ASN1_STRTAB_free
+#define sk_ASN1_STRING_TABLE_num		sk_ASN1_STRTAB_num
+#define sk_ASN1_STRING_TABLE_value		sk_ASN1_STRTAB_value
+#define sk_ASN1_STRING_TABLE_set		sk_ASN1_STRTAB_set
+#define sk_ASN1_STRING_TABLE_zero		sk_ASN1_STRTAB_zero
+#define sk_ASN1_STRING_TABLE_push		sk_ASN1_STRTAB_push
+#define sk_ASN1_STRING_TABLE_unshift		sk_ASN1_STRTAB_unshift
+#define sk_ASN1_STRING_TABLE_find		sk_ASN1_STRTAB_find
+#define sk_ASN1_STRING_TABLE_delete		sk_ASN1_STRTAB_delete
+#define sk_ASN1_STRING_TABLE_delete_ptr		sk_ASN1_STRTAB_delete_ptr
+#define sk_ASN1_STRING_TABLE_insert		sk_ASN1_STRTAB_insert
+#define sk_ASN1_STRING_TABLE_set_cmp_func	sk_ASN1_STRTAB_set_cmp_func
+#define sk_ASN1_STRING_TABLE_dup		sk_ASN1_STRTAB_dup
+#define sk_ASN1_STRING_TABLE_pop_free		sk_ASN1_STRTAB_pop_free
+#define sk_ASN1_STRING_TABLE_shift		sk_ASN1_STRTAB_shift
+#define sk_ASN1_STRING_TABLE_pop		sk_ASN1_STRTAB_pop
+#define sk_ASN1_STRING_TABLE_sort		sk_ASN1_STRTAB_sort
+
+/* Hack the names created with DECLARE_STACK_OF(ACCESS_DESCRIPTION) */
+#define sk_ACCESS_DESCRIPTION_new		sk_ACC_DESC_new
+#define sk_ACCESS_DESCRIPTION_new_null		sk_ACC_DESC_new_null
+#define sk_ACCESS_DESCRIPTION_free		sk_ACC_DESC_free
+#define sk_ACCESS_DESCRIPTION_num		sk_ACC_DESC_num
+#define sk_ACCESS_DESCRIPTION_value		sk_ACC_DESC_value
+#define sk_ACCESS_DESCRIPTION_set		sk_ACC_DESC_set
+#define sk_ACCESS_DESCRIPTION_zero		sk_ACC_DESC_zero
+#define sk_ACCESS_DESCRIPTION_push		sk_ACC_DESC_push
+#define sk_ACCESS_DESCRIPTION_unshift		sk_ACC_DESC_unshift
+#define sk_ACCESS_DESCRIPTION_find		sk_ACC_DESC_find
+#define sk_ACCESS_DESCRIPTION_delete		sk_ACC_DESC_delete
+#define sk_ACCESS_DESCRIPTION_delete_ptr	sk_ACC_DESC_delete_ptr
+#define sk_ACCESS_DESCRIPTION_insert		sk_ACC_DESC_insert
+#define sk_ACCESS_DESCRIPTION_set_cmp_func	sk_ACC_DESC_set_cmp_func
+#define sk_ACCESS_DESCRIPTION_dup		sk_ACC_DESC_dup
+#define sk_ACCESS_DESCRIPTION_pop_free		sk_ACC_DESC_pop_free
+#define sk_ACCESS_DESCRIPTION_shift		sk_ACC_DESC_shift
+#define sk_ACCESS_DESCRIPTION_pop		sk_ACC_DESC_pop
+#define sk_ACCESS_DESCRIPTION_sort		sk_ACC_DESC_sort
+
+/* Hack the names created with DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) */
+#define sk_CRYPTO_EX_DATA_FUNCS_new		sk_CRYPT_EX_DATFNS_new
+#define sk_CRYPTO_EX_DATA_FUNCS_new_null	sk_CRYPT_EX_DATFNS_new_null
+#define sk_CRYPTO_EX_DATA_FUNCS_free		sk_CRYPT_EX_DATFNS_free
+#define sk_CRYPTO_EX_DATA_FUNCS_num		sk_CRYPT_EX_DATFNS_num
+#define sk_CRYPTO_EX_DATA_FUNCS_value		sk_CRYPT_EX_DATFNS_value
+#define sk_CRYPTO_EX_DATA_FUNCS_set		sk_CRYPT_EX_DATFNS_set
+#define sk_CRYPTO_EX_DATA_FUNCS_zero		sk_CRYPT_EX_DATFNS_zero
+#define sk_CRYPTO_EX_DATA_FUNCS_push		sk_CRYPT_EX_DATFNS_push
+#define sk_CRYPTO_EX_DATA_FUNCS_unshift		sk_CRYPT_EX_DATFNS_unshift
+#define sk_CRYPTO_EX_DATA_FUNCS_find		sk_CRYPT_EX_DATFNS_find
+#define sk_CRYPTO_EX_DATA_FUNCS_delete		sk_CRYPT_EX_DATFNS_delete
+#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr	sk_CRYPT_EX_DATFNS_delete_ptr
+#define sk_CRYPTO_EX_DATA_FUNCS_insert		sk_CRYPT_EX_DATFNS_insert
+#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func	sk_CRYPT_EX_DATFNS_set_cmp_func
+#define sk_CRYPTO_EX_DATA_FUNCS_dup		sk_CRYPT_EX_DATFNS_dup
+#define sk_CRYPTO_EX_DATA_FUNCS_pop_free	sk_CRYPT_EX_DATFNS_pop_free
+#define sk_CRYPTO_EX_DATA_FUNCS_shift		sk_CRYPT_EX_DATFNS_shift
+#define sk_CRYPTO_EX_DATA_FUNCS_pop		sk_CRYPT_EX_DATFNS_pop
+#define sk_CRYPTO_EX_DATA_FUNCS_sort		sk_CRYPT_EX_DATFNS_sort
+
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
+#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO	i2d_ASN1_SET_OF_PKCS7_SIGINF
+#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO	d2i_ASN1_SET_OF_PKCS7_SIGINF
+
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
+#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO	i2d_ASN1_SET_OF_PKCS7_RECGINF
+#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO	d2i_ASN1_SET_OF_PKCS7_RECGINF
+
+/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
+#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION	i2d_ASN1_SET_OF_ACC_DESC
+#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION	d2i_ASN1_SET_OF_ACC_DESC
+
+/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
+#define PEM_read_NETSCAPE_CERT_SEQUENCE		PEM_read_NS_CERT_SEQUENCE
+#define PEM_write_NETSCAPE_CERT_SEQUENCE	PEM_write_NS_CERT_SEQUENCE
+#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE	PEM_read_bio_NS_CERT_SEQUENCE
+#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_bio_NS_CERT_SEQUENCE
+#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_cb_bio_NS_CERT_SEQUENCE
+
+/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */
+#define PEM_read_PKCS8_PRIV_KEY_INFO		PEM_read_P8_PRIV_KEY_INFO
+#define PEM_write_PKCS8_PRIV_KEY_INFO		PEM_write_P8_PRIV_KEY_INFO
+#define PEM_read_bio_PKCS8_PRIV_KEY_INFO	PEM_read_bio_P8_PRIV_KEY_INFO
+#define PEM_write_bio_PKCS8_PRIV_KEY_INFO	PEM_write_bio_P8_PRIV_KEY_INFO
+#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO	PEM_wrt_cb_bio_P8_PRIV_KEY_INFO
+
+/* Hack other PEM names */
+#define PEM_write_bio_PKCS8PrivateKey_nid	PEM_write_bio_PKCS8PrivKey_nid
+
+#endif /* defined VMS */
+
+#endif /* ! defined HEADER_VMS_IDHACKS_H */
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -36,7 +36,6 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored

-$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";
 $REQ="openssl req $SSLEAY_CONFIG";
 $CA="openssl ca $SSLEAY_CONFIG";
@@ -117,11 +116,6 @@ foreach (@ARGV) {
 							"-infiles newreq.pem");
 	    $RET=$?;
 	    print "Signed certificate is in newcert.pem\n";
-	} elsif (/^(-signCA)$/) {
-	    system ("$CA -policy policy_anything -out newcert.pem " .
-					"-extensions v3_ca -infiles newreq.pem");
-	    $RET=$?;
-	    print "Signed CA certificate is in newcert.pem\n";
 	} elsif (/^-signcert$/) {
 	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
 								"-out tmp.pem");
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -109,9 +109,7 @@
 *
 */

-#define NON_MAIN
 #include "apps.h"
-#undef NON_MAIN
 #include <openssl/bio.h>
 #include <openssl/rand.h>

@@ -164,7 +162,7 @@ long app_RAND_load_files(char *name)
 	char *p,*n;
 	int last;
 	long tot=0;
-	int egd;
+    int egd;
 	
 	for (;;)
 		{
@@ -176,11 +174,9 @@ long app_RAND_load_files(char *name)
 		name=p+1;
 		if (*n == '\0') break;

-		egd=RAND_egd(n);
-		if (egd > 0)
-			tot+=egd;
-		else
-			tot+=RAND_load_file(n,-1);
+        egd=RAND_egd(n);
+		if (egd > 0) tot+=egd;
+		tot+=RAND_load_file(n,1024L*1024L);
 		if (last) break;
 		}
 	if (tot > 512)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -64,11 +64,6 @@
 #define NON_MAIN
 #include "apps.h"
 #undef NON_MAIN
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-#include <openssl/safestack.h>

 #ifdef WINDOWS
 #  include "bss_file.c"
@@ -96,8 +91,8 @@ int args_from_file(char *file, int *argc, char **argv[])
 	*argv=NULL;

 	len=(unsigned int)stbuf.st_size;
-	if (buf != NULL) OPENSSL_free(buf);
-	buf=(char *)OPENSSL_malloc(len+1);
+	if (buf != NULL) Free(buf);
+	buf=(char *)Malloc(len+1);
 	if (buf == NULL) return(0);

 	len=fread(buf,1,len,fp);
@@ -107,8 +102,8 @@ int args_from_file(char *file, int *argc, char **argv[])
 	i=0;
 	for (p=buf; *p; p++)
 		if (*p == '\n') i++;
-	if (arg != NULL) OPENSSL_free(arg);
-	arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
+	if (arg != NULL) Free(arg);
+	arg=(char **)Malloc(sizeof(char *)*(i*2));

 	*argv=arg;
 	num=0;
@@ -164,14 +159,6 @@ int str2fmt(char *s)
 		return(FORMAT_PEM);
 	else if ((*s == 'N') || (*s == 'n'))
 		return(FORMAT_NETSCAPE);
-	else if ((*s == 'S') || (*s == 's'))
-		return(FORMAT_SMIME);
-	else if ((*s == '1')
-		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
-		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
-		return(FORMAT_PKCS12);
-	else if ((*s == 'E') || (*s == 'e'))
-		return(FORMAT_ENGINE);
 	else
 		return(FORMAT_UNDEF);
 	}
@@ -230,16 +217,9 @@ void program_name(char *in, char *out, int size)

 	q=strrchr(p,'.');
 	if (q == NULL)
-		q = p + strlen(p);
-	strncpy(out,p,size-1);
-	if (q-p >= size)
-		{
-		out[size-1]='\0';
-		}
-	else
-		{
-		out[q-p]='\0';
-		}
+		q = in+size;
+	strncpy(out,p,q-p);
+	out[q-p]='\0';
 	}
 #else
 void program_name(char *in, char *out, int size)
@@ -286,7 +266,7 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	if (arg->count == 0)
 		{
 		arg->count=20;
-		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+		arg->data=(char **)Malloc(sizeof(char *)*arg->count);
 		}
 	for (i=0; i<arg->count; i++)
 		arg->data[i]=NULL;
@@ -305,7 +285,7 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 		if (num >= arg->count)
 			{
 			arg->count+=20;
-			arg->data=(char **)OPENSSL_realloc(arg->data,
+			arg->data=(char **)Realloc(arg->data,
 				sizeof(char *)*arg->count);
 			if (argc == 0) return(0);
 			}
@@ -434,353 +414,3 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
 	if(tmp) *tmp = 0;
 	return BUF_strdup(tpass);
 }
-
-int add_oid_section(BIO *err, LHASH *conf)
-{	
-	char *p;
-	STACK_OF(CONF_VALUE) *sktmp;
-	CONF_VALUE *cnf;
-	int i;
-	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
-	if(!(sktmp = CONF_get_section(conf, p))) {
-		BIO_printf(err, "problem loading oid section %s\n", p);
-		return 0;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
-		cnf = sk_CONF_VALUE_value(sktmp, i);
-		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
-			BIO_printf(err, "problem creating object %s=%s\n",
-							 cnf->name, cnf->value);
-			return 0;
-		}
-	}
-	return 1;
-}
-
-X509 *load_cert(BIO *err, char *file, int format)
-	{
-	ASN1_HEADER *ah=NULL;
-	BUF_MEM *buf=NULL;
-	X509 *x=NULL;
-	BIO *cert;
-
-	if ((cert=BIO_new(BIO_s_file())) == NULL)
-		{
-		ERR_print_errors(err);
-		goto end;
-		}
-
-	if (file == NULL)
-		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(cert,file) <= 0)
-			{
-			perror(file);
-			goto end;
-			}
-		}
-
-	if 	(format == FORMAT_ASN1)
-		x=d2i_X509_bio(cert,NULL);
-	else if (format == FORMAT_NETSCAPE)
-		{
-		unsigned char *p,*op;
-		int size=0,i;
-
-		/* We sort of have to do it this way because it is sort of nice
-		 * to read the header first and check it, then
-		 * try to read the certificate */
-		buf=BUF_MEM_new();
-		for (;;)
-			{
-			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
-				goto end;
-			i=BIO_read(cert,&(buf->data[size]),1024*10);
-			size+=i;
-			if (i == 0) break;
-			if (i < 0)
-				{
-				perror("reading certificate");
-				goto end;
-				}
-			}
-		p=(unsigned char *)buf->data;
-		op=p;
-
-		/* First load the header */
-		if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
-			goto end;
-		if ((ah->header == NULL) || (ah->header->data == NULL) ||
-			(strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
-			ah->header->length) != 0))
-			{
-			BIO_printf(err,"Error reading header on certificate\n");
-			goto end;
-			}
-		/* header is ok, so now read the object */
-		p=op;
-		ah->meth=X509_asn1_meth();
-		if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
-			goto end;
-		x=(X509 *)ah->data;
-		ah->data=NULL;
-		}
-	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
-	else if (format == FORMAT_PKCS12)
-		{
-		PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
-
-		PKCS12_parse(p12, NULL, NULL, &x, NULL);
-		PKCS12_free(p12);
-		p12 = NULL;
-		}
-	else	{
-		BIO_printf(err,"bad input format specified for input cert\n");
-		goto end;
-		}
-end:
-	if (x == NULL)
-		{
-		BIO_printf(err,"unable to load certificate\n");
-		ERR_print_errors(err);
-		}
-	if (ah != NULL) ASN1_HEADER_free(ah);
-	if (cert != NULL) BIO_free(cert);
-	if (buf != NULL) BUF_MEM_free(buf);
-	return(x);
-	}
-
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
-	{
-	BIO *key=NULL;
-	EVP_PKEY *pkey=NULL;
-
-	if (file == NULL)
-		{
-		BIO_printf(err,"no keyfile specified\n");
-		goto end;
-		}
-	key=BIO_new(BIO_s_file());
-	if (key == NULL)
-		{
-		ERR_print_errors(err);
-		goto end;
-		}
-	if (BIO_read_filename(key,file) <= 0)
-		{
-		perror(file);
-		goto end;
-		}
-	if (format == FORMAT_ASN1)
-		{
-		pkey=d2i_PrivateKey_bio(key, NULL);
-		}
-	else if (format == FORMAT_PEM)
-		{
-		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
-		}
-	else if (format == FORMAT_PKCS12)
-		{
-		PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
-
-		PKCS12_parse(p12, pass, &pkey, NULL, NULL);
-		PKCS12_free(p12);
-		p12 = NULL;
-		}
-	else
-		{
-		BIO_printf(err,"bad input format specified for key\n");
-		goto end;
-		}
- end:
-	if (key != NULL) BIO_free(key);
-	if (pkey == NULL)
-		BIO_printf(err,"unable to load Private Key\n");
-	return(pkey);
-	}
-
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
-	{
-	BIO *key=NULL;
-	EVP_PKEY *pkey=NULL;
-
-	if (file == NULL)
-		{
-		BIO_printf(err,"no keyfile specified\n");
-		goto end;
-		}
-	key=BIO_new(BIO_s_file());
-	if (key == NULL)
-		{
-		ERR_print_errors(err);
-		goto end;
-		}
-	if (BIO_read_filename(key,file) <= 0)
-		{
-		perror(file);
-		goto end;
-		}
-	if (format == FORMAT_ASN1)
-		{
-		pkey=d2i_PUBKEY_bio(key, NULL);
-		}
-	else if (format == FORMAT_PEM)
-		{
-		pkey=PEM_read_bio_PUBKEY(key,NULL,NULL,NULL);
-		}
-	else
-		{
-		BIO_printf(err,"bad input format specified for key\n");
-		goto end;
-		}
- end:
-	if (key != NULL) BIO_free(key);
-	if (pkey == NULL)
-		BIO_printf(err,"unable to load Public Key\n");
-	return(pkey);
-	}
-
-STACK_OF(X509) *load_certs(BIO *err, char *file, int format)
-	{
-	BIO *certs;
-	int i;
-	STACK_OF(X509) *othercerts = NULL;
-	STACK_OF(X509_INFO) *allcerts = NULL;
-	X509_INFO *xi;
-
-	if((certs = BIO_new(BIO_s_file())) == NULL)
-		{
-		ERR_print_errors(err);
-		goto end;
-		}
-
-	if (file == NULL)
-		BIO_set_fp(certs,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(certs,file) <= 0)
-			{
-			perror(file);
-			goto end;
-			}
-		}
-
-	if      (format == FORMAT_PEM)
-		{
-		othercerts = sk_X509_new_null();
-		if(!othercerts)
-			{
-			sk_X509_free(othercerts);
-			othercerts = NULL;
-			goto end;
-			}
-		allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
-		for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
-			{
-			xi = sk_X509_INFO_value (allcerts, i);
-			if (xi->x509)
-				{
-				sk_X509_push(othercerts, xi->x509);
-				xi->x509 = NULL;
-				}
-			}
-		goto end;
-		}
-	else	{
-		BIO_printf(err,"bad input format specified for input cert\n");
-		goto end;
-		}
-end:
-	if (othercerts == NULL)
-		{
-		BIO_printf(err,"unable to load certificates\n");
-		ERR_print_errors(err);
-		}
-	if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
-	if (certs != NULL) BIO_free(certs);
-	return(othercerts);
-	}
-
-typedef struct {
-	char *name;
-	unsigned long flag;
-	unsigned long mask;
-} NAME_EX_TBL;
-
-int set_name_ex(unsigned long *flags, const char *arg)
-{
-	char c;
-	const NAME_EX_TBL *ptbl, ex_tbl[] = {
-		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
-		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
-		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
-		{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
-		{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
-		{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
-		{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
-		{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
-		{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
-		{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
-		{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
-		{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
-		{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
-		{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
-		{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
-		{ "dn_rev", XN_FLAG_DN_REV, 0},
-		{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
-		{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
-		{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
-		{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
-		{ "space_eq", XN_FLAG_SPC_EQ, 0},
-		{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
-		{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
-		{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
-		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
-		{ NULL, 0, 0}
-	};
-
-	c = arg[0];
-
-	if(c == '-') {
-		c = 0;
-		arg++;
-	} else if (c == '+') {
-		c = 1;
-		arg++;
-	} else c = 1;
-
-	for(ptbl = ex_tbl; ptbl->name; ptbl++) {
-		if(!strcmp(arg, ptbl->name)) {
-			*flags &= ~ptbl->mask;
-			if(c) *flags |= ptbl->flag;
-			else *flags &= ~ptbl->flag;
-			return 1;
-		}
-	}
-	return 0;
-}
-
-void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
-{
-	char *buf;
-	char mline = 0;
-	int indent = 0;
-	if(title) BIO_puts(out, title);
-	if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-		mline = 1;
-		indent = 4;
-	}
-	if(lflags == XN_FLAG_COMPAT) {
-		buf = X509_NAME_oneline(nm, 0, 0);
-		BIO_puts(out, buf);
-		BIO_puts(out, "\n");
-		OPENSSL_free(buf);
-	} else {
-		if(mline) BIO_puts(out, "\n");
-		X509_NAME_print_ex(out, nm, indent, lflags);
-		BIO_puts(out, "\n");
-	}
-}
-
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -65,8 +65,6 @@
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>

 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
 int app_RAND_write_file(const char *file, BIO *bio_e);
@@ -100,6 +98,7 @@ extern BIO *bio_err;
 #else

 #define MAIN(a,v)	PROG(a,v)
+#include <openssl/conf.h>
 extern LHASH *config;
 extern char *default_config_file;
 extern BIO *bio_err;
@@ -145,27 +144,13 @@ void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 #ifdef HEADER_X509_H
 int dump_cert_text(BIO *out, X509 *x);
-void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
-int set_name_ex(unsigned long *flags, const char *arg);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, LHASH *conf);
-X509 *load_cert(BIO *err, char *file, int format);
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
-STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
-
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2
 #define FORMAT_PEM      3
 #define FORMAT_NETSCAPE 4
-#define FORMAT_PKCS12   5
-#define FORMAT_SMIME    6
-/* Since this is currently inofficial, let's give it a high number */
-#define FORMAT_ENGINE   127
-
-#define NETSCAPE_CERT_HDR	"certificate"

 #define APP_PASS_LEN	1024

--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -88,7 +88,7 @@ int MAIN(int argc, char **argv)
 	unsigned int length=0;
 	long num,tmplen;
 	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
-	int informat,indent=0, noout = 0, dump = 0;
+	int informat,indent=0, noout = 0;
 	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
 	unsigned char *tmpbuf;
 	BUF_MEM *buf=NULL;
@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
 	argv++;
 	if ((osk=sk_new_null()) == NULL)
 		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
+		BIO_printf(bio_err,"Malloc failure\n");
 		goto end;
 		}
 	while (argc >= 1)
@@ -149,16 +149,6 @@ int MAIN(int argc, char **argv)
 			length= atoi(*(++argv));
 			if (length == 0) goto bad;
 			}
-		else if (strcmp(*argv,"-dump") == 0)
-			{
-			dump= -1;
-			}
-		else if (strcmp(*argv,"-dlimit") == 0)
-			{
-			if (--argc < 1) goto bad;
-			dump= atoi(*(++argv));
-			if (dump <= 0) goto bad;
-			}
 		else if (strcmp(*argv,"-strparse") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -181,17 +171,16 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
+		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   length of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
-		BIO_printf(bio_err," -dump         dump unknown data in hex form\n");
-		BIO_printf(bio_err," -dlimit arg   dump the first arg bytes of unknown data in hex form\n");
 		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
+		BIO_printf(bio_err," -out filename output DER encoding to file\n");
 		goto end;
 		}

@@ -205,12 +194,6 @@ bad:
 		goto end;
 		}
 	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	out = BIO_push(tmpbio, out);
-	}
-#endif

 	if (oidfile != NULL)
 		{
@@ -310,8 +293,7 @@ bad:
 		}
 	}
 	if (!noout &&
-	    !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
-		    indent,dump))
+	    !ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
@@ -320,7 +302,7 @@ bad:
 end:
 	BIO_free(derout);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (b64 != NULL) BIO_free(b64);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
--- a/apps/ca-cert.srl
+++ b/apps/ca-cert.srl
@@ -1 +1 @@
-07
+05
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -74,7 +74,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #ifndef W_OK
 #  ifdef VMS
@@ -83,7 +82,7 @@
 #    else
 #      include <unixlib.h>
 #    endif
-#  elif !defined(VXWORKS)
+#  else
 #    include <sys/file.h>
 #  endif
 #endif
@@ -168,7 +167,6 @@ static char *ca_usage[]={
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
-" -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };

@@ -178,6 +176,7 @@ extern int EF_PROTECT_BELOW;
 extern int EF_ALIGNMENT;
 #endif

+static int add_oid_section(LHASH *conf);
 static void lookup_fail(char *name,char *tag);
 static unsigned long index_serial_hash(char **a);
 static int index_serial_cmp(char **a, char **b);
@@ -218,8 +217,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
-	char *key=NULL,*passargin=NULL;
+	char *key=NULL;
 	int total=0;
 	int total_done=0;
 	int badops=0;
@@ -265,13 +263,12 @@ int MAIN(int argc, char **argv)
 	long l;
 	const EVP_MD *dgst=NULL;
 	STACK_OF(CONF_VALUE) *attribs=NULL;
-	STACK_OF(X509) *cert_sk=NULL;
+	STACK *cert_sk=NULL;
 	BIO *hex=NULL;
 #undef BSIZE
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
 	char *randfile=NULL;
-	char *engine = NULL;

 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -337,11 +334,6 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			keyfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -423,11 +415,6 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			crl_ext= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else
 			{
 bad:
@@ -448,24 +435,6 @@ bad:

 	ERR_load_crypto_strings();

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto err;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto err;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	/*****************************************************************/
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
 	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
@@ -529,7 +498,7 @@ bad:
 				BIO_free(oid_bio);
 				}
 			}
-		if(!add_oid_section(bio_err,conf)) 
+		if(!add_oid_section(conf)) 
 			{
 			ERR_print_errors(bio_err);
 			goto err;
@@ -558,11 +527,6 @@ bad:
 		lookup_fail(section,ENV_PRIVATE_KEY);
 		goto err;
 		}
-	if(!key && !app_passwd(bio_err, passargin, NULL, &key, NULL))
-		{
-		BIO_printf(bio_err,"Error getting password\n");
-		goto err;
-		}
 	if (BIO_read_filename(in,keyfile) <= 0)
 		{
 		perror(keyfile);
@@ -717,12 +681,6 @@ bad:
 	if (verbose)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
 		TXT_DB_write(out,db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
 			db->data->num);
@@ -757,15 +715,7 @@ bad:
 				}
 			}
 		else
-			{
 			BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			Sout = BIO_push(tmpbio, Sout);
-			}
-#endif
-			}
 		}

 	if (req)
@@ -858,7 +808,7 @@ bad:
 			{
 			if ((f=BN_bn2hex(serial)) == NULL) goto err;
 			BIO_printf(bio_err,"next serial number is %s\n",f);
-			OPENSSL_free(f);
+			Free(f);
 			}

 		if ((attribs=CONF_get_section(conf,policy)) == NULL)
@@ -867,9 +817,9 @@ bad:
 			goto err;
 			}

-		if ((cert_sk=sk_X509_new_null()) == NULL)
+		if ((cert_sk=sk_new_null()) == NULL)
 			{
-			BIO_printf(bio_err,"Memory allocation failure\n");
+			BIO_printf(bio_err,"Malloc failure\n");
 			goto err;
 			}
 		if (spkac_file != NULL)
@@ -884,9 +834,9 @@ bad:
 				total_done++;
 				BIO_printf(bio_err,"\n");
 				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_X509_push(cert_sk,x))
+				if (!sk_push(cert_sk,(char *)x))
 					{
-					BIO_printf(bio_err,"Memory allocation failure\n");
+					BIO_printf(bio_err,"Malloc failure\n");
 					goto err;
 					}
 				if (outfile)
@@ -908,9 +858,9 @@ bad:
 				total_done++;
 				BIO_printf(bio_err,"\n");
 				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_X509_push(cert_sk,x))
+				if (!sk_push(cert_sk,(char *)x))
 					{
-					BIO_printf(bio_err,"Memory allocation failure\n");
+					BIO_printf(bio_err,"Malloc failure\n");
 					goto err;
 					}
 				}
@@ -927,9 +877,9 @@ bad:
 				total_done++;
 				BIO_printf(bio_err,"\n");
 				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_X509_push(cert_sk,x))
+				if (!sk_push(cert_sk,(char *)x))
 					{
-					BIO_printf(bio_err,"Memory allocation failure\n");
+					BIO_printf(bio_err,"Malloc failure\n");
 					goto err;
 					}
 				}
@@ -946,9 +896,9 @@ bad:
 				total_done++;
 				BIO_printf(bio_err,"\n");
 				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_X509_push(cert_sk,x))
+				if (!sk_push(cert_sk,(char *)x))
 					{
-					BIO_printf(bio_err,"Memory allocation failure\n");
+					BIO_printf(bio_err,"Malloc failure\n");
 					goto err;
 					}
 				}
@@ -957,7 +907,7 @@ bad:
 		 * and a data base and serial number that need
 		 * updating */

-		if (sk_X509_num(cert_sk) > 0)
+		if (sk_num(cert_sk) > 0)
 			{
 			if (!batch)
 				{
@@ -973,7 +923,7 @@ bad:
 					}
 				}

-			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
+			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk));

 			strncpy(buf[0],serialfile,BSIZE-4);

@@ -1005,12 +955,12 @@ bad:
 	
 		if (verbose)
 			BIO_printf(bio_err,"writing new certificates\n");
-		for (i=0; i<sk_X509_num(cert_sk); i++)
+		for (i=0; i<sk_num(cert_sk); i++)
 			{
 			int k;
 			unsigned char *n;

-			x=sk_X509_value(cert_sk,i);
+			x=(X509 *)sk_value(cert_sk,i);

 			j=x->cert_info->serialNumber->length;
 			p=(char *)x->cert_info->serialNumber->data;
@@ -1049,7 +999,7 @@ bad:
 			write_new_certificate(Sout,x, output_der, notext);
 			}

-		if (sk_X509_num(cert_sk))
+		if (sk_num(cert_sk))
 			{
 			/* Rename the database and the serial file */
 			strncpy(buf[2],serialfile,BSIZE-4);
@@ -1061,7 +1011,7 @@ bad:
 #endif

 			BIO_free(in);
-			BIO_free_all(out);
+			BIO_free(out);
 			in=NULL;
 			out=NULL;
 			if (rename(serialfile,buf[2]) < 0)
@@ -1135,7 +1085,7 @@ bad:
 			}
 		if ((crldays == 0) && (crlhours == 0))
 			{
-			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
+			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
 			goto err;
 			}

@@ -1247,11 +1197,7 @@ bad:
 			X509_free(revcert);

 			strncpy(buf[0],dbfile,BSIZE-4);
-#ifndef VMS
 			strcat(buf[0],".new");
-#else
-			strcat(buf[0],"-new");
-#endif
 			if (BIO_write_filename(out,buf[0]) <= 0)
 				{
 				perror(dbfile);
@@ -1261,11 +1207,7 @@ bad:
 			j=TXT_DB_write(out,db);
 			if (j <= 0) goto err;
 			strncpy(buf[1],dbfile,BSIZE-4);
-#ifndef VMS
 			strcat(buf[1],".old");
-#else
-			strcat(buf[1],"-old");
-#endif
 			if (rename(dbfile,buf[1]) < 0)
 				{
 				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
@@ -1286,12 +1228,12 @@ bad:
 	ret=0;
 err:
 	BIO_free(hex);
-	BIO_free_all(Cout);
-	BIO_free_all(Sout);
-	BIO_free_all(out);
+	BIO_free(Cout);
+	BIO_free(Sout);
+	BIO_free(out);
 	BIO_free(in);

-	sk_X509_pop_free(cert_sk,X509_free);
+	sk_pop_free(cert_sk,X509_free);

 	if (ret) ERR_print_errors(bio_err);
 	app_RAND_write_file(randfile, bio_err);
@@ -1403,7 +1345,7 @@ static int save_serial(char *serialfile, BIGNUM *serial)
 	BIO_puts(out,"\n");
 	ret=1;
 err:
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (ai != NULL) ASN1_INTEGER_free(ai);
 	return(ret);
 	}
@@ -1638,7 +1580,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	/* Ok, now we check the 'policy' stuff. */
 	if ((subject=X509_NAME_new()) == NULL)
 		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
+		BIO_printf(bio_err,"Malloc failure\n");
 		goto err;
 		}

@@ -1720,7 +1662,7 @@ again2:
 					}
 				if (j < 0)
 					{
-					BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data));
+					BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str == NULL)?"NULL":(char *)str->data),((str2 == NULL)?"NULL":(char *)str2->data));
 					goto err;
 					}
 				}
@@ -1736,7 +1678,7 @@ again2:
 					{
 					if (push != NULL)
 						X509_NAME_ENTRY_free(push);
-					BIO_printf(bio_err,"Memory allocation failure\n");
+					BIO_printf(bio_err,"Malloc failure\n");
 					goto err;
 					}
 				}
@@ -1758,7 +1700,7 @@ again2:
 	row[DB_serial]=BN_bn2hex(serial);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
+		BIO_printf(bio_err,"Malloc failure\n");
 		goto err;
 		}

@@ -1899,32 +1841,32 @@ again2:
 		goto err;

 	/* We now just add it to the database */
-	row[DB_type]=(char *)OPENSSL_malloc(2);
+	row[DB_type]=(char *)Malloc(2);

 	tm=X509_get_notAfter(ret);
-	row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
+	row[DB_exp_date]=(char *)Malloc(tm->length+1);
 	memcpy(row[DB_exp_date],tm->data,tm->length);
 	row[DB_exp_date][tm->length]='\0';

 	row[DB_rev_date]=NULL;

 	/* row[DB_serial] done already */
-	row[DB_file]=(char *)OPENSSL_malloc(8);
+	row[DB_file]=(char *)Malloc(8);
 	/* row[DB_name] done already */

 	if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
 		(row[DB_file] == NULL))
 		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
+		BIO_printf(bio_err,"Malloc failure\n");
 		goto err;
 		}
 	strcpy(row[DB_file],"unknown");
 	row[DB_type][0]='V';
 	row[DB_type][1]='\0';

-	if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+	if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
 		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
+		BIO_printf(bio_err,"Malloc failure\n");
 		goto err;
 		}

@@ -1944,7 +1886,7 @@ again2:
 	ok=1;
 err:
 	for (i=0; i<DB_NUMBER; i++)
-		if (row[i] != NULL) OPENSSL_free(row[i]);
+		if (row[i] != NULL) Free(row[i]);

 	if (CAname != NULL)
 		X509_NAME_free(CAname);
@@ -2158,6 +2100,28 @@ static int check_time_format(char *str)
 	return(ASN1_UTCTIME_check(&tm));
 	}

+static int add_oid_section(LHASH *hconf)
+{	
+	char *p;
+	STACK_OF(CONF_VALUE) *sktmp;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(p=CONF_get_string(hconf,NULL,"oid_section"))) return 1;
+	if(!(sktmp = CONF_get_section(hconf, p))) {
+		BIO_printf(bio_err, "problem loading oid section %s\n", p);
+		return 0;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+		cnf = sk_CONF_VALUE_value(sktmp, i);
+		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+			BIO_printf(bio_err, "problem creating object %s=%s\n",
+							 cnf->name, cnf->value);
+			return 0;
+		}
+	}
+	return 1;
+}
+
 static int do_revoke(X509 *x509, TXT_DB *db)
 {
 	ASN1_UTCTIME *tm=NULL, *revtm=NULL;
@@ -2173,7 +2137,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
 	BN_free(bn);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
+		BIO_printf(bio_err,"Malloc failure\n");
 		goto err;
 		}
 	/* We have to lookup by serial number because name lookup
@@ -2185,33 +2149,33 @@ static int do_revoke(X509 *x509, TXT_DB *db)
 		BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);

 		/* We now just add it to the database */
-		row[DB_type]=(char *)OPENSSL_malloc(2);
+		row[DB_type]=(char *)Malloc(2);

 		tm=X509_get_notAfter(x509);
-		row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
+		row[DB_exp_date]=(char *)Malloc(tm->length+1);
 		memcpy(row[DB_exp_date],tm->data,tm->length);
 		row[DB_exp_date][tm->length]='\0';

 		row[DB_rev_date]=NULL;

 		/* row[DB_serial] done already */
-		row[DB_file]=(char *)OPENSSL_malloc(8);
+		row[DB_file]=(char *)Malloc(8);

 		/* row[DB_name] done already */

 		if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
 			(row[DB_file] == NULL))
 			{
-			BIO_printf(bio_err,"Memory allocation failure\n");
+			BIO_printf(bio_err,"Malloc failure\n");
 			goto err;
 			}
 		strcpy(row[DB_file],"unknown");
 		row[DB_type][0]='V';
 		row[DB_type][1]='\0';

-		if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+		if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
 			{
-			BIO_printf(bio_err,"Memory allocation failure\n");
+			BIO_printf(bio_err,"Malloc failure\n");
 			goto err;
 			}

@@ -2254,7 +2218,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
 		revtm=X509_gmtime_adj(revtm,0);
 		rrow[DB_type][0]='R';
 		rrow[DB_type][1]='\0';
-		rrow[DB_rev_date]=(char *)OPENSSL_malloc(revtm->length+1);
+		rrow[DB_rev_date]=(char *)Malloc(revtm->length+1);
 		memcpy(rrow[DB_rev_date],revtm->data,revtm->length);
 		rrow[DB_rev_date][revtm->length]='\0';
 		ASN1_UTCTIME_free(revtm);
@@ -2264,7 +2228,7 @@ err:
 	for (i=0; i<DB_NUMBER; i++)
 		{
 		if (row[i] != NULL) 
-			OPENSSL_free(row[i]);
+			Free(row[i]);
 		}
 	return(ok);
 }
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -74,7 +74,6 @@ static char *ciphers_usage[]={
 " -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
 " -ssl2       - SSL2 mode\n",
 " -ssl3       - SSL3 mode\n",
-" -tls1       - TLS1 mode\n",
 NULL
 };

@@ -108,12 +107,6 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	STDout = BIO_push(tmpbio, STDout);
-	}
-#endif

 	argc--;
 	argv++;
@@ -128,10 +121,6 @@ int MAIN(int argc, char **argv)
 #ifndef NO_SSL3
 		else if (strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
-#endif
-#ifndef NO_TLS1
-		else if (strcmp(*argv,"-tls1") == 0)
-			meth=TLSv1_client_method();
 #endif
 		else if ((strncmp(*argv,"-h",2) == 0) ||
 			 (strcmp(*argv,"-?") == 0))
@@ -201,7 +190,7 @@ err:
 end:
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (ssl != NULL) SSL_free(ssl);
-	if (STDout != NULL) BIO_free_all(STDout);
+	if (STDout != NULL) BIO_free(STDout);
 	EXIT(ret);
 	}

--- a/apps/crl.c
+++ b/apps/crl.c
@@ -104,7 +104,6 @@ int MAIN(int argc, char **argv)
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
 	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
-	int fingerprint = 0;
 	char **pp,buf[256];
 	X509_STORE *store = NULL;
 	X509_STORE_CTX ctx;
@@ -112,7 +111,6 @@ int MAIN(int argc, char **argv)
 	X509_OBJECT xobj;
 	EVP_PKEY *pkey;
 	int do_ver = 0;
-	const EVP_MD *md_alg,*digest=EVP_md5();

 	apps_startup();

@@ -122,15 +120,7 @@ int MAIN(int argc, char **argv)

 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
-			{
 			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			bio_out = BIO_push(tmpbio, bio_out);
-			}
-#endif
-			}

 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
@@ -193,13 +183,6 @@ int MAIN(int argc, char **argv)
 			nextupdate= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
-		else if (strcmp(*argv,"-fingerprint") == 0)
-			fingerprint= ++num;
-		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
-			{
-			/* ok */
-			digest=md_alg;
-			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -291,26 +274,6 @@ bad:
 					BIO_printf(bio_out,"NONE");
 				BIO_printf(bio_out,"\n");
 				}
-			if (fingerprint == i)
-				{
-				int j;
-				unsigned int n;
-				unsigned char md[EVP_MAX_MD_SIZE];
-
-				if (!X509_CRL_digest(x,digest,md,&n))
-					{
-					BIO_printf(bio_err,"out of memory\n");
-					goto end;
-					}
-				BIO_printf(bio_out,"%s Fingerprint=",
-						OBJ_nid2sn(EVP_MD_type(digest)));
-				for (j=0; j<(int)n; j++)
-					{
-					BIO_printf(bio_out,"%02X%c",md[j],
-						(j+1 == (int)n)
-						?'\n':':');
-					}
-				}
 			}
 		}

@@ -322,15 +285,7 @@ bad:
 		}

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -356,8 +311,8 @@ bad:
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
-	BIO_free_all(out);
-	BIO_free_all(bio_out);
+	BIO_free(out);
+	BIO_free(bio_out);
 	bio_out=NULL;
 	X509_CRL_free(x);
 	if(store) {
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -141,7 +141,7 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-certfile") == 0)
 			{
 			if (--argc < 1) goto bad;
-			if(!certflst) certflst = sk_new_null();
+			if(!certflst) certflst = sk_new(NULL);
 			sk_push(certflst,*(++argv));
 			}
 		else
@@ -215,15 +215,15 @@ bad:
 	p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);

 	if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
-	if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
+	if ((crl_stack=sk_X509_CRL_new(NULL)) == NULL) goto end;
 	p7s->crl=crl_stack;
 	if (crl != NULL)
 		{
 		sk_X509_CRL_push(crl_stack,crl);
-		crl=NULL; /* now part of p7 for OPENSSL_freeing */
+		crl=NULL; /* now part of p7 for Freeing */
 		}

-	if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
+	if ((cert_stack=sk_X509_new(NULL)) == NULL) goto end;
 	p7s->cert=cert_stack;

 	if(certflst) for(i = 0; i < sk_num(certflst); i++) {
@@ -239,15 +239,7 @@ bad:
 	sk_free(certflst);

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -274,7 +266,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (p7 != NULL) PKCS7_free(p7);
 	if (crl != NULL) X509_CRL_free(crl);

@@ -335,7 +327,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)

 	ret=count;
 end:
- 	/* never need to OPENSSL_free x */
+ 	/* never need to Free x */
 	if (in != NULL) BIO_free(in);
 	if (sk != NULL) sk_X509_INFO_free(sk);
 	return(ret);
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -66,7 +66,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -74,36 +73,26 @@
 #undef PROG
 #define PROG	dgst_main

-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-		EVP_PKEY *key, unsigned char *sigin, int siglen);
+void do_fp(unsigned char *buf,BIO *f,int sep);

 int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	unsigned char *buf=NULL;
 	int i,err=0;
 	const EVP_MD *md=NULL,*m;
 	BIO *in=NULL,*inp;
 	BIO *bmd=NULL;
-	BIO *out = NULL;
 	const char *name;
-#define PROG_NAME_SIZE  39
-	char pname[PROG_NAME_SIZE+1];
+#define PROG_NAME_SIZE  16
+	char pname[PROG_NAME_SIZE];
 	int separator=0;
 	int debug=0;
-	const char *outfile = NULL, *keyfile = NULL;
-	const char *sigfile = NULL, *randfile = NULL;
-	int out_bin = -1, want_pub = 0, do_verify = 0;
-	EVP_PKEY *sigkey = NULL;
-	unsigned char *sigbuf = NULL;
-	int siglen = 0;
-	char *engine=NULL;

 	apps_startup();

-	if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
+	if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
@@ -124,48 +113,6 @@ int MAIN(int argc, char **argv)
 		if ((*argv)[0] != '-') break;
 		if (strcmp(*argv,"-c") == 0)
 			separator=1;
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) break;
-			randfile=*(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) break;
-			outfile=*(++argv);
-			}
-		else if (strcmp(*argv,"-sign") == 0)
-			{
-			if (--argc < 1) break;
-			keyfile=*(++argv);
-			}
-		else if (strcmp(*argv,"-verify") == 0)
-			{
-			if (--argc < 1) break;
-			keyfile=*(++argv);
-			want_pub = 1;
-			do_verify = 1;
-			}
-		else if (strcmp(*argv,"-prverify") == 0)
-			{
-			if (--argc < 1) break;
-			keyfile=*(++argv);
-			do_verify = 1;
-			}
-		else if (strcmp(*argv,"-signature") == 0)
-			{
-			if (--argc < 1) break;
-			sigfile=*(++argv);
-			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) break;
-			engine= *(++argv);
-			}
-		else if (strcmp(*argv,"-hex") == 0)
-			out_bin = 0;
-		else if (strcmp(*argv,"-binary") == 0)
-			out_bin = 1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
@@ -179,31 +126,14 @@ int MAIN(int argc, char **argv)
 	if (md == NULL)
 		md=EVP_md5();

-	if(do_verify && !sigfile) {
-		BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
-		err = 1; 
-		goto end;
-	}
-
 	if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
 		{
 		BIO_printf(bio_err,"unknown option '%s'\n",*argv);
 		BIO_printf(bio_err,"options are\n");
-		BIO_printf(bio_err,"-c              to output the digest with separating colons\n");
-		BIO_printf(bio_err,"-d              to output debug info\n");
-		BIO_printf(bio_err,"-hex            output as hex dump\n");
-		BIO_printf(bio_err,"-binary         output in binary form\n");
-		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
-		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
-		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
-		BIO_printf(bio_err,"-signature file signature to verify\n");
-		BIO_printf(bio_err,"-binary         output in binary form\n");
-		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
-
+		BIO_printf(bio_err,"-c   to output the digest with separating colons\n");
+		BIO_printf(bio_err,"-d   to output debug info\n");
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
-			LN_md4,LN_md4);
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_md2,LN_md2);
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
@@ -217,25 +147,7 @@ int MAIN(int argc, char **argv)
 		err=1;
 		goto end;
 		}
-
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
+	
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)
@@ -251,80 +163,6 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}

-	if(out_bin == -1) {
-		if(keyfile) out_bin = 1;
-		else out_bin = 0;
-	}
-
-	if(randfile)
-		app_RAND_load_file(randfile, bio_err, 0);
-
-	if(outfile) {
-		if(out_bin)
-			out = BIO_new_file(outfile, "wb");
-		else    out = BIO_new_file(outfile, "w");
-	} else {
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-
-	if(!out) {
-		BIO_printf(bio_err, "Error opening output file %s\n", 
-					outfile ? outfile : "(stdout)");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	if(keyfile) {
-		BIO *keybio;
-		keybio = BIO_new_file(keyfile, "r");
-		if(!keybio) {
-			BIO_printf(bio_err, "Error opening key file %s\n",
-								keyfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		
-		if(want_pub) 
-			sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
-		else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
-		BIO_free(keybio);
-		if(!sigkey) {
-			BIO_printf(bio_err, "Error reading key file %s\n",
-								keyfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-
-	if(sigfile && sigkey) {
-		BIO *sigbio;
-		sigbio = BIO_new_file(sigfile, "rb");
-		siglen = EVP_PKEY_size(sigkey);
-		sigbuf = OPENSSL_malloc(siglen);
-		if(!sigbio) {
-			BIO_printf(bio_err, "Error opening signature file %s\n",
-								sigfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		siglen = BIO_read(sigbio, sigbuf, siglen);
-		BIO_free(sigbio);
-		if(siglen <= 0) {
-			BIO_printf(bio_err, "Error reading signature file %s\n",
-								sigfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-		
-
-
 	/* we use md as a filter, reading from 'in' */
 	BIO_set_md(bmd,md);
 	inp=BIO_push(bmd,in);
@@ -332,7 +170,7 @@ int MAIN(int argc, char **argv)
 	if (argc == 0)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-		do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen);
+		do_fp(buf,inp,separator);
 		}
 	else
 		{
@@ -345,9 +183,8 @@ int MAIN(int argc, char **argv)
 				err++;
 				continue;
 				}
-			if(!out_bin) BIO_printf(out, "%s(%s)= ",name,argv[i]);
-			do_fp(out, buf,inp,separator, out_bin, sigkey, 
-								sigbuf, siglen);
+			printf("%s(%s)= ",name,argv[i]);
+			do_fp(buf,inp,separator);
 			(void)BIO_reset(bmd);
 			}
 		}
@@ -355,18 +192,14 @@ end:
 	if (buf != NULL)
 		{
 		memset(buf,0,BUFSIZE);
-		OPENSSL_free(buf);
+		Free(buf);
 		}
 	if (in != NULL) BIO_free(in);
-	BIO_free_all(out);
-	EVP_PKEY_free(sigkey);
-	if(sigbuf) OPENSSL_free(sigbuf);
 	if (bmd != NULL) BIO_free(bmd);
 	EXIT(err);
 	}

-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-			EVP_PKEY *key, unsigned char *sigin, int siglen)
+void do_fp(unsigned char *buf, BIO *bp, int sep)
 	{
 	int len;
 	int i;
@@ -376,44 +209,14 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
 		if (i <= 0) break;
 		}
-	if(sigin)
-		{
-		EVP_MD_CTX *ctx;
-		BIO_get_md_ctx(bp, &ctx);
-		i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 
-		if(i > 0) BIO_printf(out, "Verified OK\n");
-		else if(i == 0) BIO_printf(out, "Verification Failure\n");
-		else
-			{
-			BIO_printf(bio_err, "Error Verifying Data\n");
-			ERR_print_errors(bio_err);
-			}
-		return;
-		}
-	if(key)
-		{
-		EVP_MD_CTX *ctx;
-		BIO_get_md_ctx(bp, &ctx);
-		if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) 
-			{
-			BIO_printf(bio_err, "Error Signing Data\n");
-			ERR_print_errors(bio_err);
-			return;
-			}
-		}
-	else
-		len=BIO_gets(bp,(char *)buf,BUFSIZE);
+	len=BIO_gets(bp,(char *)buf,BUFSIZE);

-	if(binout) BIO_write(out, buf, len);
-	else 
+	for (i=0; i<len; i++)
 		{
-		for (i=0; i<len; i++)
-			{
-			if (sep && (i != 0))
-				BIO_printf(out, ":");
-			BIO_printf(out, "%02x",buf[i]);
-			}
-		BIO_printf(out, "\n");
+		if (sep && (i != 0))
+			putc(':',stdout);
+		printf("%02x",buf[i]);
 		}
+	printf("\n");
 	}

--- a/apps/dh.c
+++ b/apps/dh.c
@@ -1,5 +1,4 @@
 /* apps/dh.c */
-/* obsoleted by dhparam.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -69,7 +68,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #undef PROG
 #define PROG	dh_main
@@ -88,12 +86,11 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;

 	apps_startup();

@@ -101,7 +98,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -132,11 +128,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -168,30 +159,11 @@ bad:
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		goto end;
 		}

 	ERR_load_crypto_strings();

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -211,15 +183,7 @@ bad:
 			}
 		}
 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -270,8 +234,8 @@ bad:
 			}
 		if (i & DH_CHECK_P_NOT_PRIME)
 			printf("p value is not prime\n");
-		if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-			printf("p value is not a safe prime\n");
+		if (i & DH_CHECK_P_NOT_STRONG_PRIME)
+			printf("p value is not a strong prime\n");
 		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
 			printf("unable to check the generator value\n");
 		if (i & DH_NOT_SUITABLE_GENERATOR)
@@ -286,10 +250,10 @@ bad:

 		len=BN_num_bytes(dh->p);
 		bits=BN_num_bits(dh->p);
-		data=(unsigned char *)OPENSSL_malloc(len);
+		data=(unsigned char *)Malloc(len);
 		if (data == NULL)
 			{
-			perror("OPENSSL_malloc");
+			perror("Malloc");
 			goto end;
 			}
 		l=BN_bn2bin(dh->p,data);
@@ -320,7 +284,7 @@ bad:
 		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
 		printf("\t\treturn(NULL);\n");
 		printf("\treturn(dh);\n\t}\n");
-		OPENSSL_free(data);
+		Free(data);
 		}


@@ -344,7 +308,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}
--- a/apps/dh1024.pem
+++ b/apps/dh1024.pem
@@ -1,10 +1,5 @@
 -----BEGIN DH PARAMETERS-----
-MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
-jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
-ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
 -----END DH PARAMETERS-----
-
-These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
--- a/apps/dh2048.pem
+++ b/apps/dh2048.pem
@@ -1,12 +0,0 @@
-----BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
-89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
-T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
-zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
-Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
-CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
-----END DH PARAMETERS-----
-
-These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
--- a/apps/dh4096.pem
+++ b/apps/dh4096.pem
@@ -1,18 +0,0 @@
-----BEGIN DH PARAMETERS-----
-MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
-l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
-Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
-Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
-VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
-alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
-sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
-ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
-OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
-AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
-KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
-----END DH PARAMETERS-----
-
-These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
--- a/apps/dh512.pem
+++ b/apps/dh512.pem
@@ -1,9 +0,0 @@
-----BEGIN DH PARAMETERS-----
-MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
-XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
-----END DH PARAMETERS-----
-
-These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -55,59 +55,6 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */

 #ifndef NO_DH
 #include <stdio.h>
@@ -121,11 +68,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
-
-#ifndef NO_DSA
-#include <openssl/dsa.h>
-#endif

 #undef PROG
 #define PROG	dhparam_main
@@ -136,7 +78,6 @@
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
- * -dsaparam  - read or generate DSA parameters, convert to DH
 * -check	- check the parameters are ok
 * -noout
 * -text
@@ -149,16 +90,12 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
-#ifndef NO_DSA
-	int dsaparam=0;
-#endif
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
-	char *inrand=NULL,*engine=NULL;
+	char *inrand=NULL;
 	int num = 0, g = 0;

 	apps_startup();
@@ -197,19 +134,10 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
-#ifndef NO_DSA
-		else if (strcmp(*argv,"-dsaparam") == 0)
-			dsaparam=1;
-#endif
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
 		else if (strcmp(*argv,"-noout") == 0)
@@ -238,17 +166,13 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-#ifndef NO_DSA
-		BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");
-#endif
 		BIO_printf(bio_err," -check        check the DH parameters\n");
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
 		BIO_printf(bio_err," -noout        no output\n");
@@ -257,43 +181,8 @@ bad:

 	ERR_load_crypto_strings();

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
-	if (g && !num)
-		num = DEFBITS;
-
-#ifndef NO_DSA
-	if (dsaparam)
-		{
-		if (g)
-			{
-			BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
-			goto end;
-			}
-		}
-	else
-#endif
-		{
-		/* DH parameters */
-		if (num && !g)
-			g = 2;
-		}
+	if(g && !num) num = DEFBITS;
+	else if(num && !g) g = 2;

 	if(num) {

@@ -305,40 +194,11 @@ bad:
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));

-#ifndef NO_DSA
-		if (dsaparam)
-			{
-			DSA *dsa;
+		BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
+		BIO_printf(bio_err,"This is going to take a long time\n");
+		dh=DH_generate_parameters(num,g,dh_cb,bio_err);
 			
-			BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
-			dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
-			if (dsa == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-
-			dh = DSA_dup_DH(dsa);
-			DSA_free(dsa);
-			if (dh == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		else
-#endif
-			{
-			BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
-			BIO_printf(bio_err,"This is going to take a long time\n");
-			dh=DH_generate_parameters(num,g,dh_cb,bio_err);
-			
-			if (dh == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
+		if (dh == NULL) goto end;

 		app_RAND_write_file(NULL, bio_err);
 	} else {
@@ -360,56 +220,24 @@ bad:
 				}
 			}

-		if	(informat != FORMAT_ASN1 && informat != FORMAT_PEM)
+		if	(informat == FORMAT_ASN1)
+			dh=d2i_DHparams_bio(in,NULL);
+		else if (informat == FORMAT_PEM)
+			dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
+		else
 			{
 			BIO_printf(bio_err,"bad input format specified\n");
 			goto end;
 			}
+		if (dh == NULL)
+			{
+			BIO_printf(bio_err,"unable to load DH parameters\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}

-#ifndef NO_DSA
-		if (dsaparam)
-			{
-			DSA *dsa;
-			
-			if (informat == FORMAT_ASN1)
-				dsa=d2i_DSAparams_bio(in,NULL);
-			else /* informat == FORMAT_PEM */
-				dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
-			
-			if (dsa == NULL)
-				{
-				BIO_printf(bio_err,"unable to load DSA parameters\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			
-			dh = DSA_dup_DH(dsa);
-			DSA_free(dsa);
-			if (dh == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		else
-#endif
-			{
-			if (informat == FORMAT_ASN1)
-				dh=d2i_DHparams_bio(in,NULL);
-			else /* informat == FORMAT_PEM */
-				dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
-			
-			if (dh == NULL)
-				{
-				BIO_printf(bio_err,"unable to load DH parameters\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		
-		/* dh != NULL */
 	}
-	
+
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -417,15 +245,7 @@ bad:
 		goto end;
 		}
 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -435,6 +255,7 @@ bad:
 			}
 		}

+	

 	if (text)
 		{
@@ -450,8 +271,8 @@ bad:
 			}
 		if (i & DH_CHECK_P_NOT_PRIME)
 			printf("p value is not prime\n");
-		if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-			printf("p value is not a safe prime\n");
+		if (i & DH_CHECK_P_NOT_STRONG_PRIME)
+			printf("p value is not a strong prime\n");
 		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
 			printf("unable to check the generator value\n");
 		if (i & DH_NOT_SUITABLE_GENERATOR)
@@ -466,35 +287,31 @@ bad:

 		len=BN_num_bytes(dh->p);
 		bits=BN_num_bits(dh->p);
-		data=(unsigned char *)OPENSSL_malloc(len);
+		data=(unsigned char *)Malloc(len);
 		if (data == NULL)
 			{
-			perror("OPENSSL_malloc");
+			perror("Malloc");
 			goto end;
 			}
-		printf("#ifndef HEADER_DH_H\n"
-		       "#include <openssl/dh.h>\n"
-		       "#endif\n");
-		printf("DH *get_dh%d()\n\t{\n",bits);
-
 		l=BN_bn2bin(dh->p,data);
-		printf("\tstatic unsigned char dh%d_p[]={",bits);
+		printf("static unsigned char dh%d_p[]={",bits);
 		for (i=0; i<l; i++)
 			{
-			if ((i%12) == 0) printf("\n\t\t");
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
-		printf("\n\t\t};\n");
+		printf("\n\t};\n");

 		l=BN_bn2bin(dh->g,data);
-		printf("\tstatic unsigned char dh%d_g[]={",bits);
+		printf("static unsigned char dh%d_g[]={",bits);
 		for (i=0; i<l; i++)
 			{
-			if ((i%12) == 0) printf("\n\t\t");
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
-		printf("\n\t\t};\n");
+		printf("\n\t};\n\n");

+		printf("DH *get_dh%d()\n\t{\n",bits);
 		printf("\tDH *dh;\n\n");
 		printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
 		printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
@@ -502,11 +319,9 @@ bad:
 		printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
 			bits,bits);
 		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
-		printf("\t\t{ DH_free(dh); return(NULL); }\n");
-		if (dh->length)
-			printf("\tdh->length = %d;\n", dh->length);
+		printf("\t\treturn(NULL);\n");
 		printf("\treturn(dh);\n\t}\n");
-		OPENSSL_free(data);
+		Free(data);
 		}


@@ -530,12 +345,11 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}

-/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
 static void MS_CALLBACK dh_cb(int p, int n, void *arg)
 	{
 	char c='*';
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -68,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #undef PROG
 #define PROG	dsa_main
@@ -88,7 +87,6 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
@@ -96,7 +94,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog,*engine;
+	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	int modulus=0;
@@ -107,7 +105,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -148,11 +145,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -184,7 +176,6 @@ bad:
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
@@ -198,24 +189,6 @@ bad:

 	ERR_load_crypto_strings();

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
@@ -260,15 +233,7 @@ bad:
 		}

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -316,10 +281,10 @@ bad:
 		ret=0;
 end:
 	if(in != NULL) BIO_free(in);
-	if(out != NULL) BIO_free_all(out);
+	if(out != NULL) BIO_free(out);
 	if(dsa != NULL) DSA_free(dsa);
-	if(passin) OPENSSL_free(passin);
-	if(passout) OPENSSL_free(passout);
+	if(passin) Free(passin);
+	if(passout) Free(passout);
 	EXIT(ret);
 	}
 #endif
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -176,7 +176,7 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -text         print as text\n");
+		BIO_printf(bio_err," -text         print the key in text\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
@@ -205,15 +205,7 @@ bad:
 			}
 		}
 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -268,10 +260,10 @@ bad:
 		bits_p=BN_num_bits(dsa->p);
 		bits_q=BN_num_bits(dsa->q);
 		bits_g=BN_num_bits(dsa->g);
-		data=(unsigned char *)OPENSSL_malloc(len+20);
+		data=(unsigned char *)Malloc(len+20);
 		if (data == NULL)
 			{
-			perror("OPENSSL_malloc");
+			perror("Malloc");
 			goto end;
 			}
 		l=BN_bn2bin(dsa->p,data);
@@ -311,7 +303,7 @@ bad:
 		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
 			bits_p,bits_p);
 		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
-		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
+		printf("\t\treturn(NULL);\n");
 		printf("\treturn(dsa);\n\t}\n");
 		}

@@ -355,7 +347,7 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dsa != NULL) DSA_free(dsa);
 	EXIT(ret);
 	}
--- a/crypto/conf/conf_api.h
+++ b/crypto/conf/conf_api.h
@@ -1,4 +1,4 @@
-/* conf_api.h */
+/* apps/eay.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -56,32 +56,76 @@
 * [including the GNU Public Licence.]
 */

-#ifndef  HEADER_CONF_API_H
-#define HEADER_CONF_API_H
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>

+#define MONOLITH
+#define USE_SOCKETS
+
+#include "openssl/e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/stack.h>
 #include <openssl/lhash.h>
+
+#include <openssl/err.h>
+
+#include <openssl/bn.h>
+
+#include <openssl/evp.h>
+
+#include <openssl/rand.h>
 #include <openssl/conf.h>
+#include <openssl/txt_db.h>

-#ifdef  __cplusplus
-extern "C" {
+#include <openssl/err.h>
+
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+#define MONOLITH
+
+#include "openssl.c"
+#include "apps.c"
+#include "asn1pars.c"
+#ifndef NO_RSA
+#include "ca.c"
+#include "genrsa.c"
+#include "req.c"
+#include "rsa.c"
 #endif
-
-/* Up until OpenSSL 0.9.5a, this was new_section */
-CONF_VALUE *_CONF_new_section(CONF *conf, char *section);
-/* Up until OpenSSL 0.9.5a, this was get_section */
-CONF_VALUE *_CONF_get_section(CONF *conf, char *section);
-/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
-STACK_OF(CONF_VALUE) *_CONF_get_section_values(CONF *conf, char *section);
-
-int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
-char *_CONF_get_string(CONF *conf, char *section, char *name);
-long _CONF_get_number(CONF *conf, char *section, char *name);
-
-int _CONF_new_data(CONF *conf);
-void _CONF_free_data(CONF *conf);
-
-#ifdef  __cplusplus
-}
+#ifndef NO_DH
+#include "gendh.c"
+#include "dh.c"
+#endif
+#include "crl.c"
+#include "crl2p7.c"
+#include "dgst.c"
+#include "enc.c"
+#include "errstr.c"
+#if !defined(NO_SSL2) || !defined(NO_SSL3)
+#ifndef NO_SOCK
+#include "s_cb.c"
+#include "s_client.c"
+#include "s_server.c"
+#include "s_socket.c"
+#include "s_time.c"
 #endif
 #endif
+#include "speed.c"
+#include "verify.c"
+#include "version.c"
+#include "x509.c"
+#include "ciphers.c"
+#include "sess_id.c"
+#include "pkcs7.c"
+#ifndef NO_DSA
+#include "dsaparam.c"
+#include "dsa.c"
+#include "gendsa.c"
+#endif

--- a/apps/enc.c
+++ b/apps/enc.c
@@ -70,7 +70,6 @@
 #include <openssl/md5.h>
 #endif
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -85,7 +84,6 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	static const char magic[]="Salted__";
 	char mbuf[8];	/* should be 1 smaller than magic */
 	char *strbuf=NULL;
@@ -101,9 +99,8 @@ int MAIN(int argc, char **argv)
 	const EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
-#define PROG_NAME_SIZE  39
-	char pname[PROG_NAME_SIZE+1];
-	char *engine = NULL;
+#define PROG_NAME_SIZE  16
+	char pname[PROG_NAME_SIZE];

 	apps_startup();

@@ -144,11 +141,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
@@ -249,7 +241,6 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
-			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");

 			BIO_printf(bio_err,"Cipher Types\n");
 			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
@@ -323,24 +314,6 @@ bad:
 		argv++;
 		}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -370,11 +343,11 @@ bad:
 		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
 		}

-	strbuf=OPENSSL_malloc(SIZE);
-	buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
+	strbuf=Malloc(SIZE);
+	buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
 	if ((buff == NULL) || (strbuf == NULL))
 		{
-		BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
+		BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
 		goto end;
 		}

@@ -443,15 +416,7 @@ bad:


 	if (outf == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outf) <= 0)
@@ -542,14 +507,6 @@ bad:
 			BIO_printf(bio_err,"invalid hex iv value\n");
 			goto end;
 			}
-		if ((hiv == NULL) && (str == NULL))
-			{
-			/* No IV was explicitly set and no IV was generated
-			 * during EVP_BytesToKey. Hence the IV is undefined,
-			 * making correct decryption impossible. */
-			BIO_printf(bio_err, "iv undefined\n");
-			goto end;
-			}
 		if ((hkey != NULL) && !set_hex(hkey,key,24))
 			{
 			BIO_printf(bio_err,"invalid hex key value\n");
@@ -624,13 +581,13 @@ bad:
 		}
 end:
 	ERR_print_errors(bio_err);
-	if (strbuf != NULL) OPENSSL_free(strbuf);
-	if (buff != NULL) OPENSSL_free(buff);
+	if (strbuf != NULL) Free(strbuf);
+	if (buff != NULL) Free(buff);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (benc != NULL) BIO_free(benc);
 	if (b64 != NULL) BIO_free(b64);
-	if(pass) OPENSSL_free(pass);
+	if(pass) Free(pass);
 	EXIT(ret);
 	}

--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -91,18 +91,12 @@ int MAIN(int argc, char **argv)
 		out=BIO_new(BIO_s_file());
 		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
 			{
-#ifdef VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
 			lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
 			lh_stats_bio((LHASH *)ERR_get_string_table(),out);
 			lh_node_usage_stats_bio((LHASH *)
 				ERR_get_string_table(),out);
 			}
-		if (out != NULL) BIO_free_all(out);
+		if (out != NULL) BIO_free(out);
 		argc--;
 		argv++;
 		}
@@ -110,10 +104,7 @@ int MAIN(int argc, char **argv)
 	for (i=1; i<argc; i++)
 		{
 		if (sscanf(argv[i],"%lx",&l))
-			{
-			ERR_error_string_n(l, buf, sizeof buf);
-			printf("%s\n",buf);
-			}
+			printf("%s\n",ERR_error_string(l,buf));
 		else
 			{
 			printf("%s: bad error code\n",argv[i]);
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -1,5 +1,4 @@
 /* apps/gendh.c */
-/* obsoleted by dhparam.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -70,7 +69,6 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #define DEFBITS	512
 #undef PROG
@@ -82,13 +80,11 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
 	char *inrand=NULL;
-	char *engine=NULL;
 	BIO *out=NULL;

 	apps_startup();
@@ -113,11 +109,6 @@ int MAIN(int argc, char **argv)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -133,34 +124,15 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
-		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err," -2    use 2 as the generator value\n");
+	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
+		BIO_printf(bio_err," -5    use 5 as the generator value\n");
+		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 		
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -169,15 +141,7 @@ bad:
 		}

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -195,7 +159,7 @@ bad:
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));

-	BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
+	BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
 	dh=DH_generate_parameters(num,g,dh_cb,bio_err);
 		
@@ -209,7 +173,7 @@ bad:
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -68,7 +68,6 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #define DEFBITS	512
 #undef PROG
@@ -78,7 +77,6 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
@@ -86,7 +84,6 @@ int MAIN(int argc, char **argv)
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
 	EVP_CIPHER *enc=NULL;
-	char *engine=NULL;

 	apps_startup();

@@ -109,11 +106,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -153,8 +145,7 @@ bad:
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
-		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		BIO_printf(bio_err," dsaparam-file\n");
@@ -162,24 +153,6 @@ bad:
 		goto end;
 		}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -205,15 +178,7 @@ bad:
 	if (out == NULL) goto end;

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -244,9 +209,9 @@ end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (dsa != NULL) DSA_free(dsa);
-	if(passout) OPENSSL_free(passout);
+	if(passout) Free(passout);
 	EXIT(ret);
 	}
 #endif
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -69,7 +69,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #define DEFBITS	512
 #undef PROG
@@ -81,7 +80,6 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
@@ -90,7 +88,6 @@ int MAIN(int argc, char **argv)
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
-	char *engine=NULL;
 	char *inrand=NULL;
 	BIO *out=NULL;

@@ -117,13 +114,8 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-3") == 0)
 			f4=3;
-		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
+		else if (strcmp(*argv,"-F4") == 0)
 			f4=RSA_F4;
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -162,8 +154,7 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
 		goto err;
@@ -176,34 +167,8 @@ bad:
 		goto err;
 	}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto err;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto err;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -213,8 +178,7 @@ bad:
 			}
 		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
-		&& !RAND_status())
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
@@ -248,8 +212,8 @@ bad:
 	ret=0;
 err:
 	if (rsa != NULL) RSA_free(rsa);
-	if (out != NULL) BIO_free_all(out);
-	if(passout) OPENSSL_free(passout);
+	if (out != NULL) BIO_free(out);
+	if(passout) Free(passout);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	EXIT(ret);
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -154,16 +154,16 @@ $! Define The Application Files.
 $!
 $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "CA;PKCS7;CRL2P7;CRL;"+-
-	      "RSA;RSAUTL;DSA;DSAPARAM;"+-
+	      "RSA;DSA;DSAPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
-	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND"
+	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
 	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
-	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
+	       RSA.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
 	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
-	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ
+	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",OPENSSL,"
@@ -1133,7 +1133,6 @@ $!
 $! Save directory information
 $!
 $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
-$ __HERE = F$EDIT(__HERE,"UPCASE")
 $ __TOP = __HERE - "APPS]"
 $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
 $!
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -119,18 +119,11 @@ int MAIN(int argc, char **argv)
 				 "Can't open output file %s\n", outfile);
 			goto end;
 		}
-	} else {
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
+	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
 	if (toseq) {
 		seq = NETSCAPE_CERT_SEQUENCE_new();
-		seq->certs = sk_X509_new_null();
+		seq->certs = sk_X509_new(NULL);
 		while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 
 		    sk_X509_push(seq->certs,x509);

@@ -159,7 +152,7 @@ int MAIN(int argc, char **argv)
 	ret = 0;
 end:
 	BIO_free(in);
-	BIO_free_all(out);
+	BIO_free(out);
 	NETSCAPE_CERT_SEQUENCE_free(seq);

 	EXIT(ret);
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -56,10 +56,13 @@
 * [including the GNU Public Licence.]
 */

+#ifndef DEBUG
+#undef DEBUG
+#endif
+
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
@@ -68,11 +71,18 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
+#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
 #include "apps.h"
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>

+/*
+#ifdef WINDOWS
+#include "bss_file.c"
+#endif
+*/
+
 static unsigned long MS_CALLBACK hash(FUNCTION *a);
 static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
@@ -80,6 +90,15 @@ static int do_cmd(LHASH *prog,int argc,char *argv[]);
 LHASH *config=NULL;
 char *default_config_file=NULL;

+#ifdef DEBUG
+static void sig_stop(int i)
+	{
+	char *a=NULL;
+
+	*a='\0';
+	}
+#endif
+
 /* Make sure there is only one when MONOLITH is defined */
 #ifdef MONOLITH
 BIO *bio_err=NULL;
@@ -88,8 +107,8 @@ BIO *bio_err=NULL;
 int main(int Argc, char *Argv[])
 	{
 	ARGS arg;
-#define PROG_NAME_SIZE	39
-	char pname[PROG_NAME_SIZE+1];
+#define PROG_NAME_SIZE	16
+	char pname[PROG_NAME_SIZE];
 	FUNCTION f,*fp;
 	MS_STATIC char *prompt,buf[1024],config_name[256];
 	int n,i,ret=0;
@@ -101,8 +120,15 @@ int main(int Argc, char *Argv[])
 	arg.data=NULL;
 	arg.count=0;

-	if (getenv("OPENSSL_DEBUG_MEMORY") != NULL)
-		CRYPTO_malloc_debug_init();
+#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
+#ifdef SIGBUS
+	signal(SIGBUS,sig_stop);
+#endif
+#ifdef SIGSEGV
+	signal(SIGSEGV,sig_stop);
+#endif
+#endif
+
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

 	apps_startup();
@@ -203,12 +229,18 @@ end:
 		config=NULL;
 		}
 	if (prog != NULL) lh_free(prog);
-	if (arg.data != NULL) OPENSSL_free(arg.data);
+	if (arg.data != NULL) Free(arg.data);
 	ERR_remove_state(0);

 	EVP_cleanup();
 	ERR_free_strings();
-	
+
+#ifdef LEVITTE_DEBUG
+	CRYPTO_push_info("Just to make sure I get a memory leak I can see :-)");
+	(void)Malloc(1024);
+	CRYPTO_pop_info();
+#endif
+
 	CRYPTO_mem_leaks(bio_err);
 	if (bio_err != NULL)
 		{
@@ -235,24 +267,6 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		{
 		ret=fp->func(argc,argv);
 		}
-	else if ((strncmp(argv[0],"no-",3)) == 0)
-		{
-		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		bio_stdout = BIO_push(tmpbio, bio_stdout);
-		}
-#endif
-		f.name=argv[0]+3;
-		ret = (lh_retrieve(prog,&f) != NULL);
-		if (!ret)
-			BIO_printf(bio_stdout, "%s\n", argv[0]);
-		else
-			BIO_printf(bio_stdout, "%s\n", argv[0]+3);
-		BIO_free_all(bio_stdout);
-		goto end;
-		}
 	else if ((strcmp(argv[0],"quit") == 0) ||
 		(strcmp(argv[0],"q") == 0) ||
 		(strcmp(argv[0],"exit") == 0) ||
@@ -275,17 +289,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
 			list_type = FUNC_TYPE_CIPHER;
 		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		bio_stdout = BIO_push(tmpbio, bio_stdout);
-		}
-#endif
 		
 		for (fp=functions; fp->name != NULL; fp++)
 			if (fp->type == list_type)
 				BIO_printf(bio_stdout, "%s\n", fp->name);
-		BIO_free_all(bio_stdout);
+		BIO_free(bio_stdout);
 		ret=0;
 		goto end;
 		}
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -1,10 +1,10 @@
 /* apps/passwd.c */

 #if defined NO_MD5 || defined CHARSET_EBCDIC
-# define NO_MD5CRYPT_1
+# define NO_APR1
 #endif

-#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)
+#if !defined(NO_DES) || !defined(NO_APR1)

 #include <assert.h>
 #include <string.h>
@@ -19,7 +19,7 @@
 #ifndef NO_DES
 # include <openssl/des.h>
 #endif
-#ifndef NO_MD5CRYPT_1
+#ifndef NO_APR1
 # include <openssl/md5.h>
 #endif

@@ -42,11 +42,10 @@ static unsigned const char cov_2char[64]={

 static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	char *passwd, BIO *out, int quiet, int table, int reverse,
-	size_t pw_maxlen, int usecrypt, int use1, int useapr1);
+	size_t pw_maxlen, int usecrypt, int useapr1);

-/* -crypt        - standard Unix password algorithm (default)
- * -1            - MD5-based password algorithm
- * -apr1         - MD5-based password algorithm, Apache variant
+/* -crypt        - standard Unix password algorithm (default, only choice)
+ * -apr1         - MD5-based password algorithm
 * -salt string  - salt
 * -in file      - read passwords from file
 * -stdin        - read passwords from stdin
@@ -64,12 +63,11 @@ int MAIN(int argc, char **argv)
 	int in_stdin = 0;
 	char *salt = NULL, *passwd = NULL, **passwds = NULL;
 	char *salt_malloc = NULL, *passwd_malloc = NULL;
-	size_t passwd_malloc_size = 0;
 	int pw_source_defined = 0;
 	BIO *in = NULL, *out = NULL;
 	int i, badopt, opt_done;
 	int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
-	int usecrypt = 0, use1 = 0, useapr1 = 0;
+	int usecrypt = 0, useapr1 = 0;
 	size_t pw_maxlen = 0;

 	apps_startup();
@@ -81,12 +79,6 @@ int MAIN(int argc, char **argv)
 	if (out == NULL)
 		goto err;
 	BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	out = BIO_push(tmpbio, out);
-	}
-#endif

 	badopt = 0, opt_done = 0;
 	i = 0;
@@ -94,8 +86,6 @@ int MAIN(int argc, char **argv)
 		{
 		if (strcmp(argv[i], "-crypt") == 0)
 			usecrypt = 1;
-		else if (strcmp(argv[i], "-1") == 0)
-			use1 = 1;
 		else if (strcmp(argv[i], "-apr1") == 0)
 			useapr1 = 1;
 		else if (strcmp(argv[i], "-salt") == 0)
@@ -147,17 +137,17 @@ int MAIN(int argc, char **argv)
 			badopt = 1;
 		}

-	if (!usecrypt && !use1 && !useapr1) /* use default */
+	if (!usecrypt && !useapr1) /* use default */
 		usecrypt = 1;
-	if (usecrypt + use1 + useapr1 > 1) /* conflict */
+	if (usecrypt + useapr1 > 1) /* conflict */
 		badopt = 1;

 	/* reject unsupported algorithms */
 #ifdef NO_DES
 	if (usecrypt) badopt = 1;
 #endif
-#ifdef NO_MD5CRYPT_1
-	if (use1 || useapr1) badopt = 1;
+#ifdef NO_APR1
+	if (useapr1) badopt = 1;
 #endif

 	if (badopt) 
@@ -167,9 +157,8 @@ int MAIN(int argc, char **argv)
 #ifndef NO_DES
 		BIO_printf(bio_err, "-crypt             standard Unix password algorithm (default)\n");
 #endif
-#ifndef NO_MD5CRYPT_1
-		BIO_printf(bio_err, "-1                 MD5-based password algorithm\n");
-		BIO_printf(bio_err, "-apr1              MD5-based password algorithm, Apache variant\n");
+#ifndef NO_APR1
+		BIO_printf(bio_err, "-apr1              MD5-based password algorithm\n");
 #endif
 		BIO_printf(bio_err, "-salt string       use provided salt\n");
 		BIO_printf(bio_err, "-in file           read passwords from file\n");
@@ -201,16 +190,13 @@ int MAIN(int argc, char **argv)
 	
 	if (usecrypt)
 		pw_maxlen = 8;
-	else if (use1 || useapr1)
+	else if (useapr1)
 		pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */

 	if (passwds == NULL)
 		{
 		/* no passwords on the command line */
-
-		passwd_malloc_size = pw_maxlen + 2;
-		/* longer than necessary so that we can warn about truncation */
-		passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
+		passwd = passwd_malloc = Malloc(pw_maxlen + 1);
 		if (passwd_malloc == NULL)
 			goto err;
 		}
@@ -222,7 +208,7 @@ int MAIN(int argc, char **argv)
 		
 		passwds = passwds_static;
 		if (in == NULL)
-			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
+			if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0)
 				goto err;
 		passwds[0] = passwd_malloc;
 		}
@@ -236,7 +222,7 @@ int MAIN(int argc, char **argv)
 			{
 			passwd = *passwds++;
 			if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
-				quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
+				quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
 				goto err;
 			}
 		while (*passwds != NULL);
@@ -265,41 +251,33 @@ int MAIN(int argc, char **argv)
 					}
 				
 				if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
-					quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
+					quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
 					goto err;
 				}
 			done = (r <= 0);
 			}
 		while (!done);
 		}
-	ret = 0;

 err:
 	ERR_print_errors(bio_err);
 	if (salt_malloc)
-		OPENSSL_free(salt_malloc);
+		Free(salt_malloc);
 	if (passwd_malloc)
-		OPENSSL_free(passwd_malloc);
+		Free(passwd_malloc);
 	if (in)
 		BIO_free(in);
 	if (out)
-		BIO_free_all(out);
+		BIO_free(out);
 	EXIT(ret);
 	}


-#ifndef NO_MD5CRYPT_1
-/* MD5-based password algorithm (should probably be available as a library
- * function; then the static buffer would not be acceptable).
- * For magic string "1", this should be compatible to the MD5-based BSD
- * password algorithm.
- * For 'magic' string "apr1", this is compatible to the MD5-based Apache
- * password algorithm.
- * (Apparently, the Apache password algorithm is identical except that the
- * 'magic' string was changed -- the laziest application of the NIH principle
- * I've ever encountered.)
- */
-static char *md5crypt(const char *passwd, const char *magic, const char *salt)
+#ifndef NO_APR1
+/* MD5-based password algorithm compatible to the one found in Apache
+ * (should probably be available as a library function;
+ * then the static buffer would not be acceptable) */
+static char *apr1_crypt(const char *passwd, const char *salt)
 	{
 	static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
 	unsigned char buf[MD5_DIGEST_LENGTH];
@@ -309,22 +287,16 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	size_t passwd_len, salt_len;

 	passwd_len = strlen(passwd);
-	out_buf[0] = '$';
-	out_buf[1] = 0;
-	assert(strlen(magic) <= 4); /* "1" or "apr1" */
-	strncat(out_buf, magic, 4);
-	strncat(out_buf, "$", 1);
+	strcpy(out_buf, "$apr1$");
 	strncat(out_buf, salt, 8);
 	assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
-	salt_out = out_buf + 2 + strlen(magic);
+	salt_out = out_buf + 6;
 	salt_len = strlen(salt_out);
 	assert(salt_len <= 8);
 	
 	MD5_Init(&md);
 	MD5_Update(&md, passwd, passwd_len);
-	MD5_Update(&md, "$", 1);
-	MD5_Update(&md, magic, strlen(magic));
-	MD5_Update(&md, "$", 1);
+	MD5_Update(&md, "$apr1$", 6);
 	MD5_Update(&md, salt_out, salt_len);
 	
 	 {
@@ -408,7 +380,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)

 static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	char *passwd, BIO *out,	int quiet, int table, int reverse,
-	size_t pw_maxlen, int usecrypt, int use1, int useapr1)
+	size_t pw_maxlen, int usecrypt, int useapr1)
 	{
 	char *hash = NULL;

@@ -423,7 +395,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 			{
 			if (*salt_malloc_p == NULL)
 				{
-				*salt_p = *salt_malloc_p = OPENSSL_malloc(3);
+				*salt_p = *salt_malloc_p = Malloc(3);
 				if (*salt_malloc_p == NULL)
 					goto err;
 				}
@@ -439,14 +411,14 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 			}
 #endif /* !NO_DES */

-#ifndef NO_MD5CRYPT_1
-		if (use1 || useapr1)
+#ifndef NO_APR1
+		if (useapr1)
 			{
 			int i;
 			
 			if (*salt_malloc_p == NULL)
 				{
-				*salt_p = *salt_malloc_p = OPENSSL_malloc(9);
+				*salt_p = *salt_malloc_p = Malloc(9);
 				if (*salt_malloc_p == NULL)
 					goto err;
 				}
@@ -457,7 +429,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 				(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
 			(*salt_p)[8] = 0;
 			}
-#endif /* !NO_MD5CRYPT_1 */
+#endif /* !NO_APR1 */
 		}
 	
 	assert(*salt_p != NULL);
@@ -476,9 +448,9 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	if (usecrypt)
 		hash = des_crypt(passwd, *salt_p);
 #endif
-#ifndef NO_MD5CRYPT_1
-	if (use1 || useapr1)
-		hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
+#ifndef NO_APR1
+	if (useapr1)
+		hash = apr1_crypt(passwd, *salt_p);
 #endif
 	assert(hash != NULL);

--- a/apps/pca-cert.srl
+++ b/apps/pca-cert.srl
@@ -1 +1 @@
-07
+01
--- a/apps/pem_mail.c
+++ b/apps/pem_mail.c
@@ -0,0 +1,170 @@
+/* apps/pem_mail.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_RSA
+#include <stdio.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include "apps.h"
+
+#undef PROG
+#define PROG	pem_mail_main
+
+static char *usage[]={
+"usage: pem_mail args\n",
+"\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -cert arg       - the certificate to use\n",
+" -key arg        - the private key to use\n",
+" -MIC           - sign the message\n",
+" -enc arg        - encrypt with one of cbc-des\n",
+NULL
+};
+
+
+typedef struct lines_St
+	{
+	char *line;
+	struct lines_st *next;
+	} LINES;
+
+int main(int argc, char **argv)
+	{
+	FILE *in;
+	RSA *rsa=NULL;
+	EVP_MD_CTX ctx;
+	unsigned int mic=0,i,n;
+	unsigned char buf[1024*15];
+	char *prog,*infile=NULL,*outfile=NULL,*key=NULL;
+	int badops=0;
+
+	apps_startup();
+
+	prog=argv[0];
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if (strcmp(*argv,"-key") == 0)
+			{
+			if (--argc < 1) goto bad;
+			key= *(++argv);
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-mic") == 0)
+			mic=1;
+		else
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (badops)
+		{
+bad:
+		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+		BIO_printf(bio_err,"where options  are\n");
+		EXIT(1);
+		}
+
+	if (key == NULL)
+		{ BIO_printf(bio_err,"you need to specify a key\n"); EXIT(1); }
+	in=fopen(key,"r");
+	if (in == NULL) { perror(key); EXIT(1); }
+	rsa=PEM_read_RSAPrivateKey(in,NULL,NULL);
+	if (rsa == NULL)
+		{
+		BIO_printf(bio_err,"unable to load Private Key\n");
+		ERR_print_errors(bio_err);
+		EXIT(1);
+		}
+	fclose(in);
+
+	PEM_SignInit(&ctx,EVP_md5());
+	for (;;)
+		{
+		i=fread(buf,1,1024*10,stdin);
+		if (i <= 0) break;
+		PEM_SignUpdate(&ctx,buf,i);
+		}
+	if (!PEM_SignFinal(&ctx,buf,&n,rsa)) goto err;
+	BIO_printf(bio_err,"%s\n",buf);
+	EXIT(0);
+err:
+	ERR_print_errors(bio_err);
+	EXIT(1);
+	}
+#endif
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -66,7 +66,6 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
-#include <openssl/engine.h>

 #define PROG pkcs12_main

@@ -79,10 +78,9 @@ EVP_CIPHER *enc;
 #define CLCERTS		0x8
 #define CACERTS		0x10

-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
-			  int passlen, int options, char *pempass);
+int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options, char *pempass);
 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
 int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
@@ -93,7 +91,6 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 {
-    ENGINE *e = NULL;
    char *infile=NULL, *outfile=NULL, *keyname = NULL;	
    char *certfile=NULL;
    BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -119,8 +116,6 @@ int MAIN(int argc, char **argv)
    char *passargin = NULL, *passargout = NULL, *passarg = NULL;
    char *passin = NULL, *passout = NULL;
    char *inrand = NULL;
-    char *CApath = NULL, *CAfile = NULL;
-    char *engine=NULL;

    apps_startup();

@@ -200,7 +195,7 @@ int MAIN(int argc, char **argv)
 		} else if (!strcmp (*args, "-caname")) {
 		    if (args[1]) {
 			args++;	
-			if (!canames) canames = sk_new_null();
+			if (!canames) canames = sk_new(NULL);
 			sk_push(canames, *args);
 		    } else badarg = 1;
 		} else if (!strcmp (*args, "-in")) {
@@ -229,21 +224,6 @@ int MAIN(int argc, char **argv)
 			passarg = *args;
 		    	noprompt = 1;
 		    } else badarg = 1;
-		} else if (!strcmp(*args,"-CApath")) {
-		    if (args[1]) {
-			args++;	
-			CApath = *args;
-		    } else badarg = 1;
-		} else if (!strcmp(*args,"-CAfile")) {
-		    if (args[1]) {
-			args++;	
-			CAfile = *args;
-		    } else badarg = 1;
-		} else if (!strcmp(*args,"-engine")) {
-		    if (args[1]) {
-			args++;	
-			engine = *args;
-		    } else badarg = 1;
 		} else badarg = 1;

 	} else badarg = 1;
@@ -257,8 +237,6 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-chain        add certificate chain\n");
 	BIO_printf (bio_err, "-inkey file   private key if not infile\n");
 	BIO_printf (bio_err, "-certfile f   add all certs in f\n");
-	BIO_printf (bio_err, "-CApath arg   - PEM format directory of CA's\n");
-	BIO_printf (bio_err, "-CAfile arg   - PEM format file of CA's\n");
 	BIO_printf (bio_err, "-name \"name\"  use name as friendly name\n");
 	BIO_printf (bio_err, "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
 	BIO_printf (bio_err, "-in  infile   input filename\n");
@@ -287,27 +265,12 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
-	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
-	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+	BIO_printf(bio_err,  "-rand file:file:...\n");
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
    	goto end;
    }

-    if (engine != NULL) {
-	if((e = ENGINE_by_id(engine)) == NULL) {
-	    BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
-	    goto end;
-	}
-	if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
-	    BIO_printf(bio_err,"can't use that engine\n");
-	    goto end;
-	}
-	BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-	/* Free our "structural" reference. */
-	ENGINE_free(e);
-    }
-
    if(passarg) {
 	if(export_cert) passargout = passarg;
 	else passargin = passarg;
@@ -373,15 +336,8 @@ int MAIN(int argc, char **argv)
    CRYPTO_push_info("write files");
 #endif

-    if (!outfile) {
-	out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
-	{
-	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	    out = BIO_push(tmpbio, out);
-	}
-#endif
-    } else out = BIO_new_file(outfile, "wb");
+    if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    else out = BIO_new_file(outfile, "wb");
    if (!out) {
 	BIO_printf(bio_err, "Error opening output file %s\n",
 						outfile ? outfile : "<stdout>");
@@ -403,22 +359,20 @@ int MAIN(int argc, char **argv)
    }

    if (export_cert) {
-	EVP_PKEY *key = NULL;
-	STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
-	STACK_OF(PKCS7) *safes = NULL;
-	PKCS12_SAFEBAG *bag = NULL;
-	PKCS8_PRIV_KEY_INFO *p8 = NULL;
-	PKCS7 *authsafe = NULL;
+	EVP_PKEY *key;
+	STACK *bags, *safes;
+	PKCS12_SAFEBAG *bag;
+	PKCS8_PRIV_KEY_INFO *p8;
+	PKCS7 *authsafe;
 	X509 *ucert = NULL;
 	STACK_OF(X509) *certs=NULL;
-	char *catmp = NULL;
+	char *catmp;
 	int i;
 	unsigned char keyid[EVP_MAX_MD_SIZE];
 	unsigned int keyidlen = 0;

 #ifdef CRYPTO_MDEBUG
 	CRYPTO_push_info("process -export_cert");
-	CRYPTO_push_info("reading private key");
 #endif
 	key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
 	if (!inkey) (void) BIO_reset(in);
@@ -426,28 +380,18 @@ int MAIN(int argc, char **argv)
 	if (!key) {
 		BIO_printf (bio_err, "Error loading private key\n");
 		ERR_print_errors(bio_err);
-		goto export_end;
+		goto end;
 	}

-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("reading certs from input");
-#endif
-
-	certs = sk_X509_new_null();
+	certs = sk_X509_new(NULL);

 	/* Load in all certs in input file */
 	if(!cert_load(in, certs)) {
 		BIO_printf(bio_err, "Error loading certificates from input\n");
 		ERR_print_errors(bio_err);
-		goto export_end;
+		goto end;
 	}

-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("reading certs from input 2");
-#endif
-
 	for(i = 0; i < sk_X509_num(certs); i++) {
 		ucert = sk_X509_value(certs, i);
 		if(X509_check_private_key(ucert, key)) {
@@ -455,68 +399,41 @@ int MAIN(int argc, char **argv)
 			break;
 		}
 	}
+
 	if(!keyidlen) {
-		ucert = NULL;
 		BIO_printf(bio_err, "No certificate matches private key\n");
-		goto export_end;
+		goto end;
 	}
 	
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("reading certs from certfile");
-#endif
-
-	bags = sk_PKCS12_SAFEBAG_new_null ();
+	bags = sk_new (NULL);

 	/* Add any more certificates asked for */
 	if (certsin) {
 		if(!cert_load(certsin, certs)) {
 			BIO_printf(bio_err, "Error loading certificates from certfile\n");
 			ERR_print_errors(bio_err);
-			goto export_end;
+			goto end;
 		}
 	    	BIO_free(certsin);
 	}

-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("building chain");
-#endif
-
 	/* If chaining get chain from user cert */
 	if (chain) {
        	int vret;
 		STACK_OF(X509) *chain2;
-		X509_STORE *store = X509_STORE_new();
-		if (!store)
-			{
-			BIO_printf (bio_err, "Memory allocation error\n");
-			goto export_end;
-			}
-		if (!X509_STORE_load_locations(store, CAfile, CApath))
-			X509_STORE_set_default_paths (store);
-
-		vret = get_cert_chain (ucert, store, &chain2);
-		X509_STORE_free(store);
-
-		if (!vret) {
-		    /* Exclude verified certificate */
-		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
-			sk_X509_push(certs, sk_X509_value (chain2, i));
-		}
-		sk_X509_free(chain2);
+		vret = get_cert_chain (ucert, &chain2);
 		if (vret) {
 			BIO_printf (bio_err, "Error %s getting chain.\n",
 					X509_verify_cert_error_string(vret));
-			goto export_end;
-		}			
+			goto end;
+		}
+		/* Exclude verified certificate */
+		for (i = 1; i < sk_X509_num (chain2) ; i++) 
+				 sk_X509_push(certs, sk_X509_value (chain2, i));
+		sk_X509_free(chain2);
+			
    	}

-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("building bags");
-#endif
-
 	/* We now have loads of certificates: include them all */
 	for(i = 0; i < sk_X509_num(certs); i++) {
 		X509 *cert = NULL;
@@ -528,101 +445,59 @@ int MAIN(int argc, char **argv)
 			PKCS12_add_localkeyid(bag, keyid, keyidlen);
 		} else if((catmp = sk_shift(canames))) 
 				PKCS12_add_friendlyname(bag, catmp, -1);
-		sk_PKCS12_SAFEBAG_push(bags, bag);
+		sk_push(bags, (char *)bag);
 	}
 	sk_X509_pop_free(certs, X509_free);
-	certs = NULL;
-	/* ucert is part of certs so it is already freed */
-	ucert = NULL;
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("encrypting bags");
-#endif
+	if (canames) sk_free(canames);

 	if(!noprompt &&
 		EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
 	    BIO_printf (bio_err, "Can't read Password\n");
-	    goto export_end;
+	    goto end;
        }
 	if (!twopass) strcpy(macpass, pass);
 	/* Turn certbags into encrypted authsafe */
 	authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
 								 iter, bags);
-	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	bags = NULL;
+	sk_pop_free(bags, PKCS12_SAFEBAG_free);

 	if (!authsafe) {
 		ERR_print_errors (bio_err);
-		goto export_end;
+		goto end;
 	}

-	safes = sk_PKCS7_new_null ();
-	sk_PKCS7_push (safes, authsafe);
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("building shrouded key bag");
-#endif
+	safes = sk_new (NULL);
+	sk_push (safes, (char *)authsafe);

 	/* Make a shrouded key bag */
 	p8 = EVP_PKEY2PKCS8 (key);
+	EVP_PKEY_free(key);
 	if(keytype) PKCS8_add_keyusage(p8, keytype);
 	bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);
 	PKCS8_PRIV_KEY_INFO_free(p8);
-	p8 = NULL;
        if (name) PKCS12_add_friendlyname (bag, name, -1);
 	PKCS12_add_localkeyid (bag, keyid, keyidlen);
-	bags = sk_PKCS12_SAFEBAG_new_null();
-	sk_PKCS12_SAFEBAG_push (bags, bag);
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("encrypting shrouded key bag");
-#endif
-
+	bags = sk_new(NULL);
+	sk_push (bags, (char *)bag);
 	/* Turn it into unencrypted safe bag */
 	authsafe = PKCS12_pack_p7data (bags);
-	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	bags = NULL;
-	sk_PKCS7_push (safes, authsafe);
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("building pkcs12");
-#endif
+	sk_pop_free(bags, PKCS12_SAFEBAG_free);
+	sk_push (safes, (char *)authsafe);

 	p12 = PKCS12_init (NID_pkcs7_data);

 	M_PKCS12_pack_authsafes (p12, safes);

-	sk_PKCS7_pop_free(safes, PKCS7_free);
-	safes = NULL;
+	sk_pop_free(safes, PKCS7_free);

 	PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);

-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("writing pkcs12");
-#endif
-
 	i2d_PKCS12_bio (out, p12);

+	PKCS12_free(p12);
+
 	ret = 0;

-    export_end:
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_pop_info();
-	CRYPTO_push_info("process -export_cert: freeing");
-#endif
-
-	if (key) EVP_PKEY_free(key);
-	if (certs) sk_X509_pop_free(certs, X509_free);
-	if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
-	if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	if (ucert) X509_free(ucert);
-
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 #endif
@@ -653,16 +528,11 @@ int MAIN(int argc, char **argv)
 #ifdef CRYPTO_MDEBUG
    CRYPTO_push_info("verify MAC");
 #endif
-	/* If we enter empty password try no password first */
-	if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
-		/* If mac and crypto pass the same set it to NULL too */
-		if(!twopass) cpass = NULL;
-	} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
+	if (!PKCS12_verify_mac (p12, mpass, -1)) {
 	    BIO_printf (bio_err, "Mac verify error: invalid password?\n");
 	    ERR_print_errors (bio_err);
 	    goto end;
-	}
-	BIO_printf (bio_err, "MAC verified OK\n");
+	} else BIO_printf (bio_err, "MAC verified OK\n");
 #ifdef CRYPTO_MDEBUG
    CRYPTO_pop_info();
 #endif
@@ -679,32 +549,29 @@ int MAIN(int argc, char **argv)
 #ifdef CRYPTO_MDEBUG
    CRYPTO_pop_info();
 #endif
+    PKCS12_free(p12);
    ret = 0;
- end:
-    if (p12) PKCS12_free(p12);
+    end:
    if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
 #ifdef CRYPTO_MDEBUG
    CRYPTO_remove_all_info();
 #endif
    BIO_free(in);
-    BIO_free_all(out);
-    if (canames) sk_free(canames);
-    if(passin) OPENSSL_free(passin);
-    if(passout) OPENSSL_free(passout);
+    BIO_free(out);
+    if(passin) Free(passin);
+    if(passout) Free(passout);
    EXIT(ret);
 }

 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 	     int passlen, int options, char *pempass)
 {
-	STACK_OF(PKCS7) *asafes;
-	STACK_OF(PKCS12_SAFEBAG) *bags;
+	STACK *asafes, *bags;
 	int i, bagnid;
 	PKCS7 *p7;
-
 	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
-	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
-		p7 = sk_PKCS7_value (asafes, i);
+	for (i = 0; i < sk_num (asafes); i++) {
+		p7 = (PKCS7 *) sk_value (asafes, i);
 		bagnid = OBJ_obj2nid (p7->type);
 		if (bagnid == NID_pkcs7_data) {
 			bags = M_PKCS12_unpack_p7data (p7);
@@ -720,25 +587,23 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 		if (!bags) return 0;
 	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
 						 options, pempass)) {
-			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
+			sk_pop_free (bags, PKCS12_SAFEBAG_free);
 			return 0;
 		}
-		sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
+		sk_pop_free (bags, PKCS12_SAFEBAG_free);
 	}
-	sk_PKCS7_pop_free (asafes, PKCS7_free);
+	sk_pop_free (asafes, PKCS7_free);
 	return 1;
 }

-int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
-			   char *pass, int passlen, int options, char *pempass)
+int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass,
+	     int passlen, int options, char *pempass)
 {
 	int i;
-	for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
+	for (i = 0; i < sk_num (bags); i++) {
 		if (!dump_certs_pkeys_bag (out,
-					   sk_PKCS12_SAFEBAG_value (bags, i),
-					   pass, passlen,
-					   options, pempass))
-		    return 0;
+			 (PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen,
+					 	options, pempass)) return 0;
 	}
 	return 1;
 }
@@ -772,10 +637,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
 				return 0;
-		if (!(pkey = EVP_PKCS82PKEY (p8))) {
-			PKCS8_PRIV_KEY_INFO_free(p8);
-			return 0;
-		}
+		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
 		print_attribs (out, p8->attributes, "Key Attributes");
 		PKCS8_PRIV_KEY_INFO_free(p8);
 		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
@@ -817,12 +679,15 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,

 /* Hope this is OK .... */

-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
+int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
 {
+	X509_STORE *store;
 	X509_STORE_CTX store_ctx;
 	STACK_OF(X509) *chn;
 	int i;

+	store = X509_STORE_new ();
+	X509_STORE_set_default_paths (store);
 	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
 	if (X509_verify_cert(&store_ctx) <= 0) {
 		i = X509_STORE_CTX_get_error (&store_ctx);
@@ -833,6 +698,7 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 	*chain = chn;
 err:
 	X509_STORE_CTX_cleanup(&store_ctx);
+	X509_STORE_free(store);
 	
 	return i;
 }	
@@ -856,22 +722,10 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
 	int ret;
 	X509 *cert;
 	ret = 0;
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_push_info("cert_load(): reading one cert");
-#endif
 	while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif
 		ret = 1;
 		sk_X509_push(sk, cert);
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("cert_load(): reading one cert");
-#endif
 	}
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-#endif
 	if(ret) ERR_clear_error();
 	return ret;
 }
@@ -909,18 +763,18 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
        			value = uni2asc(av->value.bmpstring->data,
                                	       av->value.bmpstring->length);
 				BIO_printf(out, "%s\n", value);
-				OPENSSL_free(value);
+				Free(value);
 				break;

 				case V_ASN1_OCTET_STRING:
-				hex_prin(out, av->value.octet_string->data,
-					av->value.octet_string->length);
+				hex_prin(out, av->value.bit_string->data,
+					av->value.bit_string->length);
 				BIO_printf(out, "\n");	
 				break;

 				case V_ASN1_BIT_STRING:
-				hex_prin(out, av->value.bit_string->data,
-					av->value.bit_string->length);
+				hex_prin(out, av->value.octet_string->data,
+					av->value.octet_string->length);
 				BIO_printf(out, "\n");	
 				break;

--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -67,7 +67,6 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #undef PROG
 #define PROG	pkcs7_main
@@ -83,15 +82,13 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat;
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
-	int ret=1;
-	char *engine=NULL;
+	int ret=0;

 	apps_startup();

@@ -135,11 +132,6 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -162,30 +154,11 @@ bad:
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		EXIT(1);
 		}

 	ERR_load_crypto_strings();

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -223,15 +196,7 @@ bad:
 		}

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -315,6 +280,6 @@ bad:
 end:
 	if (p7 != NULL) PKCS7_free(p7);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	EXIT(ret);
 	}
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -62,7 +62,6 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
-#include <openssl/engine.h>

 #include "apps.h"
 #define PROG pkcs8_main
@@ -71,7 +70,6 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 {
-	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
 	BIO *in = NULL, *out = NULL;
@@ -87,13 +85,9 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey;
 	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
-	char *engine=NULL;
-
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
-
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
@@ -144,11 +138,6 @@ int MAIN(int argc, char **argv)
 			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
-		else if (strcmp(*args,"-engine") == 0)
-			{
-			if (!args[1]) goto bad;
-			engine= *(++args);
-			}
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
@@ -181,28 +170,9 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
 		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
 		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		return (1);
 	}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			return (1);
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			return (1);
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		return (1);
@@ -224,15 +194,8 @@ int MAIN(int argc, char **argv)
 				 "Can't open output file %s\n", outfile);
 			return (1);
 		}
-	} else {
-		out = BIO_new_fp (stdout, BIO_NOCLOSE);
-#ifdef VMS
-		{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
+	} else out = BIO_new_fp (stdout, BIO_NOCLOSE);
+
 	if (topk8) {
 		if(informat == FORMAT_PEM)
 			pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
@@ -290,9 +253,9 @@ int MAIN(int argc, char **argv)
 		}
 		PKCS8_PRIV_KEY_INFO_free (p8inf);
 		EVP_PKEY_free(pkey);
-		BIO_free_all(out);
-		if(passin) OPENSSL_free(passin);
-		if(passout) OPENSSL_free(passout);
+		BIO_free(out);
+		if(passin) Free(passin);
+		if(passout) Free(passout);
 		return (0);
 	}

@@ -373,10 +336,10 @@ int MAIN(int argc, char **argv)
 	}

 	EVP_PKEY_free(pkey);
-	BIO_free_all(out);
+	BIO_free(out);
 	BIO_free(in);
-	if(passin) OPENSSL_free(passin);
-	if(passout) OPENSSL_free(passout);
+	if(passin) Free(passin);
+	if(passout) Free(passout);

 	return (0);
 }
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -14,7 +14,6 @@ extern int errstr_main(int argc,char *argv[]);
 extern int ca_main(int argc,char *argv[]);
 extern int crl_main(int argc,char *argv[]);
 extern int rsa_main(int argc,char *argv[]);
-extern int rsautl_main(int argc,char *argv[]);
 extern int dsa_main(int argc,char *argv[]);
 extern int dsaparam_main(int argc,char *argv[]);
 extern int x509_main(int argc,char *argv[]);
@@ -34,7 +33,6 @@ extern int pkcs12_main(int argc,char *argv[]);
 extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
-extern int rand_main(int argc,char *argv[]);

 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -68,9 +66,6 @@ FUNCTION functions[] = {
 #ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"rsa",rsa_main},
 #endif
-#ifndef NO_RSA
-	{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
-#endif
 #ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"dsa",dsa_main},
 #endif
@@ -108,9 +103,7 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
 	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
 	{FUNC_TYPE_GENERAL,"smime",smime_main},
-	{FUNC_TYPE_GENERAL,"rand",rand_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
-	{FUNC_TYPE_MD,"md4",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
 	{FUNC_TYPE_MD,"sha",dgst_main},
 	{FUNC_TYPE_MD,"sha1",dgst_main},
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -29,7 +29,7 @@ foreach (@ARGV)
 	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
 		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))\n${str}#endif\n"; } 
-	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) 
+	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ) 
 		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
 		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
@@ -41,7 +41,7 @@ foreach (@ARGV)
 		{ print $str; }
 	}

-foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
+foreach ("md2","md5","sha","sha1","mdc2","rmd160")
 	{
 	push(@files,$_);
 	printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -1,177 +0,0 @@
-/* apps/rand.c */
-
-#include "apps.h"
-
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/engine.h>
-
-#undef PROG
-#define PROG rand_main
-
-/* -out file         - write to file
- * -rand file:file   - PRNG seed files
- * -base64           - encode output
- * num               - write 'num' bytes
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	int i, r, ret = 1;
-	int badopt;
-	char *outfile = NULL;
-	char *inrand = NULL;
-	int base64 = 0;
-	BIO *out = NULL;
-	int num = -1;
-	char *engine=NULL;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-
-	badopt = 0;
-	i = 0;
-	while (!badopt && argv[++i] != NULL)
-		{
-		if (strcmp(argv[i], "-out") == 0)
-			{
-			if ((argv[i+1] != NULL) && (outfile == NULL))
-				outfile = argv[++i];
-			else
-				badopt = 1;
-			}
-		if (strcmp(argv[i], "-engine") == 0)
-			{
-			if ((argv[i+1] != NULL) && (engine == NULL))
-				engine = argv[++i];
-			else
-				badopt = 1;
-			}
-		else if (strcmp(argv[i], "-rand") == 0)
-			{
-			if ((argv[i+1] != NULL) && (inrand == NULL))
-				inrand = argv[++i];
-			else
-				badopt = 1;
-			}
-		else if (strcmp(argv[i], "-base64") == 0)
-			{
-			if (!base64)
-				base64 = 1;
-			else
-				badopt = 1;
-			}
-		else if (isdigit((unsigned char)argv[i][0]))
-			{
-			if (num < 0)
-				{
-				r = sscanf(argv[i], "%d", &num);
-				if (r == 0 || num < 0)
-					badopt = 1;
-				}
-			else
-				badopt = 1;
-			}
-		else
-			badopt = 1;
-		}
-
-	if (num < 0)
-		badopt = 1;
-	
-	if (badopt) 
-		{
-		BIO_printf(bio_err, "Usage: rand [options] num\n");
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, "-out file             - write to file\n");
-		BIO_printf(bio_err," -engine e             - use engine e, possibly a hardware device.\n");
-		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err, "-base64               - encode output\n");
-		goto err;
-		}
-
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto err;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto err;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
-	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
-
-	out = BIO_new(BIO_s_file());
-	if (out == NULL)
-		goto err;
-	if (outfile != NULL)
-		r = BIO_write_filename(out, outfile);
-	else
-		{
-		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	if (r <= 0)
-		goto err;
-
-	if (base64)
-		{
-		BIO *b64 = BIO_new(BIO_f_base64());
-		if (b64 == NULL)
-			goto err;
-		out = BIO_push(b64, out);
-		}
-	
-	while (num > 0) 
-		{
-		unsigned char buf[4096];
-		int chunk;
-
-		chunk = num;
-		if (chunk > sizeof buf)
-			chunk = sizeof buf;
-		r = RAND_bytes(buf, chunk);
-		if (r <= 0)
-			goto err;
-		BIO_write(out, buf, chunk);
-		num -= chunk;
-		}
-	BIO_flush(out);
-
-	app_RAND_write_file(NULL, bio_err);
-	ret = 0;
-	
-err:
-	ERR_print_errors(bio_err);
-	if (out)
-		BIO_free_all(out);
-	EXIT(ret);
-	}
--- a/apps/req.c
+++ b/apps/req.c
@@ -73,7 +73,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #define SECTION		"req"

@@ -103,7 +102,6 @@
 * -config file	- Load configuration file.
 * -key file	- make a request using key in file (or use it for verification).
 * -keyform	- key file format.
- * -rand file(s) - load the file(s) into the PRNG.
 * -newkey	- make a key and a request.
 * -modulus	- print RSA modulus.
 * -x509	- output a self signed X509 structure instead.
@@ -127,6 +125,7 @@ static void MS_CALLBACK req_cb(int p,int n,void *arg);
 #endif
 static int req_check_len(int len,int min,int max);
 static int check_end(char *str, char *end);
+static int add_oid_section(LHASH *conf);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
 static LHASH *config=NULL;
@@ -141,7 +140,6 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 #ifndef NO_DSA
 	DSA *dsa_params=NULL;
 #endif
@@ -154,12 +152,10 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0,newhdr=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
-	char *engine=NULL;
 	char *extensions = NULL;
 	char *req_exts = NULL;
 	EVP_CIPHER *cipher=NULL;
 	int modulus=0;
-	char *inrand=NULL;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	char *p;
@@ -198,11 +194,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -248,11 +239,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			}
 		else if (strcmp(*argv,"-newkey") == 0)
 			{
 			int is_numeric;
@@ -291,7 +277,7 @@ int MAIN(int argc, char **argv)
 						goto end;
 						}

-					if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
+					dtmp=X509_get_pubkey(xtmp);
 					if (dtmp->type == EVP_PKEY_DSA)
 						dsa_params=DSAparams_dup(dtmp->pkey.dsa);
 					EVP_PKEY_free(dtmp);
@@ -383,16 +369,13 @@ bad:
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
-		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -key file	use the private key contained in file\n");
 		BIO_printf(bio_err," -keyform arg   key file format\n");
 		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,"                load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,"                the random number generator\n");
 		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
+
+		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
 		BIO_printf(bio_err," -config file   request template file.\n");
 		BIO_printf(bio_err," -new           new request.\n");
 		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
@@ -474,7 +457,7 @@ bad:
 				}
 			}
 		}
-		if(!add_oid_section(bio_err, req_conf)) goto end;
+		if(!add_oid_section(req_conf)) goto end;

 	if ((md_alg == NULL) &&
 		((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
@@ -530,55 +513,24 @@ bad:
 	if ((in == NULL) || (out == NULL))
 		goto end;

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (keyfile != NULL)
 		{
-		if (keyform == FORMAT_ENGINE)
+		if (BIO_read_filename(in,keyfile) <= 0)
 			{
-			if (!e)
-				{
-				BIO_printf(bio_err,"no engine specified\n");
-				goto end;
-				}
-			pkey = ENGINE_load_private_key(e, keyfile, NULL);
+			perror(keyfile);
+			goto end;
+			}
+
+		if (keyform == FORMAT_ASN1)
+			pkey=d2i_PrivateKey_bio(in,NULL);
+		else if (keyform == FORMAT_PEM)
+			{
+			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
 			}
 		else
 			{
-			if (BIO_read_filename(in,keyfile) <= 0)
-				{
-				perror(keyfile);
-				goto end;
-				}
-
-			if (keyform == FORMAT_ASN1)
-				pkey=d2i_PrivateKey_bio(in,NULL);
-			else if (keyform == FORMAT_PEM)
-				{
-				pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
-					passin);
-				}
-			else
-				{
-				BIO_printf(bio_err,"bad input format specified for X509 request\n");
-				goto end;
-				}
+			BIO_printf(bio_err,"bad input format specified for X509 request\n");
+			goto end;
 			}

 		if (pkey == NULL)
@@ -586,19 +538,12 @@ bad:
 			BIO_printf(bio_err,"unable to load Private key\n");
 			goto end;
 			}
-                if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
-			{
-			char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
-			app_RAND_load_file(randfile, bio_err, 0);
-                	}
 		}

 	if (newreq && (pkey == NULL))
 		{
 		char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
 		app_RAND_load_file(randfile, bio_err, 0);
-		if (inrand)
-			app_RAND_load_files(inrand);
 	
 		if (newkey <= 0)
 			{
@@ -648,12 +593,6 @@ bad:
 			{
 			BIO_printf(bio_err,"writing new private key to stdout\n");
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
 			}
 		else
 			{
@@ -724,15 +663,16 @@ loop:

 	if (newreq || x509)
 		{
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+			digest=EVP_dss1();
+#endif
+
 		if (pkey == NULL)
 			{
 			BIO_printf(bio_err,"you need to specify a private key\n");
 			goto end;
 			}
-#ifndef NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-			digest=EVP_dss1();
-#endif
 		if (req == NULL)
 			{
 			req=X509_REQ_new();
@@ -758,14 +698,17 @@ loop:

 			/* Set version to V3 */
 			if(!X509_set_version(x509ss, 2)) goto end;
-			if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
+			ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);

-			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
-			if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
-			if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
-			if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
+			X509_set_issuer_name(x509ss,
+				X509_REQ_get_subject_name(req));
+			X509_gmtime_adj(X509_get_notBefore(x509ss),0);
+			X509_gmtime_adj(X509_get_notAfter(x509ss),
+				(long)60*60*24*days);
+			X509_set_subject_name(x509ss,
+				X509_REQ_get_subject_name(req));
 			tmppkey = X509_REQ_get_pubkey(req);
-			if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
+			X509_set_pubkey(x509ss,tmppkey);
 			EVP_PKEY_free(tmppkey);

 			/* Set up V3 context struct */
@@ -845,15 +788,7 @@ loop:
 		}

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
@@ -939,12 +874,12 @@ end:
 		}
 	if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
 	BIO_free(in);
-	BIO_free_all(out);
+	BIO_free(out);
 	EVP_PKEY_free(pkey);
 	X509_REQ_free(req);
 	X509_free(x509ss);
-	if(passargin && passin) OPENSSL_free(passin);
-	if(passargout && passout) OPENSSL_free(passout);
+	if(passin) Free(passin);
+	if(passout) Free(passout);
 	OBJ_cleanup();
 #ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
@@ -996,7 +931,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
 	if(!i) goto err;

-	if (!X509_REQ_set_pubkey(req,pkey)) goto err;
+	X509_REQ_set_pubkey(req,pkey);

 	ret=1;
 err:
@@ -1148,11 +1083,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
 		 * multiple instances 
 		 */
 		for(p = v->name; *p ; p++) 
-#ifndef CHARSET_EBCDIC
 			if ((*p == ':') || (*p == ',') || (*p == '.')) {
-#else
-			if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) {
-#endif
 				p++;
 				if(*p) type = p;
 				break;
@@ -1268,9 +1199,6 @@ start:
 		return(0);
 		}
 	buf[--i]='\0';
-#ifdef CHARSET_EBCDIC
-	ebcdic2ascii(buf, buf, i);
-#endif
 	if(!req_check_len(i, min, max)) goto start;

 	if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
@@ -1328,3 +1256,25 @@ static int check_end(char *str, char *end)
 	tmp = str + slen - elen;
 	return strcmp(tmp, end);
 }
+
+static int add_oid_section(LHASH *conf)
+{	
+	char *p;
+	STACK_OF(CONF_VALUE) *sktmp;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
+	if(!(sktmp = CONF_get_section(conf, p))) {
+		BIO_printf(bio_err, "problem loading oid section %s\n", p);
+		return 0;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+		cnf = sk_CONF_VALUE_value(sktmp, i);
+		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+			BIO_printf(bio_err, "problem creating object %s=%s\n",
+							 cnf->name, cnf->value);
+			return 0;
+		}
+	}
+	return 1;
+}
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -68,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #undef PROG
 #define PROG	rsa_main
@@ -91,10 +90,9 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *eng = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
-	int i,badops=0, sgckey=0;
+	int i,badops=0;
 	const EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,check=0,noout=0;
@@ -102,7 +100,6 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
-	char *engine=NULL;
 	int modulus=0;

 	apps_startup();
@@ -151,13 +148,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-		else if (strcmp(*argv,"-sgckey") == 0)
-			sgckey=1;
 		else if (strcmp(*argv,"-pubin") == 0)
 			pubin=1;
 		else if (strcmp(*argv,"-pubout") == 0)
@@ -188,8 +178,8 @@ bad:
 		BIO_printf(bio_err," -inform arg     input format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -outform arg    output format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -in arg         input file\n");
-		BIO_printf(bio_err," -sgckey         Use IIS SGC key format\n");
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err," -in arg         input file\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
@@ -203,30 +193,11 @@ bad:
 		BIO_printf(bio_err," -check          verify key consistency\n");
 		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		goto end;
 		}

 	ERR_load_crypto_strings();

-	if (engine != NULL)
-		{
-		if((eng = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(eng, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(eng);
-		}
-
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
@@ -284,7 +255,7 @@ bad:
 				}
 			}
 		p=(unsigned char *)buf->data;
-		rsa=d2i_RSA_NET(NULL,&p,(long)size,NULL, sgckey);
+		rsa=d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
 		BUF_MEM_free(buf);
 		}
 #endif
@@ -305,15 +276,7 @@ bad:
 		}

 	if (outfile == NULL)
-		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -382,16 +345,16 @@ bad:
 		int size;

 		i=1;
-		size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
-		if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
+		size=i2d_Netscape_RSA(rsa,NULL,NULL);
+		if ((p=(unsigned char *)Malloc(size)) == NULL)
 			{
-			BIO_printf(bio_err,"Memory allocation failure\n");
+			BIO_printf(bio_err,"Malloc failure\n");
 			goto end;
 			}
 		pp=p;
-		i2d_RSA_NET(rsa,&p,NULL, sgckey);
+		i2d_Netscape_RSA(rsa,&p,NULL);
 		BIO_write(out,(char *)pp,size);
-		OPENSSL_free(pp);
+		Free(pp);
 		}
 #endif
 	else if (outformat == FORMAT_PEM) {
@@ -412,10 +375,10 @@ bad:
 		ret=0;
 end:
 	if(in != NULL) BIO_free(in);
-	if(out != NULL) BIO_free_all(out);
+	if(out != NULL) BIO_free(out);
 	if(rsa != NULL) RSA_free(rsa);
-	if(passin) OPENSSL_free(passin);
-	if(passout) OPENSSL_free(passout);
+	if(passin) Free(passin);
+	if(passout) Free(passout);
 	EXIT(ret);
 	}
 #else /* !NO_RSA */
--- a/apps/rsa/01.pem
+++ b/apps/rsa/01.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
+MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
+BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
+cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
+qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
+MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
+gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
+LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
+Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
+Pjrmw2eSgbdmmdumWAcNPVbV
+-----END CERTIFICATE-----
--- a/apps/rsa/1.txt
+++ b/apps/rsa/1.txt
@@ -0,0 +1,50 @@
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+subject=/C=US/ST=New York/L=New York/O=Industrial Press Inc./CN=www.industrialpress.com
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            68:ae:14:a4:c9:9f:a9:f3:9a:23:cf:2f:15:19:b3:5a
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : May 18 23:59:59 1999 GMT
+        Subject: C=US, ST=New York, L=New York, O=Industrial Press Inc., CN=www.industrialpress.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:aa:21:fd:c5:42:4d:1e:fa:82:99:a0:e8:9f:6e:
+                    d5:6a:52:5b:a9:32:f2:98:5d:f2:28:a5:81:c5:b3:
+                    83:2d:68:d7:ef:22:a3:7b:0a:2a:5a:1a:2d:68:40:
+                    11:23:a8:d7:3e:aa:26:53:ce:e0:15:4d:6d:1f:8a:
+                    ff:6e:0c:21:dc:59:94:30:ad:ea:a3:dd:97:3a:cb:
+                    f0:34:01:f3:5f:35:91:5d:03:49:9a:6e:78:83:61:
+                    75:45:4b:74:d2:98:18:88:ec:62:98:3b:1e:d6:df:
+                    51:2f:93:ce:08:31:1b:7d:7f:03:82:e8:2b:13:f5:
+                    b0:91:2d:85:ad:2a:1c:e7:f7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        8c:3b:7e:f1:74:12:d1:2f:ac:d4:bf:2d:8b:aa:02:05:30:fe:
+        d1:f4:14:b8:02:92:a2:8b:99:86:26:ff:24:7e:67:48:43:d9:
+        e3:ff:52:11:7e:8c:0c:26:57:ca:c7:b4:19:da:4c:ce:e8:37:
+        6d:d1:55:6d:a4:09:ff:2c:a2:21:9f:af:63:d8:b5:fb:9f:a5:
+        7b:5d:ed:ac:d4:15:af:96:24:25:a7:a7:43:76:f4:41:b4:05:
+        1d:49:38:50:b4:43:fe:1d:87:f5:fd:aa:e9:4c:f2:5b:aa:3e:
+        3a:e6:c3:67:92:81:b7:66:99:db:a6:58:07:0d:3d:56:d5
+-----BEGIN CERTIFICATE-----
+MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
+MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
+BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
+cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
+qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
+MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
+gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
+LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
+Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
+Pjrmw2eSgbdmmdumWAcNPVbV
+-----END CERTIFICATE-----
--- a/apps/rsa/SecureServer.pem
+++ b/apps/rsa/SecureServer.pem
@@ -0,0 +1,47 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: Nov  9 00:00:00 1994 GMT
+            Not After : Jan  7 23:59:59 2010 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+                    dd:2d:d6:c8:1e:7b
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----
--- a/apps/rsa/s.txt
+++ b/apps/rsa/s.txt
@@ -0,0 +1,49 @@
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: Nov  9 00:00:00 1994 GMT
+            Not After : Jan  7 23:59:59 2010 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+                    dd:2d:d6:c8:1e:7b
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -1,319 +0,0 @@
-/* rsautl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef NO_RSA
-
-#include "apps.h"
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/engine.h>
-
-#define RSA_SIGN 	1
-#define RSA_VERIFY 	2
-#define RSA_ENCRYPT 	3
-#define RSA_DECRYPT 	4
-
-#define KEY_PRIVKEY	1
-#define KEY_PUBKEY	2
-#define KEY_CERT	3
-
-static void usage(void);
-
-#undef PROG
-
-#define PROG rsautl_main
-
-int MAIN(int argc, char **);
-
-int MAIN(int argc, char **argv)
-{
-	ENGINE *e = NULL;
-	BIO *in = NULL, *out = NULL;
-	char *infile = NULL, *outfile = NULL;
-	char *keyfile = NULL;
-	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
-	int keyform = FORMAT_PEM;
-	char need_priv = 0, badarg = 0, rev = 0;
-	char hexdump = 0, asn1parse = 0;
-	X509 *x;
-	EVP_PKEY *pkey = NULL;
-	RSA *rsa = NULL;
-	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
-	int rsa_inlen, rsa_outlen = 0;
-	int keysize;
-	char *engine=NULL;
-
-	int ret = 1;
-
-	argc--;
-	argv++;
-
-	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-	ERR_load_crypto_strings();
-	OpenSSL_add_all_algorithms();
-	pad = RSA_PKCS1_PADDING;
-	
-	while(argc >= 1)
-	{
-		if (!strcmp(*argv,"-in")) {
-			if (--argc < 1) badarg = 1;
-                        infile= *(++argv);
-		} else if (!strcmp(*argv,"-out")) {
-			if (--argc < 1) badarg = 1;
-			outfile= *(++argv);
-		} else if(!strcmp(*argv, "-inkey")) {
-			if (--argc < 1) badarg = 1;
-			keyfile = *(++argv);
-		} else if(!strcmp(*argv, "-engine")) {
-			if (--argc < 1) badarg = 1;
-			engine = *(++argv);
-		} else if(!strcmp(*argv, "-pubin")) {
-			key_type = KEY_PUBKEY;
-		} else if(!strcmp(*argv, "-certin")) {
-			key_type = KEY_CERT;
-		} 
-		else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
-		else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
-		else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
-		else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
-		else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
-		else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
-		else if(!strcmp(*argv, "-sign")) {
-			rsa_mode = RSA_SIGN;
-			need_priv = 1;
-		} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
-		else if(!strcmp(*argv, "-rev")) rev = 1;
-		else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
-		else if(!strcmp(*argv, "-decrypt")) {
-			rsa_mode = RSA_DECRYPT;
-			need_priv = 1;
-		} else badarg = 1;
-		if(badarg) {
-			usage();
-			goto end;
-		}
-		argc--;
-		argv++;
-	}
-
-	if(need_priv && (key_type != KEY_PRIVKEY)) {
-		BIO_printf(bio_err, "A private key is needed for this operation\n");
-		goto end;
-	}
-
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
-/* FIXME: seed PRNG only if needed */
-	app_RAND_load_file(NULL, bio_err, 0);
-	
-	switch(key_type) {
-		case KEY_PRIVKEY:
-		pkey = load_key(bio_err, keyfile, keyform, NULL);
-		break;
-
-		case KEY_PUBKEY:
-		pkey = load_pubkey(bio_err, keyfile, keyform);
-		break;
-
-		case KEY_CERT:
-		x = load_cert(bio_err, keyfile, keyform);
-		if(x) {
-			pkey = X509_get_pubkey(x);
-			X509_free(x);
-		}
-		break;
-	}
-
-	if(!pkey) {
-		BIO_printf(bio_err, "Error loading key\n");
-		return 1;
-	}
-
-	rsa = EVP_PKEY_get1_RSA(pkey);
-	EVP_PKEY_free(pkey);
-
-	if(!rsa) {
-		BIO_printf(bio_err, "Error getting RSA key\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-
-	if(infile) {
-		if(!(in = BIO_new_file(infile, "rb"))) {
-			BIO_printf(bio_err, "Error Reading Input File\n");
-			ERR_print_errors(bio_err);	
-			goto end;
-		}
-	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
-	if(outfile) {
-		if(!(out = BIO_new_file(outfile, "wb"))) {
-			BIO_printf(bio_err, "Error Reading Output File\n");
-			ERR_print_errors(bio_err);	
-			goto end;
-		}
-	} else {
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
-		{
-		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		    out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-
-	keysize = RSA_size(rsa);
-
-	rsa_in = OPENSSL_malloc(keysize * 2);
-	rsa_out = OPENSSL_malloc(keysize);
-
-	/* Read the input data */
-	rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
-	if(rsa_inlen <= 0) {
-		BIO_printf(bio_err, "Error reading input Data\n");
-		exit(1);
-	}
-	if(rev) {
-		int i;
-		unsigned char ctmp;
-		for(i = 0; i < rsa_inlen/2; i++) {
-			ctmp = rsa_in[i];
-			rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
-			rsa_in[rsa_inlen - 1 - i] = ctmp;
-		}
-	}
-	switch(rsa_mode) {
-
-		case RSA_VERIFY:
-			rsa_outlen  = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
-		break;
-
-		case RSA_SIGN:
-			rsa_outlen  = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
-		break;
-
-		case RSA_ENCRYPT:
-			rsa_outlen  = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
-		break;
-
-		case RSA_DECRYPT:
-			rsa_outlen  = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
-		break;
-
-	}
-
-	if(rsa_outlen <= 0) {
-		BIO_printf(bio_err, "RSA operation error\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-	ret = 0;
-	if(asn1parse) {
-		if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
-			ERR_print_errors(bio_err);
-		}
-	} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
-	else BIO_write(out, rsa_out, rsa_outlen);
-	end:
-	RSA_free(rsa);
-	BIO_free(in);
-	BIO_free_all(out);
-	if(rsa_in) OPENSSL_free(rsa_in);
-	if(rsa_out) OPENSSL_free(rsa_out);
-	return ret;
-}
-
-static void usage()
-{
-	BIO_printf(bio_err, "Usage: rsautl [options]\n");
-	BIO_printf(bio_err, "-in file        input file\n");
-	BIO_printf(bio_err, "-out file       output file\n");
-	BIO_printf(bio_err, "-inkey file     input key\n");
-	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
-	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
-	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
-	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
-	BIO_printf(bio_err, "-raw            use no padding\n");
-	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
-	BIO_printf(bio_err, "-oaep           use PKCS#1 OAEP\n");
-	BIO_printf(bio_err, "-sign           sign with private key\n");
-	BIO_printf(bio_err, "-verify         verify with public key\n");
-	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
-	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
-	BIO_printf(bio_err, "-hexdump        hex dump output\n");
-}
-
-#endif
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -84,6 +84,7 @@ typedef fd_mask fd_set;
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"

+int do_accept(int acc_sock, int *sock, char **host);
 int do_server(int port, int *ret, int (*cb) (), char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
@@ -96,9 +97,17 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_stuff(char *ctx, char *cert_file, char *key_file);
 #endif
 int init_client(int *sock, char *server, int port);
+int init_client_ip(int *sock,unsigned char ip[4], int port);
+int nbio_init_client_ip(int *sock,unsigned char ip[4], int port);
+int nbio_sock_error(int sock);
+int spawn(int argc, char **argv, int *in, int *out);
+int init_server(int *sock, int port);
+int init_server_long(int *sock, int port,char *ip);
 int should_retry(int i);
+void sock_cleanup(void );
 int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+int host_ip(char *str, unsigned char ip[4]);

 long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret);
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1,4 +1,4 @@
-/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
+/* apps/s_cb.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -79,8 +79,6 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
-#include <openssl/rand.h>
-#include <openssl/engine.h>
 #include "s_apps.h"

 #ifdef WINDOWS
@@ -119,7 +117,6 @@ static void sc_usage(void);
 static void print_stuff(BIO *berr,SSL *con,int full);
 static BIO *bio_c_out=NULL;
 static int c_quiet=0;
-static int c_ign_eof=0;

 static void sc_usage(void)
 	{
@@ -146,7 +143,6 @@ static void sc_usage(void)
 #endif
 	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
 	BIO_printf(bio_err," -quiet        - no s_client output\n");
-	BIO_printf(bio_err," -ign_eof      - ignore input eof (default when -quiet)\n");
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
@@ -154,8 +150,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
-	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
+
 	}

 int MAIN(int, char **);
@@ -182,9 +177,6 @@ int MAIN(int argc, char **argv)
 	int prexit = 0;
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
-	char *inrand=NULL;
-	char *engine_id=NULL;
-	ENGINE *e=NULL;
 #ifdef WINDOWS
 	struct timeval tv;
 #endif
@@ -200,15 +192,14 @@ int MAIN(int argc, char **argv)
 	apps_startup();
 	c_Pause=0;
 	c_quiet=0;
-	c_ign_eof=0;
 	c_debug=0;
 	c_showcerts=0;

 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-	if (	((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
-		((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
+	if (	((cbuf=Malloc(BUFSIZZ)) == NULL) ||
+		((sbuf=Malloc(BUFSIZZ)) == NULL))
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
@@ -258,12 +249,7 @@ int MAIN(int argc, char **argv)
 		else if	(strcmp(*argv,"-crlf") == 0)
 			crlf=1;
 		else if	(strcmp(*argv,"-quiet") == 0)
-			{
 			c_quiet=1;
-			c_ign_eof=1;
-			}
-		else if	(strcmp(*argv,"-ign_eof") == 0)
-			c_ign_eof=1;
 		else if	(strcmp(*argv,"-pause") == 0)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
@@ -322,16 +308,6 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-nbio") == 0)
 			{ c_nbio=1; }
 #endif
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			}
-		else if	(strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine_id = *(++argv);
-			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -348,14 +324,7 @@ bad:
 		goto end;
 		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
-		&& !RAND_status())
-		{
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-		}
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
+	app_RAND_load_file(NULL, bio_err, 0);

 	if (bio_c_out == NULL)
 		{
@@ -372,30 +341,6 @@ bad:

 	OpenSSL_add_ssl_algorithms();
 	SSL_load_error_strings();
-
-	if (engine_id != NULL)
-		{
-		if((e = ENGINE_by_id(engine_id)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (c_debug)
-			{
-			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
-				0, bio_err, 0);
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
-		ENGINE_free(e);
-		}
-
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -570,7 +515,7 @@ re_start:
 					tv.tv_usec = 0;
 					i=select(width,(void *)&readfds,(void *)&writefds,
 						 NULL,&tv);
-					if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
+					if(!i && (!_kbhit() || !read_tty) ) continue;
 				} else 	i=select(width,(void *)&readfds,(void *)&writefds,
 					 NULL,NULL);
 			}
@@ -736,7 +681,7 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 			}

 #ifdef WINDOWS
-		else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
+		else if (_kbhit())
 #else
 		else if (FD_ISSET(fileno(stdin),&readfds))
 #endif
@@ -766,13 +711,13 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 			else
 				i=read(fileno(stdin),cbuf,BUFSIZZ);

-			if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
+			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
 				{
 				BIO_printf(bio_err,"DONE\n");
 				goto shut;
 				}

-			if ((!c_ign_eof) && (cbuf[0] == 'R'))
+			if ((!c_quiet) && (cbuf[0] == 'R'))
 				{
 				BIO_printf(bio_err,"RENEGOTIATING\n");
 				SSL_renegotiate(con);
@@ -800,8 +745,8 @@ end:
 	if (con != NULL) SSL_free(con);
 	if (con2 != NULL) SSL_free(con2);
 	if (ctx != NULL) SSL_CTX_free(ctx);
-	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
-	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
+	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
+	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
 	if (bio_c_out != NULL)
 		{
 		BIO_free(bio_c_out);
@@ -928,7 +873,5 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)
 		X509_free(peer);
-	/* flush, or debugging output gets mixed with http response */
-	BIO_flush(bio);
 	}

--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -83,8 +83,6 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
-#include <openssl/rand.h>
-#include <openssl/engine.h>
 #include "s_apps.h"

 #ifdef WINDOWS
@@ -178,7 +176,6 @@ static int s_debug=0;
 static int s_quiet=0;

 static int hack=0;
-static char *engine_id=NULL;

 #ifdef MONOLITH
 static void s_server_init(void)
@@ -201,7 +198,6 @@ static void s_server_init(void)
 	s_debug=0;
 	s_quiet=0;
 	hack=0;
-	engine_id=NULL;
 	}
 #endif

@@ -246,8 +242,6 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
-	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}

 static int local_argc=0;
@@ -291,7 +285,7 @@ static int ebcdic_new(BIO *bi)
 {
 	EBCDIC_OUTBUFF *wbuf;

-	wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+	wbuf = (EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
 	wbuf->alloced = 1024;
 	wbuf->buff[0] = '\0';

@@ -305,7 +299,7 @@ static int ebcdic_free(BIO *a)
 {
 	if (a == NULL) return(0);
 	if (a->ptr != NULL)
-		OPENSSL_free(a->ptr);
+		Free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;
 	a->flags=0;
@@ -342,8 +336,8 @@ static int ebcdic_write(BIO *b, char *in, int inl)
 		num = num + num;  /* double the size */
 		if (num < inl)
 			num = inl;
-		OPENSSL_free(wbuf);
-		wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
+		Free(wbuf);
+		wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num);

 		wbuf->alloced = num;
 		wbuf->buff[0] = '\0';
@@ -417,9 +411,6 @@ int MAIN(int argc, char *argv[])
 	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
-	char *inrand=NULL;
-	char *engine=NULL;
-	ENGINE *e=NULL;
 #ifndef NO_DH
 	DH *dh=NULL;
 #endif
@@ -574,16 +565,6 @@ int MAIN(int argc, char *argv[])
 		else if	(strcmp(*argv,"-tls1") == 0)
 			{ meth=TLSv1_server_method(); }
 #endif
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine = *(++argv);
-			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -600,14 +581,7 @@ bad:
 		goto end;
 		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
-		&& !RAND_status())
-		{
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-		}
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
+	app_RAND_load_file(NULL, bio_err, 0);

 	if (bio_s_out == NULL)
 		{
@@ -635,29 +609,6 @@ bad:
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (s_debug)
-			{
-			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
-				0, bio_err, 0);
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		ENGINE_free(e);
-		}
-
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -725,8 +676,7 @@ bad:

 #ifndef NO_RSA
 #if 1
-	if (!no_tmp_rsa)
-		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
+	SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
 #else
 	if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
 		{
@@ -816,7 +766,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 	struct timeval tv;
 #endif

-	if ((buf=OPENSSL_malloc(bufsize)) == NULL)
+	if ((buf=Malloc(bufsize)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto err;
@@ -1078,7 +1028,7 @@ err:
 	if (buf != NULL)
 		{
 		memset(buf,0,bufsize);
-		OPENSSL_free(buf);
+		Free(buf);
 		}
 	if (ret >= 0)
 		BIO_printf(bio_s_out,"ACCEPT\n");
@@ -1195,7 +1145,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 	BIO *io,*ssl_bio,*sbio;
 	long total_bytes;

-	buf=OPENSSL_malloc(bufsize);
+	buf=Malloc(bufsize);
 	if (buf == NULL) return(0);
 	io=BIO_new(BIO_f_buffer());
 	ssl_bio=BIO_new(BIO_f_ssl());
@@ -1386,29 +1336,15 @@ static int www_body(char *hostname, int s, unsigned char *context)

 			/* skip the '/' */
 			p= &(buf[5]);
-
-			dot = 1;
+			dot=0;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ')
-					break;
-
-				switch (dot)
-					{
-				case 1:
-					dot = (e[0] == '.') ? 2 : 0;
-					break;
-				case 2:
-					dot = (e[0] == '.') ? 3 : 0;
-					break;
-				case 3:
-					dot = (e[0] == '/') ? -1 : 0;
-					break;
-					}
-				if (dot == 0)
-					dot = (e[0] == '/') ? 1 : 0;
+				if (e[0] == ' ') break;
+				if (	(e[0] == '.') &&
+					(strncmp(&(e[-1]),"/../",4) == 0))
+					dot=1;
 				}
-			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
+			

 			if (*e == '\0')
 				{
@@ -1432,11 +1368,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				break;
 				}

-#if 0
 			/* append if a directory lookup */
 			if (e[-1] == '/')
 				strcat(p,"index.html");
-#endif

 			/* if a directory, do the index thang */
 			if (stat(p,&st_buf) < 0)
@@ -1448,13 +1382,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				}
 			if (S_ISDIR(st_buf.st_mode))
 				{
-#if 0 /* must check buffer size */
 				strcat(p,"/index.html");
-#else
-				BIO_puts(io,text);
-				BIO_printf(io,"'%s' is a directory\r\n",p);
-				break;
-#endif
 				}

 			if ((file=BIO_new_file(p,"r")) == NULL)
@@ -1546,7 +1474,7 @@ err:
 	if (ret >= 0)
 		BIO_printf(bio_s_out,"ACCEPT\n");

-	if (buf != NULL) OPENSSL_free(buf);
+	if (buf != NULL) Free(buf);
 	if (io != NULL) BIO_free_all(io);
 /*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/
 	return(ret);
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -1,4 +1,4 @@
-/* apps/s_socket.c -  socket-related functions used by s_client and s_server */
+/* apps/s_socket.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -79,17 +79,16 @@ typedef unsigned int u_int;
 #include "s_apps.h"
 #include <openssl/ssl.h>

-static struct hostent *GetHostByName(char *name);
-#ifdef WINDOWS
-static void sock_cleanup(void);
+#ifdef VMS
+#if (__VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl,
+			      and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+#include <processes.h> /* for vfork() */
 #endif
-static int sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port);
-static int init_server(int *sock, int port);
-static int init_server_long(int *sock, int port,char *ip);
-static int do_accept(int acc_sock, int *sock, char **host);
-static int host_ip(char *str, unsigned char ip[4]);

+static struct hostent *GetHostByName(char *name);
+int sock_init(void );
 #ifdef WIN16
 #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
 #else
@@ -132,19 +131,19 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
 #endif /* WIN32 */
 #endif /* WINDOWS */

-#ifdef WINDOWS
-static void sock_cleanup(void)
+void sock_cleanup(void)
 	{
+#ifdef WINDOWS
 	if (wsa_init_done)
 		{
 		wsa_init_done=0;
 		WSACancelBlockingCall();
 		WSACleanup();
 		}
-	}
 #endif
+	}

-static int sock_init(void)
+int sock_init(void)
 	{
 #ifdef WINDOWS
 	if (!wsa_init_done)
@@ -188,7 +187,7 @@ int init_client(int *sock, char *host, int port)
 	return(init_client_ip(sock,ip,port));
 	}

-static int init_client_ip(int *sock, unsigned char ip[4], int port)
+int init_client_ip(int *sock, unsigned char ip[4], int port)
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
@@ -209,11 +208,9 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }

-#ifndef MPE
 	i=0;
 	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 	if (i < 0) { perror("keepalive"); return(0); }
-#endif

 	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
 		{ close(s); perror("connect"); return(0); }
@@ -221,6 +218,75 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	return(1);
 	}

+int nbio_sock_error(int sock)
+	{
+	int j,i;
+	int size;
+
+	size=sizeof(int);
+	/* Note: under VMS with SOCKETSHR the third parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,(void *)&size);
+	if (i < 0)
+		return(1);
+	else
+		return(j);
+	}
+
+int nbio_init_client_ip(int *sock, unsigned char ip[4], int port)
+	{
+	unsigned long addr;
+	struct sockaddr_in them;
+	int s,i;
+
+	if (!sock_init()) return(0);
+
+	memset((char *)&them,0,sizeof(them));
+	them.sin_family=AF_INET;
+	them.sin_port=htons((unsigned short)port);
+	addr=	(unsigned long)
+		((unsigned long)ip[0]<<24L)|
+		((unsigned long)ip[1]<<16L)|
+		((unsigned long)ip[2]<< 8L)|
+		((unsigned long)ip[3]);
+	them.sin_addr.s_addr=htonl(addr);
+
+	if (*sock <= 0)
+		{
+#ifdef FIONBIO
+		unsigned long l=1;
+#endif
+
+		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+		if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+		i=0;
+		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+		if (i < 0) { perror("keepalive"); return(0); }
+		*sock=s;
+
+#ifdef FIONBIO
+		BIO_socket_ioctl(s,FIONBIO,&l);
+#endif
+		}
+	else
+		s= *sock;
+
+	i=connect(s,(struct sockaddr *)&them,sizeof(them));
+	if (i == INVALID_SOCKET)
+		{
+		if (BIO_sock_should_retry(i))
+			return(-1);
+		else
+			return(0);
+		}
+	else
+		return(1);
+	}
+
 int do_server(int port, int *ret, int (*cb)(), char *context)
 	{
 	int sock;
@@ -243,7 +309,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context)
 			return(0);
 			}
 		i=(*cb)(name,sock, context);
-		if (name != NULL) OPENSSL_free(name);
+		if (name != NULL) Free(name);
 		SHUTDOWN2(sock);
 		if (i < 0)
 			{
@@ -253,7 +319,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context)
 		}
 	}

-static int init_server_long(int *sock, int port, char *ip)
+int init_server_long(int *sock, int port, char *ip)
 	{
 	int ret=0;
 	struct sockaddr_in server;
@@ -303,12 +369,12 @@ err:
 	return(ret);
 	}

-static int init_server(int *sock, int port)
+int init_server(int *sock, int port)
 	{
 	return(init_server_long(sock, port, NULL));
 	}

-static int do_accept(int acc_sock, int *sock, char **host)
+int do_accept(int acc_sock, int *sock, char **host)
 	{
 	int ret,i;
 	struct hostent *h1,*h2;
@@ -374,9 +440,9 @@ redoit:
 		}
 	else
 		{
-		if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
+		if ((*host=(char *)Malloc(strlen(h1->h_name)+1)) == NULL)
 			{
-			perror("OPENSSL_malloc");
+			perror("Malloc");
 			return(0);
 			}
 		strcpy(*host,h1->h_name);
@@ -424,7 +490,7 @@ err:
 	return(0);
 	}

-static int host_ip(char *str, unsigned char ip[4])
+int host_ip(char *str, unsigned char ip[4])
 	{
 	unsigned int in[4]; 
 	int i;
@@ -540,3 +606,69 @@ static struct hostent *GetHostByName(char *name)
 		return(ret);
 		}
 	}
+
+#ifndef MSDOS
+int spawn(int argc, char **argv, int *in, int *out)
+	{
+	int pid;
+#define CHILD_READ	p1[0]
+#define CHILD_WRITE	p2[1]
+#define PARENT_READ	p2[0]
+#define PARENT_WRITE	p1[1]
+	int p1[2],p2[2];
+
+	if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
+
+#ifdef VMS
+	if ((pid=vfork()) == 0)
+#else
+	if ((pid=fork()) == 0)
+#endif
+		{ /* child */
+		if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
+			perror("dup2");
+		if (dup2(CHILD_WRITE,fileno(stderr)) < 0)
+			perror("dup2");
+		if (dup2(CHILD_READ,fileno(stdin)) < 0)
+			perror("dup2");
+		close(CHILD_READ); 
+		close(CHILD_WRITE);
+
+		close(PARENT_READ);
+		close(PARENT_WRITE);
+		execvp(argv[0],argv);
+		perror("child");
+		exit(1);
+		}
+
+	/* parent */
+	*in= PARENT_READ;
+	*out=PARENT_WRITE;
+	close(CHILD_READ);
+	close(CHILD_WRITE);
+	return(pid);
+	}
+#endif /* MSDOS */
+
+
+#ifdef undef
+	/* Turn on synchronous sockets so that we can do a WaitForMultipleObjects
+	 * on sockets */
+	{
+	SOCKET s;
+	int optionValue = SO_SYNCHRONOUS_NONALERT;
+	int err;
+
+	err = setsockopt( 
+	    INVALID_SOCKET, 
+	    SOL_SOCKET, 
+	    SO_OPENTYPE, 
+	    (char *)&optionValue, 
+	    sizeof(optionValue));
+	if (err != NO_ERROR) {
+	/* failed for some reason... */
+		BIO_printf(bio_err, "failed to setsockopt(SO_OPENTYPE, SO_SYNCHRONOUS_ALERT) - %d\n",
+			WSAGetLastError());
+		}
+	}
+#endif
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -82,7 +82,7 @@
 #include "wintext.h"
 #endif

-#if !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) || defined (_DARWIN)
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif

@@ -102,7 +102,7 @@
 #undef TIMES
 #endif

-#if !defined(TIMES) && !defined(VXWORKS)
+#ifndef TIMES
 #include <sys/timeb.h>
 #endif

@@ -139,8 +139,6 @@
 #undef BUFSIZZ
 #define BUFSIZZ 1024*10

-#undef min
-#undef max
 #define min(a,b) (((a) < (b)) ? (a) : (b))
 #define max(a,b) (((a) > (b)) ? (a) : (b))

@@ -370,22 +368,6 @@ static double tm_Time_F(int s)
 		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
 		return((ret == 0.0)?1e-6:ret);
 	}
-#elif defined(VXWORKS)
-        {
-	static unsigned long tick_start, tick_end;
-
-	if( s == START )
-		{
-		tick_start = tickGet();
-		return 0;
-		}
-	else
-		{
-		tick_end = tickGet();
-		ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
-		return((ret == 0.0)?1e-6:ret);
-		}
-        }
 #else /* !times() */
 	static struct timeb tstart,tend;
 	long i;
--- a/apps/server.pem
+++ b/apps/server.pem
@@ -1,17 +1,17 @@
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
 -----BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
-MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
+MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
 A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
 cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
 Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
-GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
-k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
-itAE+OjGF+PFKbwX8Q==
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
+JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
+IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
+FUGcPZf9ND22Etc+AQ==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -206,15 +206,7 @@ bad:
 			}

 		if (outfile == NULL)
-			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-			}
 		else
 			{
 			if (BIO_write_filename(out,outfile) <= 0)
@@ -270,7 +262,7 @@ bad:
 		}
 	ret=0;
 end:
-	if (out != NULL) BIO_free_all(out);
+	if (out != NULL) BIO_free(out);
 	if (x != NULL) SSL_SESSION_free(x);
 	EXIT(ret);
 	}
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -64,10 +64,12 @@
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
-#include <openssl/engine.h>

 #undef PROG
 #define PROG smime_main
+static X509 *load_cert(char *file);
+static EVP_PKEY *load_key(char *file, char *pass);
+static STACK_OF(X509) *load_certs(char *file);
 static X509_STORE *setup_verify(char *CAfile, char *CApath);
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);

@@ -82,14 +84,13 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 {
-	ENGINE *e = NULL;
 	int operation = 0;
 	int ret = 0;
 	char **args;
 	char *inmode = "r", *outmode = "w";
 	char *infile = NULL, *outfile = NULL;
 	char *signerfile = NULL, *recipfile = NULL;
-	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+	char *certfile = NULL, *keyfile = NULL;
 	EVP_CIPHER *cipher = NULL;
 	PKCS7 *p7 = NULL;
 	X509_STORE *store = NULL;
@@ -104,10 +105,8 @@ int MAIN(int argc, char **argv)
 	char *passargin = NULL, *passin = NULL;
 	char *inrand = NULL;
 	int need_rand = 0;
-	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
-	char *engine=NULL;
-
 	args = argv + 1;
+
 	ret = 1;

 	while (!badarg && *args && *args[0] == '-') {
@@ -144,8 +143,6 @@ int MAIN(int argc, char **argv)
 				flags |= PKCS7_NOATTR;
 		else if (!strcmp (*args, "-nodetach")) 
 				flags &= ~PKCS7_DETACHED;
-		else if (!strcmp (*args, "-nosmimecap"))
-				flags |= PKCS7_NOSMIMECAP;
 		else if (!strcmp (*args, "-binary"))
 				flags |= PKCS7_BINARY;
 		else if (!strcmp (*args, "-nosigs"))
@@ -156,11 +153,6 @@ int MAIN(int argc, char **argv)
 				inrand = *args;
 			} else badarg = 1;
 			need_rand = 1;
-		} else if (!strcmp(*args,"-engine")) {
-			if (args[1]) {
-				args++;
-				engine = *args;
-			} else badarg = 1;
 		} else if (!strcmp(*args,"-passin")) {
 			if (args[1]) {
 				args++;
@@ -216,26 +208,11 @@ int MAIN(int argc, char **argv)
 				args++;
 				infile = *args;
 			} else badarg = 1;
-		} else if (!strcmp (*args, "-inform")) {
-			if (args[1]) {
-				args++;
-				informat = str2fmt(*args);
-			} else badarg = 1;
-		} else if (!strcmp (*args, "-outform")) {
-			if (args[1]) {
-				args++;
-				outformat = str2fmt(*args);
-			} else badarg = 1;
 		} else if (!strcmp (*args, "-out")) {
 			if (args[1]) {
 				args++;
 				outfile = *args;
 			} else badarg = 1;
-		} else if (!strcmp (*args, "-content")) {
-			if (args[1]) {
-				args++;
-				contfile = *args;
-			} else badarg = 1;
 		} else badarg = 1;
 		args++;
 	}
@@ -287,44 +264,21 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-signer file   signer certificate file\n");
 		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
 		BIO_printf (bio_err, "-in file       input file\n");
-		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
 		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
 		BIO_printf (bio_err, "-out file      output file\n");
-		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
-		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
 		BIO_printf (bio_err, "-to addr       to address\n");
 		BIO_printf (bio_err, "-from ad       from address\n");
 		BIO_printf (bio_err, "-subject s     subject\n");
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
-		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
-		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
-		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,  "-rand file:file:...\n");
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,  "               the random number generator\n");
 		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
 		goto end;
 	}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -341,12 +295,9 @@ int MAIN(int argc, char **argv)

 	if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;

-	if(operation & SMIME_OP) {
-		if(flags & PKCS7_BINARY) inmode = "rb";
-		if(outformat == FORMAT_ASN1) outmode = "wb";
-	} else {
-		if(flags & PKCS7_BINARY) outmode = "wb";
-		if(informat == FORMAT_ASN1) inmode = "rb";
+	if(flags & PKCS7_BINARY) {
+		if(operation & SMIME_OP) inmode = "rb";
+		else outmode = "rb";
 	}

 	if(operation == SMIME_ENCRYPT) {
@@ -358,9 +309,12 @@ int MAIN(int argc, char **argv)
 			goto end;
 #endif
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("load encryption certificates");
+#endif		
 		encerts = sk_X509_new_null();
 		while (*args) {
-			if(!(cert = load_cert(bio_err,*args,FORMAT_PEM))) {
+			if(!(cert = load_cert(*args))) {
 				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
 				goto end;
 			}
@@ -368,29 +322,50 @@ int MAIN(int argc, char **argv)
 			cert = NULL;
 			args++;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

 	if(signerfile && (operation == SMIME_SIGN)) {
-		if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM))) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("load signer certificate");
+#endif		
+		if(!(signer = load_cert(signerfile))) {
 			BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

 	if(certfile) {
-		if(!(other = load_certs(bio_err,certfile,FORMAT_PEM))) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("load other certfiles");
+#endif		
+		if(!(other = load_certs(certfile))) {
 			BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

 	if(recipfile && (operation == SMIME_DECRYPT)) {
-		if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM))) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("load recipient certificate");
+#endif		
+		if(!(recip = load_cert(recipfile))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

 	if(operation == SMIME_DECRYPT) {
@@ -400,13 +375,22 @@ int MAIN(int argc, char **argv)
 	} else keyfile = NULL;

 	if(keyfile) {
-		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("load keyfile");
+#endif		
+		if(!(key = load_key(keyfile, passin))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

+#ifdef CRYPTO_MDEBUG
+	CRYPTO_push_info("open input files");
+#endif		
 	if (infile) {
 		if (!(in = BIO_new_file(infile, inmode))) {
 			BIO_printf (bio_err,
@@ -414,60 +398,64 @@ int MAIN(int argc, char **argv)
 			goto end;
 		}
 	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+#endif		

+#ifdef CRYPTO_MDEBUG
+	CRYPTO_push_info("open output files");
+#endif		
 	if (outfile) {
 		if (!(out = BIO_new_file(outfile, outmode))) {
 			BIO_printf (bio_err,
 				 "Can't open output file %s\n", outfile);
 			goto end;
 		}
-	} else {
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
-		{
-		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		    out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
+	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+#endif		

 	if(operation == SMIME_VERIFY) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("setup_verify");
+#endif		
 		if(!(store = setup_verify(CAfile, CApath))) goto end;
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

 	ret = 3;

 	if(operation == SMIME_ENCRYPT) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("PKCS7_encrypt");
+#endif		
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	} else if(operation == SMIME_SIGN) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("PKCS7_sign");
+#endif		
 		p7 = PKCS7_sign(signer, key, other, in, flags);
-		if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
-		  BIO_printf(bio_err, "Can't rewind input file\n");
-		  goto end;
-		}
+		BIO_reset(in);
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	} else {
-		if(informat == FORMAT_SMIME) 
-			p7 = SMIME_read_PKCS7(in, &indata);
-		else if(informat == FORMAT_PEM) 
-			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
-		else if(informat == FORMAT_ASN1) 
-			p7 = d2i_PKCS7_bio(in, NULL);
-		else {
-			BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
-			goto end;
-		}
-
-		if(!p7) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("SMIME_read_PKCS7");
+#endif		
+		if(!(p7 = SMIME_read_PKCS7(in, &indata))) {
 			BIO_printf(bio_err, "Error reading S/MIME message\n");
 			goto end;
 		}
-		if(contfile) {
-			BIO_free(indata);
-			if(!(indata = BIO_new_file(contfile, "rb"))) {
-				BIO_printf(bio_err, "Can't read content file %s\n", contfile);
-				goto end;
-			}
-		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	}

 	if(!p7) {
@@ -477,25 +465,45 @@ int MAIN(int argc, char **argv)

 	ret = 4;
 	if(operation == SMIME_DECRYPT) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("PKCS7_decrypt");
+#endif		
 		if(!PKCS7_decrypt(p7, key, recip, out, flags)) {
 			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 	} else if(operation == SMIME_VERIFY) {
 		STACK_OF(X509) *signers;
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("PKCS7_verify");
+#endif		
 		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
-			BIO_printf(bio_err, "Verification successful\n");
+			BIO_printf(bio_err, "Verification Successful\n");
 		} else {
-			BIO_printf(bio_err, "Verification failure\n");
+			BIO_printf(bio_err, "Verification Failure\n");
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+		CRYPTO_push_info("PKCS7_get0_signers");
+#endif		
 		signers = PKCS7_get0_signers(p7, other, flags);
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+		CRYPTO_push_info("save_certs");
+#endif		
 		if(!save_certs(signerfile, signers)) {
 			BIO_printf(bio_err, "Error writing signers to %s\n",
 								signerfile);
 			ret = 5;
 			goto end;
 		}
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif		
 		sk_X509_free(signers);
 	} else if(operation == SMIME_PK7OUT) {
 		PEM_write_bio_PKCS7(out, p7);
@@ -503,19 +511,13 @@ int MAIN(int argc, char **argv)
 		if(to) BIO_printf(out, "To: %s\n", to);
 		if(from) BIO_printf(out, "From: %s\n", from);
 		if(subject) BIO_printf(out, "Subject: %s\n", subject);
-		if(outformat == FORMAT_SMIME) 
-			SMIME_write_PKCS7(out, p7, in, flags);
-		else if(outformat == FORMAT_PEM) 
-			PEM_write_bio_PKCS7(out,p7);
-		else if(outformat == FORMAT_ASN1) 
-			i2d_PKCS7_bio(out,p7);
-		else {
-			BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
-			goto end;
-		}
+		SMIME_write_PKCS7(out, p7, in, flags);
 	}
 	ret = 0;
 end:
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_remove_all_info();
+#endif
 	if (need_rand)
 		app_RAND_write_file(NULL, bio_err);
 	if(ret) ERR_print_errors(bio_err);
@@ -529,18 +531,72 @@ end:
 	PKCS7_free(p7);
 	BIO_free(in);
 	BIO_free(indata);
-	BIO_free_all(out);
-	if(passin) OPENSSL_free(passin);
+	BIO_free(out);
+	if(passin) Free(passin);
 	return (ret);
 }

+static X509 *load_cert(char *file)
+{
+	BIO *in;
+	X509 *cert;
+	if(!(in = BIO_new_file(file, "r"))) return NULL;
+	cert = PEM_read_bio_X509(in, NULL, NULL,NULL);
+	BIO_free(in);
+	return cert;
+}
+
+static EVP_PKEY *load_key(char *file, char *pass)
+{
+	BIO *in;
+	EVP_PKEY *key;
+	if(!(in = BIO_new_file(file, "r"))) return NULL;
+	key = PEM_read_bio_PrivateKey(in, NULL,NULL,pass);
+	BIO_free(in);
+	return key;
+}
+
+static STACK_OF(X509) *load_certs(char *file)
+{
+	BIO *in;
+	int i;
+	STACK_OF(X509) *othercerts;
+	STACK_OF(X509_INFO) *allcerts;
+	X509_INFO *xi;
+	if(!(in = BIO_new_file(file, "r"))) return NULL;
+	othercerts = sk_X509_new(NULL);
+	if(!othercerts) return NULL;
+	allcerts = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+	for(i = 0; i < sk_X509_INFO_num(allcerts); i++) {
+		xi = sk_X509_INFO_value (allcerts, i);
+		if (xi->x509) {
+			sk_X509_push(othercerts, xi->x509);
+			xi->x509 = NULL;
+		}
+	}
+	sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+	BIO_free(in);
+	return othercerts;
+}
+
 static X509_STORE *setup_verify(char *CAfile, char *CApath)
 {
 	X509_STORE *store;
 	X509_LOOKUP *lookup;
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_push_info("X509_STORE_new");
+#endif	
 	if(!(store = X509_STORE_new())) goto end;
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("X509_STORE_add_lookup(...file)");
+#endif	
 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
 	if (lookup == NULL) goto end;
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("X509_LOOKUP_load_file");
+#endif	
 	if (CAfile) {
 		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
 			BIO_printf(bio_err, "Error loading file %s\n", CAfile);
@@ -548,14 +604,25 @@ static X509_STORE *setup_verify(char *CAfile, char *CApath)
 		}
 	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
 		
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("X509_STORE_add_lookup(...hash_dir)");
+#endif	
 	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
 	if (lookup == NULL) goto end;
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("X509_LOOKUP_add_dir");
+#endif	
 	if (CApath) {
 		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
 			BIO_printf(bio_err, "Error loading directory %s\n", CApath);
 			goto end;
 		}
 	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+#endif	

 	ERR_clear_error();
 	return store;
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -81,27 +81,17 @@
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
-#include <openssl/engine.h>

-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN)
-# define USE_TOD
-#elif !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC))
-# define TIMES
-#endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) && !defined(_DARWIN) && !defined(VXWORKS)
-# define TIMEB
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+#define TIMES
 #endif

 #ifndef _IRIX
-# include <time.h>
+#include <time.h>
 #endif
 #ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-#ifdef USE_TOD
-# include <sys/time.h>
-# include <sys/resource.h>
+#include <sys/types.h>
+#include <sys/times.h>
 #endif

 /* Depending on the VMS version, the tms structure is perhaps defined.
@@ -112,14 +102,10 @@
 #undef TIMES
 #endif

-#ifdef TIMEB
+#ifndef TIMES
 #include <sys/timeb.h>
 #endif

-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(VXWORKS)
-#error "It seems neither struct tms nor struct timeb is supported in this platform!"
-#endif
-
 #if defined(sun) || defined(__ultrix)
 #define _POSIX_SOURCE
 #include <limits.h>
@@ -135,9 +121,6 @@
 #ifndef NO_MDC2
 #include <openssl/mdc2.h>
 #endif
-#ifndef NO_MD4
-#include <openssl/md4.h>
-#endif
 #ifndef NO_MD5
 #include <openssl/md5.h>
 #endif
@@ -195,7 +178,7 @@
 #define BUFSIZE	((long)1024*8+1)
 int run=0;

-static double Time_F(int s, int usertime);
+static double Time_F(int s);
 static void print_message(char *s,long num,int length);
 static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
 #ifdef SIGALRM
@@ -219,108 +202,39 @@ static SIGRETTYPE sig_done(int sig)
 #define START	0
 #define STOP	1

-static double Time_F(int s, int usertime)
+static double Time_F(int s)
 	{
 	double ret;
+#ifdef TIMES
+	static struct tms tstart,tend;

-#ifdef USE_TOD
-	if(usertime)
+	if (s == START)
 		{
-		static struct rusage tstart,tend;
-
-		if (s == START)
-			{
-			getrusage(RUSAGE_SELF,&tstart);
-			return(0);
-			}
-		else
-			{
-			long i;
-
-			getrusage(RUSAGE_SELF,&tend);
-			i=(long)tend.ru_utime.tv_usec-(long)tstart.ru_utime.tv_usec;
-			ret=((double)(tend.ru_utime.tv_sec-tstart.ru_utime.tv_sec))
-			  +((double)i)/1000000.0;
-			return((ret < 0.001)?0.001:ret);
-			}
+		times(&tstart);
+		return(0);
 		}
 	else
 		{
-		static struct timeval tstart,tend;
-		long i;
-
-		if (s == START)
-			{
-			gettimeofday(&tstart,NULL);
-			return(0);
-			}
-		else
-			{
-			gettimeofday(&tend,NULL);
-			i=(long)tend.tv_usec-(long)tstart.tv_usec;
-			ret=((double)(tend.tv_sec-tstart.tv_sec))+((double)i)/1000000.0;
-			return((ret < 0.001)?0.001:ret);
-			}
+		times(&tend);
+		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+		return((ret < 1e-3)?1e-3:ret);
 		}
-#else  /* ndef USE_TOD */
-		
-# ifdef TIMES
-	if (usertime)
+#else /* !times() */
+	static struct timeb tstart,tend;
+	long i;
+
+	if (s == START)
 		{
-		static struct tms tstart,tend;
-
-		if (s == START)
-			{
-			times(&tstart);
-			return(0);
-			}
-		else
-			{
-			times(&tend);
-			ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
-			return((ret < 1e-3)?1e-3:ret);
-			}
+		ftime(&tstart);
+		return(0);
 		}
-# endif /* times() */
-# if defined(TIMES) && defined(TIMEB)
 	else
-# endif
-# ifdef VXWORKS
 		{
-		static unsigned long tick_start, tick_end;
-
-		if( s == START )
-			{
-			tick_start = tickGet();
-			return 0;
-			}
-		else
-			{
-			tick_end = tickGet();
-			ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
-			return((ret < 0.001)?0.001:ret);
-			}
-                }
-# elif defined(TIMEB)
-		{
-		static struct timeb tstart,tend;
-		long i;
-
-		if (s == START)
-			{
-			ftime(&tstart);
-			return(0);
-			}
-		else
-			{
-			ftime(&tend);
-			i=(long)tend.millitm-(long)tstart.millitm;
-			ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
-			return((ret < 0.001)?0.001:ret);
-			}
+		ftime(&tend);
+		i=(long)tend.millitm-(long)tstart.millitm;
+		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+		return((ret < 0.001)?0.001:ret);
 		}
-# endif
-
 #endif
 	}

@@ -328,27 +242,21 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e;
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
-#define ALGOR_NUM	15
+#define ALGOR_NUM	14
 #define SIZE_NUM	5
 #define RSA_NUM		4
 #define DSA_NUM		3
 	long count,rsa_count;
 	int i,j,k;
-#ifndef NO_RSA
-	unsigned rsa_num;
-#endif
+	unsigned rsa_num,rsa_num2;
 #ifndef NO_MD2
 	unsigned char md2[MD2_DIGEST_LENGTH];
 #endif
 #ifndef NO_MDC2
 	unsigned char mdc2[MDC2_DIGEST_LENGTH];
 #endif
-#ifndef NO_MD4
-	unsigned char md4[MD4_DIGEST_LENGTH];
-#endif
 #ifndef NO_MD5
 	unsigned char md5[MD5_DIGEST_LENGTH];
 	unsigned char hmac[MD5_DIGEST_LENGTH];
@@ -390,24 +298,23 @@ int MAIN(int argc, char **argv)
 #endif
 #define	D_MD2		0
 #define	D_MDC2		1
-#define	D_MD4		2
-#define	D_MD5		3
-#define	D_HMAC		4
-#define	D_SHA1		5
-#define D_RMD160	6
-#define	D_RC4		7
-#define	D_CBC_DES	8
-#define	D_EDE3_DES	9
-#define	D_CBC_IDEA	10
-#define	D_CBC_RC2	11
-#define	D_CBC_RC5	12
-#define	D_CBC_BF	13
-#define	D_CBC_CAST	14
+#define	D_MD5		2
+#define	D_HMAC		3
+#define	D_SHA1		4
+#define D_RMD160	5
+#define	D_RC4		6
+#define	D_CBC_DES	7
+#define	D_EDE3_DES	8
+#define	D_CBC_IDEA	9
+#define	D_CBC_RC2	10
+#define	D_CBC_RC5	11
+#define	D_CBC_BF	12
+#define	D_CBC_CAST	13
 	double d,results[ALGOR_NUM][SIZE_NUM];
 	static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
 	long c[ALGOR_NUM][SIZE_NUM];
 	static char *names[ALGOR_NUM]={
-		"md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
+		"md2","mdc2","md5","hmac(md5)","sha1","rmd160","rc4",
 		"des cbc","des ede3","idea cbc",
 		"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
 #define	R_DSA_512	0
@@ -438,11 +345,6 @@ int MAIN(int argc, char **argv)
 	int dsa_doit[DSA_NUM];
 	int doit[ALGOR_NUM];
 	int pr_header=0;
-	int usertime=1;
-
-#ifndef TIMES
-	usertime=-1;
-#endif

 	apps_startup();
 	memset(results, 0, sizeof(results));
@@ -460,7 +362,7 @@ int MAIN(int argc, char **argv)
 		rsa_key[i]=NULL;
 #endif

-	if ((buf=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
+	if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
@@ -468,7 +370,7 @@ int MAIN(int argc, char **argv)
 #ifndef NO_DES
 	buf_as_des_cblock = (des_cblock *)buf;
 #endif
-	if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
+	if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
@@ -489,39 +391,6 @@ int MAIN(int argc, char **argv)
 	argv++;
 	while (argc)
 		{
-		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
-			usertime = 0;
-		else
-		if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
-			{
-			argc--;
-			argv++;
-			if(argc == 0)
-				{
-				BIO_printf(bio_err,"no engine given\n");
-				goto end;
-				}
-			if((e = ENGINE_by_id(*argv)) == NULL)
-				{
-				BIO_printf(bio_err,"invalid engine \"%s\"\n",
-					*argv);
-				goto end;
-				}
-			if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-				{
-				BIO_printf(bio_err,"can't use that engine\n");
-				goto end;
-				}
-			BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
-			/* Free our "structural" reference. */
-			ENGINE_free(e);
-			/* It will be increased again further down.  We just
-			   don't want speed to confuse an engine with an
-			   algorithm, especially when none is given (which
-			   means all of them should be run) */
-			j--;
-			}
-		else
 #ifndef NO_MD2
 		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
 		else
@@ -530,10 +399,6 @@ int MAIN(int argc, char **argv)
 			if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
 		else
 #endif
-#ifndef NO_MD4
-			if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
-		else
-#endif
 #ifndef NO_MD5
 			if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
 		else
@@ -569,7 +434,7 @@ int MAIN(int argc, char **argv)
 #ifdef RSAref
 			if (strcmp(*argv,"rsaref") == 0) 
 			{
-			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
+			RSA_set_default_method(RSA_PKCS1_RSAref());
 			j--;
 			}
 		else
@@ -577,7 +442,7 @@ int MAIN(int argc, char **argv)
 #ifndef RSA_NULL
 			if (strcmp(*argv,"openssl") == 0) 
 			{
-			RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
+			RSA_set_default_method(RSA_PKCS1_SSLeay());
 			j--;
 			}
 		else
@@ -645,34 +510,8 @@ int MAIN(int argc, char **argv)
 		else
 #endif
 			{
-			BIO_printf(bio_err,"Error: bad option or value\n");
-			BIO_printf(bio_err,"\n");
-			BIO_printf(bio_err,"Available values:\n");
-#ifndef NO_MD2
-			BIO_printf(bio_err,"md2      ");
-#endif
-#ifndef NO_MDC2
-			BIO_printf(bio_err,"mdc2     ");
-#endif
-#ifndef NO_MD4
-			BIO_printf(bio_err,"md4      ");
-#endif
-#ifndef NO_MD5
-			BIO_printf(bio_err,"md5      ");
-#ifndef NO_HMAC
-			BIO_printf(bio_err,"hmac     ");
-#endif
-#endif
-#ifndef NO_SHA1
-			BIO_printf(bio_err,"sha1     ");
-#endif
-#ifndef NO_RIPEMD160
-			BIO_printf(bio_err,"rmd160");
-#endif
-#if !defined(NO_MD2) || !defined(NO_MDC2) || !defined(NO_MD4) || !defined(NO_MD5) || !defined(NO_SHA1) || !defined(NO_RIPEMD160)
-			BIO_printf(bio_err,"\n");
-#endif
-
+			BIO_printf(bio_err,"bad value, pick one of\n");
+			BIO_printf(bio_err,"md2      mdc2	md5      hmac      sha1    rmd160\n");
 #ifndef NO_IDEA
 			BIO_printf(bio_err,"idea-cbc ");
 #endif
@@ -685,49 +524,20 @@ int MAIN(int argc, char **argv)
 #ifndef NO_BF
 			BIO_printf(bio_err,"bf-cbc");
 #endif
-#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_BF) || !defined(NO_RC5)
+#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BF) && !defined(NO_RC5)
 			BIO_printf(bio_err,"\n");
 #endif
-
 			BIO_printf(bio_err,"des-cbc  des-ede3 ");
 #ifndef NO_RC4
 			BIO_printf(bio_err,"rc4");
 #endif
-			BIO_printf(bio_err,"\n");
-
 #ifndef NO_RSA
-			BIO_printf(bio_err,"rsa512   rsa1024  rsa2048  rsa4096\n");
+			BIO_printf(bio_err,"\nrsa512   rsa1024  rsa2048  rsa4096\n");
 #endif
-
 #ifndef NO_DSA
-			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
+			BIO_printf(bio_err,"\ndsa512   dsa1024  dsa2048\n");
 #endif
-
-#ifndef NO_IDEA
-			BIO_printf(bio_err,"idea     ");
-#endif
-#ifndef NO_RC2
-			BIO_printf(bio_err,"rc2      ");
-#endif
-#ifndef NO_DES
-			BIO_printf(bio_err,"des      ");
-#endif
-#ifndef NO_RSA
-			BIO_printf(bio_err,"rsa      ");
-#endif
-#ifndef NO_BF
-			BIO_printf(bio_err,"blowfish");
-#endif
-#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_DES) || !defined(NO_RSA) || !defined(NO_BF)
-			BIO_printf(bio_err,"\n");
-#endif
-
-			BIO_printf(bio_err,"\n");
-			BIO_printf(bio_err,"Available options:\n");
-#ifdef TIMES
-			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
-#endif
-			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
+			BIO_printf(bio_err,"idea     rc2      des      rsa    blowfish\n");
 			goto end;
 			}
 		argc--;
@@ -747,13 +557,10 @@ int MAIN(int argc, char **argv)
 	for (i=0; i<ALGOR_NUM; i++)
 		if (doit[i]) pr_header++;

-	if (usertime == 0)
-		BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
-	if (usertime <= 0)
-		{
-		BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
-		BIO_printf(bio_err,"program when this computer is idle.\n");
-		}
+#ifndef TIMES
+	BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
+	BIO_printf(bio_err,"program when this computer is idle.\n");
+#endif

 #ifndef NO_RSA
 	for (i=0; i<RSA_NUM; i++)
@@ -817,15 +624,14 @@ int MAIN(int argc, char **argv)
 	do	{
 		long i;
 		count*=2;
-		Time_F(START,usertime);
+		Time_F(START);
 		for (i=count; i; i--)
 			des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
 				&(sch[0]),DES_ENCRYPT);
-		d=Time_F(STOP,usertime);
+		d=Time_F(STOP);
 		} while (d <3);
 	c[D_MD2][0]=count/10;
 	c[D_MDC2][0]=count/10;
-	c[D_MD4][0]=count;
 	c[D_MD5][0]=count;
 	c[D_HMAC][0]=count;
 	c[D_SHA1][0]=count;
@@ -843,7 +649,6 @@ int MAIN(int argc, char **argv)
 		{
 		c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
 		c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
-		c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i];
 		c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
 		c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
 		c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
@@ -884,7 +689,6 @@ int MAIN(int argc, char **argv)
 		}
 #endif

-#ifndef NO_DSA
 	dsa_c[R_DSA_512][0]=count/1000;
 	dsa_c[R_DSA_512][1]=count/1000/2;
 	for (i=1; i<DSA_NUM; i++)
@@ -902,7 +706,6 @@ int MAIN(int argc, char **argv)
 				}
 			}				
 		}
-#endif

 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
@@ -922,10 +725,10 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_MD2][j]); count++)
 				MD2(buf,(unsigned long)lengths[j],&(md2[0]));
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD2],d);
 			results[D_MD2][j]=((double)count)/d*lengths[j];
@@ -938,10 +741,10 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_MDC2][j]); count++)
 				MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MDC2],d);
 			results[D_MDC2][j]=((double)count)/d*lengths[j];
@@ -949,33 +752,16 @@ int MAIN(int argc, char **argv)
 		}
 #endif

-#ifndef NO_MD4
-	if (doit[D_MD4])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
-			Time_F(START,usertime);
-			for (count=0,run=1; COND(c[D_MD4][j]); count++)
-				MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0]));
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_MD4],d);
-			results[D_MD4][j]=((double)count)/d*lengths[j];
-			}
-		}
-#endif
-
 #ifndef NO_MD5
 	if (doit[D_MD5])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_MD5][j]); count++)
 				MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_MD5],d);
 			results[D_MD5][j]=((double)count)/d*lengths[j];
@@ -993,14 +779,14 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_HMAC][j]); count++)
 				{
 				HMAC_Init(&hctx,NULL,0,NULL);
                                HMAC_Update(&hctx,buf,lengths[j]);
                                HMAC_Final(&hctx,&(hmac[0]),NULL);
 				}
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_HMAC],d);
 			results[D_HMAC][j]=((double)count)/d*lengths[j];
@@ -1013,10 +799,10 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_SHA1][j]); count++)
 				SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_SHA1],d);
 			results[D_SHA1][j]=((double)count)/d*lengths[j];
@@ -1029,10 +815,10 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_RMD160][j]); count++)
 				RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_RMD160],d);
 			results[D_RMD160][j]=((double)count)/d*lengths[j];
@@ -1045,11 +831,11 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_RC4][j]); count++)
 				RC4(&rc4_ks,(unsigned int)lengths[j],
 					buf,buf);
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_RC4],d);
 			results[D_RC4][j]=((double)count)/d*lengths[j];
@@ -1062,11 +848,11 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
 				des_ncbc_encrypt(buf,buf,lengths[j],sch,
 						 &iv,DES_ENCRYPT);
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_DES],d);
 			results[D_CBC_DES][j]=((double)count)/d*lengths[j];
@@ -1078,12 +864,12 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
 				des_ede3_cbc_encrypt(buf,buf,lengths[j],
 						     sch,sch2,sch3,
 						     &iv,DES_ENCRYPT);
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_EDE3_DES],d);
 			results[D_EDE3_DES][j]=((double)count)/d*lengths[j];
@@ -1096,12 +882,12 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
 				idea_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&idea_ks,
 					iv,IDEA_ENCRYPT);
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_IDEA],d);
 			results[D_CBC_IDEA][j]=((double)count)/d*lengths[j];
@@ -1114,12 +900,12 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
 				RC2_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&rc2_ks,
 					iv,RC2_ENCRYPT);
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_RC2],d);
 			results[D_CBC_RC2][j]=((double)count)/d*lengths[j];
@@ -1132,12 +918,12 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
 				RC5_32_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&rc5_ks,
 					iv,RC5_ENCRYPT);
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_RC5],d);
 			results[D_CBC_RC5][j]=((double)count)/d*lengths[j];
@@ -1150,12 +936,12 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
 				BF_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&bf_ks,
 					iv,BF_ENCRYPT);
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_BF],d);
 			results[D_CBC_BF][j]=((double)count)/d*lengths[j];
@@ -1168,12 +954,12 @@ int MAIN(int argc, char **argv)
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
-			Time_F(START,usertime);
+			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
 				CAST_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&cast_ks,
 					iv,CAST_ENCRYPT);
-			d=Time_F(STOP,usertime);
+			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_CAST],d);
 			results[D_CBC_CAST][j]=((double)count)/d*lengths[j];
@@ -1188,73 +974,49 @@ int MAIN(int argc, char **argv)
 		int ret;
 		if (!rsa_doit[j]) continue;
 		ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
-		if (ret == 0)
+		pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
+			RSA_SECONDS);
+/*		RSA_blinding_on(rsa_key[j],NULL); */
+		Time_F(START);
+		for (count=0,run=1; COND(rsa_c[j][0]); count++)
 			{
-			BIO_printf(bio_err,"RSA sign failure.  No RSA sign will be done.\n");
-			ERR_print_errors(bio_err);
-			rsa_count=1;
-			}
-		else
-			{
-			pkey_print_message("private","rsa",
-				rsa_c[j][0],rsa_bits[j],
-				RSA_SECONDS);
-/*			RSA_blinding_on(rsa_key[j],NULL); */
-			Time_F(START,usertime);
-			for (count=0,run=1; COND(rsa_c[j][0]); count++)
+			ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num,
+								 rsa_key[j]);
+			if (ret <= 0)
 				{
-				ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
-					&rsa_num, rsa_key[j]);
-				if (ret == 0)
-					{
-					BIO_printf(bio_err,
-						"RSA sign failure\n");
-					ERR_print_errors(bio_err);
-					count=1;
-					break;
-					}
+				BIO_printf(bio_err,"RSA private encrypt failure\n");
+				ERR_print_errors(bio_err);
+				count=1;
+				break;
 				}
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,
-				"%ld %d bit private RSA's in %.2fs\n",
-				count,rsa_bits[j],d);
-			rsa_results[j][0]=d/(double)count;
-			rsa_count=count;
 			}
+		d=Time_F(STOP);
+		BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n",
+			count,rsa_bits[j],d);
+		rsa_results[j][0]=d/(double)count;
+		rsa_count=count;

 #if 1
 		ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
-		if (ret <= 0)
+		pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
+			RSA_SECONDS);
+		Time_F(START);
+		for (count=0,run=1; COND(rsa_c[j][1]); count++)
 			{
-			BIO_printf(bio_err,"RSA verify failure.  No RSA verify will be done.\n");
-			ERR_print_errors(bio_err);
-			rsa_doit[j] = 0;
-			}
-		else
-			{
-			pkey_print_message("public","rsa",
-				rsa_c[j][1],rsa_bits[j],
-				RSA_SECONDS);
-			Time_F(START,usertime);
-			for (count=0,run=1; COND(rsa_c[j][1]); count++)
+			ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num,
+								rsa_key[j]);
+			if (ret <= 0)
 				{
-				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
-					rsa_num, rsa_key[j]);
-				if (ret == 0)
-					{
-					BIO_printf(bio_err,
-						"RSA verify failure\n");
-					ERR_print_errors(bio_err);
-					count=1;
-					break;
-					}
+				BIO_printf(bio_err,"RSA verify failure\n");
+				ERR_print_errors(bio_err);
+				count=1;
+				break;
 				}
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,
-				"%ld %d bit public RSA's in %.2fs\n",
-				count,rsa_bits[j],d);
-			rsa_results[j][1]=d/(double)count;
 			}
+		d=Time_F(STOP);
+		BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
+			count,rsa_bits[j],d);
+		rsa_results[j][1]=d/(double)count;
 #endif

 		if (rsa_count <= 1)
@@ -1268,85 +1030,57 @@ int MAIN(int argc, char **argv)

 	RAND_pseudo_bytes(buf,20);
 #ifndef NO_DSA
-	if (RAND_status() != 1)
-		{
-		RAND_seed(rnd_seed, sizeof rnd_seed);
-		rnd_fake = 1;
-		}
 	for (j=0; j<DSA_NUM; j++)
 		{
 		unsigned int kk;
-		int ret;

 		if (!dsa_doit[j]) continue;
 		DSA_generate_key(dsa_key[j]);
 /*		DSA_sign_setup(dsa_key[j],NULL); */
-		ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+		rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
 			&kk,dsa_key[j]);
-		if (ret == 0)
+		pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j],
+			DSA_SECONDS);
+		Time_F(START);
+		for (count=0,run=1; COND(dsa_c[j][0]); count++)
 			{
-			BIO_printf(bio_err,"DSA sign failure.  No DSA sign will be done.\n");
-			ERR_print_errors(bio_err);
-			rsa_count=1;
-			}
-		else
-			{
-			pkey_print_message("sign","dsa",
-				dsa_c[j][0],dsa_bits[j],
-				DSA_SECONDS);
-			Time_F(START,usertime);
-			for (count=0,run=1; COND(dsa_c[j][0]); count++)
+			rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+				&kk,dsa_key[j]);
+			if (rsa_num == 0)
 				{
-				ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
-					&kk,dsa_key[j]);
-				if (ret == 0)
-					{
-					BIO_printf(bio_err,
-						"DSA sign failure\n");
-					ERR_print_errors(bio_err);
-					count=1;
-					break;
-					}
+				BIO_printf(bio_err,"DSA sign failure\n");
+				ERR_print_errors(bio_err);
+				count=1;
+				break;
 				}
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
-				count,dsa_bits[j],d);
-			dsa_results[j][0]=d/(double)count;
-			rsa_count=count;
 			}
+		d=Time_F(STOP);
+		BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
+			count,dsa_bits[j],d);
+		dsa_results[j][0]=d/(double)count;
+		rsa_count=count;

-		ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+		rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
 			kk,dsa_key[j]);
-		if (ret <= 0)
+		pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j],
+			DSA_SECONDS);
+		Time_F(START);
+		for (count=0,run=1; COND(dsa_c[j][1]); count++)
 			{
-			BIO_printf(bio_err,"DSA verify failure.  No DSA verify will be done.\n");
-			ERR_print_errors(bio_err);
-			dsa_doit[j] = 0;
-			}
-		else
-			{
-			pkey_print_message("verify","dsa",
-				dsa_c[j][1],dsa_bits[j],
-				DSA_SECONDS);
-			Time_F(START,usertime);
-			for (count=0,run=1; COND(dsa_c[j][1]); count++)
+			rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+				kk,dsa_key[j]);
+			if (rsa_num2 == 0)
 				{
-				ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
-					kk,dsa_key[j]);
-				if (ret <= 0)
-					{
-					BIO_printf(bio_err,
-						"DSA verify failure\n");
-					ERR_print_errors(bio_err);
-					count=1;
-					break;
-					}
+				BIO_printf(bio_err,"DSA verify failure\n");
+				ERR_print_errors(bio_err);
+				count=1;
+				break;
 				}
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
-				count,dsa_bits[j],d);
-			dsa_results[j][1]=d/(double)count;
 			}
+		d=Time_F(STOP);
+		BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
+			count,dsa_bits[j],d);
+		dsa_results[j][1]=d/(double)count;

 		if (rsa_count <= 1)
 			{
@@ -1355,7 +1089,6 @@ int MAIN(int argc, char **argv)
 				dsa_doit[j]=0;
 			}
 		}
-	if (rnd_fake) RAND_cleanup();
 #endif

 	fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
@@ -1434,9 +1167,8 @@ int MAIN(int argc, char **argv)
 #endif
 	mret=0;
 end:
-	ERR_print_errors(bio_err);
-	if (buf != NULL) OPENSSL_free(buf);
-	if (buf2 != NULL) OPENSSL_free(buf2);
+	if (buf != NULL) Free(buf);
+	if (buf2 != NULL) Free(buf2);
 #ifndef NO_RSA
 	for (i=0; i<RSA_NUM; i++)
 		if (rsa_key[i] != NULL)
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -63,13 +63,10 @@
 #include <time.h>
 #include "apps.h"
 #include <openssl/bio.h>
-#include <openssl/conf.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
-#include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #undef PROG
 #define PROG	spkac_main
@@ -82,7 +79,6 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	int i,badops=0, ret = 1;
 	BIO *in = NULL,*out = NULL, *key = NULL;
 	int verify=0,noout=0,pubkey=0;
@@ -93,7 +89,6 @@ int MAIN(int argc, char **argv)
 	LHASH *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
-	char *engine=NULL;

 	apps_startup();

@@ -139,11 +134,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -169,7 +159,6 @@ bad:
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
-		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		goto end;
 		}

@@ -179,24 +168,6 @@ bad:
 		goto end;
 	}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if(keyfile) {
 		if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
 		else key = BIO_new_fp(stdin, BIO_NOCLOSE);
@@ -219,15 +190,7 @@ bad:
 		spkstr = NETSCAPE_SPKI_b64_encode(spki);

 		if (outfile) out = BIO_new_file(outfile, "w");
-		else {
-			out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
-			{
-			    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			    out = BIO_push(tmpbio, out);
-			}
-#endif
-		}
+		else out = BIO_new_fp(stdout, BIO_NOCLOSE);

 		if(!out) {
 			BIO_printf(bio_err, "Error opening output file\n");
@@ -235,7 +198,7 @@ bad:
 			goto end;
 		}
 		BIO_printf(out, "SPKAC=%s\n", spkstr);
-		OPENSSL_free(spkstr);
+		Free(spkstr);
 		ret = 0;
 		goto end;
 	}
@@ -276,15 +239,7 @@ bad:
 	}

 	if (outfile) out = BIO_new_file(outfile, "w");
-	else {
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef VMS
-		{
-		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		    out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
+	else out = BIO_new_fp(stdout, BIO_NOCLOSE);

 	if(!out) {
 		BIO_printf(bio_err, "Error opening output file\n");
@@ -311,9 +266,9 @@ end:
 	CONF_free(conf);
 	NETSCAPE_SPKI_free(spki);
 	BIO_free(in);
-	BIO_free_all(out);
+	BIO_free(out);
 	BIO_free(key);
 	EVP_PKEY_free(pkey);
-	if(passin) OPENSSL_free(passin);
+	if(passin) Free(passin);
 	EXIT(ret);
 	}
--- a/apps/testdsa.h
+++ b/apps/testdsa.h
@@ -1,5 +1,4 @@
 /* NOCW */
-/* used by apps/speed.c */
 DSA *get_dsa512(void );
 DSA *get_dsa1024(void );
 DSA *get_dsa2048(void );
@@ -147,5 +146,3 @@ DSA *get_dsa2048()
 	return(dsa);
 	}

-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-static int rnd_fake = 0;
--- a/apps/testrsa.h
+++ b/apps/testrsa.h
@@ -1,5 +1,4 @@
 /* apps/testrsa.h */
-/* used by apps/speed.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
--- a/apps/tkca
+++ b/apps/tkca
@@ -0,0 +1,66 @@
+#!/usr/local/bin/perl5
+#
+# This is only something I'm playing with, it does not work :-)
+#
+
+use Tk;
+
+my $main=MainWindow->new();
+my $f=$main->Frame(-relief => "ridge", -borderwidth => 2);
+$f->pack(-fill => 'x');
+
+my $ff=$f->Frame;
+$ff->pack(-fill => 'x');
+my $l=$ff->Label(-text => "TkCA - SSLeay",
+	-relief => "ridge", -borderwidth => 2);
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Certify");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Review");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Revoke");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my $l=$ff->Button(-text => "Generate CRL");
+$l->pack(-fill => 'x', -ipady => 5);
+
+my($db)=&load_db("demoCA/index.txt");
+
+MainLoop;
+
+sub load_db
+	{
+	my(%ret);
+	my($file)=@_;
+	my(*IN);
+	my(%db_serial,%db_name,@f,@db_s);
+
+	$ret{'serial'}=\%db_serial;
+	$ret{'name'}=\%db_name;
+
+	open(IN,"<$file") || die "unable to open $file:$!\n";
+	while (<IN>)
+		{
+		chop;
+		s/([^\\])\t/\1\t\t/g;
+		my(@f)=split(/\t\t/);
+		die "wrong number of fields in $file, line $.\n"
+			if ($#f != 5);
+
+		my(%f);
+		$f{'type'}=$f[0];
+		$f{'exp'}=$f[1];
+		$f{'rev'}=$f[2];
+		$f{'serial'}=$f[3];
+		$f{'file'}=$f[4];
+		$f{'name'}=$f[5];
+		die "serial number $f{'serial'} appears twice (line $.)\n"
+			if (defined($db{$f{'serial'}}))
+		$db_serial{$f{'serial'}}=\%f;
+		$db_name{$f{'name'}}.=$f{'serial'}." ";
+		}
+	return \%ret;
+	}
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -65,29 +65,26 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #undef PROG
 #define PROG	verify_main

 static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose);
+static int check(X509_STORE *ctx,char *file, STACK_OF(X509)*other, int purpose);
 static STACK_OF(X509) *load_untrusted(char *file);
-static int v_verbose=0, issuer_checks = 0;
+static int v_verbose=0;

 int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	int i,ret=1;
 	int purpose = -1;
 	char *CApath=NULL,*CAfile=NULL;
-	char *untfile = NULL, *trustfile = NULL;
-	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
+	char *untfile = NULL;
+	STACK_OF(X509) *untrusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
-	char *engine=NULL;

 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
@@ -135,20 +132,8 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				untfile= *(++argv);
 				}
-			else if (strcmp(*argv,"-trusted") == 0)
-				{
-				if (argc-- < 1) goto end;
-				trustfile= *(++argv);
-				}
-			else if (strcmp(*argv,"-engine") == 0)
-				{
-				if (--argc < 1) goto end;
-				engine= *(++argv);
-				}
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
-			else if (strcmp(*argv,"-issuer_checks") == 0)
-				issuer_checks=1;
 			else if (strcmp(*argv,"-verbose") == 0)
 				v_verbose=1;
 			else if (argv[0][0] == '-')
@@ -162,24 +147,6 @@ int MAIN(int argc, char **argv)
 			break;
 		}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
 	if (CAfile) {
@@ -212,22 +179,14 @@ int MAIN(int argc, char **argv)
 		}
 	}

-	if(trustfile) {
-		if(!(trusted = load_untrusted(trustfile))) {
-			BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-
-	if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose);
+	if (argc < 1) check(cert_ctx, NULL, untrusted, purpose);
 	else
 		for (i=0; i<argc; i++)
-			check(cert_ctx,argv[i], untrusted, trusted, purpose);
+			check(cert_ctx,argv[i], untrusted, purpose);
 	ret=0;
 end:
 	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;
@@ -238,11 +197,10 @@ end:
 	}
 	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
 	sk_X509_pop_free(untrusted, X509_free);
-	sk_X509_pop_free(trusted, X509_free);
 	EXIT(ret);
 	}

-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, int purpose)
 	{
 	X509 *x=NULL;
 	BIO *in=NULL;
@@ -284,10 +242,7 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
 		goto end;
 		}
 	X509_STORE_CTX_init(csc,ctx,x,uchain);
-	if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
 	if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
-	if(issuer_checks)
-		X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CB_ISSUER_CHECK);
 	i=X509_verify_cert(csc);
 	X509_STORE_CTX_free(csc);

--- a/apps/winrand.c
+++ b/apps/winrand.c
@@ -1,149 +0,0 @@
-/* apps/winrand.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Usage: winrand [filename]
- *
- * Collects entropy from mouse movements and other events and writes
- * random data to filename or .rnd
- */
-
-#include <windows.h>
-#include <openssl/opensslv.h>
-#include <openssl/rand.h>
-
-LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
-const char *filename;
-
-int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
-        PSTR cmdline, int iCmdShow)
-	{
-	static char appname[] = "OpenSSL";
-	HWND hwnd;
-	MSG msg;
-	WNDCLASSEX wndclass;
-        char buffer[200];
-
-        if (cmdline[0] == '\0')
-                filename = RAND_file_name(buffer, sizeof buffer);
-        else
-                filename = cmdline;
-
-        RAND_load_file(filename, -1);
-
-	wndclass.cbSize = sizeof(wndclass);
-	wndclass.style = CS_HREDRAW | CS_VREDRAW;
-	wndclass.lpfnWndProc = WndProc;
-	wndclass.cbClsExtra = 0;
-	wndclass.cbWndExtra = 0;
-	wndclass.hInstance = hInstance;
-	wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
-	wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
-	wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
-	wndclass.lpszMenuName = NULL;
-        wndclass.lpszClassName = appname;
-	wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
-	RegisterClassEx(&wndclass);
-
-        hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
-		WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
-		CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL);
-
-	ShowWindow(hwnd, iCmdShow);
-	UpdateWindow(hwnd);
-
-
-	while (GetMessage(&msg, NULL, 0, 0))
-		{
-		TranslateMessage(&msg);
-		DispatchMessage(&msg);
-		}
-
-	return msg.wParam;
-	}
-
-LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
-	{
-        HDC hdc;
-	PAINTSTRUCT ps;
-        RECT rect;
-        char buffer[200];
-        static int seeded = 0;
-
-	switch (iMsg)
-		{
-	case WM_PAINT:
-		hdc = BeginPaint(hwnd, &ps);
-		GetClientRect(hwnd, &rect);
-                DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
-			&rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
-		EndPaint(hwnd, &ps);
-		return 0;
-		
-        case WM_DESTROY:
-                PostQuitMessage(0);
-                return 0;
-                }
-
-        if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0)
-                {
-                seeded = 1;
-                if (RAND_write_file(filename) <= 0)
-                        MessageBox(hwnd, "Couldn't write random file!",
-				"OpenSSL", MB_OK | MB_ICONERROR);
-                PostQuitMessage(0);
-                }
-
-	return DefWindowProc(hwnd, iMsg, wParam, lParam);
-	}
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -73,7 +73,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>

 #undef PROG
 #define PROG x509_main
@@ -82,6 +81,8 @@
 #define	POSTFIX	".srl"
 #define DEF_DAYS	30

+#define CERT_HDR	"certificate"
+
 static char *x509_usage[]={
 "usage: x509 args\n",
 " -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
@@ -96,7 +97,6 @@ static char *x509_usage[]={
 " -hash           - print hash value\n",
 " -subject        - print subject DN\n",
 " -issuer         - print issuer DN\n",
-" -email          - print email address(es)\n",
 " -startdate      - notBefore field\n",
 " -enddate        - notAfter field\n",
 " -purpose        - print out certificate purposes\n",
@@ -113,8 +113,6 @@ static char *x509_usage[]={
 " -addreject arg  - reject certificate for a given purpose\n",
 " -setalias arg   - set certificate alias\n",
 " -days arg       - How long till expiry of a signed certificate - def 30 days\n",
-" -checkend arg   - check whether the cert expires in the next arg seconds\n",
-"                   exit 1 if so, 0 if not\n",
 " -signkey arg    - self sign cert with arg\n",
 " -x509toreq      - output a certification request object\n",
 " -req            - input is a certificate request, sign and output.\n",
@@ -128,13 +126,13 @@ static char *x509_usage[]={
 " -md2/-md5/-sha1/-mdc2 - digest to use\n",
 " -extfile        - configuration file with X509V3 extensions to add\n",
 " -extensions     - section from config file with X509V3 extensions to add\n",
-" -clrext         - delete extensions before signing and input certificate\n",
-" -nameopt arg    - various certificate name options\n",
-" -engine e       - use engine e, possibly a hardware device.\n",
+" -crlext         - delete extensions before signing and input certificate\n",
 NULL
 };

 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
+static EVP_PKEY *load_key(char *file, int format, char *passin);
+static X509 *load_cert(char *file, int format);
 static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
 						LHASH *conf, char *section);
 static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
@@ -147,7 +145,6 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	int ret=1;
 	X509_REQ *req=NULL;
 	X509 *x=NULL,*xca=NULL;
@@ -162,7 +159,7 @@ int MAIN(int argc, char **argv)
 	char *CAkeyfile=NULL,*CAserial=NULL;
 	char *alias=NULL;
 	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
-	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
+	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
 	int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
@@ -176,9 +173,6 @@ int MAIN(int argc, char **argv)
 	LHASH *extconf = NULL;
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
-	int checkend=0,checkoffset=0;
-	unsigned long nmflag = 0;
-	char *engine=NULL;

 	reqfile=0;

@@ -187,12 +181,6 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	STDout = BIO_push(tmpbio, STDout);
-	}
-#endif

 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
@@ -237,7 +225,7 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-CAkeyform") == 0)
 			{
 			if (--argc < 1) goto bad;
-			CAkeyformat=str2fmt(*(++argv));
+			CAformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
@@ -301,26 +289,24 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-addtrust") == 0)
 			{
 			if (--argc < 1) goto bad;
-			if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
-				{
+			if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
 				BIO_printf(bio_err,
 					"Invalid trust object value %s\n", *argv);
 				goto bad;
-				}
-			if (!trust) trust = sk_ASN1_OBJECT_new_null();
+			}
+			if(!trust) trust = sk_ASN1_OBJECT_new_null();
 			sk_ASN1_OBJECT_push(trust, objtmp);
 			trustout = 1;
 			}
 		else if (strcmp(*argv,"-addreject") == 0)
 			{
 			if (--argc < 1) goto bad;
-			if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
-				{
+			if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
 				BIO_printf(bio_err,
 					"Invalid reject object value %s\n", *argv);
 				goto bad;
-				}
-			if (!reject) reject = sk_ASN1_OBJECT_new_null();
+			}
+			if(!reject) reject = sk_ASN1_OBJECT_new_null();
 			sk_ASN1_OBJECT_push(reject, objtmp);
 			trustout = 1;
 			}
@@ -330,26 +316,14 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
-		else if (strcmp(*argv,"-nameopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
-			}
 		else if (strcmp(*argv,"-setalias") == 0)
 			{
 			if (--argc < 1) goto bad;
 			alias= *(++argv);
 			trustout = 1;
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else if (strcmp(*argv,"-C") == 0)
 			C= ++num;
-		else if (strcmp(*argv,"-email") == 0)
-			email= ++num;
 		else if (strcmp(*argv,"-serial") == 0)
 			serial= ++num;
 		else if (strcmp(*argv,"-modulus") == 0)
@@ -379,12 +353,6 @@ int MAIN(int argc, char **argv)
 			startdate= ++num;
 		else if (strcmp(*argv,"-enddate") == 0)
 			enddate= ++num;
-		else if (strcmp(*argv,"-checkend") == 0)
-			{
-			if (--argc < 1) goto bad;
-			checkoffset=atoi(*(++argv));
-			checkend=1;
-			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
 		else if (strcmp(*argv,"-trustout") == 0)
@@ -397,15 +365,8 @@ int MAIN(int argc, char **argv)
 			aliasout= ++num;
 		else if (strcmp(*argv,"-CAcreateserial") == 0)
 			CA_createserial= ++num;
-		else if (strcmp(*argv,"-clrext") == 0)
-			clrext = 1;
-#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
 		else if (strcmp(*argv,"-crlext") == 0)
-			{
-			BIO_printf(bio_err,"use -clrext instead of -crlext\n");
 			clrext = 1;
-			}
-#endif
 		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
 			{
 			/* ok */
@@ -429,34 +390,15 @@ bad:
 		goto end;
 		}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (need_rand)
 		app_RAND_load_file(NULL, bio_err, 0);

 	ERR_load_crypto_strings();

-	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
-		{
+	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
-		}
+	}

 	if (!X509_STORE_set_default_paths(ctx))
 		{
@@ -472,12 +414,10 @@ bad:
 		goto end;
 		}

-	if (extfile)
-		{
+	if (extfile) {
 		long errorline;
 		X509V3_CTX ctx2;
-		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
-			{
+		if (!(extconf=CONF_load(NULL,extfile,&errorline))) {
 			if (errorline <= 0)
 				BIO_printf(bio_err,
 					"error loading the config file '%s'\n",
@@ -487,20 +427,19 @@ bad:
 				       "error on line %ld of config file '%s'\n"
 							,errorline,extfile);
 			goto end;
-			}
-		if (!extsect && !(extsect = CONF_get_string(extconf, "default",
+		}
+		if(!extsect && !(extsect = CONF_get_string(extconf, "default",
 					 "extensions"))) extsect = "default";
 		X509V3_set_ctx_test(&ctx2);
 		X509V3_set_conf_lhash(&ctx2, extconf);
-		if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
-			{
+		if(!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) {
 			BIO_printf(bio_err,
 				"Error Loading extension section %s\n",
 								 extsect);
 			ERR_print_errors(bio_err);
 			goto end;
-			}
-		}
+                }
+	} 


 	if (reqfile)
@@ -528,18 +467,13 @@ bad:
 			if (BIO_read_filename(in,infile) <= 0)
 				{
 				perror(infile);
-				BIO_free(in);
 				goto end;
 				}
 			}
 		req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
 		BIO_free(in);

-		if (req == NULL)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
+		if (req == NULL) { perror(infile); goto end; }

 		if (	(req->req_info == NULL) ||
 			(req->req_info->pubkey == NULL) ||
@@ -570,8 +504,9 @@ bad:
 			}
 		else
 			BIO_printf(bio_err,"Signature ok\n");
-
-		print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
+		
+		X509_NAME_oneline(req->req_info->subject,buf,256);
+		BIO_printf(bio_err,"subject=%s\n",buf);

 		if ((x=X509_new()) == NULL) goto end;
 		ci=x->cert_info;
@@ -588,12 +523,12 @@ bad:
 		EVP_PKEY_free(pkey);
 		}
 	else
-		x=load_cert(bio_err,infile,informat);
+		x=load_cert(infile,informat);

 	if (x == NULL) goto end;
 	if (CA_flag)
 		{
-		xca=load_cert(bio_err,CAfile,CAformat);
+		xca=load_cert(CAfile,CAformat);
 		if (xca == NULL) goto end;
 		}

@@ -609,15 +544,7 @@ bad:
 			goto end;
 			}
 		if (outfile == NULL)
-			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-			}
 		else
 			{
 			if (BIO_write_filename(out,outfile) <= 0)
@@ -628,28 +555,24 @@ bad:
 			}
 		}

-	if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
+	if(alias) X509_alias_set1(x, (unsigned char *)alias, -1);

-	if (clrtrust) X509_trust_clear(x);
-	if (clrreject) X509_reject_clear(x);
+	if(clrtrust) X509_trust_clear(x);
+	if(clrreject) X509_reject_clear(x);

-	if (trust)
-		{
-		for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
-			{
+	if(trust) {
+		for(i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
 			objtmp = sk_ASN1_OBJECT_value(trust, i);
 			X509_add1_trust_object(x, objtmp);
-			}
 		}
+	}

-	if (reject)
-		{
-		for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
-			{
+	if(reject) {
+		for(i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
 			objtmp = sk_ASN1_OBJECT_value(reject, i);
 			X509_add1_reject_object(x, objtmp);
-			}
 		}
+	}

 	if (num)
 		{
@@ -657,13 +580,15 @@ bad:
 			{
 			if (issuer == i)
 				{
-				print_name(STDout, "issuer= ",
-					X509_get_issuer_name(x), nmflag);
+				X509_NAME_oneline(X509_get_issuer_name(x),
+					buf,256);
+				BIO_printf(STDout,"issuer= %s\n",buf);
 				}
 			else if (subject == i) 
 				{
-				print_name(STDout, "subject= ",
-					X509_get_subject_name(x), nmflag);
+				X509_NAME_oneline(X509_get_subject_name(x),
+					buf,256);
+				BIO_printf(STDout,"subject=%s\n",buf);
 				}
 			else if (serial == i)
 				{
@@ -671,20 +596,11 @@ bad:
 				i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
 				BIO_printf(STDout,"\n");
 				}
-			else if (email == i) 
-				{
-				int j;
-				STACK *emlst;
-				emlst = X509_get1_email(x);
-				for (j = 0; j < sk_num(emlst); j++)
-					BIO_printf(STDout, "%s\n", sk_value(emlst, j));
-				X509_email_free(emlst);
-				}
 			else if (aliasout == i)
 				{
 				unsigned char *alstr;
 				alstr = X509_alias_get0(x, NULL);
-				if (alstr) BIO_printf(STDout,"%s\n", alstr);
+				if(alstr) BIO_printf(STDout,"%s\n", alstr);
 				else BIO_puts(STDout,"<No Alias>\n");
 				}
 			else if (hash == i)
@@ -696,7 +612,7 @@ bad:
 				X509_PURPOSE *ptmp;
 				int j;
 				BIO_printf(STDout, "Certificate purposes:\n");
-				for (j = 0; j < X509_PURPOSE_get_count(); j++)
+				for(j = 0; j < X509_PURPOSE_get_count(); j++)
 					{
 					ptmp = X509_PURPOSE_get0(j);
 					purpose_print(STDout, x, ptmp);
@@ -759,7 +675,7 @@ bad:
 				BIO_printf(STDout,"/* issuer :%s */\n",buf);

 				z=i2d_X509(x,NULL);
-				m=OPENSSL_malloc(z);
+				m=Malloc(z);

 				d=(unsigned char *)m;
 				z=i2d_X509_NAME(X509_get_subject_name(x),&d);
@@ -797,7 +713,7 @@ bad:
 				if (y%16 != 0) BIO_printf(STDout,"\n");
 				BIO_printf(STDout,"};\n");

-				OPENSSL_free(m);
+				Free(m);
 				}
 			else if (text == i)
 				{
@@ -842,8 +758,7 @@ bad:
 				BIO_printf(bio_err,"Getting Private key\n");
 				if (Upkey == NULL)
 					{
-					Upkey=load_key(bio_err,
-						keyfile,keyformat, passin);
+					Upkey=load_key(keyfile,keyformat, passin);
 					if (Upkey == NULL) goto end;
 					}
 #ifndef NO_DSA
@@ -860,8 +775,7 @@ bad:
 				BIO_printf(bio_err,"Getting CA Private Key\n");
 				if (CAkeyfile != NULL)
 					{
-					CApkey=load_key(bio_err,
-						CAkeyfile,CAkeyformat, passin);
+					CApkey=load_key(CAkeyfile,CAkeyformat, passin);
 					if (CApkey == NULL) goto end;
 					}
 #ifndef NO_DSA
@@ -887,17 +801,14 @@ bad:
 					}
 				else
 					{
-					pk=load_key(bio_err,
-						keyfile,FORMAT_PEM, passin);
+					pk=load_key(keyfile,FORMAT_PEM, passin);
 					if (pk == NULL) goto end;
 					}

 				BIO_printf(bio_err,"Generating certificate request\n");

-#ifndef NO_DSA
 		                if (pk->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
-#endif

 				rq=X509_to_X509_REQ(x,pk,digest);
 				EVP_PKEY_free(pk);
@@ -916,23 +827,6 @@ bad:
 			}
 		}

-	if (checkend)
-		{
-		time_t tnow=time(NULL);
-
-		if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
-			{
-			BIO_printf(out,"Certificate will expire\n");
-			ret=1;
-			}
-		else
-			{
-			BIO_printf(out,"Certificate will not expire\n");
-			ret=0;
-			}
-		goto end;
-		}
-
 	if (noout)
 		{
 		ret=0;
@@ -941,18 +835,16 @@ bad:

 	if 	(outformat == FORMAT_ASN1)
 		i=i2d_X509_bio(out,x);
-	else if (outformat == FORMAT_PEM)
-		{
-		if (trustout) i=PEM_write_bio_X509_AUX(out,x);
+	else if (outformat == FORMAT_PEM) {
+		if(trustout) i=PEM_write_bio_X509_AUX(out,x);
 		else i=PEM_write_bio_X509(out,x);
-		}
-	else if (outformat == FORMAT_NETSCAPE)
+	} else if (outformat == FORMAT_NETSCAPE)
 		{
 		ASN1_HEADER ah;
 		ASN1_OCTET_STRING os;

-		os.data=(unsigned char *)NETSCAPE_CERT_HDR;
-		os.length=strlen(NETSCAPE_CERT_HDR);
+		os.data=(unsigned char *)CERT_HDR;
+		os.length=strlen(CERT_HDR);
 		ah.header= &os;
 		ah.data=(char *)x;
 		ah.meth=X509_asn1_meth();
@@ -964,8 +856,7 @@ bad:
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
-	if (!i)
-		{
+	if (!i) {
 		BIO_printf(bio_err,"unable to write certificate\n");
 		ERR_print_errors(bio_err);
 		goto end;
@@ -976,8 +867,8 @@ end:
 		app_RAND_write_file(NULL, bio_err);
 	OBJ_cleanup();
 	CONF_free(extconf);
-	BIO_free_all(out);
-	BIO_free_all(STDout);
+	BIO_free(out);
+	BIO_free(STDout);
 	X509_STORE_free(ctx);
 	X509_REQ_free(req);
 	X509_free(x);
@@ -987,7 +878,7 @@ end:
 	X509_REQ_free(rq);
 	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
 	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
-	if (passin) OPENSSL_free(passin);
+	if(passin) Free(passin);
 	EXIT(ret);
 	}

@@ -1009,7 +900,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 	EVP_PKEY_free(upkey);

 	X509_STORE_CTX_init(&xsc,ctx,x,NULL);
-	buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+
+	buf=Malloc(EVP_PKEY_size(pkey)*2+
 		((serialfile == NULL)
 			?(strlen(CAfile)+strlen(POSTFIX)+1)
 			:(strlen(serialfile)))+1);
@@ -1114,19 +1005,17 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
 		goto end;

-	if (clrext)
-		{
-		while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
-		}
+	if(clrext) {
+		while(X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
+	}

-	if (conf)
-		{
+	if(conf) {
 		X509V3_CTX ctx2;
 		X509_set_version(x,2); /* version 3 certificate */
                X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
                X509V3_set_conf_lhash(&ctx2, conf);
-                if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
-		}
+                if(!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
+	}

 	if (!X509_sign(x,pkey,digest)) goto end;
 	ret=1;
@@ -1134,15 +1023,16 @@ end:
 	X509_STORE_CTX_cleanup(&xsc);
 	if (!ret)
 		ERR_print_errors(bio_err);
-	if (buf != NULL) OPENSSL_free(buf);
+	if (buf != NULL) Free(buf);
 	if (bs != NULL) ASN1_INTEGER_free(bs);
 	if (io != NULL)	BIO_free(io);
 	if (serial != NULL) BN_free(serial);
-	return ret;
+	return(ret);
 	}

 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 	{
+	char buf[256];
 	int err;
 	X509 *err_cert;

@@ -1151,7 +1041,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 	 * final ok == 1 calls to this function */
 	err=X509_STORE_CTX_get_error(ctx);
 	if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
-		return 1;
+		return(1);

 	/* BAD we should have gotten an error.  Normally if everything
 	 * worked X509_STORE_CTX_get_error(ctx) will still be set to
@@ -1159,19 +1049,147 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 	if (ok)
 		{
 		BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
-		return 0;
+		return(0);
 		}
 	else
 		{
 		err_cert=X509_STORE_CTX_get_current_cert(ctx);
-		print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
+		X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+		BIO_printf(bio_err,"%s\n",buf);
 		BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
 			err,X509_STORE_CTX_get_error_depth(ctx),
 			X509_verify_cert_error_string(err));
-		return 1;
+		return(1);
 		}
 	}

+static EVP_PKEY *load_key(char *file, int format, char *passin)
+	{
+	BIO *key=NULL;
+	EVP_PKEY *pkey=NULL;
+
+	if (file == NULL)
+		{
+		BIO_printf(bio_err,"no keyfile specified\n");
+		goto end;
+		}
+	key=BIO_new(BIO_s_file());
+	if (key == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	if (BIO_read_filename(key,file) <= 0)
+		{
+		perror(file);
+		goto end;
+		}
+	if (format == FORMAT_ASN1)
+		{
+		pkey=d2i_PrivateKey_bio(key, NULL);
+		}
+	else if (format == FORMAT_PEM)
+		{
+		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,passin);
+		}
+	else
+		{
+		BIO_printf(bio_err,"bad input format specified for key\n");
+		goto end;
+		}
+end:
+	if (key != NULL) BIO_free(key);
+	if (pkey == NULL)
+		BIO_printf(bio_err,"unable to load Private Key\n");
+	return(pkey);
+	}
+
+static X509 *load_cert(char *file, int format)
+	{
+	ASN1_HEADER *ah=NULL;
+	BUF_MEM *buf=NULL;
+	X509 *x=NULL;
+	BIO *cert;
+
+	if ((cert=BIO_new(BIO_s_file())) == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (file == NULL)
+		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(cert,file) <= 0)
+			{
+			perror(file);
+			goto end;
+			}
+		}
+	if 	(format == FORMAT_ASN1)
+		x=d2i_X509_bio(cert,NULL);
+	else if (format == FORMAT_NETSCAPE)
+		{
+		unsigned char *p,*op;
+		int size=0,i;
+
+		/* We sort of have to do it this way because it is sort of nice
+		 * to read the header first and check it, then
+		 * try to read the certificate */
+		buf=BUF_MEM_new();
+		for (;;)
+			{
+			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
+				goto end;
+			i=BIO_read(cert,&(buf->data[size]),1024*10);
+			size+=i;
+			if (i == 0) break;
+			if (i < 0)
+				{
+				perror("reading certificate");
+				goto end;
+				}
+			}
+		p=(unsigned char *)buf->data;
+		op=p;
+
+		/* First load the header */
+		if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
+			goto end;
+		if ((ah->header == NULL) || (ah->header->data == NULL) ||
+			(strncmp(CERT_HDR,(char *)ah->header->data,
+			ah->header->length) != 0))
+			{
+			BIO_printf(bio_err,"Error reading header on certificate\n");
+			goto end;
+			}
+		/* header is ok, so now read the object */
+		p=op;
+		ah->meth=X509_asn1_meth();
+		if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
+			goto end;
+		x=(X509 *)ah->data;
+		ah->data=NULL;
+		}
+	else if (format == FORMAT_PEM)
+		x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
+	else	{
+		BIO_printf(bio_err,"bad input format specified for input cert\n");
+		goto end;
+		}
+end:
+	if (x == NULL)
+		{
+		BIO_printf(bio_err,"unable to load certificate\n");
+		ERR_print_errors(bio_err);
+		}
+	if (ah != NULL) ASN1_HEADER_free(ah);
+	if (cert != NULL) BIO_free(cert);
+	if (buf != NULL) BUF_MEM_free(buf);
+	return(x);
+	}
+
 /* self sign */
 static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, 
 						LHASH *conf, char *section)
@@ -1195,23 +1213,21 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
 		goto err;

 	if (!X509_set_pubkey(x,pkey)) goto err;
-	if (clrext)
-		{
-		while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
-		}
-	if (conf)
-		{
+	if(clrext) {
+		while(X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
+	}
+	if(conf) {
 		X509V3_CTX ctx;
 		X509_set_version(x,2); /* version 3 certificate */
                X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
                X509V3_set_conf_lhash(&ctx, conf);
-                if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
-		}
+                if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
+	}
 	if (!X509_sign(x,pkey,digest)) goto err;
-	return 1;
+	return(1);
 err:
 	ERR_print_errors(bio_err);
-	return 0;
+	return(0);
 	}

 static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
@@ -1220,14 +1236,13 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
 	char *pname;
 	id = X509_PURPOSE_get_id(pt);
 	pname = X509_PURPOSE_get0_name(pt);
-	for (i = 0; i < 2; i++)
-		{
+	for(i = 0; i < 2; i++) {
 		idret = X509_check_purpose(cert, id, i);
 		BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); 
-		if (idret == 1) BIO_printf(bio, "Yes\n");
+		if(idret == 1) BIO_printf(bio, "Yes\n");
 		else if (idret == 0) BIO_printf(bio, "No\n");
 		else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
-		}
+	}
 	return 1;
 }

--- a/certs/expired/rsa-ssca.pem
+++ b/certs/expired/rsa-ssca.pem
--- a/260
+++ b/260
@@ -49,18 +49,10 @@ if [ "x$XREL" != "x" ]; then
 		echo "whatever-whatever-sco5"; exit 0
 		;;
 	    4.2MP)
-		if [ "x$VERSION" = "x2.01" ]; then
-		    echo "${MACHINE}-whatever-unixware201"; exit 0
-		elif [ "x$VERSION" = "x2.02" ]; then
-		    echo "${MACHINE}-whatever-unixware202"; exit 0
-		elif [ "x$VERSION" = "x2.03" ]; then
-		    echo "${MACHINE}-whatever-unixware203"; exit 0
-		elif [ "x$VERSION" = "x2.1.1" ]; then
+		if [ "x$VERSION" = "x2.1.1" ]; then
 		    echo "${MACHINE}-whatever-unixware211"; exit 0
 		elif [ "x$VERSION" = "x2.1.2" ]; then
 		    echo "${MACHINE}-whatever-unixware212"; exit 0
-		elif [ "x$VERSION" = "x2.1.3" ]; then
-		    echo "${MACHINE}-whatever-unixware213"; exit 0
 		else
 		    echo "${MACHINE}-whatever-unixware2"; exit 0
 		fi
@@ -68,11 +60,6 @@ if [ "x$XREL" != "x" ]; then
 	    4.2)
 		echo "whatever-whatever-unixware1"; exit 0
 		;;
-     OpenUNIX)
-		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
-		    echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
-		fi
-		;;
 	    5)
 		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
 		    echo "${MACHINE}-sco-unixware7"; exit 0
@@ -84,22 +71,10 @@ fi
 # Now we simply scan though... In most cases, the SYSTEM info is enough
 #
 case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
-    MPE/iX:*)
-	MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'`
-	echo "parisc-hp-MPE/iX"; exit 0
-	;;
    A/UX:*)
 	echo "m68k-apple-aux3"; exit 0
 	;;

-    AIX:[3456789]:4:*)
-	echo "${MACHINE}-ibm-aix43"; exit 0
-	;;
-
-    AIX:*:[56789]:*)
-	echo "${MACHINE}-ibm-aix43"; exit 0
-	;;
-
    AIX:*)
 	echo "${MACHINE}-ibm-aix"; exit 0
 	;;
@@ -189,7 +164,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
        ;;

    NetBSD:*:*:*386*)
-        echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
+        echo "`sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whateve\r-netbsd"; exit 0
 	;;

    NetBSD:*)
@@ -200,35 +175,17 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-openbsd"; exit 0
 	;;

-    OpenUNIX:*)
-	echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
-	;;
-
    OSF1:*:*:*alpha*)
-	OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
-	case "$OSFMAJOR" in
-	    4|5)
-		echo "${MACHINE}-dec-tru64"; exit 0
-		;;
-	    1|2|3)
-		echo "${MACHINE}-dec-osf"; exit 0
-		;;
-	    *)
-		echo "${MACHINE}-dec-osf"; exit 0
-		;;
-	esac
+	echo "${MACHINE}-dec-osf"; exit 0
 	;;

    QNX:*)
-	case "$RELEASE" in
-	    4*)
-		echo "${MACHINE}-whatever-qnx4"
-		;;
-	    6*)
-		echo "${MACHINE}-whatever-qnx6"
+	case "$VERSION" in
+	    423)
+		echo "${MACHINE}-qssl-qnx32"
 		;;
 	    *)
-		echo "${MACHINE}-whatever-qnx"
+		echo "${MACHINE}-qssl-qnx"
 		;;
 	esac
 	exit 0
@@ -242,12 +199,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "ppc-apple-rhapsody"; exit 0
 	;;

-    Darwin:*)
-	echo "ppc-apple-darwin"; exit 0
-	;;
-
    SunOS:5.*)
-	echo "${MACHINE}-whatever-solaris2"; exit 0
+	echo "${MACHINE}-sun-solaris2"; exit 0
 	;;

    SunOS:*)
@@ -294,29 +247,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
 	;;

-    NEWS-OS:4.*)
-	echo "mips-sony-newsos4"; exit 0;
-	;;
-
-    CYGWIN*)
-	case "$RELEASE" in
-	    [bB]*|1.0|1.[12].*)
-		echo "${MACHINE}-whatever-cygwin_pre1.3"
-		;;
-	    *)
-		echo "${MACHINE}-whatever-cygwin"
-		;;
-	esac
-	exit 0
-	;;
-
-    *"CRAY T3E")
-       echo "t3e-cray-unicosmk"; exit 0;
-       ;;
-
-    *CRAY*)
-       echo "j90-cray-unicos"; exit 0;
-       ;;
 esac

 #
@@ -381,33 +311,17 @@ done

 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
-GCCVER=`(gcc -dumpversion) 2>/dev/null`
+GCCVER=`(gcc --version) 2>/dev/null`
 if [ "$GCCVER" != "" ]; then
  CC=gcc
-  # then strip off whatever prefix egcs prepends the number with...
-  # Hopefully, this will work for any future prefixes as well.
-  GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
-  # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
-  # does give us what we want though, so we use that.  We just just the
-  # major and minor version numbers.
+  # then strip off whatever prefix Cygnus prepends the number with...
+  GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
  # peak single digit before and after first dot, e.g. 2.95.1 gives 29
  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
 else
  CC=cc
 fi
-GCCVER=${GCCVER:-0}
-if [ "$SYSTEM" = "HP-UX" ];then
-  # By default gcc is a ILP32 compiler (with long long == 64).
-  GCC_BITS="32"
-  if [ $GCCVER -ge 30 ]; then
-    # PA64 support only came in with gcc 3.0.x.
-    # We look for the preprocessor symbol __LP64__ indicating
-    # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
-    if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
-      GCC_BITS="64"
-    fi
-  fi
-fi
+
 if [ "$SYSTEM" = "SunOS" ]; then
  # check for WorkShop C, expected output is "cc: blah-blah C x.x"
  CCVER=`(cc -V 2>&1) 2>/dev/null | \
@@ -471,16 +385,10 @@ case "$GUESSOS" in
 	;;
  mips4-sgi-irix64)
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
-	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
-	echo "         Type return if you want to continue, Ctrl-C to abort."
+	echo "         invoke './Configre irix64-mips4-$CC' *manually*."
+	echo "         Type Ctrl-C if you don't want to continue."
 	read waste < /dev/tty
-        CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
-        CPU=${CPU:-0}
-        if [ $CPU -ge 5000 ]; then
-                options="$options -mips4"
-        else
-                options="$options -mips3"
-        fi
+	options="$options -mips4"
 	OUT="irix-mips3-$CC"
 	;;
  alpha-*-linux2)
@@ -497,85 +405,40 @@ case "$GUESSOS" in
 	    esac
 	fi
 	;;
-  mips-*-linux?)
-          cat >dummy.c <<EOF
-#include <stdio.h>  /* for printf() prototype */
-        int main (argc, argv) int argc; char *argv[]; {
-#ifdef __MIPSEB__
-  printf ("linux-%s\n", argv[1]);
-#endif
-#ifdef __MIPSEL__
-  printf ("linux-%sel\n", argv[1]);
-#endif
-  return 0;
-}
-EOF
-	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
-	rm dummy dummy.c
-	;;
-  ppc64-*-linux2)
-	#Use the standard target for PPC architecture until we create a
-	#special one for the 64bit architecture.
-	OUT="linux-ppc" ;;
+  mips-*-linux?) OUT="linux-mips" ;;
  ppc-*-linux2) OUT="linux-ppc" ;;
-  m68k-*-linux*) OUT="linux-m68k" ;;
-  ia64-*-linux?) OUT="linux-ia64" ;;
  ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
-  ppc-apple-darwin) OUT="darwin-ppc-cc" ;;
  sparc64-*-linux2)
 	#Before we can uncomment following lines we have to wait at least
 	#till 64-bit glibc for SPARC is operational:-(
 	#echo "WARNING! If you wish to build 64-bit library, then you have to"
 	#echo "         invoke './Configure linux64-sparcv9' *manually*."
-	#echo "         Type return if you want to continue, Ctrl-C to abort."
+	#echo "         Type Ctrl-C if you don't want to continue."
 	#read waste < /dev/tty
 	OUT="linux-sparcv9" ;;
  sparc-*-linux2)
-	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
+	KARCH=`awk '/type/{print$3}' /proc/cpuinfo`
 	case ${KARCH:-sun4} in
 	sun4u*)	OUT="linux-sparcv9" ;;
 	sun4m)	OUT="linux-sparcv8" ;;
 	sun4d)	OUT="linux-sparcv8" ;;
 	*)	OUT="linux-sparcv7" ;;
 	esac ;;
-  parisc-*-linux2)
-        CPUARCH=`awk '/cpu family/{print substr($5,1,3)}' /proc/cpuinfo`
-	CPUSCHEDULE=`awk '/^cpu.[ 	]: PA/{print substr($3,3)}' /proc/cpuinfo`
-
-	# ??TODO ??  Model transformations
-	# 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
-	#    assuming no further arch. identification will ever be used by GCC.
-	# 1. I'm most concerned about whether is a 7300LC is closer to a 7100 versus a 7100LC.
-	# 2. The variant 64-bit processors cause concern should GCC support explicit schedulers
-	#    for these chips in the future.
-	#         PA7300LC -> 7100LC (1.1)
-	#         PA8200   -> 8000   (2.0)
-	#         PA8500   -> 8000   (2.0)
-	#         PA8600   -> 8000   (2.0)
-
-	CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'`
-	# Finish Model transformations
-
-	options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH"
-	OUT="linux-parisc" ;;
-  arm*-*-linux2) OUT="linux-elf-arm" ;;
-  s390-*-linux2) OUT="linux-s390" ;;
-  s390x-*-linux?) OUT="linux-s390x" ;;
  *-*-linux2) OUT="linux-elf" ;;
  *-*-linux1) OUT="linux-aout" ;;
-  sun4u*-*-solaris2)
+  sun4u*-sun-solaris2)
 	ISA64=`(isalist) 2>/dev/null | grep sparcv9`
 	if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
-		echo "         Type return if you want to continue, Ctrl-C to abort."
+		echo "         Type Ctrl-C if you don't want to continue."
 		read waste < /dev/tty
 	fi
 	OUT="solaris-sparcv9-$CC" ;;
-  sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
-  sun4d-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
-  sun4*-*-solaris2)	OUT="solaris-sparcv7-$CC" ;;
-  *86*-*-solaris2) OUT="solaris-x86-$CC" ;;
+  sun4m-sun-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4d-sun-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4*-sun-solaris2)	OUT="solaris-sparcv7-$CC" ;;
+  *86*-sun-solaris2) OUT="solaris-x86-$CC" ;;
  *-*-sunos4) OUT="sunos-$CC" ;;
  alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
  *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
@@ -588,72 +451,30 @@ EOF
  pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
  *-*-openbsd) OUT="OpenBSD" ;;
  *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
-  *-*-osf) OUT="alphaold-cc" ;;
-  *-*-tru64) OUT="alpha-cc" ;;
-  *-*-OpenUNIX*)
-	if [ "$CC" = "gcc" ]; then
-	  OUT="OpenUNIX-8-gcc" 
-	else    
-	  OUT="OpenUNIX-8" 
-	fi
-	;;
+  *-*-osf) OUT="alpha-cc" ;;
  *-*-unixware7) OUT="unixware-7" ;;
  *-*-UnixWare7) OUT="unixware-7" ;;
  *-*-Unixware7) OUT="unixware-7" ;;
-  *-*-unixware20*) OUT="unixware-2.0" ;;
-  *-*-unixware21*) OUT="unixware-2.1" ;;
-  *-*-UnixWare20*) OUT="unixware-2.0" ;;
-  *-*-UnixWare21*) OUT="unixware-2.1" ;;
-  *-*-Unixware20*) OUT="unixware-2.0" ;;
-  *-*-Unixware21*) OUT="unixware-2.1" ;;
+  *-*-unixware[1-2]*) OUT="unixware-2.0" ;;
+  *-*-UnixWare[1-2]*) OUT="unixware-2.0" ;;
+  *-*-Unixware[1-2]*) OUT="unixware-2.0" ;;
  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
-  *-hpux1*)
-	if [ $CC = "gcc" ];
-	then
-	  if [ $GCC_BITS = "64" ]; then
-	    OUT="hpux64-parisc-gcc"
-	  else
-	    OUT="hpux-parisc-gcc"
-	  fi
-	else
-	  OUT="hpux-parisc-$CC"
-	fi
-	options="$options -D_REENTRANT" ;;
+  *-hpux1*)	OUT="hpux-parisc-$CC"
+		options="$options -D_REENTRANT" ;;
  *-hpux)	OUT="hpux-parisc-$CC" ;;
  # these are all covered by the catchall below
  # *-aix) OUT="aix-$CC" ;;
  # *-dgux) OUT="dgux" ;;
-  mips-sony-newsos4) OUT="newsos4-gcc" ;;
-  *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
-  *-*-cygwin) OUT="Cygwin" ;;
-  t3e-cray-unicosmk) OUT="cray-t3e" ;;
-  j90-cray-unicos) OUT="cray-j90" ;;
  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac

-# NB: This atalla support has been superceded by the ENGINE support
-# That contains its own header and definitions anyway. Support can
-# be enabled or disabled on any supported platform without external
-# headers, eg. by adding the "hw-atalla" switch to ./config or
-# perl Configure
-#
 # See whether we can compile Atalla support
-#if [ -f /usr/include/atasi.h ]
-#then
-#  options="$options -DATALLA"
-#fi
-
-#get some basic shared lib support (behnke@trustcenter.de)
-case "$OUT" in
-   solaris-*-gcc)
-	if  [ "$SHARED" = "true" ] 
-	 then
-	  options="$options -DPIC -fPIC"
-        fi
-     ;;
-esac
+if [ -f /usr/include/atasi.h ]
+then
+  options="$options -DATALLA"
+fi

 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
@@ -669,12 +490,23 @@ then
  sleep 5
  OUT=linux-sparcv8
 fi
+# To start with $OUT is never i86pc-sun-solaris2. Secondly why
+# ban *all* assembler implementation if it can't stand only one,
+# SHA-0 implementation.
+#if [ "$OUT" = "i86pc-sun-solaris2" ]
+#then
+#  ASM=`as -V /dev/null 2>&1`
+#  case "$ASM" in
+#    GNU*) ;;
+#    *) options="$options no-asm" ; echo "WARNING: You need the GNU assembler to use OpenSSL assembler code." ; echo "Sun as is not supported on Solaris x86." ;;
+#  esac
+#fi

 case "$GUESSOS" in
  i386-*) options="$options 386" ;;
 esac

-for i in bf cast des dh dsa hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+for i in bf cast des dh dsa hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
 do
  if [ ! -d crypto/$i ]
  then
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -6,7 +6,7 @@ DIR=		crypto
 TOP=		..
 CC=		cc
 INCLUDE=	-I. -I../include
-INCLUDES=	-I.. -I../.. -I../../include
+INCLUDES=	-I.. -I../../include
 CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
@@ -27,20 +27,20 @@ LIBS=

 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso engine \
+	bn rsa dsa dh \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

 GENERAL=Makefile README crypto-lib.com install.com

 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o

 SRC= $(LIBSRC)

-EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h
-HEADER=	cryptlib.h buildinf.h md32_common.h $(EXHEADER)
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
+HEADER=	cryptlib.h buildinf.h $(EXHEADER)

 ALL=    $(GENERAL) $(SRC) $(HEADER)

@@ -51,11 +51,11 @@ all: buildinf.h lib subdirs

 buildinf.h: ../Makefile.ssl
 	( echo "#ifndef MK1MF_BUILD"; \
-	echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
-	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
-	echo '  #define PLATFORM "$(PLATFORM)"'; \
-	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
-	echo '#endif' ) >buildinf.h
+	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+	echo "  #define DATE \"`date`\""; \
+	echo "#endif" ) >buildinf.h

 testapps:
 	if echo ${SDIRS} | fgrep ' des '; \
@@ -90,8 +90,7 @@ links:

 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	@echo You may get an error following this line.  Please ignore.
-	- $(RANLIB) $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib

 libs:
@@ -134,7 +133,7 @@ depend:
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making depend in crypto/$$i..."; \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
 	done;

 clean:
@@ -156,48 +155,41 @@ dclean:

 # DO NOT DELETE THIS LINE -- make depend depends on it.

-cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
-cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cpt_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
 cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+cpt_err.o: ../include/openssl/stack.h
 cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cryptlib.o: cryptlib.h
 cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
-cversion.o: cryptlib.h
+cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cversion.o: buildinf.h cryptlib.h
 ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+ex_data.o: ../include/openssl/stack.h cryptlib.h
 mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h cryptlib.h
 mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+mem_dbg.o: ../include/openssl/stack.h cryptlib.h
 tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
-uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
-uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-uid.o: ../include/openssl/symhacks.h
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -70,20 +70,8 @@ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
 { return M_ASN1_BIT_STRING_set(x, d, len); }

 int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
-{
-	int len, ret;
-	len = i2c_ASN1_BIT_STRING(a, NULL);	
-	ret=ASN1_object_size(0,len,V_ASN1_BIT_STRING);
-	if(pp) {
-		ASN1_put_object(pp,0,len,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
-		i2c_ASN1_BIT_STRING(a, pp);	
-	}
-	return ret;
-}
-
-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	{
-	int ret,j,bits,len;
+	int ret,j,r,bits,len;
 	unsigned char *p,*d;

 	if (a == NULL) return(0);
@@ -116,31 +104,36 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 		}
 	else
 		bits=0;
-
 	ret=1+len;
-	if (pp == NULL) return(ret);
-
+	r=ASN1_object_size(0,ret,V_ASN1_BIT_STRING);
+	if (pp == NULL) return(r);
 	p= *pp;

+	ASN1_put_object(&p,0,ret,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
 	*(p++)=(unsigned char)bits;
 	d=a->data;
 	memcpy(p,d,len);
 	p+=len;
 	if (len > 0) p[-1]&=(0xff<<bits);
 	*pp=p;
-	return(ret);
+	return(r);
 	}

-
-/* Convert DER encoded ASN1 BIT_STRING to ASN1_BIT_STRING structure */
 ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
 	     long length)
-{
-	unsigned char *p;
+	{
+	ASN1_BIT_STRING *ret=NULL;
+	unsigned char *p,*s;
 	long len;
-	int i;
 	int inf,tag,xclass;
-	ASN1_BIT_STRING *ret;
+	int i;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
+		}
+	else
+		ret=(*a);

 	p= *pp;
 	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
@@ -156,30 +149,7 @@ ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
 		goto err;
 		}
 	if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
-	ret = c2i_ASN1_BIT_STRING(a, &p, len);
-	if(ret) *pp = p;
-	return ret;
-err:
-	ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
-	return(NULL);

-}
-
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
-	     long len)
-	{
-	ASN1_BIT_STRING *ret=NULL;
-	unsigned char *p,*s;
-	int i;
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
 	i= *(p++);
 	/* We do this to preserve the settings.  If we modify
 	 * the settings, via the _set_bit function, we will recalculate
@@ -189,7 +159,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,

 	if (len-- > 1) /* using one because of the bits left byte */
 		{
-		s=(unsigned char *)OPENSSL_malloc((int)len);
+		s=(unsigned char *)Malloc((int)len);
 		if (s == NULL)
 			{
 			i=ERR_R_MALLOC_FAILURE;
@@ -203,7 +173,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
 		s=NULL;

 	ret->length=(int)len;
-	if (ret->data != NULL) OPENSSL_free(ret->data);
+	if (ret->data != NULL) Free(ret->data);
 	ret->data=s;
 	ret->type=V_ASN1_BIT_STRING;
 	if (a != NULL) (*a)=ret;
@@ -226,7 +196,6 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 	w=n/8;
 	v=1<<(7-(n&0x07));
 	iv= ~v;
-	if (!value) v=0;

 	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */

@@ -235,14 +204,14 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 		{
 		if (!value) return(1); /* Don't need to set */
 		if (a->data == NULL)
-			c=(unsigned char *)OPENSSL_malloc(w+1);
+			c=(unsigned char *)Malloc(w+1);
 		else
-			c=(unsigned char *)OPENSSL_realloc(a->data,w+1);
+			c=(unsigned char *)Realloc(a->data,w+1);
 		if (c == NULL) return(0);
-		if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
 		a->data=c;
 		a->length=w+1;
-	}
+		c[w]=0;
+		}
 	a->data[w]=((a->data[w])&iv)|v;
 	while ((a->length > 0) && (a->data[a->length-1] == 0))
 		a->length--;
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@@ -111,7 +111,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,

 	if (len != 0)
 		{
-		s=(unsigned char *)OPENSSL_malloc((int)len+1);
+		s=(unsigned char *)Malloc((int)len+1);
 		if (s == NULL)
 			{
 			i=ERR_R_MALLOC_FAILURE;
@@ -124,7 +124,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
 	else
 		s=NULL;

-	if (ret->data != NULL) OPENSSL_free(ret->data);
+	if (ret->data != NULL) Free(ret->data);
 	ret->length=(int)len;
 	ret->data=s;
 	ret->type=tag;
@@ -218,8 +218,8 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
 			{
 			if ((ret->length < len) || (ret->data == NULL))
 				{
-				if (ret->data != NULL) OPENSSL_free(ret->data);
-				s=(unsigned char *)OPENSSL_malloc((int)len + 1);
+				if (ret->data != NULL) Free(ret->data);
+				s=(unsigned char *)Malloc((int)len + 1);
 				if (s == NULL)
 					{
 					i=ERR_R_MALLOC_FAILURE;
@@ -235,7 +235,7 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
 		else
 			{
 			s=NULL;
-			if (ret->data != NULL) OPENSSL_free(ret->data);
+			if (ret->data != NULL) Free(ret->data);
 			}

 		ret->length=(int)len;
@@ -310,14 +310,14 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
 	if (!asn1_Finish(c)) goto err;

 	a->length=num;
-	if (a->data != NULL) OPENSSL_free(a->data);
+	if (a->data != NULL) Free(a->data);
 	a->data=(unsigned char *)b.data;
 	if (os != NULL) ASN1_STRING_free(os);
 	return(1);
 err:
 	ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
 	if (os != NULL) ASN1_STRING_free(os);
-	if (b.data != NULL) OPENSSL_free(b.data);
+	if (b.data != NULL) Free(b.data);
 	return(0);
 	}

--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -77,14 +77,14 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 	unsigned char *str,*p;

 	i=i2d(data,NULL);
-	if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0);
+	if ((str=(unsigned char *)Malloc(i)) == NULL) return(0);
 	p=str;
 	i2d(data,&p);

 	EVP_DigestInit(&ctx,type);
 	EVP_DigestUpdate(&ctx,str,i);
 	EVP_DigestFinal(&ctx,md,len);
-	OPENSSL_free(str);
+	Free(str);
 	return(1);
 	}

--- a/crypto/asn1/a_dup.c
+++ b/crypto/asn1/a_dup.c
@@ -71,13 +71,13 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 	if (x == NULL) return(NULL);

 	i=(long)i2d(x,NULL);
-	b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+	b=(unsigned char *)Malloc((unsigned int)i+10);
 	if (b == NULL)
 		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
 	p= b;
 	i=i2d(x,&p);
 	p= b;
 	ret=d2i(NULL,&p,i);
-	OPENSSL_free(b);
+	Free(b);
 	return(ret);
 	}
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -71,28 +71,88 @@ ASN1_ENUMERATED *ASN1_ENUMERATED_new(void)
 void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
 { M_ASN1_ENUMERATED_free(x); }

-
 int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
-{
-	int len, ret;
-	if(!a) return 0;
-	len = i2c_ASN1_INTEGER(a, NULL);	
-	ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
-	if(pp) {
-		ASN1_put_object(pp,0,len,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
-		i2c_ASN1_INTEGER(a, pp);	
+	{
+	int pad=0,ret,r,i,t;
+	unsigned char *p,*n,pb=0;
+
+	if ((a == NULL) || (a->data == NULL)) return(0);
+	t=a->type;
+	if (a->length == 0)
+		ret=1;
+	else
+		{
+		ret=a->length;
+		i=a->data[0];
+		if ((t == V_ASN1_ENUMERATED) && (i > 127)) {
+			pad=1;
+			pb=0;
+		} else if(t == V_ASN1_NEG_ENUMERATED) {
+			if(i>128) {
+				pad=1;
+				pb=0xFF;
+			} else if(i == 128) {
+				for(i = 1; i < a->length; i++) if(a->data[i]) {
+						pad=1;
+						pb=0xFF;
+						break;
+				}
+			}
+		}
+		ret+=pad;
+		}
+	r=ASN1_object_size(0,ret,V_ASN1_ENUMERATED);
+	if (pp == NULL) return(r);
+	p= *pp;
+
+	ASN1_put_object(&p,0,ret,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
+	if (pad) *(p++)=pb;
+	if (a->length == 0)
+		*(p++)=0;
+	else if (t == V_ASN1_ENUMERATED)
+		{
+		memcpy(p,a->data,(unsigned int)a->length);
+		p+=a->length;
+		}
+	else {
+		/* Begin at the end of the encoding */
+		n=a->data + a->length - 1;
+		p += a->length - 1;
+		i = a->length;
+		/* Copy zeros to destination as long as source is zero */
+		while(!*n) {
+			*(p--) = 0;
+			n--;
+			i--;
+		}
+		/* Complement and increment next octet */
+		*(p--) = ((*(n--)) ^ 0xff) + 1;
+		i--;
+		/* Complement any octets left */
+		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
+		p += a->length;
+	}
+
+	*pp=p;
+	return(r);
 	}
-	return ret;
-}

 ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
 	     long length)
-{
-	unsigned char *p;
+	{
+	ASN1_ENUMERATED *ret=NULL;
+	unsigned char *p,*to,*s;
 	long len;
-	int i;
 	int inf,tag,xclass;
-	ASN1_ENUMERATED *ret;
+	int i;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=M_ASN1_ENUMERATED_new()) == NULL) return(NULL);
+		ret->type=V_ASN1_ENUMERATED;
+		}
+	else
+		ret=(*a);

 	p= *pp;
 	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
@@ -107,17 +167,70 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
 		i=ASN1_R_EXPECTING_AN_ENUMERATED;
 		goto err;
 		}
-	ret = c2i_ASN1_INTEGER(a, &p, len);
-	if(ret) {
-		ret->type = (V_ASN1_NEG & ret->type) | V_ASN1_ENUMERATED;
-		*pp = p;
+
+	/* We must Malloc stuff, even for 0 bytes otherwise it
+	 * signifies a missing NULL parameter. */
+	s=(unsigned char *)Malloc((int)len+1);
+	if (s == NULL)
+		{
+		i=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+	to=s;
+	if(!len) {
+		/* Strictly speaking this is an illegal ENUMERATED but we
+		 * tolerate it.
+		 */
+		ret->type=V_ASN1_ENUMERATED;
+	} else if (*p & 0x80) /* a negative number */
+		{
+		ret->type=V_ASN1_NEG_ENUMERATED;
+		if ((*p == 0xff) && (len != 1)) {
+			p++;
+			len--;
+		}
+		i = len;
+		p += i - 1;
+		to += i - 1;
+		while((!*p) && i) {
+			*(to--) = 0;
+			i--;
+			p--;
+		}
+		if(!i) {
+			*s = 1;
+			s[len] = 0;
+			p += len;
+			len++;
+		} else {
+			*(to--) = (*(p--) ^ 0xff) + 1;
+			i--;
+			for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
+			p += len;
+		}
+	} else {
+		ret->type=V_ASN1_ENUMERATED;
+		if ((*p == 0) && (len != 1))
+			{
+			p++;
+			len--;
+			}
+		memcpy(s,p,(int)len);
+		p+=len;
 	}
-	return ret;
+
+	if (ret->data != NULL) Free(ret->data);
+	ret->data=s;
+	ret->length=(int)len;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
 err:
 	ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		M_ASN1_ENUMERATED_free(ret);
 	return(NULL);
-
-}
+	}

 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
 	{
@@ -129,8 +242,8 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
 	if (a->length < (sizeof(long)+1))
 		{
 		if (a->data != NULL)
-			OPENSSL_free(a->data);
-		if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
+			Free(a->data);
+		if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
 			memset((char *)a->data,0,sizeof(long)+1);
 		}
 	if (a->data == NULL)
@@ -205,18 +318,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 	else ret->type=V_ASN1_ENUMERATED;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	if (ret->length < len+4)
-		{
-		unsigned char *new_data=
-			OPENSSL_realloc(ret->data, len+4);
-		if (!new_data)
-			{
-			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		ret->data=new_data;
-		}
-
+	ret->data=(unsigned char *)Malloc(len+4);
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:
@@ -230,6 +332,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)

 	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
 		ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
-	else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1;
+	if(ai->type == V_ASN1_NEG_ENUMERATED) bn->neg = 1;
 	return(ret);
 	}
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -203,7 +203,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	if (s == NULL)
 		return(NULL);

-#if defined(THREADS) && !defined(WIN32) && ! defined(_DARWIN)
+#if defined(THREADS) && !defined(WIN32)
 	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
 	ts=&data;
 #else
@@ -212,10 +212,10 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	p=(char *)s->data;
 	if ((p == NULL) || (s->length < 16))
 		{
-		p=OPENSSL_malloc(20);
+		p=Malloc(20);
 		if (p == NULL) return(NULL);
 		if (s->data != NULL)
-			OPENSSL_free(s->data);
+			Free(s->data);
 		s->data=(unsigned char *)p;
 		}

--- a/crypto/asn1/a_hdr.c
+++ b/crypto/asn1/a_hdr.c
@@ -115,5 +115,5 @@ void ASN1_HEADER_free(ASN1_HEADER *a)
 	M_ASN1_OCTET_STRING_free(a->header);
 	if (a->meth != NULL)
 		a->meth->destroy(a->data);
-	OPENSSL_free(a);
+	Free(a);
 	}
--- a/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.c
@@ -86,7 +86,7 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
 	int i,j=0,n,ret=1;

 	n=i2d(x,NULL);
-	b=(char *)OPENSSL_malloc(n);
+	b=(char *)Malloc(n);
 	if (b == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
@@ -108,6 +108,6 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
 		j+=i;
 		n-=i;
 		}
-	OPENSSL_free(b);
+	Free(b);
 	return(ret);
 	}
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -72,23 +72,8 @@ ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
 { return M_ASN1_INTEGER_cmp(x,y);}

-/* Output ASN1 INTEGER including tag+length */
-
-int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
-{
-	int len, ret;
-	if(!a) return 0;
-	len = i2c_ASN1_INTEGER(a, NULL);	
-	ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
-	if(pp) {
-		ASN1_put_object(pp,0,len,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
-		i2c_ASN1_INTEGER(a, pp);	
-	}
-	return ret;
-}
-
 /* 
- * This converts an ASN1 INTEGER into its content encoding.
+ * This converts an ASN1 INTEGER into its DER encoding.
 * The internal representation is an ASN1_STRING whose data is a big endian
 * representation of the value, ignoring the sign. The sign is determined by
 * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. 
@@ -112,23 +97,23 @@ int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 * followed by optional zeros isn't padded.
 */

-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 	{
-	int pad=0,ret,i,neg;
+	int pad=0,ret,r,i,t;
 	unsigned char *p,*n,pb=0;

 	if ((a == NULL) || (a->data == NULL)) return(0);
-	neg=a->type & V_ASN1_NEG;
+	t=a->type;
 	if (a->length == 0)
 		ret=1;
 	else
 		{
 		ret=a->length;
 		i=a->data[0];
-		if (!neg && (i > 127)) {
+		if ((t == V_ASN1_INTEGER) && (i > 127)) {
 			pad=1;
 			pb=0;
-		} else if(neg) {
+		} else if(t == V_ASN1_NEG_INTEGER) {
 			if(i>128) {
 				pad=1;
 				pb=0xFF;
@@ -146,12 +131,14 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 		}
 		ret+=pad;
 		}
-	if (pp == NULL) return(ret);
+	r=ASN1_object_size(0,ret,V_ASN1_INTEGER);
+	if (pp == NULL) return(r);
 	p= *pp;

+	ASN1_put_object(&p,0,ret,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
 	if (pad) *(p++)=pb;
 	if (a->length == 0) *(p++)=0;
-	else if (!neg) memcpy(p,a->data,(unsigned int)a->length);
+	else if (t == V_ASN1_INTEGER) memcpy(p,a->data,(unsigned int)a->length);
 	else {
 		/* Begin at the end of the encoding */
 		n=a->data + a->length - 1;
@@ -170,50 +157,17 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
 	}

-	*pp+=ret;
-	return(ret);
+	*pp+=r;
+	return(r);
 	}

-/* Convert DER encoded ASN1 INTEGER to ASN1_INTEGER structure */
 ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
 	     long length)
-{
-	unsigned char *p;
-	long len;
-	int i;
-	int inf,tag,xclass;
-	ASN1_INTEGER *ret;
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_INTEGER)
-		{
-		i=ASN1_R_EXPECTING_AN_INTEGER;
-		goto err;
-		}
-	ret = c2i_ASN1_INTEGER(a, &p, len);
-	if(ret) *pp = p;
-	return ret;
-err:
-	ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
-	return(NULL);
-
-}
-
-
-/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
-
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
-	     long len)
 	{
 	ASN1_INTEGER *ret=NULL;
 	unsigned char *p,*to,*s, *pend;
+	long len;
+	int inf,tag,xclass;
 	int i;

 	if ((a == NULL) || ((*a) == NULL))
@@ -225,11 +179,23 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
 		ret=(*a);

 	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
 	pend = p + len;
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}

-	/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
+	if (tag != V_ASN1_INTEGER)
+		{
+		i=ASN1_R_EXPECTING_AN_INTEGER;
+		goto err;
+		}
+
+	/* We must Malloc stuff, even for 0 bytes otherwise it
 	 * signifies a missing NULL parameter. */
-	s=(unsigned char *)OPENSSL_malloc((int)len+1);
+	s=(unsigned char *)Malloc((int)len+1);
 	if (s == NULL)
 		{
 		i=ERR_R_MALLOC_FAILURE;
@@ -282,7 +248,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
 		memcpy(s,p,(int)len);
 	}

-	if (ret->data != NULL) OPENSSL_free(ret->data);
+	if (ret->data != NULL) Free(ret->data);
 	ret->data=s;
 	ret->length=(int)len;
 	if (a != NULL) (*a)=ret;
@@ -295,7 +261,6 @@ err:
 	return(NULL);
 	}

-
 /* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
 * ASN1 integers: some broken software can encode a positive INTEGER
 * with its MSB set as negative (it doesn't add a padding zero).
@@ -332,9 +297,9 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
 		goto err;
 		}

-	/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
+	/* We must Malloc stuff, even for 0 bytes otherwise it
 	 * signifies a missing NULL parameter. */
-	s=(unsigned char *)OPENSSL_malloc((int)len+1);
+	s=(unsigned char *)Malloc((int)len+1);
 	if (s == NULL)
 		{
 		i=ERR_R_MALLOC_FAILURE;
@@ -352,7 +317,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
 		p+=len;
 	}

-	if (ret->data != NULL) OPENSSL_free(ret->data);
+	if (ret->data != NULL) Free(ret->data);
 	ret->data=s;
 	ret->length=(int)len;
 	if (a != NULL) (*a)=ret;
@@ -375,8 +340,8 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
 	if (a->length < (sizeof(long)+1))
 		{
 		if (a->data != NULL)
-			OPENSSL_free(a->data);
-		if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
+			Free(a->data);
+		if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
 			memset((char *)a->data,0,sizeof(long)+1);
 		}
 	if (a->data == NULL)
@@ -451,16 +416,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	if (ret->length < len+4)
-		{
-		unsigned char *new_data= OPENSSL_realloc(ret->data, len+4);
-		if (!new_data)
-			{
-			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		ret->data=new_data;
-		}
+	ret->data=(unsigned char *)Malloc(len+4);
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:
@@ -474,9 +430,6 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)

 	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
 		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
-	else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1;
+	if(ai->type == V_ASN1_NEG_INTEGER) bn->neg = 1;
 	return(ret);
 	}
-
-IMPLEMENT_STACK_OF(ASN1_INTEGER)
-IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
--- a/crypto/asn1/a_mbstr.c
+++ b/crypto/asn1/a_mbstr.c
@@ -92,7 +92,6 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
 {
 	int str_type;
 	int ret;
-	char free_out;
 	int outform, outlen;
 	ASN1_STRING *dest;
 	unsigned char *p;
@@ -181,16 +180,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
 	}
 	if(!out) return str_type;
 	if(*out) {
-		free_out = 0;
 		dest = *out;
 		if(dest->data) {
 			dest->length = 0;
-			OPENSSL_free(dest->data);
+			Free(dest->data);
 			dest->data = NULL;
 		}
 		dest->type = str_type;
 	} else {
-		free_out = 1;
 		dest = ASN1_STRING_type_new(str_type);
 		if(!dest) {
 			ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
@@ -231,8 +228,8 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
 		cpyfunc = cpy_utf8;
 		break;
 	}
-	if(!(p = OPENSSL_malloc(outlen + 1))) {
-		if(free_out) ASN1_STRING_free(dest);
+	if(!(p = Malloc(outlen + 1))) {
+		ASN1_STRING_free(dest);
 		ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
 		return -1;
 	}
@@ -261,8 +258,8 @@ static int traverse_string(const unsigned char *p, int len, int inform,
 			value |= *p++;
 			len -= 2;
 		} else if(inform == MBSTRING_UNIV) {
-			value = ((unsigned long)*p++) << 24;
-			value |= ((unsigned long)*p++) << 16;
+			value = *p++ << 24;
+			value |= *p++ << 16;
 			value |= *p++ << 8;
 			value |= *p++;
 			len -= 4;
@@ -385,16 +382,9 @@ static int is_printable(unsigned long value)
 	/* Note: we can't use 'isalnum' because certain accented 
 	 * characters may count as alphanumeric in some environments.
 	 */
-#ifndef CHARSET_EBCDIC
 	if((ch >= 'a') && (ch <= 'z')) return 1;
 	if((ch >= 'A') && (ch <= 'Z')) return 1;
 	if((ch >= '0') && (ch <= '9')) return 1;
 	if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
-#else /*CHARSET_EBCDIC*/
-	if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;
-	if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;
-	if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;
-	if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;
-#endif /*CHARSET_EBCDIC*/
 	return 0;
 }
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -65,12 +65,11 @@
 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 	{
 	unsigned char *p;
-	int objsize;

 	if ((a == NULL) || (a->data == NULL)) return(0);

-	objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);
-	if (pp == NULL) return objsize;
+	if (pp == NULL)
+		return(ASN1_object_size(0,a->length,V_ASN1_OBJECT));

 	p= *pp;
 	ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
@@ -78,7 +77,7 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 	p+=a->length;

 	*pp=p;
-	return(objsize);
+	return(a->length);
 	}

 int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
@@ -191,13 +190,24 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)

 ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
 	     long length)
-{
+	{
+	ASN1_OBJECT *ret=NULL;
 	unsigned char *p;
 	long len;
 	int tag,xclass;
 	int inf,i;
-	ASN1_OBJECT *ret = NULL;
+
+	/* only the ASN1_OBJECTs from the 'table' will have values
+	 * for ->sn or ->ln */
+	if ((a == NULL) || ((*a) == NULL) ||
+		!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+		{
+		if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
+		}
+	else	ret=(*a);
+
 	p= *pp;
+
 	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
 	if (inf & 0x80)
 		{
@@ -210,36 +220,10 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
 		i=ASN1_R_EXPECTING_AN_OBJECT;
 		goto err;
 		}
-	ret = c2i_ASN1_OBJECT(a, &p, len);
-	if(ret) *pp = p;
-	return ret;
-err:
-	ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		ASN1_OBJECT_free(ret);
-	return(NULL);
-}
-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
-	     long len)
-	{
-	ASN1_OBJECT *ret=NULL;
-	unsigned char *p;
-	int i;
-
-	/* only the ASN1_OBJECTs from the 'table' will have values
-	 * for ->sn or ->ln */
-	if ((a == NULL) || ((*a) == NULL) ||
-		!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-		{
-		if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
-		}
-	else	ret=(*a);
-
-	p= *pp;
 	if ((ret->data == NULL) || (ret->length < len))
 		{
-		if (ret->data != NULL) OPENSSL_free(ret->data);
-		ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
+		if (ret->data != NULL) Free(ret->data);
+		ret->data=(unsigned char *)Malloc(len ? (int)len : 1);
 		ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
 		if (ret->data == NULL)
 			{ i=ERR_R_MALLOC_FAILURE; goto err; }
@@ -265,7 +249,7 @@ ASN1_OBJECT *ASN1_OBJECT_new(void)
 	{
 	ASN1_OBJECT *ret;

-	ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
+	ret=(ASN1_OBJECT *)Malloc(sizeof(ASN1_OBJECT));
 	if (ret == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
@@ -286,19 +270,19 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
 		{
 #ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
-		if (a->sn != NULL) OPENSSL_free((void *)a->sn);
-		if (a->ln != NULL) OPENSSL_free((void *)a->ln);
+		if (a->sn != NULL) Free((void *)a->sn);
+		if (a->ln != NULL) Free((void *)a->ln);
 #endif
 		a->sn=a->ln=NULL;
 		}
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
 		{
-		if (a->data != NULL) OPENSSL_free(a->data);
+		if (a->data != NULL) Free(a->data);
 		a->data=NULL;
 		a->length=0;
 		}
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
-		OPENSSL_free(a);
+		Free(a);
 	}

 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -116,7 +116,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
 		}

        pStart  = p; /* Catch the beg of Setblobs*/
-        if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
+        rgSetBlob = (MYBLOB *)Malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
 we will store the SET blobs */

        for (i=0; i<sk_num(a); i++)
@@ -133,7 +133,7 @@ SetBlob
 /* Now we have to sort the blobs. I am using a simple algo.
    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-        if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
+        pTempMem = Malloc(totSize);

 /* Copy to temp mem */
        p = pTempMem;
@@ -145,20 +145,20 @@ SetBlob

 /* Copy back to user mem*/
        memcpy(pStart, pTempMem, totSize);
-        OPENSSL_free(pTempMem);
-        OPENSSL_free(rgSetBlob);
+        Free(pTempMem);
+        Free(rgSetBlob);

        return(r);
        }

 STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
-	     char *(*func)(), void (*free_func)(void *), int ex_tag, int ex_class)
+	     char *(*func)(), void (*free_func)(), int ex_tag, int ex_class)
 	{
 	ASN1_CTX c;
 	STACK *ret=NULL;

 	if ((a == NULL) || ((*a) == NULL))
-		{ if ((ret=sk_new_null()) == NULL) goto err; }
+		{ if ((ret=sk_new(NULL)) == NULL) goto err; }
 	else
 		ret=(*a);

--- a/Show More
+++ b/Show More