Add security patch and create release.

Tags will be OpenSSL_0_9_6b and OpenSSL-engine-0_9_6b
Merge from 0.9.6-stable branch. No conflicts.
2001-07-09 14:39:46 +00:00 · 2001-07-05 13:56:50 +00:00 · 2001-06-05 05:08:26 +00:00 · 2001-06-01 15:22:22 +00:00 · 2001-05-02 09:09:04 +00:00 · 2001-04-05 17:48:04 +00:00
730 changed files with 21503 additions and 46607 deletions
--- a/1032
+++ b/1032
--- a/451
+++ b/451
@@ -10,7 +10,7 @@ use strict;

 # see INSTALL for instructions.

-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [no-threads] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx=vvv] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";

 # Options:
 #
@@ -23,29 +23,23 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               default).  This needn't be set in advance, you can
 #               just as well use "make INSTALL_PREFIX=/whatever install".
 #
-# --with-krb5-dir  Declare where Kerberos 5 lives.  The libraries are expected
-#		to live in the subdirectory lib/ and the header files in
-#		include/.
-# --with-krb5-lib  Declare where the Kerberos 5 libraries live.
-#		(Default: KRB5_DIR/lib)
-# --with-krb5-include  Declare where the Kerberos 5 header files live.
-#		(Default: KRB5_DIR/include)
-# --with-krb5-flavor  Declare what flavor of Kerberos 5 is used.  Currently
-#		supported values are "MIT" and "Heimdal".
-#
 # no-hw-xxx     do not compile support for specific crypto hardware.
 #               Generic OpenSSL-style methods relating to this support
 #               are always compiled but return NULL if the hardware
 #               support isn't compiled.
 # no-hw         do not compile support for any crypto hardware.
+# rsaref        use RSAref
 # [no-]threads  [don't] try to create a library that is suitable for
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
 # [no-]shared	[don't] try to create shared libraries when supported.
+#               IT IS NOT RECOMMENDED TO USE "shared"!  Since this is a
+#               development branch, the positions of the ENGINE symbols
+#               in the transfer vector are constantly moving, so binary
+#               backward compatibility can't be guaranteed in any way.
 # no-asm        do not use assembler
 # no-dso        do not compile in any native shared-library methods. This
 #               will ensure that all methods just return NULL.
-# no-krb5       do not compile in any KRB5 library or code.
 # 386           generate 80386 code
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through 
@@ -104,10 +98,15 @@ my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm
 my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
 my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";

+my $mips3_irix_asm="asm/mips3.o::::::::";
+# There seems to be boundary faults in asm/alpha.s.
+#my $alpha_asm="asm/alpha.o::::::::";
+my $alpha_asm="::::::::";
+
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined

-#config-string	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag
+#config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag

 my %table=(
 # File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -120,85 +119,87 @@ my %table=(
 #"b2-is-ri-dp",	"${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",

 # Our development configs
-"purify",	"purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
-"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
-"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
-"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"dist",		"cc:-O::(unknown)::::::",
+"purify",	"purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
+"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
+"dist",		"cc:-O::(unknown):::::",

 # Basic configs that should work on any (32 and less bit) box
-"gcc",		"gcc:-O3::(unknown):::BN_LLONG:::",
-"cc",		"cc:-O::(unknown)::::::",
+"gcc",		"gcc:-O3::(unknown)::BN_LLONG:::",
+"cc",		"cc:-O::(unknown):::::",

 #### Solaris x86 setups
-# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
+# -DNO_INLINE_ASM switches off inline assembler. We have to do it
 # here because whenever GNU C instantiates an assembler template it
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### Solaris x86 with Sun C setups
+"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Linux setups
-"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
+"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
 # !!!Folowing can't be even tested yet!!!
 #    We have to wait till 64-bit glibc for SPARC is operational!!!
-#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",

 # Sunos configs, assuming sparc for the gcc one.
-##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):::DES_UNROLL:::",
-"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
+##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",

 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o:::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o:::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o:::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o:::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",

 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -228,60 +229,60 @@ my %table=(
 #   crypto/sha/sha_lcl.h.
 #					<appro@fy.chalmers.se>
 #
-#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn",

 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
 # Chris Ruemmler <ruemmler@cup.hp.com>
 # Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",

 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
 # egcs.  gcc 2.8.1 is also broken.

-"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
 # please report your OS and compiler version to the openssl-bugs@openssl.org
 # mailing list.
-"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",

-"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux-gcc fails, try this one:
-"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",

 # HPUX 10.X config.  Supports threads.
-"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
-"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",

-"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux10-gcc fails, try this one:
-"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",

 # HPUX 11.X from www.globus.org.
 # Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
-#"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::DES_PTR DES_UNROLL DES_RISC1:::",
-#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
+#"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
+#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
 # Use unified settings above instead.

 #### HP MPE/iX http://jazz.external.hp.com/src/openssl/
-"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",

 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:tru64-shared::.so",
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:tru64-shared::.so",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:tru64-shared::.so",
-"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
@@ -296,55 +297,62 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",

 # assembler versions -- currently defunct:
-##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",

 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
-"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
-"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
-"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
-"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::SIXTY_FOUR_BIT_LONG::",
-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"nextstep",	"cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
+"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",

 # QNX 4
-"qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
+"qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",

 # Linux on ARM
-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

-# UnixWare 2.0
-"unixware-2.0","cc:-O -DFILIO_H::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown)::-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+# UnixWare 2.0x fails destest with -O
+"unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+
+# UnixWare 2.1
+"unixware-2.1","cc:-O -DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",

 # UnixWare 7
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",

 # IBM's AIX.
-"aix-cc",   "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc",  "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
+"aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",

 #
 # Cray T90 (SDSC)
@@ -357,7 +365,7 @@ my %table=(
 #'Taking the address of a bit field is not allowed. '
 #'An expression with bit field exists as the operand of "sizeof" '
 # (written by Wayne Schroeder <schroede@SDSC.EDU>)
-"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::",
+"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",

 #
 # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
@@ -367,70 +375,69 @@ my %table=(
 # for some st_addr stuff, and then sizeof and address-of fails
 # I could not use the ams/alpha.o option because the Cray assembler, 'cam'
 # did not like it.
-"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",

 # DGUX, 88100.
-"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+
+# SCO 3 - Tim Rice <tim@multitalents.net>
+"sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...

 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
-"sco5-cc",  "cc:::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
-"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+"sco5-cc",  "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...

 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
-"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
-"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
-"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
+"ReliantUNIX","cc:-KPIC -g -DSNI -DTERMIOS -DB_ENDIAN::-Kthread:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
+"SINIX","cc:-O -DSNI::(unknown):-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown):-lucb:RC4_INDEX RC4_CHAR:::",

 # SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",

 # Windows NT, Microsoft Visual C++ 4.0

-"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
-"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
-"VC-WIN16","cl:::(unknown):WIN16::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-W31-16","cl:::(unknown):WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
-"VC-W31-32","cl::::WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
+"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
+"VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",

 # Borland C++ 4.5
-"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
-"BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
+"BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",

 # Mingw32
 # (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
 # and its library files in util/pl/*)
-"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",

 # CygWin32
-"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",

 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
-"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown):::::::",
-"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::::::",
+"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown)::::::",
 # K&R C is no longer supported; you need gcc on old Ultrix installations
-##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
+##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",

 # Some OpenBSD from Bob Beck <beck@obtuse.com>
-"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

-##### MacOS X (a.k.a. Rhapsody or Darwin) setup
-"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"darwin-ppc-cc","cc:-O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::-fPIC",
-"darwin-i386-cc","cc:-O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::-fPIC",
+##### MacOS X (a.k.a. Rhapsody) setup
+"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",

 ##### Sony NEWS-OS 4.x
-"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
-
-##### GNU Hurd
-"hurd-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+"newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",

 );

@@ -439,10 +446,10 @@ my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32

 my $prefix="";
 my $openssldir="";
+my $exe_ext="";
 my $install_prefix="";
 my $no_threads=0;
 my $no_shared=1;
-my $no_krb5=0;
 my $threads=0;
 my $no_asm=0;
 my $no_dso=0;
@@ -480,13 +487,11 @@ my $flags;
 my $depflags;
 my $openssl_algorithm_defines;
 my $openssl_thread_defines;
-my $openssl_sys_defines="";
 my $openssl_other_defines;
 my $libs;
 my $target;
 my $options;
 my $symlink;
-my %withargs=();

 my @argvcopy=@ARGV;
 my $argvstring="";
@@ -498,7 +503,6 @@ while($argv_unprocessed)
 	$depflags="";
 	$openssl_algorithm_defines="";
 	$openssl_thread_defines="";
-	$openssl_sys_defines="";
 	$openssl_other_defines="";
 	$libs="";
 	$target="";
@@ -515,25 +519,23 @@ PROCESS_ARGS:
 		if (/^no-asm$/)
 		 	{
 			$no_asm=1;
-			$flags .= "-DOPENSSL_NO_ASM ";
-			$openssl_other_defines .= "#define OPENSSL_NO_ASM\n";
+			$flags .= "-DNO_ASM ";
+			$openssl_other_defines .= "#define NO_ASM\n";
 			}
 		elsif (/^no-hw-(.+)$/)
 			{
 			my $hw=$1;
 			$hw =~ tr/[a-z]/[A-Z]/;
-			$flags .= "-DOPENSSL_NO_HW_$hw ";
-			$openssl_other_defines .= "#define OPENSSL_NO_HW_$hw\n";
+			$flags .= "-DNO_HW_$hw ";
+			$openssl_other_defines .= "#define NO_HW_$hw\n";
 			}
 		elsif (/^no-hw$/)
 			{
-			$flags .= "-DOPENSSL_NO_HW ";
-			$openssl_other_defines .= "#define OPENSSL_NO_HW\n";
+			$flags .= "-DNO_HW ";
+			$openssl_other_defines .= "#define NO_HW\n";
 			}
 		elsif (/^no-dso$/)
 			{ $no_dso=1; }
-		elsif (/^no-krb5$/)
-			{ $no_krb5=1; }
 		elsif (/^no-threads$/)
 			{ $no_threads=1; }
 		elsif (/^threads$/)
@@ -549,16 +551,16 @@ PROCESS_ARGS:
 			my $algo=$1;
 			push @skip,$algo;
 			$algo =~ tr/[a-z]/[A-Z]/;
-			$flags .= "-DOPENSSL_NO_$algo ";
-			$depflags .= "-DOPENSSL_NO_$algo ";
-			$openssl_algorithm_defines .= "#define OPENSSL_NO_$algo\n";
+			$flags .= "-DNO_$algo ";
+			$depflags .= "-DNO_$algo ";
+			$openssl_algorithm_defines .= "#define NO_$algo\n";
 			if ($algo eq "DES")
 				{
 				push @skip, "mdc2";
 				$options .= " no-mdc2";
-				$flags .= "-DOPENSSL_NO_MDC2 ";
-				$depflags .= "-DOPENSSL_NO_MDC2 ";
-				$openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n";
+				$flags .= "-DNO_MDC2 ";
+				$depflags .= "-DNO_MDC2 ";
+				$openssl_algorithm_defines .= "#define NO_MDC2\n";
 				}
 			}
 		elsif (/^reconfigure/ || /^reconf/)
@@ -588,9 +590,9 @@ PROCESS_ARGS:
 			{ $processor=386; }
 		elsif (/^rsaref$/)
 			{
-			# No RSAref support any more since it's not needed.
-			# The check for the option is there so scripts aren't
-			# broken
+			$libs.= "-lRSAglue -lrsaref ";
+			$flags.= "-DRSAref ";
+			$openssl_other_defines .= "#define RSAref\n";
 			}
 		elsif (/^[-+]/)
 			{
@@ -614,10 +616,6 @@ PROCESS_ARGS:
 				{
 				$install_prefix=$1;
 				}
-			elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
-				{
-				$withargs{"krb5-".$1}=$2;
-				}
 			else
 				{
 				print STDERR $usage;
@@ -665,6 +663,7 @@ print "Configuring for $target\n";

 my $IsWindows=scalar grep /^$target$/,@WinTargets;

+$exe_ext=".exe" if ($target eq "CygWin32");
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";

@@ -677,48 +676,11 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;

 print "IsWindows=$IsWindows\n";

-(my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
-my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
-my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
-my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
-my $shared_extension,my $ranlib)=
+(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $shared_extension,my $ranlib)=
 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 $cflags="$flags$cflags" if ($flags ne "");

-# Kerberos settings.  The flavor must be provided from outside, either through
-# the script "config" or manually.
-if ($no_krb5
-	|| !defined($withargs{"krb5-flavor"})
-	|| $withargs{"krb5-flavor"} eq "")
-	{
-	$cflags="-DOPENSSL_NO_KRB5 $cflags";
-	$options.=" no-krb5" unless $no_krb5;
-	$openssl_algorithm_defines .= "#define OPENSSL_NO_KRB5\n";
-	}
-else
-	{
-	if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
-		{
-		$withargs{"krb5-dir"} = "/usr/heimdal"
-			if $withargs{"krb5-dir"} eq "";
-		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
-			"/lib -lgssapi -lkrb5 -lcom_err"
-			if $withargs{"krb5-lib"} eq "";
-		$cflags="-DKRB5_HEIMDAL $cflags";
-		}
-	if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]$/)
-		{
-		$withargs{"krb5-dir"} = "/usr/kerberos"
-			if $withargs{"krb5-dir"} eq "";
-		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
-			"/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
-			if $withargs{"krb5-lib"} eq "";
-		$cflags="-DKRB5_MIT $cflags";
-		}
-	$withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
-		if $withargs{"krb5-include"} eq "" && $withargs{"krb5-dir"} ne "";
-	}
-
 # The DSO code currently always implements all functions so that no
 # applications will have to worry about that from a compilation point
 # of view. However, the "method"s may return zero unless that platform
@@ -732,14 +694,18 @@ if (!$no_dso && $dso_scheme ne "")
 	if ($dso_scheme eq "DLFCN")
 		{
 		$dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
+		$openssl_other_defines .= "#define DSO_DLFCN\n";
+		$openssl_other_defines .= "#define HAVE_DLFCN_H\n";
 		}
 	elsif ($dso_scheme eq "DLFCN_NO_H")
 		{
 		$dso_cflags = "-DDSO_DLFCN";
+		$openssl_other_defines .= "#define DSO_DLFCN\n";
 		}
 	else
 		{
 		$dso_cflags = "-DDSO_$dso_scheme";
+		$openssl_other_defines .= "#define DSO_$dso_scheme\n";
 		}
 	$cflags = "$dso_cflags $cflags";
 	}
@@ -755,13 +721,13 @@ if ($thread_cflag eq "(unknown)")
 	{
 	# If the user asked for "threads", hopefully they also provided
 	# any system-dependent compiler options that are necessary.
-	$thread_cflags="-DOPENSSL_THREADS $cflags" ;
-	$thread_defines .= "#define OPENSSL_THREADS\n";
+	$thread_cflags="-DTHREADS $cflags" ;
+	$thread_defines .= "#define THREADS\n";
 	}
 else
 	{
-	$thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags";
-	$thread_defines .= "#define OPENSSL_THREADS\n";
+	$thread_cflags="-DTHREADS $thread_cflag $cflags";
+	$thread_defines .= "#define THREADS\n";
 #	my $def;
 #	foreach $def (split ' ',$thread_cflag)
 #		{
@@ -804,12 +770,6 @@ else
 	$no_shared = 1;
 	}

-if ($sys_id ne "")
-	{
-	$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
-	$openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
-	}
-
 if ($ranlib eq "")
 	{
 	$ranlib = $default_ranlib;
@@ -903,10 +863,10 @@ while (<IN>)
 	s/^OPTIONS=.*$/OPTIONS=$options/;
 	s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
 	s/^CC=.*$/CC= $cc/;
-	s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
 	s/^CFLAG=.*$/CFLAG= $cflags/;
 	s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
 	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
+	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
 	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
@@ -919,21 +879,10 @@ while (<IN>)
 	s/^PROCESSOR=.*/PROCESSOR= $processor/;
 	s/^RANLIB=.*/RANLIB= $ranlib/;
 	s/^PERL=.*/PERL= $perl/;
-	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
-	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
 	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
-	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
-		{
-		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/
-		}
-	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
-		{
-		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
-		}
+	s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.so.\$(SHLIB_MAJOR) .so/ if ($shared_extension ne "" && $shared_extension !~ /^\.s[ol]$/);
 	print OUT $_."\n";
 	}
 close(IN);
@@ -954,10 +903,6 @@ print "RMD160_OBJ_ASM=$rmd160_obj\n";
 print "PROCESSOR     =$processor\n";
 print "RANLIB        =$ranlib\n";
 print "PERL          =$perl\n";
-print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
-	if $withargs{"krb5-include"} ne "";
-print "LIBKRB5       =",$withargs{"krb5-lib"},"\n"
-	if $withargs{"krb5-lib"} ne "";

 my $des_ptr=0;
 my $des_risc1=0;
@@ -974,7 +919,6 @@ my $rc4_chunk=0;
 my $bf_ptr=0;
 my @type=("char","short","int","long");
 my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
-my $export_var_as_fn=0;

 my $des_int;

@@ -1004,7 +948,6 @@ foreach (sort split(/\s+/,$bn_ops))
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
-	$export_var_as_fn=1 if /EXPORT_VAR_AS_FN/;
 	}

 open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
@@ -1013,35 +956,18 @@ print OUT "/* opensslconf.h */\n";
 print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";

 print OUT "/* OpenSSL was configured with the following options: */\n";
-my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
-$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n#  define $1\n# endif/mg;
 $openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/# ifndef $1\n#  define $1\n# endif/mg;
 $openssl_algorithm_defines = "   /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
 $openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/# ifndef $1\n#  define $1\n# endif/mg;
-$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
 $openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/# ifndef $1\n#  define $1\n# endif/mg;
-print OUT $openssl_sys_defines;
-print OUT $openssl_algorithm_defines;
-print OUT $openssl_thread_defines;
-print OUT $openssl_other_defines,"\n";
-
-print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n";
-print OUT "   asks for it.  This is a transient feature that is provided for those\n";
-print OUT "   who haven't had the time to do the appropriate changes in their\n";
-print OUT "   applications.  */\n";
-print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
-print OUT $openssl_algorithm_defines_trans;
-print OUT "#endif\n\n";
+print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n$openssl_algorithm_defines#endif\n";
+print OUT "#ifdef OPENSSL_THREAD_DEFINES\n$openssl_thread_defines#endif\n";
+print OUT "#ifdef OPENSSL_OTHER_DEFINES\n$openssl_other_defines#endif\n\n";

 while (<IN>)
 	{
 	if	(/^#define\s+OPENSSLDIR/)
 		{ print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
-	elsif	(/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
-		{ printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
-			if $export_var_as_fn;
-		  printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n",
-			($export_var_as_fn)?"define":"undef"; }
 	elsif	(/^#define\s+OPENSSL_UNISTD/)
 		{
 		$unistd = "<unistd.h>" if $unistd eq "";
@@ -1240,8 +1166,8 @@ sub print_table_entry
 	{
 	my $target = shift;

-	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
-	my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
+	my $bn_obj,my $des_obj,my $bf_obj,
 	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
 	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
 	my $shared_extension,my $ranlib)=
@@ -1254,7 +1180,6 @@ sub print_table_entry
 \$cflags       = $cflags
 \$unistd       = $unistd
 \$thread_cflag = $thread_cflag
-\$sys_id       = $sys_id
 \$lflags       = $lflags
 \$bn_ops       = $bn_ops
 \$bn_obj       = $bn_obj
--- a/62
+++ b/62
@@ -17,6 +17,7 @@ OpenSSL  -  Frequently Asked Questions
 [USER] Questions on using the OpenSSL applications

 * Why do I get a "PRNG not seeded" error message?
+* Why do I get an "unable to write 'random state'" error message?
 * How do I create certificates or certificate requests?
 * Why can't I create certificate requests?
 * Why does <SSL program> fail with a certificate verify error?
@@ -47,6 +48,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why do I get errors about unknown algorithms?
 * Why can't the OpenSSH configure script detect OpenSSL?
 * Can I use OpenSSL's SSL library with non-blocking I/O?
+* Why doesn't my server application receive a client certificate?

 ===============================================================================

@@ -55,7 +57,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6 was released on September 24th, 2000.
+OpenSSL 0.9.6b was released on July 9th, 2001.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -160,6 +162,7 @@ correctly.  Many open source operating systems provide a "randomness
 device" that serves this purpose.  On other systems, applications have
 to call the RAND_add() or RAND_seed() function with appropriate data
 before generating keys or performing public key encryption.
+(These functions initialize the pseudo-random number generator, PRNG.)

 Some broken applications do not do this.  As of version 0.9.5, the
 OpenSSL functions that need randomness report an error if the random
@@ -169,18 +172,36 @@ application you are using.  It is likely that it never worked
 correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
 to perform potentially insecure encryption.

-On systems without /dev/urandom, it is a good idea to use the Entropy
-Gathering Demon; see the RAND_egd() manpage for details.
+On systems without /dev/urandom and /dev/random, it is a good idea to
+use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+details.  Starting with version 0.9.7, OpenSSL will automatically look
+for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
+/etc/entropy.

-Most components of the openssl command line tool try to use the
-file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
-for seeding the PRNG.  If this file does not exist or is too short,
-the "PRNG not seeded" error message may occur.
+Most components of the openssl command line utility automatically try
+to seed the random number generator from a file.  The name of the
+default seeding file is determined as follows: If environment variable
+RANDFILE is set, then it names the seeding file.  Otherwise if
+environment variable HOME is set, then the seeding file is $HOME/.rnd.
+If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
+use file .rnd in the current directory while OpenSSL 0.9.6a uses no
+default seeding file at all.  OpenSSL 0.9.6b and later will behave
+similarly to 0.9.6a, but will use a default of "C:" for HOME on
+Windows systems if the environment variable has not been set.

-[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
-0.9.5 does not do this and will fail on systems without /dev/urandom
-when trying to password-encrypt an RSA key!  This is a bug in the
-library; try a later version instead.]
+If the default seeding file does not exist or is too short, the "PRNG
+not seeded" error message may occur.
+
+The openssl command line utility will write back a new state to the
+default seeding file (and create this file if necessary) unless
+there was no sufficient seeding.
+
+Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
+Use the "-rand" option of the OpenSSL command line tools instead.
+The $RANDFILE environment variable and $HOME/.rnd are only used by the
+OpenSSL command line tools. Applications using the OpenSSL library
+provide their own configuration options to specify the entropy source,
+please check out the documentation coming the with application.

 For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
 installing the SUNski package from Sun patch 105710-01 (Sparc) which
@@ -190,6 +211,18 @@ versions.  However, be warned that /dev/random is usually a blocking
 device, which may have some effects on OpenSSL.


+* Why do I get an "unable to write 'random state'" error message?
+
+
+Sometimes the openssl command line utility does not abort with
+a "PRNG not seeded" error message, but complains that it is
+"unable to write 'random state'".  This message refers to the
+default seeding file (see previous answer).  A possible reason
+is that no default filename is known because neither RANDFILE
+nor HOME is set.  (Versions up to 0.9.6 used file ".rnd" in the
+current directory in this case, but this has changed with 0.9.6a.)
+
+
 * How do I create certificates or certificate requests?

 Check out the CA.pl(1) manual page. This provides a simple wrapper round
@@ -543,5 +576,12 @@ requiring a bi-directional message exchange; both SSL_read() and
 SSL_write() will try to continue any pending handshake.


+* Why doesn't my server application receive a client certificate?
+
+Due to the TLS protocol definition, a client will only send a certificate,
+if explicitely asked by the server. Use the SSL_VERIFY_PEER flag of the
+SSL_CTX_set_verify() function to enable the use of client certificates.
+
+
 ===============================================================================

--- a/8
+++ b/8
@@ -7,8 +7,11 @@

 To install OpenSSL, you will need:

+  * make
  * Perl 5
  * an ANSI C compiler
+  * a development environment in form of development libraries and C
+    header files
  * a supported Unix operating system

 Quick Start
@@ -54,7 +57,10 @@

  shared        In addition to the usual static libraries, create shared
                libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.
+                shared libraries" below.  THIS IS NOT RECOMMENDED!  Since
+                this is a development branch, the positions of the ENGINE
+                symbols in the transfer vector are constantly moving, so
+                binary backward compatibility can't be guaranteed in any way.

  no-asm        Do not use assembler code.

--- a/INSTALL.MacOS
+++ b/INSTALL.MacOS
@@ -32,17 +32,17 @@ Installation procedure:
        to 42, change appropriately.
 (**)	If you use SUNtar, then it might have already unbinhexed the files
 	in question.
-(***)	The project file was saved with CW Pro 5.3. If you have an earlier
+(***)	The project file was saved with CW Pro 5.3. If you have earlier
 	version and it refuses to open it, then download
 	http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it
 	overwriting the original OpenSSL.mcp.
-(****)	Other targets are works in progress. If you feel like giving 'em a
+(****)	Other targets are work in progress. If you feel like giving 'em a
 	shot, then you should know that OpenSSL* and Lib* targets are
 	supposed to be built with the GUSI, MacOS library which mimics
 	BSD sockets and some other POSIX APIs. The GUSI distribution is
-	expected to be found in the same directory as the openssl source tree,
-	i.e., in the parent directory to the one where this very file,
-	namely INSTALL.MacOS, resides. For more information about GUSI, see
+	expected to be found in the same directory as openssl source tree,
+	i.e. in the parent directory to the one where this very file,
+	namely INSTALL.MacOS. For more informations about GUSI, see
 	http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html

 Finally some essential comments from our generous contributor:-)
--- a/INSTALL.VMS
+++ b/INSTALL.VMS
@@ -8,6 +8,7 @@ Intro:

 This file is divided in the following parts:

+  Requirements			- Mandatory reading.
  Checking the distribution	- Mandatory reading.
  Compilation			- Mandatory reading.
  Logical names			- Mandatory reading.
@@ -19,6 +20,15 @@ This file is divided in the following parts:
  TODO				- Things that are to come.


+Requirements:
+=============
+
+To build and install OpenSSL, you will need:
+
+ * DEC C or some other ANSI C compiler.  VAX C is *not* supported.
+   [Note: OpenSSL has only been tested with DEC C.  Compiling with 
+    a different ANSI C compiler may require some work]
+
 Checking the distribution:
 ==========================

--- a/MacOS/GetHTTPS.src/GetHTTPS.cpp
+++ b/MacOS/GetHTTPS.src/GetHTTPS.cpp
@@ -167,7 +167,7 @@ void main(void)
 		
 		tempString[bytesRead] = '\0';
 		
-		printf("%s", tempString);
+		printf(tempString);
 	}
 	
 	printf("\n\n\n");
@@ -201,7 +201,7 @@ EXITPOINT:
 	{
 		printf("An error occurred:\n");
 		
-		printf("%s",GetErrorMessage());
+		printf(GetErrorMessage());
 	}
 	
 	
--- a/Makefile.org
+++ b/Makefile.org
@@ -24,6 +24,7 @@ INSTALLTOP=/usr/local/ssl
 # Do not edit this manually. Use Configure --openssldir=DIR do change this!
 OPENSSLDIR=/usr/local/ssl

+# RSAref  - Define if we are to link with RSAref.
 # NO_IDEA - Define to build without the IDEA algorithm
 # NO_RC4  - Define to build without the RC4 algorithm
 # NO_RC2  - Define to build without the RC2 algorithm
@@ -56,14 +57,14 @@ CC= gcc
 #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 DEPFLAG= 
-PEX_LIBS= -L. -L.. -L../.. -L../../..
+PEX_LIBS= 
 EX_LIBS= 
+EXE_EXT= 
 AR=ar r
 RANLIB= ranlib
 PERL= perl
 TAR= tar
 TARFLAGS= --no-recursion
-MAKEDEPPROG=makedepend

 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
@@ -150,28 +151,20 @@ RMD160_ASM_OBJ= asm/rm86-out.o
 #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi

-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
 # When we're prepared to use shared libraries in the programs we link here
 # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
 SHLIB_MARK=

-DIRS=   crypto ssl $(SHLIB_MARK) apps test tools
+DIRS=   crypto ssl rsaref $(SHLIB_MARK) apps test tools
 SHLIBDIRS= crypto ssl

 # dirs in crypto to build
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa dh dso engine rijndael \
+	bn rsa dsa dh dso engine \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp
-
-# tests to perform.  "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

 MAKEFILE= Makefile.ssl
 MAKE=     make -f Makefile.ssl
@@ -196,7 +189,7 @@ BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
 TARFILE=        $(NAME).tar
 WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os2.h
+EXHEADER=       e_os.h e_os2.h
 HEADER=         e_os.h

 # When we're prepared to use shared libraries in the programs we link here
@@ -209,7 +202,7 @@ sub_all:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
@@ -228,7 +221,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a
 	fi
 libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' build-shared; \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
@@ -250,7 +243,7 @@ link-shared:
 		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
 			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
 			for j in $${tmp:-x}; do \
-				( set -x; ln -s -f $$prev lib$$i$$j ); \
+				( set -x; ln -f -s $$prev lib$$i$$j ); \
 				prev=lib$$i$$j; \
 			done; \
 		fi; \
@@ -258,78 +251,34 @@ link-shared:

 build-shared: clean-shared do_$(SHLIB_TARGET) link-shared

-do_bsd-gcc-shared: linux-shared
-do_linux-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+do_bsd-gcc-shared: do_gnu-shared
+do_linux-shared: do_gnu-shared
+do_gnu-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
+	libs="$$libs -l$$i"; \
 	done

 # This assumes that GNU utilities are *not* used
 do_tru64-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
 		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 		-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
+	libs="$$libs -l$$i"; \
 	done

 # This assumes that GNU utilities are *not* used
 do_solaris-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+	  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
-	done
-
-# This assumes that GNU utilities are *not* used
-do_irix-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
-	done
-
-# This assumes that GNU utilities are *not* used
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-# The object modules are loaded from lib$i.a using the undocumented -Fl
-# option.
-#
-# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
-#          by temporarily specifying "+s"!
-#
-do_hpux-shared:
-	for i in ${SHLIBDIRS}; do \
-	( set -x; /usr/ccs/bin/ld +vnocompatwarnings \
-		-b -z +s \
-		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Fl lib$$i.a -ldld -lc ) || exit 1; \
-	done
-
-# This assumes that GNU utilities are *not* used
-# HP-UX includes the full pathname of libs we depend on, so we would get
-# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# anyway.
-#
-# HP-UX in 64bit mode has "+s" enabled by default; it will search for
-# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
-#
-do_hpux64-shared:
-	for i in ${SHLIBDIRS}; do \
-	( set -x; /usr/ccs/bin/ld -b -z \
-		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+forceload lib$$i.a -ldl -lc ) || exit 1; \
+	libs="$$libs -l$$i"; \
 	done

 Makefile.ssl: Makefile.org
@@ -378,7 +327,7 @@ links:
 	@for i in $(DIRS); do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making links in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
 	fi; \
 	done;

@@ -394,14 +343,14 @@ dclean:

 rehash: rehash.time
 rehash.time: certs
-	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; export OPENSSL OPENSSL_DEBUG_MEMORY; $(PERL) tools/c_rehash certs)
+	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
 	touch rehash.time

 test:   tests

 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' OPENSSL_DEBUG_MEMORY=on tests );
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' EXE_EXT='${EXE_EXT}' tests );
 	@apps/openssl version -a

 report:
@@ -412,7 +361,7 @@ depend:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' depend ) || exit 1; \
+		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
 	fi; \
 	done;

@@ -435,25 +384,25 @@ tags:
 	done;

 errors:
-	$(PERL) util/mkerr.pl -recurse -write
+	perl util/mkerr.pl -recurse -write

 stacks:
-	$(PERL) util/mkstack.pl -write
+	perl util/mkstack.pl -write

 util/libeay.num::
-	$(PERL) util/mkdef.pl crypto update
+	perl util/mkdef.pl crypto update

 util/ssleay.num::
-	$(PERL) util/mkdef.pl ssl update
+	perl util/mkdef.pl ssl update

-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
-	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
-	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
+	perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
+	perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h

 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
-	$(PERL) Configure TABLE) > TABLE
+	perl Configure TABLE) > TABLE

 update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE

@@ -466,14 +415,6 @@ tar:
 	gzip --best >../$(TARFILE).gz; \
 	ls -l ../$(TARFILE).gz

-tar-snap:
-	@$(TAR) $(TARFLAGS) -cvf - \
-		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \! -name '*test' \! -name '.#*' | sort` |\
-	tardy --user_number=0  --user_name=openssl \
-	      --group_number=0 --group_name=openssl \
-	      --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
-	ls -l ../$(TARFILE)
-
 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
@@ -500,7 +441,7 @@ install: all install_docs
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i; echo "installing $$i..."; \
-		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
+		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
 	fi; \
 	done
 	@for i in $(LIBS) ;\
@@ -518,8 +459,8 @@ install: all install_docs
 		do \
 			if [ -f "$$i" ]; then \
 			(       echo installing $$i; \
-				cp -f $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-				chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+				chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 			fi \
 		done; \
 		(	here="`pwd`"; \
@@ -535,7 +476,7 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man7
 	@for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
-		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
+		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
@@ -544,7 +485,7 @@ install_docs:
 	done
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
-		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
+		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
--- a/48
+++ b/48
@@ -5,10 +5,47 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
+  Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:

-      o New library section OCSP.
-      o Complete haul-over of the ASN.1 library section.
+      o Security fix: PRNG improvements.
+      o Security fix: RSA OAEP check.
+      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
+        attack.
+      o MIPS bug fix in BIGNUM.
+      o Bug fix in "openssl enc".
+      o Bug fix in X.509 printing routine.
+      o Bug fix in DSA verification routine and DSA S/MIME verification.
+      o Bug fix to make PRNG thread-safe.
+      o Bug fix in RAND_file_name().
+      o Bug fix in compatibility mode trust settings.
+      o Bug fix in blowfish EVP.
+      o Increase default size for BIO buffering filter.
+      o Compatibility fixes in some scripts.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
+      o Compatibility fix: the function des_encrypt() renamed to
+        des_encrypt1() to avoid clashes with some Unixen libc.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded enviroments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range().
+      o Add "-rand" option to openssl s_client and s_server.

  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:

@@ -19,9 +56,12 @@
      o New 'rsautl' application, low level RSA utility.
      o MD4 now included.
      o Bugfix for SSL rollback padding check.
-      o Support for external crypto devices.
+      o Support for external crypto devices [1].
      o Enhanced EVP interface.

+    [1] The support for external crypto devices is currently a separate
+        distribution.  See the file README.ENGINE.
+
  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:

      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
--- a/12
+++ b/12
@@ -1,7 +1,7 @@

- OpenSSL 0.9.7-dev 24 Sep 2000
+ OpenSSL 0.9.6b [engine]  9 Jul 2001

- Copyright (c) 1998-2000 The OpenSSL Project
+ Copyright (c) 1998-2001 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.

@@ -107,8 +107,8 @@
 only be used with RSA Security's permission. 

 The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
- Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They
- should be contacted if that algorithm is to be used; their web page is
+ Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They should
+ be contacted if that algorithm is to be used, their web page is
 http://www.ascom.ch/.

 INSTALLATION
@@ -119,8 +119,8 @@
 INSTALL.VMS.

 Read the documentation in the doc/ directory.  It is quite rough, but it
- lists the functions; you will probably have to look at the code to work out
- how to use them. Look at the example programs.
+ lists the functions, you will probably have to look at the code to work out
+ how to used them. Look at the example programs.

 SUPPORT 
 -------
--- a/README.ASN1
+++ b/README.ASN1
@@ -1,187 +0,0 @@
-
-OpenSSL ASN1 Revision
-=====================
-
-This document describes some of the issues relating to the new ASN1 code.
-
-Previous OpenSSL ASN1 problems
-=============================
-
-OK why did the OpenSSL ASN1 code need revising in the first place? Well
-there are lots of reasons some of which are included below...
-
-1. The code is difficult to read and write. For every single ASN1 structure
-(e.g. SEQUENCE) four functions need to be written for new, free, encode and
-decode operations. This is a very painful and error prone operation. Very few
-people have ever written any OpenSSL ASN1 and those that have usually wish
-they hadn't.
-
-2. Partly because of 1. the code is bloated and takes up a disproportionate
-amount of space. The SEQUENCE encoder is particularly bad: it essentially
-contains two copies of the same operation, one to compute the SEQUENCE length
-and the other to encode it.
-
-3. The code is memory based: that is it expects to be able to read the whole
-structure from memory. This is fine for small structures but if you have a
-(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
-
-4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
-changing the tag to the expected one, attempting to read it, then changing it
-back again. This means that decode buffers have to be writable even though they
-are ultimately unchanged. This gets in the way of constification.
-
-5. The handling of EXPLICIT isn't much better. It adds a chunk of code into 
-the decoder and encoder for every EXPLICIT tag.
-
-6. APPLICATION and PRIVATE tags aren't even supported at all.
-
-7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
-types that are not OPTIONAL.
-
-8. Much of the code assumes that a tag will fit in a single octet. This is
-only true if the tag is 30 or less (mercifully tags over 30 are rare).
-
-9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
-macros that properly support it.
-
-10. Encoders have no concept of OPTIONAL and have no error checking. If the
-passed structure contains a NULL in a mandatory field it will not be encoded,
-resulting in an invalid structure.
-
-11. It is tricky to add ASN1 encoders and decoders to external applications.
-
-Template model
-==============
-
-One of the major problems with revision is the sheer volume of the ASN1 code.
-Attempts to change (for example) the IMPLICIT behaviour would result in a
-modification of *every* single decode function. 
-
-I decided to adopt a template based approach. I'm using the term 'template'
-in a manner similar to SNACC templates: it has nothing to do with C++
-templates.
-
-A template is a description of an ASN1 module as several constant C structures.
-It describes in a machine readable way exactly how the ASN1 structure should
-behave. If this template contains enough detail then it is possible to write
-versions of new, free, encode, decode (and possibly others operations) that
-operate on templates.
-
-Instead of having to write code to handle each operation only a single
-template needs to be written. If new operations are needed (such as a 'print'
-operation) only a single new template based function needs to be written 
-which will then automatically handle all existing templates.
-
-Plans for revision
-==================
-
-The revision will consist of the following steps. Other than the first two
-these can be handled in any order.
- 
-o Design and write template new, free, encode and decode operations, initially
-memory based. *DONE*
-
-o Convert existing ASN1 code to template form. *IN PROGRESS*
-
-o Convert an existing ASN1 compiler (probably SNACC) to output templates
-in OpenSSL form.
-
-o Add support for BIO based ASN1 encoders and decoders to handle large
-structures, initially blocking I/O.
-
-o Add support for non blocking I/O: this is quite a bit harder than blocking
-I/O.
-
-o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
-certificates etc etc.
-
-Description of major changes
-============================
-
-The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
-absent. The meaning of absent depends on the context. If for example the
-boolean type is DEFAULT FALSE (as in the case of the critical flag for
-certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
-Usually the value will only ever be read via an API which will hide this from
-an application.
-
-There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
-SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
-old code would omit the structure if the STACK was NULL (which is fine) or if
-it had zero elements (which is NOT OK). This causes problems because an empty
-SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
-it is encoded it will be omitted resulting in different encodings. The new code
-only omits the encoding if the STACK is NULL, if it contains zero elements it
-is encoded and empty. There is an additional problem though: because an empty
-STACK was omitted, sometimes the corresponding *_new() function would
-initialize the STACK to empty so an application could immediately use it, if
-this is done with the new code (i.e. a NULL) it wont work. Therefore a new
-STACK should be allocated first. One instance of this is the X509_CRL list of
-revoked certificates: a helper function X509_CRL_add0_revoked() has been added
-for this purpose.
-
-The X509_ATTRIBUTE structure used to have an element called 'set' which took
-the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
-to the behaviour of CHOICE in the new code this has been changed to a field
-called 'single' which is 0 for a SET OF and 1 for single. The old field has
-been deleted to deliberately break source compatibility. Since this structure
-is normally accessed via higher level functions this shouldn't break too much.
-
-The X509_REQ_INFO certificate request info structure no longer has a field
-called 'req_kludge'. This used to be set to 1 if the attributes field was
-(incorrectly) omitted. You can check to see if the field is omitted now by
-checking if the attributes field is NULL. Similarly if you need to omit
-the field then free attributes and set it to NULL.
-
-The top level 'detached' field in the PKCS7 structure is no longer set when
-a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
-The behaviour of PKCS7_get_detached() is unaffected.
-
-The values of 'type' in the GENERAL_NAME structure have changed. This is
-because the old code use the ASN1 initial octet as the selector. The new
-code uses the index in the ASN1_CHOICE template.
-
-The DIST_POINT_NAME structure has changed to be a true CHOICE type.
-
-typedef struct DIST_POINT_NAME_st {
-int type;
-union {
-	STACK_OF(GENERAL_NAME) *fullname;
-	STACK_OF(X509_NAME_ENTRY) *relativename;
-} name;
-} DIST_POINT_NAME;
-
-This means that name.fullname or name.relativename should be set
-and type reflects the option. That is if name.fullname is set then
-type is 0 and if name.relativename is set type is 1.
-
-With the old code using the i2d functions would typically involve:
-
-unsigned char *buf, *p;
-int len;
-/* Find length of encoding */
-len = i2d_SOMETHING(x, NULL);
-/* Allocate buffer */
-buf = OPENSSL_malloc(len);
-if(buf == NULL) {
-	/* Malloc error */
-}
-/* Use temp variable because &p gets updated to point to end of
- * encoding.
- */
-p = buf;
-i2d_SOMETHING(x, &p);
-
-
-Using the new i2d you can also do:
-
-unsigned char *buf = NULL;
-int len;
-len = i2d_SOMETHING(x, &buf);
-if(len < 0) {
-	/* Malloc error */
-}
-
-and it will automatically allocate and populate a buffer with the
-encoding. After this call 'buf' will point to the start of the
-encoding which is len bytes long.
--- a/README.ENGINE
+++ b/README.ENGINE
@@ -13,10 +13,11 @@
      o CryptoSwift
      o Compaq Atalla
      o nCipher CHIL
-      o Nuron

  A number of things are still needed and are being worked on:

+      o An openssl utility command to handle or at least check available
+        engines.
      o A better way of handling the methods that are handled by the
        engines.
      o Documentation!
@@ -24,6 +25,25 @@
  What already exists is fairly stable as far as it has been tested, but
  the test base has been a bit small most of the time.

+  Because of this experimental status and what's lacking, the ENGINE
+  component is not yet part of the default OpenSSL distribution.  However,
+  we have made a separate kit for those who want to try this out, to be
+  found in the same places as the default OpenSSL distribution, but with
+  "-engine-" being part of the kit file name.  For example, version 0.9.6
+  is distributed in the following two files:
+
+      openssl-0.9.6.tar.gz
+      openssl-engine-0.9.6.tar.gz
+
+  NOTES
+  =====
+
+  openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
+  not need to download both.
+
+  openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
+  crypto device.  The internal OpenSSL functions are contained in the
+  engine "openssl", and will be used by default.

  No external crypto device is chosen unless you say so.  You have actively
  tell the openssl utility commands to use it through a new command line
--- a/9
+++ b/9
@@ -1,11 +1,10 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2001/02/22 15:10:11 $
+  ______________                           $Date: 2001/04/05 17:48:02 $

  DEVELOPMENT STATE

-    o  OpenSSL 0.9.7:  Under development...
-    o  OpenSSL 0.9.6a: Bugfix release -- under development...
+    o  OpenSSL 0.9.6a: Released on April      5th, 2001
    o  OpenSSL 0.9.6:  Released on September 24th, 2000
    o  OpenSSL 0.9.5a: Released on April      1st, 2000
    o  OpenSSL 0.9.5:  Released on February  28th, 2000
@@ -17,12 +16,8 @@

  RELEASE SHOWSTOPPERS

-    o
-
  AVAILABLE PATCHES

-    o
-
  IN PROGRESS

    o Steve is currently working on (in no particular order):
--- a/821
+++ b/821
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -5,7 +5,7 @@
 #      things easier between now and when Eric is convinced to fix it :-)
 #
 # CA -newca ... will setup the right stuff
-# CA -newreq[-nodes] ... will generate a certificate request 
+# CA -newreq ... will generate a certificate request 
 # CA -sign ... will sign the generated request and output 
 #
 # At the end of that grab newreq.pem and newcert.pem (one has the key 
@@ -54,7 +54,7 @@ $RET = 0;

 foreach (@ARGV) {
 	if ( /^(-\?|-h|-help)$/ ) {
-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
 	    exit 0;
 	} elsif (/^-newcert$/) {
 	    # create a certificate
@@ -66,11 +66,6 @@ foreach (@ARGV) {
 	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
 	    print "Request (and private key) is in newreq.pem\n";
-	} elsif (/^-newreq-nodes$/) {
-	    # create a certificate request
-	    system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
-	    $RET=$?;
-	    print "Request (and private key) is in newreq.pem\n";
 	} elsif (/^-newca$/) {
 		# if explicitly asked for or it doesn't exist then setup the
 		# directory structure that Eric likes to manage things 
@@ -148,7 +143,7 @@ foreach (@ARGV) {
 	    }
 	} else {
 	    print STDERR "Unknown arg $_\n";
-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
 	    exit 1;
 	}
 }
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -124,7 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
 	int consider_randfile = (file == NULL);
 	char buffer[200];
 	
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 	BIO_printf(bio_e,"Loading 'screen' into random state -");
 	BIO_flush(bio_e);
 	RAND_screen();
@@ -142,9 +142,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
 		}
 	if (file == NULL || !RAND_load_file(file, -1))
 		{
-		if (RAND_status() == 0)
-			{
-			if (!dont_warn)
+		if (RAND_status() == 0 && !dont_warn)
 			{
 			BIO_printf(bio_e,"unable to load 'random state'\n");
 			BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
@@ -157,7 +155,6 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
 			}
 		return 0;
 		}
-		}
 	seeded = 1;
 	return 1;
 	}
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -70,24 +70,10 @@
 #include <openssl/pkcs12.h>
 #include <openssl/safestack.h>

-#ifdef OPENSSL_SYS_WINDOWS
-#define strcasecmp _stricmp
-#else
-#include <strings.h>
-#endif
-
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 #  include "bss_file.c"
 #endif

-typedef struct {
-	char *name;
-	unsigned long flag;
-	unsigned long mask;
-} NAME_EX_TBL;
-
-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
-
 int app_init(long mesgwin);
 #ifdef undef /* never finished - probably never will be :-) */
 int args_from_file(char *file, int *argc, char **argv[])
@@ -190,7 +176,7 @@ int str2fmt(char *s)
 		return(FORMAT_UNDEF);
 	}

-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+#if defined(MSDOS) || defined(WIN32) || defined(WIN16)
 void program_name(char *in, char *out, int size)
 	{
 	int i,n;
@@ -228,7 +214,7 @@ void program_name(char *in, char *out, int size)
 	out[n]='\0';
 	}
 #else
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 void program_name(char *in, char *out, int size)
 	{
 	char *p=in, *q;
@@ -264,10 +250,10 @@ void program_name(char *in, char *out, int size)
 #endif
 #endif

-#ifdef OPENSSL_SYS_WIN32
+#ifdef WIN32
 int WIN32_rename(char *from, char *to)
 	{
-#ifdef OPENSSL_SYS_WINNT
+#ifdef WINNT
 	int ret;
 /* Note: MoveFileEx() doesn't work under Win95, Win98 */

@@ -448,11 +434,7 @@ int add_oid_section(BIO *err, LHASH *conf)
 	STACK_OF(CONF_VALUE) *sktmp;
 	CONF_VALUE *cnf;
 	int i;
-	if(!(p=CONF_get_string(conf,NULL,"oid_section")))
-		{
-		ERR_clear_error();
-		return 1;
-		}
+	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
 	if(!(sktmp = CONF_get_section(conf, p))) {
 		BIO_printf(err, "problem loading oid section %s\n", p);
 		return 0;
@@ -482,10 +464,7 @@ X509 *load_cert(BIO *err, char *file, int format)
 		}

 	if (file == NULL)
-		{
-		setvbuf(stdin, NULL, _IONBF, 0);
 		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
-		}
 	else
 		{
 		if (BIO_read_filename(cert,file) <= 0)
@@ -566,7 +545,7 @@ end:
 	return(x);
 	}

-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -576,14 +555,6 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
-	if (format == FORMAT_ENGINE)
-		{
-		if (!e)
-			BIO_printf(bio_err,"no engine specified\n");
-		else
-			pkey = ENGINE_load_private_key(e, file, pass);
-		goto end;
-		}
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -623,7 +594,7 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
 	return(pkey);
 	}

-EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -633,14 +604,6 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
-	if (format == FORMAT_ENGINE)
-		{
-		if (!e)
-			BIO_printf(bio_err,"no engine specified\n");
-		else
-			pkey = ENGINE_load_public_key(e, file, NULL);
-		goto end;
-		}
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -733,44 +696,16 @@ end:
 	return(othercerts);
 	}

-
-#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
-/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT		0
-/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
-/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
-/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
-
-int set_cert_ex(unsigned long *flags, const char *arg)
-{
-	static const NAME_EX_TBL cert_tbl[] = {
-		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},
-		{ "no_header", X509_FLAG_NO_HEADER, 0},
-		{ "no_version", X509_FLAG_NO_VERSION, 0},
-		{ "no_serial", X509_FLAG_NO_SERIAL, 0},
-		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
-		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
-		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
-		{ "no_issuer", X509_FLAG_NO_ISSUER, 0},
-		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
-		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
-		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
-		{ "no_aux", X509_FLAG_NO_AUX, 0},
-		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
-		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-		{ NULL, 0, 0}
-	};
-	return set_table_opts(flags, arg, cert_tbl);
-}
+typedef struct {
+	char *name;
+	unsigned long flag;
+	unsigned long mask;
+} NAME_EX_TBL;

 int set_name_ex(unsigned long *flags, const char *arg)
 {
-	static const NAME_EX_TBL ex_tbl[] = {
+	char c;
+	const NAME_EX_TBL *ptbl, ex_tbl[] = {
 		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
 		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
 		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
@@ -798,13 +733,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
 		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
 		{ NULL, 0, 0}
 	};
-	return set_table_opts(flags, arg, ex_tbl);
-}

-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
-{
-	char c;
-	const NAME_EX_TBL *ptbl;
 	c = arg[0];

 	if(c == '-') {
@@ -815,8 +744,8 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T
 		arg++;
 	} else c = 1;

-	for(ptbl = in_tbl; ptbl->name; ptbl++) {
-		if(!strcasecmp(arg, ptbl->name)) {
+	for(ptbl = ex_tbl; ptbl->name; ptbl++) {
+		if(!strcmp(arg, ptbl->name)) {
 			*flags &= ~ptbl->mask;
 			if(c) *flags |= ptbl->flag;
 			else *flags &= ~ptbl->flag;
@@ -847,32 +776,3 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 	}
 }

-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
-{
-	X509_STORE *store;
-	X509_LOOKUP *lookup;
-	if(!(store = X509_STORE_new())) goto end;
-	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
-	if (lookup == NULL) goto end;
-	if (CAfile) {
-		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
-			BIO_printf(bp, "Error loading file %s\n", CAfile);
-			goto end;
-		}
-	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-		
-	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
-	if (lookup == NULL) goto end;
-	if (CApath) {
-		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
-			BIO_printf(bp, "Error loading directory %s\n", CApath);
-			goto end;
-		}
-	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-
-	ERR_clear_error();
-	return store;
-	end:
-	X509_STORE_free(store);
-	return NULL;
-}
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -59,7 +59,7 @@
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H

-#include "e_os.h"
+#include "openssl/e_os.h"

 #include <openssl/buffer.h>
 #include <openssl/bio.h>
@@ -67,7 +67,6 @@
 #include <openssl/x509.h>
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
-#include <openssl/engine.h>

 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
 int app_RAND_write_file(const char *file, BIO *bio_e);
@@ -79,11 +78,11 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
                                       * (see e_os.h).  The string is
                                       * destroyed! */

-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 BIO_METHOD *BIO_s_file();
 #endif

-#ifdef OPENSSL_SYS_WIN32
+#ifdef WIN32
 #define rename(from,to) WIN32_rename((from),(to))
 int WIN32_rename(char *oldname,char *newname);
 #endif
@@ -118,21 +117,18 @@ extern BIO *bio_err;
 #if defined(MONOLITH) && !defined(OPENSSL_C)
 #  define apps_startup()	do_pipe_sig()
 #else
-#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
-   defined(OPENSSL_SYS_WIN32)
+#  if defined(MSDOS) || defined(WIN16) || defined(WIN32)
 #    ifdef _O_BINARY
 #      define apps_startup() \
 		_fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		OpenSSL_add_all_algorithms(); ENGINE_load_builtin_engines()
+		SSLeay_add_all_algorithms()
 #    else
 #      define apps_startup() \
 		_fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		OpenSSL_add_all_algorithms(); ENGINE_load_builtin_engines()
+		SSLeay_add_all_algorithms()
 #    endif
 #  else
-#    define apps_startup() \
-		do_pipe_sig(); OpenSSL_add_all_algorithms(); \
-		ENGINE_load_builtin_engines()
+#    define apps_startup()	do_pipe_sig(); SSLeay_add_all_algorithms();
 #  endif
 #endif

@@ -151,15 +147,13 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 int dump_cert_text(BIO *out, X509 *x);
 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
-int set_cert_ex(unsigned long *flags, const char *arg);
 int set_name_ex(unsigned long *flags, const char *arg);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
 int add_oid_section(BIO *err, LHASH *conf);
 X509 *load_cert(BIO *err, char *file, int format);
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e);
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e);
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
 STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);

 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
@@ -168,7 +162,8 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
 #define FORMAT_NETSCAPE 4
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
-#define FORMAT_ENGINE   7
+/* Since this is currently inofficial, let's give it a high number */
+#define FORMAT_ENGINE   127

 #define NETSCAPE_CERT_HDR	"certificate"

--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -206,7 +206,7 @@ bad:
 		goto end;
 		}
 	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	out = BIO_push(tmpbio, out);
--- a/apps/ca.c
+++ b/apps/ca.c
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -95,11 +95,11 @@ int MAIN(int argc, char **argv)
 	char buf[512];
 	BIO *STDout=NULL;

-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_server_method();
-#elif !defined(OPENSSL_NO_SSL3)
+#elif !defined(NO_SSL3)
 	meth=SSLv3_server_method();
-#elif !defined(OPENSSL_NO_SSL2)
+#elif !defined(NO_SSL2)
 	meth=SSLv2_server_method();
 #endif

@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	STDout = BIO_push(tmpbio, STDout);
@@ -121,15 +121,15 @@ int MAIN(int argc, char **argv)
 		{
 		if (strcmp(*argv,"-v") == 0)
 			verbose=1;
-#ifndef OPENSSL_NO_SSL2
+#ifndef NO_SSL2
 		else if (strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef NO_SSL3
 		else if (strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
-#ifndef OPENSSL_NO_TLS1
+#ifndef NO_TLS1
 		else if (strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
@@ -150,7 +150,7 @@ int MAIN(int argc, char **argv)
 	if (badops)
 		{
 		for (pp=ciphers_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+			BIO_printf(bio_err,*pp);
 		goto end;
 		}

--- a/apps/crl.c
+++ b/apps/crl.c
@@ -124,7 +124,7 @@ int MAIN(int argc, char **argv)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
 			{
 			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			bio_out = BIO_push(tmpbio, bio_out);
@@ -214,7 +214,7 @@ int MAIN(int argc, char **argv)
 		{
 bad:
 		for (pp=crl_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+			BIO_printf(bio_err,*pp);
 		goto end;
 		}

@@ -324,7 +324,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -241,7 +241,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -93,7 +93,6 @@ int MAIN(int argc, char **argv)
 	char pname[PROG_NAME_SIZE];
 	int separator=0;
 	int debug=0;
-	int keyform=FORMAT_PEM;
 	const char *outfile = NULL, *keyfile = NULL;
 	const char *sigfile = NULL, *randfile = NULL;
 	int out_bin = -1, want_pub = 0, do_verify = 0;
@@ -158,11 +157,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			sigfile=*(++argv);
 			}
-		else if (strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) break;
-			keyform=str2fmt(*(++argv));
-			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) break;
@@ -202,7 +196,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
 		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
-		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
@@ -272,7 +265,7 @@ int MAIN(int argc, char **argv)
 		else    out = BIO_new_file(outfile, "w");
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -287,47 +280,20 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

-	if(keyfile)
-		{
-		if (keyform == FORMAT_PEM)
-			{
+	if(keyfile) {
 		BIO *keybio;
 		keybio = BIO_new_file(keyfile, "r");
-			if(!keybio)
-				{
-				BIO_printf(bio_err,
-					"Error opening key file %s\n",
+		if(!keybio) {
+			BIO_printf(bio_err, "Error opening key file %s\n",
 								keyfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
-			if(want_pub) 
-				sigkey = PEM_read_bio_PUBKEY(keybio,
-					NULL, NULL, NULL);
-			else
-				sigkey = PEM_read_bio_PrivateKey(keybio,
-					NULL, NULL, NULL);
-			BIO_free(keybio);
-			}
-		else if (keyform == FORMAT_ENGINE)
-			{
-			if (!e)
-				{
-				BIO_printf(bio_err,"no engine specified\n");
-				goto end;
-				}
-			if (want_pub)
-				sigkey = ENGINE_load_public_key(e, keyfile, NULL);
-			else
-				sigkey = ENGINE_load_private_key(e, keyfile, NULL);
-			}
-		else
-			{
-			BIO_printf(bio_err,
-				"bad input format specified for key file\n");
-			goto end;
-			}
 		
+		if(want_pub) 
+			sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
+		else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
+		BIO_free(keybio);
 		if(!sigkey) {
 			BIO_printf(bio_err, "Error reading key file %s\n",
 								keyfile);
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -57,7 +57,7 @@
 * [including the GNU Public Licence.]
 */

-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
@@ -213,7 +213,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -109,7 +109,7 @@
 *
 */

-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
@@ -123,7 +123,7 @@
 #include <openssl/pem.h>
 #include <openssl/engine.h>

-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 #include <openssl/dsa.h>
 #endif

@@ -152,7 +152,7 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	int dsaparam=0;
 #endif
 	BIO *in=NULL,*out=NULL;
@@ -206,7 +206,7 @@ int MAIN(int argc, char **argv)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		else if (strcmp(*argv,"-dsaparam") == 0)
 			dsaparam=1;
 #endif
@@ -238,7 +238,7 @@ bad:
 		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");
 #endif
 		BIO_printf(bio_err," -check        check the DH parameters\n");
@@ -278,7 +278,7 @@ bad:
 	if (g && !num)
 		num = DEFBITS;

-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	if (dsaparam)
 		{
 		if (g)
@@ -305,7 +305,7 @@ bad:
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));

-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		if (dsaparam)
 			{
 			DSA *dsa;
@@ -366,7 +366,7 @@ bad:
 			goto end;
 			}

-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		if (dsaparam)
 			{
 			DSA *dsa;
@@ -419,7 +419,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */

-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -187,7 +187,7 @@ bad:
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
@@ -262,7 +262,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */

-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -96,10 +96,9 @@ int MAIN(int argc, char **argv)
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*inrand=NULL;
+	char *infile,*outfile,*prog,*inrand=NULL,*engine=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
-	char *engine=NULL;

 	apps_startup();

@@ -137,11 +136,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-		else if(strcmp(*argv, "-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine = *(++argv);
-			}
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
@@ -188,7 +182,6 @@ bad:
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
 		}
@@ -216,7 +209,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -232,24 +225,6 @@ bad:
 			}
 		}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (need_rand)
 		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -66,12 +66,11 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 #include <openssl/md5.h>
 #endif
 #include <openssl/pem.h>
 #include <openssl/engine.h>
-#include <ctype.h>

 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -82,24 +81,6 @@ int set_hex(char *in,unsigned char *out,int size);
 #define BSIZE	(8*1024)
 #define	PROG	enc_main

-void show_ciphers(const OBJ_NAME *name,void *bio_)
-	{
-	BIO *bio=bio_;
-	static int n;
-
-	if(!islower((unsigned char)*name->name))
-		return;
-
-	BIO_printf(bio,"-%-25s",name->name);
-	if(++n == 3)
-		{
-		BIO_printf(bio,"\n");
-		n=0;
-		}
-	else
-		BIO_printf(bio," ");
-	}
-
 int MAIN(int, char **);

 int MAIN(int argc, char **argv)
@@ -111,8 +92,7 @@ int MAIN(int argc, char **argv)
 	unsigned char *buff=NULL,*bufsize=NULL;
 	int bsize=BSIZE,verbose=0;
 	int ret=1,inl;
-	int nopad = 0;
-	unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
+	unsigned char key[24],iv[MD5_DIGEST_LENGTH];
 	unsigned char salt[PKCS5_SALT_LEN];
 	char *str=NULL, *passarg = NULL, *pass = NULL;
 	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
@@ -175,8 +155,6 @@ int MAIN(int argc, char **argv)
 			printkey=1;
 		else if	(strcmp(*argv,"-v") == 0)
 			verbose=1;
-		else if	(strcmp(*argv,"-nopad") == 0)
-			nopad=1;
 		else if	(strcmp(*argv,"-salt") == 0)
 			nosalt=0;
 		else if	(strcmp(*argv,"-nosalt") == 0)
@@ -274,11 +252,71 @@ bad:
 			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");

 			BIO_printf(bio_err,"Cipher Types\n");
-			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
-					       show_ciphers,
-					       bio_err);
-			BIO_printf(bio_err,"\n");
+			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
+			BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n");
+			BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n");
+#ifndef NO_IDEA
+			BIO_printf(bio_err,"idea    :128 bit key IDEA encryption\n");
+#endif
+#ifndef NO_RC4
+			BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
+#endif
+#ifndef NO_BF
+			BIO_printf(bio_err,"bf      :128 bit key Blowfish encryption\n");
+#endif
+#ifndef NO_RC4
+			BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
+				LN_rc4);
+#endif

+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_des_ecb,LN_des_cbc,
+				LN_des_cfb64,LN_des_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n",
+				"des", LN_des_cbc);
+
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_des_ede,LN_des_ede_cbc,
+				LN_des_ede_cfb64,LN_des_ede_ofb64);
+			BIO_printf(bio_err," -desx -none\n");
+
+
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_des_ede3,LN_des_ede3_cbc,
+				LN_des_ede3_cfb64,LN_des_ede3_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n",
+				"des3", LN_des_ede3_cbc);
+
+#ifndef NO_IDEA
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_idea_ecb, LN_idea_cbc,
+				LN_idea_cfb64, LN_idea_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc);
+#endif
+#ifndef NO_RC2
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_rc2_ecb, LN_rc2_cbc,
+				LN_rc2_cfb64, LN_rc2_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
+#endif
+#ifndef NO_BF
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_bf_ecb, LN_bf_cbc,
+				LN_bf_cfb64, LN_bf_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
+#endif
+#ifndef NO_CAST
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_cast5_ecb, LN_cast5_cbc,
+				LN_cast5_cfb64, LN_cast5_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
+#endif
+#ifndef NO_RC5
+			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
+				LN_rc5_ecb, LN_rc5_cbc,
+				LN_rc5_cfb64, LN_rc5_ofb64);
+			BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
+#endif
 			goto end;
 			}
 		argc--;
@@ -407,7 +445,7 @@ bad:
 	if (outf == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -445,9 +483,6 @@ bad:

 	if (cipher != NULL)
 		{
-		/* Note that str is NULL if a key was passed on the command
-		 * line, so we get no salt in that case. Is this a bug?
-		 */
 		if (str != NULL)
 			{
 			/* Salt handling: if encrypting generate a salt and
@@ -502,12 +537,20 @@ bad:
 			else
 				memset(str,0,strlen(str));
 			}
-		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
+		if ((hiv != NULL) && !set_hex(hiv,iv,8))
 			{
 			BIO_printf(bio_err,"invalid hex iv value\n");
 			goto end;
 			}
-		if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
+		if ((hiv == NULL) && (str == NULL))
+			{
+			/* No IV was explicitly set and no IV was generated
+			 * during EVP_BytesToKey. Hence the IV is undefined,
+			 * making correct decryption impossible. */
+			BIO_printf(bio_err, "iv undefined\n");
+			goto end;
+			}
+		if ((hkey != NULL) && !set_hex(hkey,key,24))
 			{
 			BIO_printf(bio_err,"invalid hex key value\n");
 			goto end;
@@ -516,12 +559,6 @@ bad:
 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
 			goto end;
 		BIO_set_cipher(benc,cipher,key,iv,enc);
-		if (nopad)
-			{
-			EVP_CIPHER_CTX *ctx;
-			BIO_get_cipher_ctx(benc, &ctx);
-			EVP_CIPHER_CTX_set_padding(ctx, 0);
-			}
 		if (debug)
 			{
 			BIO_set_callback(benc,BIO_debug_callback);
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -1,243 +0,0 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/engine.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG	engine_main
-
-static char *engine_usage[]={
-"usage: engine opts [engine ...]\n",
-" -v          - verbose mode, a textual listing of the engines in OpenSSL\n",
-" -c          - for each engine, also list the capabilities\n",
-" -t          - for each engine, check that they are really available\n",
-NULL
-};
-
-static void identity(void *ptr)
-	{
-	return;
-	}
-
-static int append_buf(char **buf, char *s, int *size, int step)
-	{
-	int l = strlen(s);
-
-	if (*buf == NULL)
-		{
-		*size = step;
-		*buf = OPENSSL_malloc(*size);
-		if (*buf == NULL)
-			return 0;
-		**buf = '\0';
-		}
-
-	if (**buf != '\0')
-		l += 2;		/* ", " */
-
-	if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
-		{
-		*size += step;
-		*buf = OPENSSL_realloc(*buf, *size);
-		}
-
-	if (*buf == NULL)
-		return 0;
-
-	if (**buf != '\0')
-		strcat(*buf, ", ");
-	strcat(*buf, s);
-
-	return 1;
-	}
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	int ret=1,i;
-	char **pp;
-	int verbose=0, list_cap=0, test_avail=0;
-	ENGINE *e;
-	STACK *engines = sk_new_null();
-	int badops=0;
-	BIO *bio_out=NULL;
-
-	apps_startup();
-	SSL_load_error_strings();
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	bio_out = BIO_push(tmpbio, bio_out);
-	}
-#endif
-
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if (strcmp(*argv,"-v") == 0)
-			verbose=1;
-		else if (strcmp(*argv,"-c") == 0)
-			list_cap=1;
-		else if (strcmp(*argv,"-t") == 0)
-			test_avail=1;
-		else if ((strncmp(*argv,"-h",2) == 0) ||
-			 (strcmp(*argv,"-?") == 0))
-			{
-			badops=1;
-			break;
-			}
-		else
-			{
-			sk_push(engines,*argv);
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-		for (pp=engine_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
-		goto end;
-		}
-
-	if (sk_num(engines) == 0)
-		{
-		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
-			{
-			sk_push(engines,(char *)ENGINE_get_id(e));
-			}
-		}
-
-	for (i=0; i<sk_num(engines); i++)
-		{
-		const char *id = sk_value(engines,i);
-		if ((e = ENGINE_by_id(id)) != NULL)
-			{
-			const char *name = ENGINE_get_name(e);
-			BIO_printf(bio_out, "%s (%s)", name, id);
-			if (list_cap || test_avail)
-				BIO_printf(bio_out, ":");
-			if (test_avail)
-				{
-				if (ENGINE_init(e))
-					{
-					BIO_printf(bio_out, " available");
-					ENGINE_finish(e);
-					}
-				else
-					{
-					BIO_printf(bio_out, " unavailable");
-					ERR_clear_error();
-					}
-				}
-			if (list_cap)
-				{
-				int cap_size = 256;
-				char *cap_buf = NULL;
-
-				if (ENGINE_get_RSA(e) != NULL
-					&& !append_buf(&cap_buf, "RSA",
-						&cap_size, 256))
-					goto end;
-				if (ENGINE_get_DSA(e) != NULL
-					&& !append_buf(&cap_buf, "DSA",
-						&cap_size, 256))
-					goto end;
-				if (ENGINE_get_DH(e) != NULL
-					&& !append_buf(&cap_buf, "DH",
-						&cap_size, 256))
-					goto end;
-				if (ENGINE_get_RAND(e) != NULL
-					&& !append_buf(&cap_buf, "RAND",
-						&cap_size, 256))
-					goto end;
-
-				if (*cap_buf != '\0')
-					BIO_printf(bio_out, " [%s]", cap_buf);
-
-				OPENSSL_free(cap_buf);
-				}
-			BIO_printf(bio_out, "\n");
-			}
-		else
-			ERR_print_errors(bio_err);
-		}
-
-	ret=0;
-end:
-	ERR_print_errors(bio_err);
-	sk_pop_free(engines, identity);
-	if (bio_out != NULL) BIO_free_all(bio_out);
-	EXIT(ret);
-	}
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -91,7 +91,7 @@ int MAIN(int argc, char **argv)
 		out=BIO_new(BIO_s_file());
 		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
 			{
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -57,7 +57,7 @@
 * [including the GNU Public Licence.]
 */

-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
@@ -171,7 +171,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */

-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
@@ -85,7 +85,7 @@ int MAIN(int argc, char **argv)
 	char *inrand=NULL,*dsaparams=NULL;
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
-	const EVP_CIPHER *enc=NULL;
+	EVP_CIPHER *enc=NULL;
 	char *engine=NULL;

 	apps_startup();
@@ -121,13 +121,13 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-") == 0)
 			goto bad;
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		else if (strcmp(*argv,"-des") == 0)
 			enc=EVP_des_cbc();
 		else if (strcmp(*argv,"-des3") == 0)
 			enc=EVP_des_ede3_cbc();
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
@@ -146,11 +146,11 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
 		BIO_printf(bio_err," -out file - output the key to 'file'\n");
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
 		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
@@ -207,7 +207,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */

-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
@@ -86,7 +86,7 @@ int MAIN(int argc, char **argv)
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
 	long l;
-	const EVP_CIPHER *enc=NULL;
+	EVP_CIPHER *enc=NULL;
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
@@ -129,13 +129,13 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		else if (strcmp(*argv,"-des") == 0)
 			enc=EVP_des_cbc();
 		else if (strcmp(*argv,"-des3") == 0)
 			enc=EVP_des_ede3_cbc();
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
@@ -155,7 +155,7 @@ bad:
 		BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
 		BIO_printf(bio_err," -des            encrypt the generated key with DES in cbc mode\n");
 		BIO_printf(bio_err," -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt the generated key with IDEA in cbc mode\n");
 #endif
 		BIO_printf(bio_err," -out file       output the key to 'file\n");
@@ -197,7 +197,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -269,7 +269,7 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
 	p=n;
 #endif
 	}
-#else /* !OPENSSL_NO_RSA */
+#else /* !NO_RSA */

 # if PEDANTIC
 static void *dummy=&dummy;
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -157,13 +157,13 @@ $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "RSA;RSAUTL;DSA;DSAPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
-	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP"
+	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
 	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
 	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
 	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
-	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ
+	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",OPENSSL,"
@@ -581,7 +581,6 @@ $ CHECK_OPTIONS:
 $!
 $! Check To See If P1 Is Blank.
 $!
-$ P1 = "NORSAREF"
 $ IF (P1.EQS."NORSAREF")
 $ THEN
 $!
@@ -806,7 +805,31 @@ $ ENDIF
 $!
 $! Set Up Initial CC Definitions, Possibly With User Ones
 $!
-$ CCDEFS = "MONOLITH"
+$ CCDEFS = "VMS=1,MONOLITH"
+$ IF F$TRNLNM("OPENSSL_NO_ASM") THEN CCDEFS = CCDEFS + ",NO_ASM"
+$ IF F$TRNLNM("OPENSSL_NO_RSA") THEN CCDEFS = CCDEFS + ",NO_RSA"
+$ IF F$TRNLNM("OPENSSL_NO_DSA") THEN CCDEFS = CCDEFS + ",NO_DSA"
+$ IF F$TRNLNM("OPENSSL_NO_DH") THEN CCDEFS = CCDEFS + ",NO_DH"
+$ IF F$TRNLNM("OPENSSL_NO_MD2") THEN CCDEFS = CCDEFS + ",NO_MD2"
+$ IF F$TRNLNM("OPENSSL_NO_MD5") THEN CCDEFS = CCDEFS + ",NO_MD5"
+$ IF F$TRNLNM("OPENSSL_NO_RIPEMD") THEN CCDEFS = CCDEFS + ",NO_RIPEMD"
+$ IF F$TRNLNM("OPENSSL_NO_SHA") THEN CCDEFS = CCDEFS + ",NO_SHA"
+$ IF F$TRNLNM("OPENSSL_NO_SHA0") THEN CCDEFS = CCDEFS + ",NO_SHA0"
+$ IF F$TRNLNM("OPENSSL_NO_SHA1") THEN CCDEFS = CCDEFS + ",NO_SHA1"
+$ IF F$TRNLNM("OPENSSL_NO_DES")
+$ THEN
+$   CCDEFS = CCDEFS + ",NO_DES,NO_MDC2"
+$ ELSE
+$   IF F$TRNLNM("OPENSSL_NO_MDC2") THEN CCDEFS = CCDEFS + ",NO_MDC2"
+$ ENDIF
+$ IF F$TRNLNM("OPENSSL_NO_RC2") THEN CCDEFS = CCDEFS + ",NO_RC2"
+$ IF F$TRNLNM("OPENSSL_NO_RC4") THEN CCDEFS = CCDEFS + ",NO_RC4"
+$ IF F$TRNLNM("OPENSSL_NO_RC5") THEN CCDEFS = CCDEFS + ",NO_RC5"
+$ IF F$TRNLNM("OPENSSL_NO_IDEA") THEN CCDEFS = CCDEFS + ",NO_IDEA"
+$ IF F$TRNLNM("OPENSSL_NO_BF") THEN CCDEFS = CCDEFS + ",NO_BF"
+$ IF F$TRNLNM("OPENSSL_NO_CAST") THEN CCDEFS = CCDEFS + ",NO_CAST"
+$ IF F$TRNLNM("OPENSSL_NO_HMAC") THEN CCDEFS = CCDEFS + ",NO_HMAC"
+$ IF F$TRNLNM("OPENSSL_NO_SSL2") THEN CCDEFS = CCDEFS + ",NO_SSL2"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
@@ -838,8 +861,7 @@ $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
+           "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -870,8 +892,7 @@ $	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
 $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -902,8 +923,7 @@ $!
 $!    Use GNU C...
 $!
 $     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
-$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
+$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -121,7 +121,7 @@ int MAIN(int argc, char **argv)
 		}
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1,756 +0,0 @@
-/* ocsp.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/pem.h>
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include "apps.h"
-
-/* Maximum leeway in validity period: default 5 minutes */
-#define MAX_VALIDITY_PERIOD	(5 * 60)
-
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
-				STACK_OF(OCSP_CERTID) *ids);
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
-				STACK_OF(OCSP_CERTID) *ids);
-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
-				STACK *names, STACK_OF(OCSP_CERTID) *ids,
-				long nsec, long maxage);
-
-#undef PROG
-#define PROG ocsp_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	char **args;
-	char *host = NULL, *port = NULL, *path = "/";
-	char *reqin = NULL, *respin = NULL;
-	char *reqout = NULL, *respout = NULL;
-	char *signfile = NULL, *keyfile = NULL;
-	char *outfile = NULL;
-	int add_nonce = 1, noverify = 0, use_ssl = -1;
-	OCSP_REQUEST *req = NULL;
-	OCSP_RESPONSE *resp = NULL;
-	OCSP_BASICRESP *bs = NULL;
-	X509 *issuer = NULL, *cert = NULL;
-	X509 *signer = NULL;
-	EVP_PKEY *key = NULL;
-	BIO *cbio = NULL, *derbio = NULL;
-	BIO *out = NULL;
-	int req_text = 0, resp_text = 0;
-	long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
-	char *CAfile = NULL, *CApath = NULL;
-	X509_STORE *store = NULL;
-	SSL_CTX *ctx = NULL;
-	STACK_OF(X509) *sign_other = NULL, *verify_other = NULL;
-	char *sign_certfile = NULL, *verify_certfile = NULL;
-	unsigned long sign_flags = 0, verify_flags = 0;
-	int ret = 1;
-	int badarg = 0;
-	int i;
-	STACK *reqnames = NULL;
-	STACK_OF(OCSP_CERTID) *ids = NULL;
-	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-	SSL_load_error_strings();
-	args = argv + 1;
-	reqnames = sk_new_null();
-	ids = sk_OCSP_CERTID_new_null();
-	while (!badarg && *args && *args[0] == '-')
-		{
-		if (!strcmp(*args, "-out"))
-			{
-			if (args[1])
-				{
-				args++;
-				outfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-url"))
-			{
-			if (args[1])
-				{
-				args++;
-				if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl))
-					{
-					BIO_printf(bio_err, "Error parsing URL\n");
-					badarg = 1;
-					}
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-host"))
-			{
-			if (args[1])
-				{
-				args++;
-				host = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-noverify"))
-			noverify = 1;
-		else if (!strcmp(*args, "-nonce"))
-			add_nonce = 2;
-		else if (!strcmp(*args, "-no_nonce"))
-			add_nonce = 0;
-		else if (!strcmp(*args, "-no_certs"))
-			sign_flags |= OCSP_NOCERTS;
-		else if (!strcmp(*args, "-no_signature_verify"))
-			verify_flags |= OCSP_NOSIGS;
-		else if (!strcmp(*args, "-no_cert_verify"))
-			verify_flags |= OCSP_NOVERIFY;
-		else if (!strcmp(*args, "-no_chain"))
-			verify_flags |= OCSP_NOCHAIN;
-		else if (!strcmp(*args, "-no_cert_checks"))
-			verify_flags |= OCSP_NOCHECKS;
-		else if (!strcmp(*args, "-no_explicit"))
-			verify_flags |= OCSP_NOEXPLICIT;
-		else if (!strcmp(*args, "-trust_other"))
-			verify_flags |= OCSP_TRUSTOTHER;
-		else if (!strcmp(*args, "-no_intern"))
-			verify_flags |= OCSP_NOINTERN;
-		else if (!strcmp(*args, "-text"))
-			{
-			req_text = 1;
-			resp_text = 1;
-			}
-		else if (!strcmp(*args, "-req_text"))
-			req_text = 1;
-		else if (!strcmp(*args, "-resp_text"))
-			resp_text = 1;
-		else if (!strcmp(*args, "-reqin"))
-			{
-			if (args[1])
-				{
-				args++;
-				reqin = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-respin"))
-			{
-			if (args[1])
-				{
-				args++;
-				respin = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-signer"))
-			{
-			if (args[1])
-				{
-				args++;
-				signfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-VAfile"))
-			{
-			if (args[1])
-				{
-				args++;
-				verify_certfile = *args;
-				verify_flags |= OCSP_TRUSTOTHER;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-sign_other"))
-			{
-			if (args[1])
-				{
-				args++;
-				sign_certfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-verify_other"))
-			{
-			if (args[1])
-				{
-				args++;
-				verify_certfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-CAfile"))
-			{
-			if (args[1])
-				{
-				args++;
-				CAfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-CApath"))
-			{
-			if (args[1])
-				{
-				args++;
-				CApath = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-validity_period"))
-			{
-			if (args[1])
-				{
-				args++;
-				nsec = atol(*args);
-				if (nsec < 0)
-					{
-					BIO_printf(bio_err,
-						"Illegal validity period %s\n",
-						*args);
-					badarg = 1;
-					}
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-status_age"))
-			{
-			if (args[1])
-				{
-				args++;
-				maxage = atol(*args);
-				if (maxage < 0)
-					{
-					BIO_printf(bio_err,
-						"Illegal validity age %s\n",
-						*args);
-					badarg = 1;
-					}
-				}
-			else badarg = 1;
-			}
-		 else if (!strcmp(*args, "-signkey"))
-			{
-			if (args[1])
-				{
-				args++;
-				keyfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-reqout"))
-			{
-			if (args[1])
-				{
-				args++;
-				reqout = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-respout"))
-			{
-			if (args[1])
-				{
-				args++;
-				respout = *args;
-				}
-			else badarg = 1;
-			}
-		 else if (!strcmp(*args, "-path"))
-			{
-			if (args[1])
-				{
-				args++;
-				path = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-issuer"))
-			{
-			if (args[1])
-				{
-				args++;
-				X509_free(issuer);
-				issuer = load_cert(bio_err, *args, FORMAT_PEM);
-				if(!issuer) goto end;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-cert"))
-			{
-			if (args[1])
-				{
-				args++;
-				X509_free(cert);
-				cert = load_cert(bio_err, *args, FORMAT_PEM);
-				if(!cert) goto end;
-				if(!add_ocsp_cert(&req, cert, issuer, ids))
-					goto end;
-				if(!sk_push(reqnames, *args))
-					goto end;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-serial"))
-			{
-			if (args[1])
-				{
-				args++;
-				if(!add_ocsp_serial(&req, *args, issuer, ids))
-					goto end;
-				if(!sk_push(reqnames, *args))
-					goto end;
-				}
-			else badarg = 1;
-			}
-		else badarg = 1;
-		args++;
-		}
-
-	/* Have we anything to do? */
-	if (!req && !reqin && !respin) badarg = 1;
-
-	if (badarg)
-		{
-		BIO_printf (bio_err, "OCSP utility\n");
-		BIO_printf (bio_err, "Usage ocsp [options]\n");
-		BIO_printf (bio_err, "where options are\n");
-		BIO_printf (bio_err, "-out file          output filename\n");
-		BIO_printf (bio_err, "-issuer file       issuer certificate\n");
-		BIO_printf (bio_err, "-cert file         certificate to check\n");
-		BIO_printf (bio_err, "-serial n          serial number to check\n");
-		BIO_printf (bio_err, "-signer file       certificate to sign OCSP request with\n");
-		BIO_printf (bio_err, "-signkey file      private key to sign OCSP request with\n");
-		BIO_printf (bio_err, "-sign_certs file   additional certificates to include in signed request\n");
-		BIO_printf (bio_err, "-no_certs          don't include any certificates in signed request\n");
-		BIO_printf (bio_err, "-req_text          print text form of request\n");
-		BIO_printf (bio_err, "-resp_text         print text form of response\n");
-		BIO_printf (bio_err, "-text              print text form of request and response\n");
-		BIO_printf (bio_err, "-reqout file       write DER encoded OCSP request to \"file\"\n");
-		BIO_printf (bio_err, "-respout file      write DER encoded OCSP reponse to \"file\"\n");
-		BIO_printf (bio_err, "-reqin file        read DER encoded OCSP request from \"file\"\n");
-		BIO_printf (bio_err, "-respin file       read DER encoded OCSP reponse from \"file\"\n");
-		BIO_printf (bio_err, "-nonce             add OCSP nonce to request\n");
-		BIO_printf (bio_err, "-no_nonce          don't add OCSP nonce to request\n");
-		BIO_printf (bio_err, "-url URL           OCSP responder URL\n");
-		BIO_printf (bio_err, "-host host:n       send OCSP request to host on port n\n");
-		BIO_printf (bio_err, "-path              path to use in OCSP request\n");
-		BIO_printf (bio_err, "-CApath dir        trusted certificates directory\n");
-		BIO_printf (bio_err, "-CAfile file       trusted certificates file\n");
-		BIO_printf (bio_err, "-VAfile file       validator certificates file\n");
-		BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
-		BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");
-		BIO_printf (bio_err, "-noverify          don't verify response at all\n");
-		BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n");
-		BIO_printf (bio_err, "-trust_other       don't verify additional certificates\n");
-		BIO_printf (bio_err, "-no_intern         don't search certificates contained in response for signer\n");
-		BIO_printf (bio_err, "-no_sig_verify     don't check signature on response\n");
-		BIO_printf (bio_err, "-no_cert_verify    don't check signing certificate\n");
-		BIO_printf (bio_err, "-no_chain          don't chain verify response\n");
-		BIO_printf (bio_err, "-no_cert_checks    don't do additional checks on signing certificate\n");
-		goto end;
-		}
-
-	if(outfile) out = BIO_new_file(outfile, "w");
-	else out = BIO_new_fp(stdout, BIO_NOCLOSE);
-
-	if(!out)
-		{
-		BIO_printf(bio_err, "Error opening output file\n");
-		goto end;
-		}
-
-	if (!req && (add_nonce != 2)) add_nonce = 0;
-
-	if (!req && reqin)
-		{
-		derbio = BIO_new_file(reqin, "rb");
-		if (!derbio)
-			{
-			BIO_printf(bio_err, "Error Opening OCSP request file\n");
-			goto end;
-			}
-		req = d2i_OCSP_REQUEST_bio(derbio, NULL);
-		BIO_free(derbio);
-		if(!req)
-			{
-			BIO_printf(bio_err, "Error reading OCSP request\n");
-			goto end;
-			}
-		}
-
-	if (!req && (signfile || reqout || host || add_nonce))
-		{
-		BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
-		goto end;
-		}
-
-	if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1);
-
-	if (signfile)
-		{
-		if (!keyfile) keyfile = signfile;
-		signer = load_cert(bio_err, signfile, FORMAT_PEM);
-		if (!signer)
-			{
-			BIO_printf(bio_err, "Error loading signer certificate\n");
-			goto end;
-			}
-		if (sign_certfile)
-			{
-			sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM);
-			if (!sign_other) goto end;
-			}
-		key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL);
-		if (!key)
-			{
-			BIO_printf(bio_err, "Error loading signer private key\n");
-			goto end;
-			}
-		if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags))
-			{
-			BIO_printf(bio_err, "Error signing OCSP request\n");
-			goto end;
-			}
-		}
-
-	if (reqout)
-		{
-		derbio = BIO_new_file(reqout, "wb");
-		if (!derbio)
-			{
-			BIO_printf(bio_err, "Error opening file %s\n", reqout);
-			goto end;
-			}
-		i2d_OCSP_REQUEST_bio(derbio, req);
-		BIO_free(derbio);
-		}
-
-	if (req_text && req) OCSP_REQUEST_print(out, req, 0);
-
-	if (host)
-		{
-		cbio = BIO_new_connect(host);
-		if (!cbio)
-			{
-			BIO_printf(bio_err, "Error creating connect BIO\n");
-			goto end;
-			}
-		if (port) BIO_set_conn_port(cbio, port);
-		if (use_ssl == 1)
-			{
-			BIO *sbio;
-			ctx = SSL_CTX_new(SSLv23_client_method());
-			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
-			sbio = BIO_new_ssl(ctx, 1);
-			cbio = BIO_push(sbio, cbio);
-			}
-		if (BIO_do_connect(cbio) <= 0)
-			{
-			BIO_printf(bio_err, "Error connecting BIO\n");
-			goto end;
-			}
-		resp = OCSP_sendreq_bio(cbio, path, req);
-		BIO_free_all(cbio);
-		cbio = NULL;
-		if (!resp)
-			{
-			BIO_printf(bio_err, "Error querying OCSP responsder\n");
-			goto end;
-			}
-		}
-	else if (respin)
-		{
-		derbio = BIO_new_file(respin, "rb");
-		if (!derbio)
-			{
-			BIO_printf(bio_err, "Error Opening OCSP response file\n");
-			goto end;
-			}
-		resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
-		BIO_free(derbio);
-		if(!resp)
-			{
-			BIO_printf(bio_err, "Error reading OCSP response\n");
-			goto end;
-			}
-	
-		}
-	else
-		{
-		ret = 0;
-		goto end;
-		}
-
-	if (respout)
-		{
-		derbio = BIO_new_file(respout, "wb");
-		if(!derbio)
-			{
-			BIO_printf(bio_err, "Error opening file %s\n", respout);
-			goto end;
-			}
-		i2d_OCSP_RESPONSE_bio(derbio, resp);
-		BIO_free(derbio);
-		}
-
-	i = OCSP_response_status(resp);
-
-	if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
-		{
-		BIO_printf(out, "Responder Error: %s (%ld)\n",
-				OCSP_response_status_str(i), i);
-		ret = 0;
-		goto end;
-		}
-
-	if (resp_text) OCSP_RESPONSE_print(out, resp, 0);
-
-	store = setup_verify(bio_err, CAfile, CApath);
-	if(!store) goto end;
-	if (verify_certfile)
-		{
-		verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM);
-		if (!verify_other) goto end;
-		}
-
-	bs = OCSP_response_get1_basic(resp);
-
-	if (!bs)
-		{
-		BIO_printf(bio_err, "Error parsing response\n");
-		goto end;
-		}
-
-	if (!noverify)
-		{
-		if (req && ((i = OCSP_check_nonce(req, bs)) <= 0))
-			{
-			if (i == -1)
-				BIO_printf(bio_err, "WARNING: no nonce in response\n");
-			else
-				{
-				BIO_printf(bio_err, "Nonce Verify error\n");
-				goto end;
-				}
-			}
-
-		i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
-                if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);
-
-		if(i <= 0)
-			{
-			BIO_printf(bio_err, "Response Verify Failure\n", i);
-			ERR_print_errors(bio_err);
-			}
-		else
-			BIO_printf(bio_err, "Response verify OK\n");
-
-		}
-
-	if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
-		goto end;
-
-	ret = 0;
-
-end:
-	ERR_print_errors(bio_err);
-	X509_free(signer);
-	X509_STORE_free(store);
-	EVP_PKEY_free(key);
-	X509_free(issuer);
-	X509_free(cert);
-	BIO_free_all(cbio);
-	BIO_free(out);
-	OCSP_REQUEST_free(req);
-	OCSP_RESPONSE_free(resp);
-	OCSP_BASICRESP_free(bs);
-	sk_free(reqnames);
-	sk_OCSP_CERTID_free(ids);
-	sk_X509_pop_free(sign_other, X509_free);
-	sk_X509_pop_free(verify_other, X509_free);
-
-	if (use_ssl != -1)
-		{
-		OPENSSL_free(host);
-		OPENSSL_free(port);
-		OPENSSL_free(path);
-		SSL_CTX_free(ctx);
-		}
-
-	EXIT(ret);
-}
-
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
-				STACK_OF(OCSP_CERTID) *ids)
-	{
-	OCSP_CERTID *id;
-	if(!issuer)
-		{
-		BIO_printf(bio_err, "No issuer certificate specified\n");
-		return 0;
-		}
-	if(!*req) *req = OCSP_REQUEST_new();
-	if(!*req) goto err;
-	id = OCSP_cert_to_id(NULL, cert, issuer);
-	if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
-	if(!OCSP_request_add0_id(*req, id)) goto err;
-	return 1;
-
-	err:
-	BIO_printf(bio_err, "Error Creating OCSP request\n");
-	return 0;
-	}
-
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
-				STACK_OF(OCSP_CERTID) *ids)
-	{
-	OCSP_CERTID *id;
-	X509_NAME *iname;
-	ASN1_BIT_STRING *ikey;
-	ASN1_INTEGER *sno;
-	if(!issuer)
-		{
-		BIO_printf(bio_err, "No issuer certificate specified\n");
-		return 0;
-		}
-	if(!*req) *req = OCSP_REQUEST_new();
-	if(!*req) goto err;
-	iname = X509_get_subject_name(issuer);
-	ikey = X509_get0_pubkey_bitstr(issuer);
-	sno = s2i_ASN1_INTEGER(NULL, serial);
-	if(!sno)
-		{
-		BIO_printf(bio_err, "Error converting serial number %s\n", serial);
-		return 0;
-		}
-	id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);
-	ASN1_INTEGER_free(sno);
-	if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
-	if(!OCSP_request_add0_id(*req, id)) goto err;
-	return 1;
-
-	err:
-	BIO_printf(bio_err, "Error Creating OCSP request\n");
-	return 0;
-	}
-
-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
-					STACK *names, STACK_OF(OCSP_CERTID) *ids,
-					long nsec, long maxage)
-	{
-	OCSP_CERTID *id;
-	char *name;
-	int i;
-
-	int status, reason;
-
-	ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
-
-	if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))
-		return 1;
-
-	for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
-		{
-		id = sk_OCSP_CERTID_value(ids, i);
-		name = sk_value(names, i);
-		BIO_printf(out, "%s: ", name);
-
-		if(!OCSP_resp_find_status(bs, id, &status, &reason,
-					&rev, &thisupd, &nextupd))
-			{
-			BIO_puts(out, "ERROR: No Status found.\n");
-			continue;
-			}
-
-		/* Check validity: if invalid write to output BIO so we
-		 * know which response this refers to.
-		 */
-		if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage))
-			{
-			BIO_puts(out, "WARNING: Status times invalid.\n");
-			ERR_print_errors(out);
-			}
-		BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
-
-		BIO_puts(out, "\tThis Update: ");
-		ASN1_GENERALIZEDTIME_print(out, thisupd);
-		BIO_puts(out, "\n");
-
-		if(nextupd)
-			{
-			BIO_puts(out, "\tNext Update: ");
-			ASN1_GENERALIZEDTIME_print(out, nextupd);
-			BIO_puts(out, "\n");
-			}
-
-		if (status != V_OCSP_CERTSTATUS_REVOKED)
-			continue;
-
-		if (reason != -1)
-			BIO_printf(out, "\tReason: %s\n",
-				OCSP_crl_reason_str(reason));
-
-		BIO_puts(out, "\tRevocation Time: ");
-		ASN1_GENERALIZEDTIME_print(out, rev);
-		BIO_puts(out, "\n");
-		}
-
-	return 1;
-	}
-
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -55,60 +55,6 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-

 #include <stdio.h>
 #include <string.h>
@@ -127,15 +73,8 @@
 #include "s_apps.h"
 #include <openssl/err.h>

-/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
- * base prototypes (we cast each variable inside the function to the required
- * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
- * functions. */
-
-/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
-static unsigned long MS_CALLBACK hash(const void *a_void);
-/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
-static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
+static unsigned long MS_CALLBACK hash(FUNCTION *a);
+static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
 LHASH *config=NULL;
@@ -146,71 +85,6 @@ char *default_config_file=NULL;
 BIO *bio_err=NULL;
 #endif

-
-static void lock_dbg_cb(int mode, int type, const char *file, int line)
-	{
-	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
-	const char *errstr = NULL;
-	int rw;
-	
-	rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
-	if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
-		{
-		errstr = "invalid mode";
-		goto err;
-		}
-
-	if (type < 0 || type > CRYPTO_NUM_LOCKS)
-		{
-		errstr = "type out of bounds";
-		goto err;
-		}
-
-	if (mode & CRYPTO_LOCK)
-		{
-		if (modes[type])
-			{
-			errstr = "already locked";
-			/* must not happen in a single-threaded program
-			 * (would deadlock) */
-			goto err;
-			}
-
-		modes[type] = rw;
-		}
-	else if (mode & CRYPTO_UNLOCK)
-		{
-		if (!modes[type])
-			{
-			errstr = "not locked";
-			goto err;
-			}
-		
-		if (modes[type] != rw)
-			{
-			errstr = (rw == CRYPTO_READ) ?
-				"CRYPTO_r_unlock on write lock" :
-				"CRYPTO_w_unlock on read lock";
-			}
-
-		modes[type] = 0;
-		}
-	else
-		{
-		errstr = "invalid mode";
-		goto err;
-		}
-
- err:
-	if (errstr)
-		{
-		/* we cannot use bio_err here */
-		fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
-			errstr, mode, type, file, line);
-		}
-	}
-
-
 int main(int Argc, char *Argv[])
 	{
 	ARGS arg;
@@ -228,22 +102,9 @@ int main(int Argc, char *Argv[])
 	arg.count=0;

 	if (getenv("OPENSSL_DEBUG_MEMORY") != NULL)
-		{
-		if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
-			{
 		CRYPTO_malloc_debug_init();
-			CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-			}
-		}
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-#if 0
-	if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
-#endif
-		{
-		CRYPTO_set_locking_callback(lock_dbg_cb);
-		}
-
 	apps_startup();

 	if (bio_err == NULL)
@@ -251,7 +112,6 @@ int main(int Argc, char *Argv[])
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

 	ERR_load_crypto_strings();
-	ENGINE_load_builtin_engines();

 	/* Lets load up our environment a little */
 	p=getenv("OPENSSL_CONF");
@@ -260,7 +120,7 @@ int main(int Argc, char *Argv[])
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
+#ifndef VMS
 		strcat(config_name,"/");
 #endif
 		strcat(config_name,OPENSSL_CONF);
@@ -378,7 +238,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 	else if ((strncmp(argv[0],"no-",3)) == 0)
 		{
 		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		bio_stdout = BIO_push(tmpbio, bio_stdout);
@@ -415,7 +275,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
 			list_type = FUNC_TYPE_CIPHER;
 		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		bio_stdout = BIO_push(tmpbio, bio_stdout);
@@ -490,23 +350,19 @@ static LHASH *prog_init(void)
 	    ;
 	qsort(functions,i,sizeof *functions,SortFnByName);

-	if ((ret=lh_new(hash, cmp)) == NULL)
-		return(NULL);
+	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);

 	for (f=functions; f->name != NULL; f++)
 		lh_insert(ret,f);
 	return(ret);
 	}

-/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
-static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
+static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b)
 	{
-	return(strncmp(((FUNCTION *)a_void)->name,
-			((FUNCTION *)b_void)->name,8));
+	return(strncmp(a->name,b->name,8));
 	}

-/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
-static unsigned long MS_CALLBACK hash(const void *a_void)
+static unsigned long MS_CALLBACK hash(FUNCTION *a)
 	{
-	return(lh_strhash(((FUNCTION *)a_void)->name));
+	return(lh_strhash(a->name));
 	}
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -132,7 +132,7 @@ commonName			= Common Name (eg, YOUR name)
 commonName_max			= 64

 emailAddress			= Email Address
-emailAddress_max		= 64
+emailAddress_max		= 40

 # SET-ex3			= SET extension number 3

--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -1,10 +1,10 @@
 /* apps/passwd.c */

-#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
+#if defined NO_MD5 || defined CHARSET_EBCDIC
 # define NO_MD5CRYPT_1
 #endif

-#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
+#if !defined(NO_DES) || !defined(NO_MD5CRYPT_1)

 #include <assert.h>
 #include <string.h>
@@ -16,7 +16,7 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>

-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 # include <openssl/des.h>
 #endif
 #ifndef NO_MD5CRYPT_1
@@ -50,7 +50,6 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 * -salt string  - salt
 * -in file      - read passwords from file
 * -stdin        - read passwords from stdin
- * -noverify     - never verify when reading password from terminal
 * -quiet        - no warnings
 * -table        - format output as table
 * -reverse      - switch table columns
@@ -63,7 +62,6 @@ int MAIN(int argc, char **argv)
 	int ret = 1;
 	char *infile = NULL;
 	int in_stdin = 0;
-	int in_noverify = 0;
 	char *salt = NULL, *passwd = NULL, **passwds = NULL;
 	char *salt_malloc = NULL, *passwd_malloc = NULL;
 	size_t passwd_malloc_size = 0;
@@ -83,7 +81,7 @@ int MAIN(int argc, char **argv)
 	if (out == NULL)
 		goto err;
 	BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	out = BIO_push(tmpbio, out);
@@ -130,8 +128,6 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
-		else if (strcmp(argv[i], "-noverify") == 0)
-			in_noverify = 1;
 		else if (strcmp(argv[i], "-quiet") == 0)
 			quiet = 1;
 		else if (strcmp(argv[i], "-table") == 0)
@@ -157,7 +153,7 @@ int MAIN(int argc, char **argv)
 		badopt = 1;

 	/* reject unsupported algorithms */
-#ifdef OPENSSL_NO_DES
+#ifdef NO_DES
 	if (usecrypt) badopt = 1;
 #endif
 #ifdef NO_MD5CRYPT_1
@@ -168,7 +164,7 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
 		BIO_printf(bio_err, "where options are\n");
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		BIO_printf(bio_err, "-crypt             standard Unix password algorithm (default)\n");
 #endif
 #ifndef NO_MD5CRYPT_1
@@ -178,7 +174,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-salt string       use provided salt\n");
 		BIO_printf(bio_err, "-in file           read passwords from file\n");
 		BIO_printf(bio_err, "-stdin             read passwords from stdin\n");
-		BIO_printf(bio_err, "-noverify          never verify when reading password from terminal\n");
 		BIO_printf(bio_err, "-quiet             no warnings\n");
 		BIO_printf(bio_err, "-table             format output as table\n");
 		BIO_printf(bio_err, "-reverse           switch table columns\n");
@@ -227,7 +222,7 @@ int MAIN(int argc, char **argv)
 		
 		passwds = passwds_static;
 		if (in == NULL)
-			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
+			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
 				goto err;
 		passwds[0] = passwd_malloc;
 		}
@@ -423,7 +418,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	/* first make sure we have a salt */
 	if (!passed_salt)
 		{
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		if (usecrypt)
 			{
 			if (*salt_malloc_p == NULL)
@@ -442,7 +437,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 			                                    * back to ASCII */
 #endif
 			}
-#endif /* !OPENSSL_NO_DES */
+#endif /* !NO_DES */

 #ifndef NO_MD5CRYPT_1
 		if (use1 || useapr1)
@@ -477,7 +472,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	assert(strlen(passwd) <= pw_maxlen);
 	
 	/* now compute password hash */
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	if (usecrypt)
 		hash = des_crypt(passwd, *salt_p);
 #endif
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,5 +1,5 @@
 /* pkcs12.c */
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+#if !defined(NO_DES) && !defined(NO_SHA1)

 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
@@ -70,7 +70,7 @@

 #define PROG pkcs12_main

-const EVP_CIPHER *enc;
+EVP_CIPHER *enc;


 #define NOKEYS		0x1
@@ -147,7 +147,7 @@ int MAIN(int argc, char **argv)
    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 		else if (!strcmp (*args, "-export")) export_cert = 1;
 		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
 #endif
 		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
@@ -272,7 +272,7 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-info         give info about PKCS#12 structure.\n");
 	BIO_printf (bio_err, "-des          encrypt private keys with DES\n");
 	BIO_printf (bio_err, "-des3         encrypt private keys with triple DES (default)\n");
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
 #endif
 	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
@@ -375,7 +375,7 @@ int MAIN(int argc, char **argv)

    if (!outfile) {
 	out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 	{
 	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	    out = BIO_push(tmpbio, out);
@@ -521,7 +521,7 @@ int MAIN(int argc, char **argv)
 	for(i = 0; i < sk_X509_num(certs); i++) {
 		X509 *cert = NULL;
 		cert = sk_X509_value(certs, i);
-		bag = PKCS12_x5092certbag(cert);
+		bag = M_PKCS12_x5092certbag(cert);
 		/* If it matches private key set id */
 		if(cert == ucert) {
 			if(name) PKCS12_add_friendlyname(bag, name, -1);
@@ -594,7 +594,7 @@ int MAIN(int argc, char **argv)

 	p12 = PKCS12_init (NID_pkcs7_data);

-	PKCS12_pack_authsafes(p12, safes);
+	M_PKCS12_pack_authsafes (p12, safes);

 	sk_PKCS7_pop_free(safes, PKCS7_free);
 	safes = NULL;
@@ -702,12 +702,12 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 	int i, bagnid;
 	PKCS7 *p7;

-	if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
+	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
 	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
 		p7 = sk_PKCS7_value (asafes, i);
 		bagnid = OBJ_obj2nid (p7->type);
 		if (bagnid == NID_pkcs7_data) {
-			bags = PKCS12_unpack_p7data(p7);
+			bags = M_PKCS12_unpack_p7data (p7);
 			if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
 		} else if (bagnid == NID_pkcs7_encrypted) {
 			if (options & INFO) {
@@ -715,7 +715,7 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 				alg_print (bio_err, 
 					p7->d.encrypted->enc_data->algorithm);
 			}
-			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+			bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
 		} else continue;
 		if (!bags) return 0;
 	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
@@ -770,7 +770,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		}
 		if (options & NOKEYS) return 1;
 		print_attribs (out, bag->attrib, "Bag Attributes");
-		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
+		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
 				return 0;
 		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
 		print_attribs (out, p8->attributes, "Key Attributes");
@@ -788,7 +788,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
 								 return 1;
-		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
+		if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
 		dump_cert_text (out, x509);
 		PEM_write_bio_X509 (out, x509);
 		X509_free(x509);
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -225,7 +225,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -226,7 +226,7 @@ int MAIN(int argc, char **argv)
 		}
 	} else {
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
@@ -325,7 +325,7 @@ int MAIN(int argc, char **argv)
 			p8pass = pass;
 			EVP_read_pw_string(pass, 50, "Enter Password:", 0);
 		}
-		p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
+		p8inf = M_PKCS8_decrypt(p8, p8pass, strlen(p8pass));
 		X509_SIG_free(p8);
 	}

--- a/apps/progs.h
+++ b/apps/progs.h
@@ -35,8 +35,6 @@ extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
 extern int rand_main(int argc,char *argv[]);
-extern int engine_main(int argc,char *argv[]);
-extern int ocsp_main(int argc,char *argv[]);

 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -53,66 +51,64 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
 	{FUNC_TYPE_GENERAL,"req",req_main},
 	{FUNC_TYPE_GENERAL,"dgst",dgst_main},
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"dh",dh_main},
 #endif
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
 #endif
 	{FUNC_TYPE_GENERAL,"enc",enc_main},
 	{FUNC_TYPE_GENERAL,"passwd",passwd_main},
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"gendh",gendh_main},
 #endif
 	{FUNC_TYPE_GENERAL,"errstr",errstr_main},
 	{FUNC_TYPE_GENERAL,"ca",ca_main},
 	{FUNC_TYPE_GENERAL,"crl",crl_main},
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"rsa",rsa_main},
 #endif
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"dsa",dsa_main},
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
 #endif
 	{FUNC_TYPE_GENERAL,"x509",x509_main},
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
 #endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_server",s_server_main},
 #endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_client",s_client_main},
 #endif
 	{FUNC_TYPE_GENERAL,"speed",speed_main},
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_time",s_time_main},
 #endif
 	{FUNC_TYPE_GENERAL,"version",version_main},
 	{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
 	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
 	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
 	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
 #endif
 	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+#if !defined(NO_DES) && !defined(NO_SHA1)
 	{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
 #endif
 	{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
 	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
 	{FUNC_TYPE_GENERAL,"smime",smime_main},
 	{FUNC_TYPE_GENERAL,"rand",rand_main},
-	{FUNC_TYPE_GENERAL,"engine",engine_main},
-	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
 	{FUNC_TYPE_MD,"md4",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
@@ -121,139 +117,139 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_MD,"mdc2",dgst_main},
 	{FUNC_TYPE_MD,"rmd160",dgst_main},
 	{FUNC_TYPE_CIPHER,"base64",enc_main},
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des3",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"desx",enc_main},
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	{FUNC_TYPE_CIPHER,"rc4",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	{FUNC_TYPE_CIPHER,"rc4-40",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2",enc_main},
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf",enc_main},
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
 #endif
 	{0,NULL,NULL}
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -51,7 +51,7 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
-		else if (strcmp(argv[i], "-engine") == 0)
+		if (strcmp(argv[i], "-engine") == 0)
 			{
 			if ((argv[i+1] != NULL) && (engine == NULL))
 				engine = argv[++i];
@@ -132,7 +132,7 @@ int MAIN(int argc, char **argv)
 	else
 		{
 		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
--- a/apps/req.c
+++ b/apps/req.c
@@ -60,7 +60,7 @@
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -102,7 +102,7 @@
 * -nodes	- no des encryption
 * -config file	- Load configuration file.
 * -key file	- make a request using key in file (or use it for verification).
- * -keyform arg	- key file format.
+ * -keyform	- key file format.
 * -rand file(s) - load the file(s) into the PRNG.
 * -newkey	- make a key and a request.
 * -modulus	- print RSA modulus.
@@ -111,8 +111,7 @@
 *		  require.  This format is wrong
 */

-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs);
-static int build_subject(X509_REQ *req, char *subj);
+static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
 static int prompt_info(X509_REQ *req,
 		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
 		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs);
@@ -123,7 +122,7 @@ static int add_attribute_object(X509_REQ *req, char *text,
 				int max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int nid,int min,int max);
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 static void MS_CALLBACK req_cb(int p,int n,void *arg);
 #endif
 static int req_check_len(int len,int min,int max);
@@ -133,7 +132,6 @@ static char *default_config_file=NULL;
 static LHASH *config=NULL;
 #endif
 static LHASH *req_conf=NULL;
-static int batch=0;

 #define TYPE_RSA	1
 #define TYPE_DSA	2
@@ -144,37 +142,34 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	DSA *dsa_params=NULL;
 #endif
-	unsigned long nmflag = 0;
 	int ex=1,x509=0,days=30;
 	X509 *x509ss=NULL;
 	X509_REQ *req=NULL;
 	EVP_PKEY *pkey=NULL;
-	int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA;
+	int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
-	int nodes=0,kludge=0,newhdr=0,subject=0;
+	int nodes=0,kludge=0,newhdr=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
 	char *engine=NULL;
 	char *extensions = NULL;
 	char *req_exts = NULL;
-	const EVP_CIPHER *cipher=NULL;
-	ASN1_INTEGER *serial = NULL;
+	EVP_CIPHER *cipher=NULL;
 	int modulus=0;
 	char *inrand=NULL;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	char *p;
-	char *subj = NULL;
 	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 #ifndef MONOLITH
 	MS_STATIC char config_name[256];
 #endif

 	req_conf = NULL;
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	cipher=EVP_des_ede3_cbc();
 #endif
 	apps_startup();
@@ -215,6 +210,7 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-new") == 0)
 			{
+			pkey_type=TYPE_RSA;
 			newreq=1;
 			}
 		else if (strcmp(*argv,"-config") == 0)
@@ -272,7 +268,7 @@ int MAIN(int argc, char **argv)
 				newkey= atoi(p);
 				}
 			else
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 				if (strncmp("dsa:",p,4) == 0)
 				{
 				X509 *xtmp=NULL;
@@ -312,7 +308,7 @@ int MAIN(int argc, char **argv)
 				}
 			else 
 #endif
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 				if (strncmp("dh:",p,4) == 0)
 				{
 				pkey_type=TYPE_DH;
@@ -324,8 +320,6 @@ int MAIN(int argc, char **argv)

 			newreq=1;
 			}
-		else if (strcmp(*argv,"-batch") == 0)
-			batch=1;
 		else if (strcmp(*argv,"-newhdr") == 0)
 			newhdr=1;
 		else if (strcmp(*argv,"-modulus") == 0)
@@ -336,15 +330,6 @@ int MAIN(int argc, char **argv)
 			nodes=1;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
-		else if (strcmp(*argv,"-verbose") == 0)
-			verbose=1;
-		else if (strcmp(*argv,"-nameopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
-			}
-		else if (strcmp(*argv,"-subject") == 0)
-			subject=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-x509") == 0)
@@ -353,23 +338,12 @@ int MAIN(int argc, char **argv)
 			kludge=1;
 		else if (strcmp(*argv,"-no-asn1-kludge") == 0)
 			kludge=0;
-		else if (strcmp(*argv,"-subj") == 0)
-			{
-			if (--argc < 1) goto bad;
-			subj= *(++argv);
-			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
 			if (--argc < 1) goto bad;
 			days= atoi(*(++argv));
 			if (days == 0) days=30;
 			}
-		else if (strcmp(*argv,"-set_serial") == 0)
-			{
-			if (--argc < 1) goto bad;
-			serial = s2i_ASN1_INTEGER(NULL, *(++argv));
-			if (!serial) goto bad;
-			}
 		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			{
 			/* ok */
@@ -409,9 +383,7 @@ bad:
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
-		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");
-		BIO_printf(bio_err," -subject       output the request's subject\n");
-		BIO_printf(bio_err," -passin        private key password source\n");
+		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -key file	use the private key contained in file\n");
 		BIO_printf(bio_err," -keyform arg   key file format\n");
 		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
@@ -420,14 +392,12 @@ bad:
 		BIO_printf(bio_err,"                the random number generator\n");
 		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
+
 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
 		BIO_printf(bio_err," -config file   request template file.\n");
-		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
 		BIO_printf(bio_err," -new           new request.\n");
-		BIO_printf(bio_err," -batch         do not ask anything during request generation\n");
 		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
-		BIO_printf(bio_err," -days          number of days a certificate generated by -x509 is valid for.\n");
-		BIO_printf(bio_err," -set_serial    serial number to use for a certificate generated by -x509.\n");
+		BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");
 		BIO_printf(bio_err," -newhdr        output \"NEW\" in the header lines\n");
 		BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");
 		BIO_printf(bio_err,"                have been reported as requiring\n");
@@ -450,7 +420,7 @@ bad:
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
+#ifndef VMS
 		strcat(config_name,"/");
 #endif
 		strcat(config_name,OPENSSL_CONF);
@@ -486,8 +456,6 @@ bad:
 	if (req_conf != NULL)
 		{
 		p=CONF_get_string(req_conf,NULL,"oid_file");
-		if (p == NULL)
-			ERR_clear_error();
 		if (p != NULL)
 			{
 			BIO *oid_bio;
@@ -509,24 +477,15 @@ bad:
 		}
 		if(!add_oid_section(bio_err, req_conf)) goto end;

-	if (md_alg == NULL)
-		{
-		p=CONF_get_string(req_conf,SECTION,"default_md");
-		if (p == NULL)
-			ERR_clear_error();
-		if (p != NULL)
+	if ((md_alg == NULL) &&
+		((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
 		{
 		if ((md_alg=EVP_get_digestbyname(p)) != NULL)
 			digest=md_alg;
 		}
-		}

 	if(!extensions)
-		{
 		extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
-		if (!extensions)
-			ERR_clear_error();
-		}
 	if(extensions) {
 		/* Check syntax of file */
 		X509V3_CTX ctx;
@@ -540,22 +499,12 @@ bad:
 	}

 	if(!passin)
-		{
 		passin = CONF_get_string(req_conf, SECTION, "input_password");
-		if (!passin)
-			ERR_clear_error();
-		}

 	if(!passout)
-		{
 		passout = CONF_get_string(req_conf, SECTION, "output_password");
-		if (!passout)
-			ERR_clear_error();
-		}

 	p = CONF_get_string(req_conf, SECTION, STRING_MASK);
-	if (!p)
-		ERR_clear_error();

 	if(p && !ASN1_STRING_set_default_mask_asc(p)) {
 		BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
@@ -563,11 +512,7 @@ bad:
 	}

 	if(!req_exts)
-		{
 		req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
-		if (!req_exts)
-			ERR_clear_error();
-		}
 	if(req_exts) {
 		/* Check syntax of file */
 		X509V3_CTX ctx;
@@ -645,8 +590,6 @@ bad:
                if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
 			{
 			char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
-			if (randfile == NULL)
-				ERR_clear_error();
 			app_RAND_load_file(randfile, bio_err, 0);
                	}
 		}
@@ -654,8 +597,6 @@ bad:
 	if (newreq && (pkey == NULL))
 		{
 		char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
-		if (randfile == NULL)
-			ERR_clear_error();
 		app_RAND_load_file(randfile, bio_err, 0);
 		if (inrand)
 			app_RAND_load_files(inrand);
@@ -678,7 +619,7 @@ bad:

 		if ((pkey=EVP_PKEY_new()) == NULL) goto end;

-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 		if (pkey_type == TYPE_RSA)
 			{
 			if (!EVP_PKEY_assign_RSA(pkey,
@@ -688,7 +629,7 @@ bad:
 			}
 		else
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 			if (pkey_type == TYPE_DSA)
 			{
 			if (!DSA_generate_key(dsa_params)) goto end;
@@ -702,17 +643,13 @@ bad:
 		if (pkey == NULL) goto end;

 		if (keyout == NULL)
-			{
 			keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
-			if (keyout == NULL)
-				ERR_clear_error();
-			}

 		if (keyout == NULL)
 			{
 			BIO_printf(bio_err,"writing new private key to stdout\n");
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
@@ -731,12 +668,7 @@ bad:

 		p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
 		if (p == NULL)
-			{
-			ERR_clear_error();
 			p=CONF_get_string(req_conf,SECTION,"encrypt_key");
-			if (p == NULL)
-				ERR_clear_error();
-			}
 		if ((p != NULL) && (strcmp(p,"no") == 0))
 			cipher=NULL;
 		if (nodes) cipher=NULL;
@@ -798,7 +730,7 @@ loop:
 			BIO_printf(bio_err,"you need to specify a private key\n");
 			goto end;
 			}
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
 #endif
@@ -810,13 +742,9 @@ loop:
 				goto end;
 				}

-			i=make_REQ(req,pkey,subj,!x509);
-			subj=NULL; /* done processing '-subj' option */
-			if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
-				{
-				sk_X509_ATTRIBUTE_free(req->req_info->attributes);
-				req->req_info->attributes = NULL;
-				}
+			i=make_REQ(req,pkey,!x509);
+			if (kludge >= 0)
+				req->req_info->req_kludge=kludge;
 			if (!i)
 				{
 				BIO_printf(bio_err,"problems making Certificate Request\n");
@@ -831,9 +759,6 @@ loop:

 			/* Set version to V3 */
 			if(!X509_set_version(x509ss, 2)) goto end;
-			if (serial)
-				X509_set_serialNumber(x509ss, serial);
-			else
 			ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);

 			X509_set_issuer_name(x509ss,
@@ -888,35 +813,6 @@ loop:
 			}
 		}

-	if (subj && x509)
-		{
-		BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
-		goto end;
-		}
-
-	if (subj && !x509)
-		{
-		if (verbose)
-			{
-			BIO_printf(bio_err, "Modifying Request's Subject\n");
-			print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
-			}
-
-		if (build_subject(req, subj) == 0)
-			{
-			BIO_printf(bio_err, "ERROR: cannot modify subject\n");
-			ex=1;
-			goto end;
-			}
-
-		req->req_info->enc.modified = 1;
-
-		if (verbose)
-			{
-			print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
-			}
-		}
-
 	if (verify && !x509)
 		{
 		int tmp=0;
@@ -946,7 +842,7 @@ loop:
 			BIO_printf(bio_err,"verify OK\n");
 		}

-	if (noout && !text && !modulus && !subject)
+	if (noout && !text && !modulus)
 		{
 		ex=0;
 		goto end;
@@ -955,7 +851,7 @@ loop:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -983,14 +879,6 @@ loop:
 			X509_REQ_print(out,req);
 		}

-	if(subject) 
-		{
-		if(x509)
-			print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
-		else
-			print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
-		}
-
 	if (modulus)
 		{
 		EVP_PKEY *pubkey;
@@ -1005,7 +893,7 @@ loop:
 			goto end; 
 			}
 		fprintf(stdout,"Modulus=");
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 		if (pubkey->type == EVP_PKEY_RSA)
 			BN_print(out,pubkey->pkey.rsa->n);
 		else
@@ -1059,17 +947,16 @@ end:
 	EVP_PKEY_free(pkey);
 	X509_REQ_free(req);
 	X509_free(x509ss);
-	ASN1_INTEGER_free(serial);
 	if(passargin && passin) OPENSSL_free(passin);
 	if(passargout && passout) OPENSSL_free(passout);
 	OBJ_cleanup();
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
 	EXIT(ex);
 	}

-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	{
 	int ret=0,i;
 	char no_prompt = 0;
@@ -1077,8 +964,6 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
 	char *tmp, *dn_sect,*attr_sect;

 	tmp=CONF_get_string(req_conf,SECTION,PROMPT);
-	if (tmp == NULL)
-		ERR_clear_error();
 	if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;

 	dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
@@ -1097,10 +982,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)

 	attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
 	if (attr_sect == NULL)
-		{
-		ERR_clear_error();		
 		attr_sk=NULL;
-		}
 	else
 		{
 		attr_sk=CONF_get_section(req_conf,attr_sect);
@@ -1114,15 +996,8 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
 	/* setup version number */
 	if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */

-	if (no_prompt) 
-		i = auto_info(req, dn_sk, attr_sk, attribs);
-	else 
-		{
-		if (subj)
-			i = build_subject(req, subj);
-		else
-			i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
-		}
+	if(no_prompt) i = auto_info(req, dn_sk, attr_sk, attribs);
+	else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
 	if(!i) goto err;

 	X509_REQ_set_pubkey(req,pkey);
@@ -1132,68 +1007,6 @@ err:
 	return(ret);
 	}

-static int build_subject(X509_REQ *req, char *subject)
-	{
-	X509_NAME *n = NULL;
-
-	int i, nid, ne_num=0;
-
-	char *ne_name = NULL;
-	char *ne_value = NULL;
-
-	char *tmp = NULL;
-	char *p[2];
-
-	char *str_list[256];
-       
-	p[0] = ",/";
-        p[1] = "=";
-
-	n = X509_NAME_new();
-
-	tmp = strtok(subject, p[0]);
-	while((tmp != NULL) && (ne_num < (sizeof str_list/sizeof *str_list)))
-		{
-		char *token = tmp;
-
-		while (token[0] == ' ')
-			token++;
-		str_list[ne_num] = token;
-
-		tmp = strtok(NULL, p[0]);
-		ne_num++;
-		}
-
-	for(i = 0; i < ne_num; i++)
-		{
-		ne_name  = strtok(str_list[i], p[1]);
-		ne_value = strtok(NULL, p[1]);
-
-		if ((nid=OBJ_txt2nid(ne_name)) == NID_undef)
-			{
-			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_name);
-			continue;
-			}
-
-		if (ne_value == NULL)
-			{
-			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_name);
-			continue;
-			}
-
-		if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, (unsigned char*)ne_value, -1,-1,0))
-			{
-			X509_NAME_free(n);
-			return 0;
-			}
-		}
-
-	if (!X509_REQ_set_subject_name(req, n))
-		return 0;
-	X509_NAME_free(n);
-	return 1;
-}
-

 static int prompt_info(X509_REQ *req,
 		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
@@ -1207,9 +1020,6 @@ static int prompt_info(X509_REQ *req,
 	CONF_VALUE *v;
 	X509_NAME *subj;
 	subj = X509_REQ_get_subject_name(req);
-
-	if(!batch)
-		{
 	BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
 	BIO_printf(bio_err,"into your certificate request.\n");
 	BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
@@ -1217,7 +1027,6 @@ static int prompt_info(X509_REQ *req,
 	BIO_printf(bio_err,"For some fields there will be a default value,\n");
 	BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
 	BIO_printf(bio_err,"-----\n");
-		}


 	if (sk_CONF_VALUE_num(dn_sk))
@@ -1248,17 +1057,11 @@ start:		for (;;)
 			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
 			sprintf(buf,"%s_default",v->name);
 			if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
-				{
-				ERR_clear_error();
 				def="";
-				}
 				
 			sprintf(buf,"%s_value",v->name);
 			if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
-				{
-				ERR_clear_error();
 				value=NULL;
-				}

 			sprintf(buf,"%s_min",v->name);
 			min=(int)CONF_get_number(req_conf,dn_sect,buf);
@@ -1278,7 +1081,7 @@ start:		for (;;)

 		if (attribs)
 			{
-			if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
+			if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0))
 				{
 				BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
 				BIO_printf(bio_err,"to be sent with your certificate request\n");
@@ -1300,19 +1103,12 @@ start2:			for (;;)
 				sprintf(buf,"%s_default",type);
 				if ((def=CONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
-					{
-					ERR_clear_error();
 					def="";
-					}
-				
 				
 				sprintf(buf,"%s_value",type);
 				if ((value=CONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
-					{
-					ERR_clear_error();
 					value=NULL;
-					}

 				sprintf(buf,"%s_min",type);
 				min=(int)CONF_get_number(req_conf,attr_sect,buf);
@@ -1394,7 +1190,7 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int i,ret=0;
 	MS_STATIC char buf[1024];
 start:
-	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
+	BIO_printf(bio_err,"%s [%s]:",text,def);
 	(void)BIO_flush(bio_err);
 	if (value != NULL)
 		{
@@ -1405,16 +1201,8 @@ start:
 	else
 		{
 		buf[0]='\0';
-		if (!batch)
-			{
 		fgets(buf,1024,stdin);
 		}
-		else
-			{
-			buf[0] = '\n';
-			buf[1] = '\0';
-			}
-		}

 	if (buf[0] == '\0') return(0);
 	else if (buf[0] == '\n')
@@ -1433,6 +1221,7 @@ start:
 		return(0);
 		}
 	buf[--i]='\0';
+
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, i);
 #endif
@@ -1452,7 +1241,7 @@ static int add_attribute_object(X509_REQ *req, char *text,
 	static char buf[1024];

 start:
-	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
+	BIO_printf(bio_err,"%s [%s]:",text,def);
 	(void)BIO_flush(bio_err);
 	if (value != NULL)
 		{
@@ -1463,16 +1252,8 @@ start:
 	else
 		{
 		buf[0]='\0';
-		if (!batch)
-			{
 		fgets(buf,1024,stdin);
 		}
-		else
-			{
-			buf[0] = '\n';
-			buf[1] = '\0';
-			}
-		}

 	if (buf[0] == '\0') return(0);
 	else if (buf[0] == '\n')
@@ -1508,7 +1289,7 @@ err:
 	return(0);
 	}

-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 static void MS_CALLBACK req_cb(int p, int n, void *arg)
 	{
 	char c='*';
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */

-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -194,7 +194,7 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
@@ -261,11 +261,11 @@ bad:
 		if (pubin) rsa=d2i_RSA_PUBKEY_bio(in,NULL);
 		else rsa=d2i_RSAPrivateKey_bio(in,NULL);
 	}
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	else if (informat == FORMAT_NETSCAPE)
 		{
 		BUF_MEM *buf=NULL;
-		const unsigned char *p;
+		unsigned char *p;
 		int size=0;

 		buf=BUF_MEM_new();
@@ -307,7 +307,7 @@ bad:
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		out = BIO_push(tmpbio, out);
@@ -346,14 +346,14 @@ bad:
 			BIO_printf(out,"RSA key ok\n");
 		else if (r == 0)
 			{
-			long err;
+			long e;

-			while ((err = ERR_peek_error()) != 0 &&
-				ERR_GET_LIB(err) == ERR_LIB_RSA &&
-				ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
-				ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
+			while ((e = ERR_peek_error()) != 0 &&
+				ERR_GET_LIB(e) == ERR_LIB_RSA &&
+				ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
+				ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
 				{
-				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
+				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
 				ERR_get_error(); /* remove e from error stack */
 				}
 			}
@@ -375,7 +375,7 @@ bad:
 		if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
 		else i=i2d_RSAPrivateKey_bio(out,rsa);
 	}
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	else if (outformat == FORMAT_NETSCAPE)
 		{
 		unsigned char *p,*pp;
@@ -418,7 +418,7 @@ end:
 	if(passout) OPENSSL_free(passout);
 	EXIT(ret);
 	}
-#else /* !OPENSSL_NO_RSA */
+#else /* !NO_RSA */

 # if PEDANTIC
 static void *dummy=&dummy;
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -56,7 +56,7 @@
 *
 */

-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA

 #include "apps.h"
 #include <string.h>
@@ -86,7 +86,6 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
-	char *engine = NULL;
 	char *keyfile = NULL;
 	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
 	int keyform = FORMAT_PEM;
@@ -98,6 +97,7 @@ int MAIN(int argc, char **argv)
 	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
 	int rsa_inlen, rsa_outlen = 0;
 	int keysize;
+	char *engine=NULL;

 	int ret = 1;

@@ -180,11 +180,11 @@ int MAIN(int argc, char **argv)
 	
 	switch(key_type) {
 		case KEY_PRIVKEY:
-		pkey = load_key(bio_err, keyfile, keyform, NULL, e);
+		pkey = load_key(bio_err, keyfile, keyform, NULL);
 		break;

 		case KEY_PUBKEY:
-		pkey = load_pubkey(bio_err, keyfile, keyform, e);
+		pkey = load_pubkey(bio_err, keyfile, keyform);
 		break;

 		case KEY_CERT:
@@ -227,7 +227,7 @@ int MAIN(int argc, char **argv)
 		}
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
@@ -304,6 +304,7 @@ static void usage()
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
 	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
+	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
 	BIO_printf(bio_err, "-raw            use no padding\n");
 	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -57,9 +57,7 @@
 */

 #include <sys/types.h>
-#include <openssl/opensslconf.h>
-
-#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
+#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET)
 /* VAX C does not defined fd_set and friends, but it's actually quite simple */
 /* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */
 #define MAX_NOFILE	32
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -60,8 +60,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <openssl/e_os2.h>
-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif

@@ -69,7 +68,7 @@
   recursive header file inclusion, resulting in the compiler complaining
   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
   is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
 #define __U_INT
 typedef unsigned int u_int;
 #endif
@@ -80,15 +79,16 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>
 #include <openssl/engine.h>
 #include "s_apps.h"

-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 #include <conio.h>
 #endif


-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+#if (defined(VMS) && __VMS_VER < 70000000)
 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
 #undef FIONBIO
 #endif
@@ -152,12 +152,10 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
-	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
-	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-
+	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}

 int MAIN(int, char **);
@@ -187,15 +185,15 @@ int MAIN(int argc, char **argv)
 	char *inrand=NULL;
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 	struct timeval tv;
 #endif

-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_client_method();
-#elif !defined(OPENSSL_NO_SSL3)
+#elif !defined(NO_SSL3)
 	meth=SSLv3_client_method();
-#elif !defined(OPENSSL_NO_SSL2)
+#elif !defined(NO_SSL2)
 	meth=SSLv2_client_method();
 #endif

@@ -276,15 +274,15 @@ int MAIN(int argc, char **argv)
 			nbio_test=1;
 		else if	(strcmp(*argv,"-state") == 0)
 			state=1;
-#ifndef OPENSSL_NO_SSL2
+#ifndef NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
-#ifndef OPENSSL_NO_TLS1
+#ifndef NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
@@ -315,8 +313,6 @@ int MAIN(int argc, char **argv)
 			off|=SSL_OP_NO_SSLv3;
 		else if (strcmp(*argv,"-no_ssl2") == 0)
 			off|=SSL_OP_NO_SSLv2;
-		else if (strcmp(*argv,"-serverpref") == 0)
-			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -326,16 +322,16 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-nbio") == 0)
 			{ c_nbio=1; }
 #endif
-		else if	(strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine_id = *(++argv);
-			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
+		else if	(strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine_id = *(++argv);
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -438,12 +434,6 @@ bad:


 	con=SSL_new(ctx);
-#ifndef OPENSSL_NO_KRB5
-	if (con  &&  (con->kssl_ctx = kssl_ctx_new()) != NULL)
-                {
-                kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
-		}
-#endif	/* OPENSSL_NO_KRB5  */
 /*	SSL_set_cipher_list(con,"RC4-MD5"); */

 re_start:
@@ -538,7 +528,7 @@ re_start:

 		if (!ssl_pending)
 			{
-#ifndef OPENSSL_SYS_WINDOWS
+#ifndef WINDOWS
 			if (tty_on)
 				{
 				if (read_tty)  FD_SET(fileno(stdin),&readfds);
@@ -565,7 +555,7 @@ re_start:
 			 * will choke the compiler: if you do have a cast then
 			 * you can either go for (int *) or (void *).
 			 */
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 			/* Under Windows we make the assumption that we can
 			 * always write to the tty: therefore if we need to
 			 * write to the tty we just fall through. Otherwise
@@ -664,7 +654,7 @@ re_start:
 				goto shut;
 				}
 			}
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 		/* Assume Windows can always write */
 		else if (!ssl_pending && write_tty)
 #else
@@ -745,7 +735,7 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 				}
 			}

-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 		else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
 #else
 		else if (FD_ISSET(fileno(stdin),&readfds))
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -62,8 +62,7 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <openssl/e_os2.h>
-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif

@@ -71,7 +70,7 @@
   recursive header file inclusion, resulting in the compiler complaining
   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
   is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
 #define __U_INT
 typedef unsigned int u_int;
 #endif
@@ -84,19 +83,20 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
+#include <openssl/rand.h>
 #include <openssl/engine.h>
 #include "s_apps.h"

-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 #include <conio.h>
 #endif

-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+#if (defined(VMS) && __VMS_VER < 70000000)
 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
 #undef FIONBIO
 #endif

-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
 #endif
 static int sv_body(char *hostname, int s, unsigned char *context);
@@ -105,9 +105,7 @@ static void close_accept_socket(void );
 static void sv_usage(void);
 static int init_ssl_connection(SSL *s);
 static void print_stats(BIO *bp,SSL_CTX *ctx);
-static int generate_session_id(const SSL *ssl, unsigned char *id,
-				unsigned int *id_len);
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 static DH *load_dh_param(char *dhfile);
 static DH *get_dh512(void);
 #endif
@@ -123,7 +121,7 @@ static void s_server_init(void);
 # endif
 #endif

-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 static unsigned char dh512_p[]={
 	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
 	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
@@ -181,7 +179,6 @@ static int s_quiet=0;

 static int hack=0;
 static char *engine_id=NULL;
-static const char *session_id_prefix=NULL;

 #ifdef MONOLITH
 static void s_server_init(void)
@@ -235,7 +232,6 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
 	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
-	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
 	BIO_printf(bio_err," -quiet        - No server output\n");
 	BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
 	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
@@ -244,17 +240,14 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
 	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
 	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
 #endif
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
-	BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
-        BIO_printf(bio_err,"                 with the assumption it contains a complete HTTP response.\n");
-	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
-	BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}

 static int local_argc=0;
@@ -424,14 +417,18 @@ int MAIN(int argc, char *argv[])
 	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
-	ENGINE *e=NULL;
 	char *inrand=NULL;
+	char *engine_id=NULL;
+	ENGINE *e=NULL;
+#ifndef NO_DH
+	DH *dh=NULL;
+#endif

-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_server_method();
-#elif !defined(OPENSSL_NO_SSL3)
+#elif !defined(NO_SSL3)
 	meth=SSLv3_server_method();
-#elif !defined(OPENSSL_NO_SSL2)
+#elif !defined(NO_SSL2)
 	meth=SSLv2_server_method();
 #endif

@@ -518,8 +515,6 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			CApath= *(++argv);
 			}
-		else if	(strcmp(*argv,"-serverpref") == 0)
-			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -561,41 +556,34 @@ int MAIN(int argc, char *argv[])
 			{ www=1; }
 		else if	(strcmp(*argv,"-WWW") == 0)
 			{ www=2; }
-		else if	(strcmp(*argv,"-HTTP") == 0)
-			{ www=3; }
 		else if	(strcmp(*argv,"-no_ssl2") == 0)
 			{ off|=SSL_OP_NO_SSLv2; }
 		else if	(strcmp(*argv,"-no_ssl3") == 0)
 			{ off|=SSL_OP_NO_SSLv3; }
 		else if	(strcmp(*argv,"-no_tls1") == 0)
 			{ off|=SSL_OP_NO_TLSv1; }
-#ifndef OPENSSL_NO_SSL2
+#ifndef NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			{ meth=SSLv2_server_method(); }
 #endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			{ meth=SSLv3_server_method(); }
 #endif
-#ifndef OPENSSL_NO_TLS1
+#ifndef NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			{ meth=TLSv1_server_method(); }
 #endif
-		else if (strcmp(*argv, "-id_prefix") == 0)
+		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
-			session_id_prefix = *(++argv);
+			inrand= *(++argv);
 			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			engine_id= *(++argv);
 			}
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -634,7 +622,7 @@ bad:
 			}
 		}

-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
+#if !defined(NO_RSA) || !defined(NO_DSA)
 	if (nocert)
 #endif
 		{
@@ -676,22 +664,7 @@ bad:
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-	if (session_id_prefix)
-		{
-		if(strlen(session_id_prefix) >= 32)
-			BIO_printf(bio_err,
-"warning: id_prefix is too long, only one new session will be possible\n");
-		else if(strlen(session_id_prefix) >= 16)
-			BIO_printf(bio_err,
-"warning: id_prefix is too long if you use SSLv2\n");
-		if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
-			{
-			BIO_printf(bio_err,"error setting 'id_prefix'\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
-		}
+
 	SSL_CTX_set_quiet_shutdown(ctx,1);
 	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
@@ -722,16 +695,10 @@ bad:
 		/* goto end; */
 		}

-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 	if (!no_dhe)
 		{
-		DH *dh=NULL;
-
-		if (dhfile)
-			dh = load_dh_param(dhfile);
-		else if (s_cert_file)
-			dh = load_dh_param(s_cert_file);
-
+		dh=load_dh_param(dhfile ? dhfile : s_cert_file);
 		if (dh != NULL)
 			{
 			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
@@ -756,7 +723,7 @@ bad:
 			goto end;
 		}

-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 #if 1
 	if (!no_tmp_rsa)
 		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
@@ -845,7 +812,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 	unsigned long l;
 	SSL *con=NULL;
 	BIO *sbio;
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 	struct timeval tv;
 #endif

@@ -868,13 +835,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)

 	if (con == NULL) {
 		con=SSL_new(ctx);
-#ifndef OPENSSL_NO_KRB5
-		if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
-                        {
-                        kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
-                        kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
-                        }
-#endif	/* OPENSSL_NO_KRB5 */
 		if(context)
 		      SSL_set_session_id_context(con, context,
 						 strlen((char *)context));
@@ -912,7 +872,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		if (!read_from_sslcon)
 			{
 			FD_ZERO(&readfds);
-#ifndef OPENSSL_SYS_WINDOWS
+#ifndef WINDOWS
 			FD_SET(fileno(stdin),&readfds);
 #endif
 			FD_SET(s,&readfds);
@@ -922,7 +882,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 			 * the compiler: if you do have a cast then you can either
 			 * go for (int *) or (void *).
 			 */
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 			/* Under Windows we can't select on stdin: only
 			 * on sockets. As a workaround we timeout the select every
 			 * second and check for any keypress. In a proper Windows
@@ -1188,7 +1148,7 @@ static int init_ssl_connection(SSL *con)
 	return(1);
 	}

-#ifndef OPENSSL_NO_DH
+#ifndef NO_DH
 static DH *load_dh_param(char *dhfile)
 	{
 	DH *ret=NULL;
@@ -1324,7 +1284,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			else
 				{
 				BIO_printf(bio_s_out,"read R BLOCK\n");
-#ifndef OPENSSL_SYS_MSDOS
+#ifndef MSDOS
 				sleep(1);
 #endif
 				continue;
@@ -1418,25 +1378,37 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			BIO_puts(io,"</BODY></HTML>\r\n\r\n");
 			break;
 			}
-		else if ((www == 2 || www == 3)
-                         && (strncmp("GET /",buf,5) == 0))
+		else if ((www == 2) && (strncmp("GET /",buf,5) == 0))
 			{
 			BIO *file;
 			char *p,*e;
-			static char *text="HTTP/1.0 200 ok\r\n"
-                                "Content-type: text/plain\r\n\r\n";
+			static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";

 			/* skip the '/' */
 			p= &(buf[5]);
-			dot=0;
+
+			dot = 1;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ') break;
-				if (	(e[0] == '.') &&
-					(strncmp(&(e[-1]),"/../",4) == 0))
-					dot=1;
-				}
+				if (e[0] == ' ')
+					break;

+				switch (dot)
+					{
+				case 1:
+					dot = (e[0] == '.') ? 2 : 0;
+					break;
+				case 2:
+					dot = (e[0] == '.') ? 3 : 0;
+					break;
+				case 3:
+					dot = (e[0] == '/') ? -1 : 0;
+					break;
+					}
+				if (dot == 0)
+					dot = (e[0] == '/') ? 1 : 0;
+				}
+			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */

 			if (*e == '\0')
 				{
@@ -1460,9 +1432,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				break;
 				}

+#if 0
 			/* append if a directory lookup */
 			if (e[-1] == '/')
 				strcat(p,"index.html");
+#endif

 			/* if a directory, do the index thang */
 			if (stat(p,&st_buf) < 0)
@@ -1474,7 +1448,13 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				}
 			if (S_ISDIR(st_buf.st_mode))
 				{
+#if 0 /* must check buffer size */
 				strcat(p,"/index.html");
+#else
+				BIO_puts(io,text);
+				BIO_printf(io,"'%s' is a directory\r\n",p);
+				break;
+#endif
 				}

 			if ((file=BIO_new_file(p,"r")) == NULL)
@@ -1488,8 +1468,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			if (!s_quiet)
 				BIO_printf(bio_err,"FILE:%s\n",p);

-                        if (www == 2)
-                                {
 			i=strlen(p);
 			if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
 				((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
@@ -1497,7 +1475,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
 			else
 				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
-                                }
 			/* send the file */
 			total_bytes=0;
 			for (;;)
@@ -1575,7 +1552,7 @@ err:
 	return(ret);
 	}

-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	{
 	static RSA *rsa_tmp=NULL;
@@ -1597,26 +1574,3 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	return(rsa_tmp);
 	}
 #endif
-
-#define MAX_SESSION_ID_ATTEMPTS 10
-static int generate_session_id(const SSL *ssl, unsigned char *id,
-				unsigned int *id_len)
-	{
-	unsigned int count = 0;
-	do	{
-		RAND_pseudo_bytes(id, *id_len);
-		/* Prefix the session_id with the required prefix. NB: If our
-		 * prefix is too long, clip it - but there will be worse effects
-		 * anyway, eg. the server could only possibly create 1 session
-		 * ID (ie. the prefix!) so all future session negotiations will
-		 * fail due to conflicts. */
-		memcpy(id, session_id_prefix,
-			(strlen(session_id_prefix) < *id_len) ?
-			strlen(session_id_prefix) : *id_len);
-		}
-	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
-		(++count < MAX_SESSION_ID_ATTEMPTS));
-	if(count >= MAX_SESSION_ID_ATTEMPTS)
-		return 0;
-	return 1;
-	}
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -62,13 +62,11 @@
 #include <errno.h>
 #include <signal.h>

-#include <openssl/e_os2.h>
-
 /* With IPv6, it looks like Digital has mixed up the proper order of
   recursive header file inclusion, resulting in the compiler complaining
   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
   is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
 #define __U_INT
 typedef unsigned int u_int;
 #endif
@@ -82,7 +80,7 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>

 static struct hostent *GetHostByName(char *name);
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 static void sock_cleanup(void);
 #endif
 static int sock_init(void);
@@ -92,17 +90,17 @@ static int init_server_long(int *sock, int port,char *ip);
 static int do_accept(int acc_sock, int *sock, char **host);
 static int host_ip(char *str, unsigned char ip[4]);

-#ifdef OPENSSL_SYS_WIN16
+#ifdef WIN16
 #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
 #else
 #define SOCKET_PROTOCOL	IPPROTO_TCP
 #endif

-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 static struct WSAData wsa_state;
 static int wsa_init_done=0;

-#ifdef OPENSSL_SYS_WIN16
+#ifdef WIN16
 static HWND topWnd=0;
 static FARPROC lpTopWndProc=NULL;
 static FARPROC lpTopHookProc=NULL;
@@ -131,10 +129,10 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
 	return(FALSE);
 	}

-#endif /* OPENSSL_SYS_WIN32 */
-#endif /* OPENSSL_SYS_WINDOWS */
+#endif /* WIN32 */
+#endif /* WINDOWS */

-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 static void sock_cleanup(void)
 	{
 	if (wsa_init_done)
@@ -148,7 +146,7 @@ static void sock_cleanup(void)

 static int sock_init(void)
 	{
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 	if (!wsa_init_done)
 		{
 		int err;
@@ -165,15 +163,15 @@ static int sock_init(void)
 			return(0);
 			}

-#ifdef OPENSSL_SYS_WIN16
+#ifdef WIN16
 		EnumTaskWindows(GetCurrentTask(),enumproc,0L);
 		lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
 		lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);

 		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
-#endif /* OPENSSL_SYS_WIN16 */
+#endif /* WIN16 */
 		}
-#endif /* OPENSSL_SYS_WINDOWS */
+#endif /* WINDOWS */
 	return(1);
 	}

@@ -211,7 +209,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }

-#ifndef OPENSSL_SYS_MPE
+#ifndef MPE
 	i=0;
 	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 	if (i < 0) { perror("keepalive"); return(0); }
@@ -287,7 +285,7 @@ static int init_server_long(int *sock, int port, char *ip)
 #endif
 	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
 		{
-#ifndef OPENSSL_SYS_WINDOWS
+#ifndef WINDOWS
 		perror("bind");
 #endif
 		goto err;
@@ -320,7 +318,7 @@ static int do_accept(int acc_sock, int *sock, char **host)

 	if (!sock_init()) return(0);

-#ifndef OPENSSL_SYS_WINDOWS
+#ifndef WINDOWS
 redoit:
 #endif

@@ -334,7 +332,7 @@ redoit:
 	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
-#ifdef OPENSSL_SYS_WINDOWS
+#ifdef WINDOWS
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -67,7 +67,7 @@
 #include <stdlib.h>
 #include <string.h>

-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #define USE_SOCKETS
@@ -82,7 +82,7 @@
 #include "wintext.h"
 #endif

-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif

@@ -98,7 +98,7 @@
   The __TMS macro will show if it was.  If it wasn't defined, we should
   undefine TIMES, since that tells the rest of the program how things
   should be handled.				-- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
 #undef TIMES
 #endif

@@ -174,7 +174,7 @@ static int perform=0;
 #ifdef FIONBIO
 static int t_nbio=0;
 #endif
-#ifdef OPENSSL_SYS_WIN32
+#ifdef WIN32
 static int exitNow = 0;		/* Set when it's time to exit main */
 #endif

@@ -198,7 +198,7 @@ static void s_time_init(void)
 #ifdef FIONBIO
 	t_nbio=0;
 #endif
-#ifdef OPENSSL_SYS_WIN32
+#ifdef WIN32
 	exitNow = 0;		/* Set when it's time to exit main */
 #endif
 	}
@@ -314,11 +314,11 @@ static int parseArgs(int argc, char **argv)
 		}
 	else if(strcmp(*argv,"-bugs") == 0)
 	    st_bugs=1;
-#ifndef OPENSSL_NO_SSL2
+#ifndef NO_SSL2
 	else if(strcmp(*argv,"-ssl2") == 0)
 	    s_time_meth=SSLv2_client_method();
 #endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef NO_SSL3
 	else if(strcmp(*argv,"-ssl3") == 0)
 	    s_time_meth=SSLv3_client_method();
 #endif
@@ -406,11 +406,11 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
 	s_time_meth=SSLv23_client_method();
-#elif !defined(OPENSSL_NO_SSL3)
+#elif !defined(NO_SSL3)
 	s_time_meth=SSLv3_client_method();
-#elif !defined(OPENSSL_NO_SSL2)
+#elif !defined(NO_SSL2)
 	s_time_meth=SSLv2_client_method();
 #endif

--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -156,7 +156,7 @@ int MAIN(int argc, char **argv)
 		{
 bad:
 		for (pp=sess_id_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+			BIO_printf(bio_err,*pp);
 		goto end;
 		}

@@ -208,7 +208,7 @@ bad:
 		if (outfile == NULL)
 			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -68,6 +68,7 @@

 #undef PROG
 #define PROG smime_main
+static X509_STORE *setup_verify(char *CAfile, char *CApath);
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);

 #define SMIME_OP	0x10
@@ -89,7 +90,7 @@ int MAIN(int argc, char **argv)
 	char *infile = NULL, *outfile = NULL;
 	char *signerfile = NULL, *recipfile = NULL;
 	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
-	const EVP_CIPHER *cipher = NULL;
+	EVP_CIPHER *cipher = NULL;
 	PKCS7 *p7 = NULL;
 	X509_STORE *store = NULL;
 	X509 *cert = NULL, *recip = NULL, *signer = NULL;
@@ -115,13 +116,13 @@ int MAIN(int argc, char **argv)
 		else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
 		else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
 		else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		else if (!strcmp (*args, "-des3")) 
 				cipher = EVP_des_ede3_cbc();
 		else if (!strcmp (*args, "-des")) 
 				cipher = EVP_des_cbc();
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 		else if (!strcmp (*args, "-rc2-40")) 
 				cipher = EVP_rc2_40_cbc();
 		else if (!strcmp (*args, "-rc2-128")) 
@@ -266,11 +267,11 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-sign          sign message\n");
 		BIO_printf (bio_err, "-verify        verify signed message\n");
 		BIO_printf (bio_err, "-pk7out        output PKCS#7 structure\n");
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
 		BIO_printf (bio_err, "-des           encrypt with DES\n");
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
 		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
 		BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
@@ -298,6 +299,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
 		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
+		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,  "               the random number generator\n");
@@ -349,7 +351,7 @@ int MAIN(int argc, char **argv)

 	if(operation == SMIME_ENCRYPT) {
 		if (!cipher) {
-#ifndef OPENSSL_NO_RC2			
+#ifndef NO_RC2			
 			cipher = EVP_rc2_40_cbc();
 #else
 			BIO_printf(bio_err, "No cipher selected\n");
@@ -398,7 +400,7 @@ int MAIN(int argc, char **argv)
 	} else keyfile = NULL;

 	if(keyfile) {
-		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) {
+		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
 			ERR_print_errors(bio_err);
 			goto end;
@@ -421,7 +423,7 @@ int MAIN(int argc, char **argv)
 		}
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
@@ -430,7 +432,7 @@ int MAIN(int argc, char **argv)
 	}

 	if(operation == SMIME_VERIFY) {
-		if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;
+		if(!(store = setup_verify(CAfile, CApath))) goto end;
 	}

 	ret = 3;
@@ -529,6 +531,36 @@ end:
 	return (ret);
 }

+static X509_STORE *setup_verify(char *CAfile, char *CApath)
+{
+	X509_STORE *store;
+	X509_LOOKUP *lookup;
+	if(!(store = X509_STORE_new())) goto end;
+	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+	if (lookup == NULL) goto end;
+	if (CAfile) {
+		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
+			BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+			goto end;
+		}
+	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+		
+	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+	if (lookup == NULL) goto end;
+	if (CApath) {
+		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
+			BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+			goto end;
+		}
+	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+	ERR_clear_error();
+	return store;
+	end:
+	X509_STORE_free(store);
+	return NULL;
+}
+
 static int save_certs(char *signerfile, STACK_OF(X509) *signers)
 {
 	int i;
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -75,22 +75,20 @@
 #include <string.h>
 #include <math.h>
 #include "apps.h"
-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
 #include <openssl/engine.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>

-#if defined(__FreeBSD__) || defined(OPENSSL_SYS_MACOSX)
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
 # define USE_TOD
-#elif !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
+#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 # define TIMES
 #endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) /* FIXME */
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__)
 # define TIMEB
 #endif

@@ -110,7 +108,7 @@
   The __TMS macro will show if it was.  If it wasn't defined, we should
   undefine TIMES, since that tells the rest of the program how things
   should be handled.				-- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
 #undef TIMES
 #endif

@@ -128,55 +126,55 @@
 #include <sys/param.h>
 #endif

-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 #include <openssl/des.h>
 #endif
-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 #include <openssl/md2.h>
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef NO_MDC2
 #include <openssl/mdc2.h>
 #endif
-#ifndef OPENSSL_NO_MD4
+#ifndef NO_MD4
 #include <openssl/md4.h>
 #endif
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 #include <openssl/md5.h>
 #endif
-#ifndef OPENSSL_NO_HMAC
+#ifndef NO_HMAC
 #include <openssl/hmac.h>
 #endif
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_SHA
+#ifndef NO_SHA
 #include <openssl/sha.h>
 #endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef NO_RIPEMD
 #include <openssl/ripemd.h>
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 #include <openssl/rc4.h>
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 #include <openssl/rc5.h>
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 #include <openssl/rc2.h>
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 #include <openssl/idea.h>
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 #include <openssl/blowfish.h>
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 #include <openssl/cast.h>
 #endif
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 #include <openssl/rsa.h>
 #include "./testrsa.h"
 #endif
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 #include "./testdsa.h"
 #endif

@@ -198,7 +196,7 @@
 int run=0;

 static double Time_F(int s, int usertime);
-static void print_message(const char *s,long num,int length);
+static void print_message(char *s,long num,int length);
 static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
@@ -316,57 +314,55 @@ int MAIN(int argc, char **argv)
 	ENGINE *e;
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
-#define ALGOR_NUM	16
+#define ALGOR_NUM	15
 #define SIZE_NUM	5
 #define RSA_NUM		4
 #define DSA_NUM		3
-	long count,rsa_count,save_count=0;
+	long count,rsa_count;
 	int i,j,k;
-#ifndef OPENSSL_NO_RSA
 	unsigned rsa_num;
-#endif
-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 	unsigned char md2[MD2_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef NO_MDC2
 	unsigned char mdc2[MDC2_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_MD4
+#ifndef NO_MD4
 	unsigned char md4[MD4_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 	unsigned char md5[MD5_DIGEST_LENGTH];
 	unsigned char hmac[MD5_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_SHA
+#ifndef NO_SHA
 	unsigned char sha[SHA_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef NO_RIPEMD
 	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	RC4_KEY rc4_ks;
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	RC5_32_KEY rc5_ks;
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	RC2_KEY rc2_ks;
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	IDEA_KEY_SCHEDULE idea_ks;
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	BF_KEY bf_ks;
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	CAST_KEY cast_ks;
 #endif
 	static unsigned char key16[16]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
 	unsigned char iv[8];
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	des_cblock *buf_as_des_cblock = NULL;
 	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
 	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
@@ -388,11 +384,10 @@ int MAIN(int argc, char **argv)
 #define	D_CBC_RC5	12
 #define	D_CBC_BF	13
 #define	D_CBC_CAST	14
-#define D_EVP		15
 	double d,results[ALGOR_NUM][SIZE_NUM];
 	static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
 	long c[ALGOR_NUM][SIZE_NUM];
-	static const char *names[ALGOR_NUM]={
+	static char *names[ALGOR_NUM]={
 		"md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
 		"des cbc","des ede3","idea cbc",
 		"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
@@ -403,7 +398,7 @@ int MAIN(int argc, char **argv)
 #define	R_RSA_1024	1
 #define	R_RSA_2048	2
 #define	R_RSA_4096	3
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	RSA *rsa_key[RSA_NUM];
 	long rsa_c[RSA_NUM][2];
 	double rsa_results[RSA_NUM][2];
@@ -414,7 +409,7 @@ int MAIN(int argc, char **argv)
 		sizeof(test512),sizeof(test1024),
 		sizeof(test2048),sizeof(test4096)};
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	DSA *dsa_key[DSA_NUM];
 	long dsa_c[DSA_NUM][2];
 	double dsa_results[DSA_NUM][2];
@@ -425,7 +420,6 @@ int MAIN(int argc, char **argv)
 	int doit[ALGOR_NUM];
 	int pr_header=0;
 	int usertime=1;
-	const EVP_CIPHER *evp=NULL;

 #ifndef TIMES
 	usertime=-1;
@@ -433,7 +427,7 @@ int MAIN(int argc, char **argv)

 	apps_startup();
 	memset(results, 0, sizeof(results));
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	memset(dsa_key,0,sizeof(dsa_key));
 #endif

@@ -441,7 +435,7 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	memset(rsa_key,0,sizeof(rsa_key));
 	for (i=0; i<RSA_NUM; i++)
 		rsa_key[i]=NULL;
@@ -452,7 +446,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	buf_as_des_cblock = (des_cblock *)buf;
 #endif
 	if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
@@ -478,23 +472,6 @@ int MAIN(int argc, char **argv)
 		{
 		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
 			usertime = 0;
-		else if	((argc > 0) && (strcmp(*argv,"-evp") == 0))
-			{
-			argc--;
-			argv++;
-			if(argc == 0)
-				{
-				BIO_printf(bio_err,"no EVP given\n");
-				goto end;
-				}
-			evp=EVP_get_cipherbyname(*argv);
-			if(!evp)
-				{
-				BIO_printf(bio_err,"%s is an unknown cipher\n",*argv);
-				goto end;
-				}
-			doit[D_EVP]=1;
-			}
 		else
 		if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
 			{
@@ -526,33 +503,33 @@ int MAIN(int argc, char **argv)
 			j--;
 			}
 		else
-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef NO_MDC2
 			if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_MD4
+#ifndef NO_MD4
 			if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 			if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 			if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_SHA
+#ifndef NO_SHA
 			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
 		else
 			if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef NO_RIPEMD
 			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
 		else
 			if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
@@ -560,17 +537,17 @@ int MAIN(int argc, char **argv)
 			if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 			if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
 		else 
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 			if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
 		else	if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_RSA
-#if 0 /* was: #ifdef RSAref */
+#ifndef NO_RSA
+#ifdef RSAref
 			if (strcmp(*argv,"rsaref") == 0) 
 			{
 			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
@@ -586,7 +563,7 @@ int MAIN(int argc, char **argv)
 			}
 		else
 #endif
-#endif /* !OPENSSL_NO_RSA */
+#endif /* !NO_RSA */
 		     if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
 		else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
 		else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
@@ -595,34 +572,34 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
 		else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
 		else
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 		     if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
 		else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 		     if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
 		else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		     if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
 		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 		     if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
 		else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
 		else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
 		else
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 			if (strcmp(*argv,"des") == 0)
 			{
 			doit[D_CBC_DES]=1;
@@ -630,7 +607,7 @@ int MAIN(int argc, char **argv)
 			}
 		else
 #endif
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 			if (strcmp(*argv,"rsa") == 0)
 			{
 			rsa_doit[R_RSA_512]=1;
@@ -640,7 +617,7 @@ int MAIN(int argc, char **argv)
 			}
 		else
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 			if (strcmp(*argv,"dsa") == 0)
 			{
 			dsa_doit[R_DSA_512]=1;
@@ -652,82 +629,77 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"Error: bad option or value\n");
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"Available values:\n");
-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 			BIO_printf(bio_err,"md2      ");
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef NO_MDC2
 			BIO_printf(bio_err,"mdc2     ");
 #endif
-#ifndef OPENSSL_NO_MD4
+#ifndef NO_MD4
 			BIO_printf(bio_err,"md4      ");
 #endif
-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 			BIO_printf(bio_err,"md5      ");
-#ifndef OPENSSL_NO_HMAC
+#ifndef NO_HMAC
 			BIO_printf(bio_err,"hmac     ");
 #endif
 #endif
-#ifndef OPENSSL_NO_SHA1
+#ifndef NO_SHA1
 			BIO_printf(bio_err,"sha1     ");
 #endif
-#ifndef OPENSSL_NO_RIPEMD160
+#ifndef NO_RIPEMD160
 			BIO_printf(bio_err,"rmd160");
 #endif
-#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
-    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
-    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160)
+#if !defined(NO_MD2) || !defined(NO_MDC2) || !defined(NO_MD4) || !defined(NO_MD5) || !defined(NO_SHA1) || !defined(NO_RIPEMD160)
 			BIO_printf(bio_err,"\n");
 #endif

-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 			BIO_printf(bio_err,"idea-cbc ");
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 			BIO_printf(bio_err,"rc2-cbc  ");
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 			BIO_printf(bio_err,"rc5-cbc  ");
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 			BIO_printf(bio_err,"bf-cbc");
 #endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
-    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
+#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_BF) || !defined(NO_RC5)
 			BIO_printf(bio_err,"\n");
 #endif

 			BIO_printf(bio_err,"des-cbc  des-ede3 ");
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 			BIO_printf(bio_err,"rc4");
 #endif
 			BIO_printf(bio_err,"\n");

-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 			BIO_printf(bio_err,"rsa512   rsa1024  rsa2048  rsa4096\n");
 #endif

-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
 #endif

-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 			BIO_printf(bio_err,"idea     ");
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 			BIO_printf(bio_err,"rc2      ");
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 			BIO_printf(bio_err,"des      ");
 #endif
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 			BIO_printf(bio_err,"rsa      ");
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 			BIO_printf(bio_err,"blowfish");
 #endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
-    !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \
-    !defined(OPENSSL_NO_BF)
+#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_DES) || !defined(NO_RSA) || !defined(NO_BF)
 			BIO_printf(bio_err,"\n");
 #endif

@@ -747,10 +719,7 @@ int MAIN(int argc, char **argv)
 	if (j == 0)
 		{
 		for (i=0; i<ALGOR_NUM; i++)
-			{
-			if (i != D_EVP)
 			doit[i]=1;
-			}
 		for (i=0; i<RSA_NUM; i++)
 			rsa_doit[i]=1;
 		for (i=0; i<DSA_NUM; i++)
@@ -767,10 +736,10 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"program when this computer is idle.\n");
 		}

-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	for (i=0; i<RSA_NUM; i++)
 		{
-		const unsigned char *p;
+		unsigned char *p;

 		p=rsa_data[i];
 		rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
@@ -790,40 +759,40 @@ int MAIN(int argc, char **argv)
 		}
 #endif

-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	dsa_key[0]=get_dsa512();
 	dsa_key[1]=get_dsa1024();
 	dsa_key[2]=get_dsa2048();
 #endif

-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	des_set_key_unchecked(&key,sch);
 	des_set_key_unchecked(&key2,sch2);
 	des_set_key_unchecked(&key3,sch3);
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	idea_set_encrypt_key(key16,&idea_ks);
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	RC4_set_key(&rc4_ks,16,key16);
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	RC2_set_key(&rc2_ks,16,key16,128);
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	RC5_32_set_key(&rc5_ks,16,key16,12);
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	BF_set_key(&bf_ks,16,key16);
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	CAST_set_key(&cast_ks,16,key16);
 #endif
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	memset(rsa_c,0,sizeof(rsa_c));
 #endif
 #ifndef SIGALRM
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
 	count=10;
 	do	{
@@ -835,7 +804,6 @@ int MAIN(int argc, char **argv)
 				&(sch[0]),DES_ENCRYPT);
 		d=Time_F(STOP,usertime);
 		} while (d <3);
-	save_count=count;
 	c[D_MD2][0]=count/10;
 	c[D_MDC2][0]=count/10;
 	c[D_MD4][0]=count;
@@ -877,7 +845,7 @@ int MAIN(int argc, char **argv)
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
 		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
 		}
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;
 	rsa_c[R_RSA_512][1]=count/400;
 	for (i=1; i<RSA_NUM; i++)
@@ -897,6 +865,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif

+#ifndef NO_DSA
 	dsa_c[R_DSA_512][0]=count/1000;
 	dsa_c[R_DSA_512][1]=count/1000/2;
 	for (i=1; i<DSA_NUM; i++)
@@ -914,20 +883,21 @@ int MAIN(int argc, char **argv)
 				}
 			}				
 		}
+#endif

 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
 #else
 /* not worth fixing */
 # error "You cannot disable DES on systems without SIGALRM."
-#endif /* OPENSSL_NO_DES */
+#endif /* NO_DES */
 #else
 #define COND(c)	(run)
 #define COUNT(d) (count)
 	signal(SIGALRM,sig_done);
 #endif /* SIGALRM */

-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 	if (doit[D_MD2])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -943,7 +913,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef NO_MDC2
 	if (doit[D_MDC2])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -960,7 +930,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif

-#ifndef OPENSSL_NO_MD4
+#ifndef NO_MD4
 	if (doit[D_MD4])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -977,7 +947,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif

-#ifndef OPENSSL_NO_MD5
+#ifndef NO_MD5
 	if (doit[D_MD5])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -994,7 +964,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif

-#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
+#if !defined(NO_MD5) && !defined(NO_HMAC)
 	if (doit[D_HMAC])
 		{
 		HMAC_CTX hctx;
@@ -1018,7 +988,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_SHA
+#ifndef NO_SHA
 	if (doit[D_SHA1])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1034,7 +1004,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef NO_RIPEMD
 	if (doit[D_RMD160])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1050,7 +1020,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	if (doit[D_RC4])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1067,7 +1037,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	if (doit[D_CBC_DES])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1101,7 +1071,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	if (doit[D_CBC_IDEA])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1119,7 +1089,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_RC2
+#ifndef NO_RC2
 	if (doit[D_CBC_RC2])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1137,7 +1107,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_RC5
+#ifndef NO_RC5
 	if (doit[D_CBC_RC5])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1155,7 +1125,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	if (doit[D_CBC_BF])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1173,7 +1143,7 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
-#ifndef OPENSSL_NO_CAST
+#ifndef NO_CAST
 	if (doit[D_CBC_CAST])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -1192,30 +1162,8 @@ int MAIN(int argc, char **argv)
 		}
 #endif

-	if (doit[D_EVP])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			EVP_CIPHER_CTX ctx;
-			int outl;
-
-			names[D_EVP]=OBJ_nid2ln(evp->nid);
-			print_message(names[D_EVP],save_count,
-						  lengths[j]);
-			EVP_EncryptInit(&ctx,evp,key16,iv);
-			Time_F(START,usertime);
-			for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
-			    EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
-			EVP_EncryptFinal(&ctx,buf,&outl);
-			d=Time_F(STOP,usertime);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-					   count,names[D_EVP],d);
-			results[D_EVP][j]=((double)count)/d*lengths[j];
-			}
-		}
-
 	RAND_pseudo_bytes(buf,36);
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	for (j=0; j<RSA_NUM; j++)
 		{
 		int ret;
@@ -1261,7 +1209,7 @@ int MAIN(int argc, char **argv)
 			{
 			BIO_printf(bio_err,"RSA verify failure.  No RSA verify will be done.\n");
 			ERR_print_errors(bio_err);
-			dsa_doit[j] = 0;
+			rsa_doit[j] = 0;
 			}
 		else
 			{
@@ -1300,7 +1248,7 @@ int MAIN(int argc, char **argv)
 #endif

 	RAND_pseudo_bytes(buf,20);
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	if (RAND_status() != 1)
 		{
 		RAND_seed(rnd_seed, sizeof rnd_seed);
@@ -1395,19 +1343,19 @@ int MAIN(int argc, char **argv)
        fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
 	printf("options:");
 	printf("%s ",BN_options());
-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 	printf("%s ",MD2_options());
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 	printf("%s ",RC4_options());
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 	printf("%s ",des_options());
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 	printf("%s ",idea_options());
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 	printf("%s ",BF_options());
 #endif
 	fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
@@ -1434,7 +1382,7 @@ int MAIN(int argc, char **argv)
 			}
 		fprintf(stdout,"\n");
 		}
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	j=1;
 	for (k=0; k<RSA_NUM; k++)
 		{
@@ -1450,7 +1398,7 @@ int MAIN(int argc, char **argv)
 		fprintf(stdout,"\n");
 		}
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	j=1;
 	for (k=0; k<DSA_NUM; k++)
 		{
@@ -1470,12 +1418,12 @@ end:
 	ERR_print_errors(bio_err);
 	if (buf != NULL) OPENSSL_free(buf);
 	if (buf2 != NULL) OPENSSL_free(buf2);
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	for (i=0; i<RSA_NUM; i++)
 		if (rsa_key[i] != NULL)
 			RSA_free(rsa_key[i]);
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	for (i=0; i<DSA_NUM; i++)
 		if (dsa_key[i] != NULL)
 			DSA_free(dsa_key[i]);
@@ -1483,7 +1431,7 @@ end:
 	EXIT(mret);
 	}

-static void print_message(const char *s, long num, int length)
+static void print_message(char *s, long num, int length)
 	{
 #ifdef SIGALRM
 	BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -221,7 +221,7 @@ bad:
 		if (outfile) out = BIO_new_file(outfile, "w");
 		else {
 			out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 			{
 			    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			    out = BIO_push(tmpbio, out);
@@ -278,7 +278,7 @@ bad:
 	if (outfile) out = BIO_new_file(outfile, "w");
 	else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
--- a/apps/version.c
+++ b/apps/version.c
@@ -71,7 +71,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	int i,ret=0;
-	int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
+	int cflags=0,version=0,date=0,options=0,platform=0;

 	apps_startup();

@@ -92,10 +92,8 @@ int MAIN(int argc, char **argv)
 			options=1;
 		else if (strcmp(argv[i],"-p") == 0)
 			platform=1;
-		else if (strcmp(argv[i],"-d") == 0)
-			dir=1;
 		else if (strcmp(argv[i],"-a") == 0)
-			date=version=cflags=options=platform=dir=1;
+			date=version=cflags=options=platform=1;
 		else
 			{
 			BIO_printf(bio_err,"usage:version -[avbofp]\n");
@@ -111,25 +109,24 @@ int MAIN(int argc, char **argv)
 		{
 		printf("options:  ");
 		printf("%s ",BN_options());
-#ifndef OPENSSL_NO_MD2
+#ifndef NO_MD2
 		printf("%s ",MD2_options());
 #endif
-#ifndef OPENSSL_NO_RC4
+#ifndef NO_RC4
 		printf("%s ",RC4_options());
 #endif
-#ifndef OPENSSL_NO_DES
+#ifndef NO_DES
 		printf("%s ",des_options());
 #endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef NO_IDEA
 		printf("%s ",idea_options());
 #endif
-#ifndef OPENSSL_NO_BF
+#ifndef NO_BF
 		printf("%s ",BF_options());
 #endif
 		printf("\n");
 		}
 	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
-	if (dir)  printf("%s\n",SSLeay_version(SSLEAY_DIR));
 end:
 	EXIT(ret);
 	}
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -60,7 +60,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef OPENSSL_NO_STDIO
+#ifdef NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -106,7 +106,6 @@ static char *x509_usage[]={
 " -fingerprint    - print the certificate fingerprint\n",
 " -alias          - output certificate alias\n",
 " -noout          - no certificate output\n",
-" -ocspid         - print OCSP hash values for the subject name and public key\n",
 " -trustout       - output a \"trusted\" certificate\n",
 " -clrtrust       - clear all trusted purposes\n",
 " -clrreject      - clear all rejected purposes\n",
@@ -124,7 +123,6 @@ static char *x509_usage[]={
 "                   missing, it is assumed to be in the CA file.\n",
 " -CAcreateserial - create serial number file if it does not exist\n",
 " -CAserial       - serial file\n",
-" -set_serial     - serial number to use\n",
 " -text           - print the certificate in text form\n",
 " -C              - print out C code forms\n",
 " -md2/-md5/-sha1/-mdc2 - digest to use\n",
@@ -133,7 +131,6 @@ static char *x509_usage[]={
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
 " -engine e       - use engine e, possibly a hardware device.\n",
-" -certopt arg    - various certificate text options\n",
 NULL
 };

@@ -142,8 +139,7 @@ static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *dige
 						LHASH *conf, char *section);
 static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
 			 X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
-			 int create,int days, int clrext, LHASH *conf, char *section,
-						ASN1_INTEGER *sno);
+			 int create,int days, int clrext, LHASH *conf, char *section);
 static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
 static int reqfile=0;

@@ -157,7 +153,6 @@ int MAIN(int argc, char **argv)
 	X509 *x=NULL,*xca=NULL;
 	ASN1_OBJECT *objtmp;
 	EVP_PKEY *Upkey=NULL,*CApkey=NULL;
-	ASN1_INTEGER *sno = NULL;
 	int i,num,badops=0;
 	BIO *out=NULL;
 	BIO *STDout=NULL;
@@ -167,7 +162,6 @@ int MAIN(int argc, char **argv)
 	char *CAkeyfile=NULL,*CAserial=NULL;
 	char *alias=NULL;
 	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
-	int ocspid=0;
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
@@ -183,7 +177,7 @@ int MAIN(int argc, char **argv)
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
-	unsigned long nmflag = 0, certflag = 0;
+	unsigned long nmflag = 0;
 	char *engine=NULL;

 	reqfile=0;
@@ -193,7 +187,7 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 	{
 	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	STDout = BIO_push(tmpbio, STDout);
@@ -304,12 +298,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			CAserial= *(++argv);
 			}
-		else if (strcmp(*argv,"-set_serial") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
-				goto bad;
-			}
 		else if (strcmp(*argv,"-addtrust") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -342,11 +330,6 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
-		else if (strcmp(*argv,"-certopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_cert_ex(&certflag, *(++argv))) goto bad;
-			}
 		else if (strcmp(*argv,"-nameopt") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -423,8 +406,6 @@ int MAIN(int argc, char **argv)
 			clrext = 1;
 			}
 #endif
-		else if (strcmp(*argv,"-ocspid") == 0)
-			ocspid= ++num;
 		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
 			{
 			/* ok */
@@ -444,7 +425,7 @@ int MAIN(int argc, char **argv)
 		{
 bad:
 		for (pp=x509_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+			BIO_printf(bio_err,*pp);
 		goto end;
 		}

@@ -507,15 +488,8 @@ bad:
 							,errorline,extfile);
 			goto end;
 			}
-		if (!extsect)
-			{
-			extsect = CONF_get_string(extconf, "default", "extensions");
-			if (!extsect)
-				{
-				ERR_clear_error();
-				extsect = "default";
-				}
-			}
+		if (!extsect && !(extsect = CONF_get_string(extconf, "default",
+					 "extensions"))) extsect = "default";
 		X509V3_set_ctx_test(&ctx2);
 		X509V3_set_conf_lhash(&ctx2, extconf);
 		if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
@@ -602,12 +576,7 @@ bad:
 		if ((x=X509_new()) == NULL) goto end;
 		ci=x->cert_info;

-		if (sno)
-			{
-			if (!X509_set_serialNumber(x, sno))
-				goto end;
-			}
-		else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
+		if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
 		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
 		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;

@@ -642,7 +611,7 @@ bad:
 		if (outfile == NULL)
 			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
@@ -746,12 +715,12 @@ bad:
 					goto end;
 					}
 				BIO_printf(STDout,"Modulus=");
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 				if (pkey->type == EVP_PKEY_RSA)
 					BN_print(STDout,pkey->pkey.rsa->n);
 				else
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 				if (pkey->type == EVP_PKEY_DSA)
 					BN_print(STDout,pkey->pkey.dsa->pub_key);
 				else
@@ -832,7 +801,7 @@ bad:
 				}
 			else if (text == i)
 				{
-				X509_print_ex(out,x,nmflag, certflag);
+				X509_print(out,x);
 				}
 			else if (startdate == i)
 				{
@@ -874,10 +843,10 @@ bad:
 				if (Upkey == NULL)
 					{
 					Upkey=load_key(bio_err,
-						keyfile,keyformat, passin, e);
+						keyfile,keyformat, passin);
 					if (Upkey == NULL) goto end;
 					}
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		                if (Upkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
@@ -892,11 +861,10 @@ bad:
 				if (CAkeyfile != NULL)
 					{
 					CApkey=load_key(bio_err,
-						CAkeyfile,CAkeyformat, passin,
-						e);
+						CAkeyfile,CAkeyformat, passin);
 					if (CApkey == NULL) goto end;
 					}
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 		                if (CApkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
@@ -904,7 +872,7 @@ bad:
 				assert(need_rand);
 				if (!x509_certify(ctx,CAfile,digest,x,xca,
 					CApkey, CAserial,CA_createserial,days, clrext,
-					extconf, extsect, sno))
+					extconf, extsect))
 					goto end;
 				}
 			else if (x509req == i)
@@ -920,14 +888,16 @@ bad:
 				else
 					{
 					pk=load_key(bio_err,
-						keyfile,FORMAT_PEM, passin, e);
+						keyfile,FORMAT_PEM, passin);
 					if (pk == NULL) goto end;
 					}

 				BIO_printf(bio_err,"Generating certificate request\n");

+#ifndef NO_DSA
 		                if (pk->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
+#endif

 				rq=X509_to_X509_REQ(x,pk,digest);
 				EVP_PKEY_free(pk);
@@ -943,10 +913,6 @@ bad:
 					}
 				noout=1;
 				}
-			else if (ocspid == i)
-				{
-				X509_ocspid_print(out, x);
-				}
 			}
 		}

@@ -1019,22 +985,32 @@ end:
 	EVP_PKEY_free(Upkey);
 	EVP_PKEY_free(CApkey);
 	X509_REQ_free(rq);
-	ASN1_INTEGER_free(sno);
 	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
 	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
 	if (passin) OPENSSL_free(passin);
 	EXIT(ret);
 	}

-static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
+	     int days, int clrext, LHASH *conf, char *section)
 	{
-	char *buf = NULL, *p;
-	MS_STATIC char buf2[1024];
-	ASN1_INTEGER *bs = NULL, *bs2 = NULL;
+	int ret=0;
 	BIO *io=NULL;
+	MS_STATIC char buf2[1024];
+	char *buf=NULL,*p;
 	BIGNUM *serial=NULL;
+	ASN1_INTEGER *bs=NULL,bs2;
+	X509_STORE_CTX xsc;
+	EVP_PKEY *upkey;

-	buf=OPENSSL_malloc( ((serialfile == NULL)
+	upkey = X509_get_pubkey(xca);
+	EVP_PKEY_copy_parameters(upkey,pkey);
+	EVP_PKEY_free(upkey);
+
+	X509_STORE_CTX_init(&xsc,ctx,x,NULL);
+	buf=OPENSSL_malloc(EVP_PKEY_size(pkey)*2+
+		((serialfile == NULL)
 			?(strlen(CAfile)+strlen(POSTFIX)+1)
 			:(strlen(serialfile)))+1);
 	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
@@ -1100,50 +1076,19 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)

 	if (!BN_add_word(serial,1))
 		{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
-	if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
-		{ BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
+	bs2.data=(unsigned char *)buf2;
+	bs2.length=BN_bn2bin(serial,bs2.data);
+
 	if (BIO_write_filename(io,buf) <= 0)
 		{
 		BIO_printf(bio_err,"error attempting to write serial number file\n");
 		perror(buf);
 		goto end;
 		}
-	i2a_ASN1_INTEGER(io,bs2);
+	i2a_ASN1_INTEGER(io,&bs2);
 	BIO_puts(io,"\n");
-
 	BIO_free(io);
-	if (buf) OPENSSL_free(buf);
-	ASN1_INTEGER_free(bs2);
-	BN_free(serial);
 	io=NULL;
-	return bs;
-
-	end:
-	if (buf) OPENSSL_free(buf);
-	BIO_free(io);
-	ASN1_INTEGER_free(bs);
-	BN_free(serial);
-	return NULL;
-
-	}
-
-static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
-	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
-	     int days, int clrext, LHASH *conf, char *section, ASN1_INTEGER *sno)
-	{
-	int ret=0;
-	ASN1_INTEGER *bs=NULL;
-	X509_STORE_CTX xsc;
-	EVP_PKEY *upkey;
-
-	upkey = X509_get_pubkey(xca);
-	EVP_PKEY_copy_parameters(upkey,pkey);
-	EVP_PKEY_free(upkey);
-
-	X509_STORE_CTX_init(&xsc,ctx,x,NULL);
-	if (sno) bs = sno;
-	else if (!(bs = load_serial(CAfile, serialfile, create)))
-		goto end;
 	
 	if (!X509_STORE_add_cert(ctx,x)) goto end;

@@ -1189,7 +1134,10 @@ end:
 	X509_STORE_CTX_cleanup(&xsc);
 	if (!ret)
 		ERR_print_errors(bio_err);
-	if (!sno) ASN1_INTEGER_free(bs);
+	if (buf != NULL) OPENSSL_free(buf);
+	if (bs != NULL) ASN1_INTEGER_free(bs);
+	if (io != NULL)	BIO_free(io);
+	if (serial != NULL) BN_free(serial);
 	return ret;
 	}

@@ -1282,3 +1230,6 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
 		}
 	return 1;
 }
+
+
+
--- a/bugs/stream.c
+++ b/bugs/stream.c
@@ -58,7 +58,7 @@

 #include <stdio.h>
 #include <openssl/rc4.h>
-#ifdef OPENSSL_NO_DES
+#ifdef NO_DES
 #include <des.h>
 #else
 #include <openssl/des.h>
--- a/certs/RegTP-4R.pem
+++ b/certs/RegTP-4R.pem
@@ -1,19 +0,0 @@
-issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-notBefore=Jan 21 16:04:53 1999 GMT
-notAfter=Jan 21 16:04:53 2004 GMT
-subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-----BEGIN CERTIFICATE-----
-MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
-MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
-dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
-MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
-AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
-dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
-IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
-aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
-jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
-5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
-JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
-Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
-JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
-----END CERTIFICATE-----
--- a/certs/RegTP-5R.pem
+++ b/certs/RegTP-5R.pem
@@ -1,19 +0,0 @@
-issuer= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-notBefore=Mar 22 08:55:51 2000 GMT
-notAfter=Mar 22 08:55:51 2005 GMT
-subject= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-----BEGIN CERTIFICATE-----
-MIICaDCCAdSgAwIBAgIDDIOqMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
-OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
-aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4w
-IhgPMjAwMDAzMjIwODU1NTFaGA8yMDA1MDMyMjA4NTU1MVowbzELMAkGA1UEBhMC
-REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
-bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0Eg
-MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAih5BUycfBpqKhU8RDsaS
-vV5AtzWeXQRColL9CH3t0DKnhjKAlJ8iccFtJNv+d3bh8bb9sh0maRSo647xP7hs
-HTjKgTE4zM5BYNfXvST79OtcMgAzrnDiGjQIIWv8xbfV1MqxxdtZJygrwzRMb9jG
-CAGoJEymoyzAMNG7tSdBWnUCBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
-KyQDAwECBQADgYEAOaK8ihVSBUcL2IdVBxZYYUKwMz5m7H3zqhN8W9w+iafWudH6
-b+aahkbENEwzg3C3v5g8nze7v7ssacQze657LHjP+e7ksUDIgcS4R1pU2eN16bjS
-P/qGPF3rhrIEHoK5nJULkjkZYTtNiOvmQ/+G70TXDi3Os/TwLlWRvu+7YLM=
-----END CERTIFICATE-----
--- a/certs/RegTP-6R.pem
+++ b/certs/RegTP-6R.pem
@@ -1,19 +0,0 @@
-issuer= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-notBefore=Feb  1 09:52:17 2001 GMT
-notAfter=Jun  1 09:52:17 2005 GMT
-subject= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-----BEGIN CERTIFICATE-----
-MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
-OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
-aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
-IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
-REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
-bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
-MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
-wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
-mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
-ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
-KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
-IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
-XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
-----END CERTIFICATE-----
--- a/149
+++ b/149
@@ -20,31 +20,6 @@
 # Be as similar to the output of config.guess/config.sub
 # as possible.

-PREFIX=""
-SUFFIX=""
-TEST="false"
-
-# pick up any command line args to config
-for i
-do
-case "$i" in 
-d*) PREFIX="debug-";;
-t*) TEST="true";;
-h*) TEST="true"; cat <<EOF
-Usage: config [options]
- -d	Add a debug- prefix to machine choice.
- -t	Test mode, do not run the Configure perl script.
- -h	This help.
-
-Any other text will be passed to the Configure perl script.
-See INSTALL for instructions.
-
-EOF
-;;
-*) options=$options" $i" ;;
-esac
-done
-
 # First get uname entries that we use below

 MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
@@ -74,10 +49,18 @@ if [ "x$XREL" != "x" ]; then
 		echo "whatever-whatever-sco5"; exit 0
 		;;
 	    4.2MP)
-		if [ "x$VERSION" = "x2.1.1" ]; then
+		if [ "x$VERSION" = "x2.01" ]; then
+		    echo "${MACHINE}-whatever-unixware201"; exit 0
+		elif [ "x$VERSION" = "x2.02" ]; then
+		    echo "${MACHINE}-whatever-unixware202"; exit 0
+		elif [ "x$VERSION" = "x2.03" ]; then
+		    echo "${MACHINE}-whatever-unixware203"; exit 0
+		elif [ "x$VERSION" = "x2.1.1" ]; then
 		    echo "${MACHINE}-whatever-unixware211"; exit 0
 		elif [ "x$VERSION" = "x2.1.2" ]; then
 		    echo "${MACHINE}-whatever-unixware212"; exit 0
+		elif [ "x$VERSION" = "x2.1.3" ]; then
+		    echo "${MACHINE}-whatever-unixware213"; exit 0
 		else
 		    echo "${MACHINE}-whatever-unixware2"; exit 0
 		fi
@@ -104,6 +87,14 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "m68k-apple-aux3"; exit 0
 	;;

+    AIX:[3456789]:4:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
+	;;
+
+    AIX:*:[56789]:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
+	;;
+
    AIX:*)
 	echo "${MACHINE}-ibm-aix"; exit 0
 	;;
@@ -151,10 +142,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-linux1"; exit 0
 	;;

-    GNU*)
-	echo "hurd-x86"; exit 0;
-	;;
-
    LynxOS:*)
 	echo "${MACHINE}-lynx-lynxos"; exit 0
 	;;
@@ -232,18 +219,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "ppc-apple-rhapsody"; exit 0
 	;;

-    Darwin:*)
-	case "$MACHINE" in
-	    Power*)
-		echo "ppc-apple-darwin${VERSION}"
-		;;
-	    *)
-		echo "i386-apple-darwin${VERSION}"
-		;;
-	esac
-	exit 0
-	;;
-
    SunOS:5.*)
 	echo "${MACHINE}-whatever-solaris2"; exit 0
 	;;
@@ -333,6 +308,31 @@ exit 0
 # this is where the translation occurs into SSLeay terms
 # ---------------------------------------------------------------------------

+PREFIX=""
+SUFFIX=""
+TEST="false"
+
+# pick up any command line args to config
+for i
+do
+case "$i" in 
+-d*) PREFIX="debug-";;
+-t*) TEST="true";;
+-h*) TEST="true"; cat <<EOF
+Usage: config [options]
+ -d	Add a debug- prefix to machine choice.
+ -t	Test mode, do not run the Configure perl script.
+ -h	This help.
+
+Any other text will be passed to the Configure perl script.
+See INSTALL for instructions.
+
+EOF
+;;
+*) options=$options" $i" ;;
+esac
+done
+
 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
 GCCVER=`(gcc --version) 2>/dev/null`
@@ -411,9 +411,7 @@ case "$GUESSOS" in
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
 	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
 	echo "         Type return if you want to continue, Ctrl-C to abort."
-	if [ "$TEST" = "false" ]; then
 	read waste < /dev/tty
-	fi
        CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
        CPU=${CPU:-0}
        if [ $CPU -ge 5000 ]; then
@@ -437,28 +435,11 @@ case "$GUESSOS" in
 	    esac
 	fi
 	;;
-  mips-*-linux?)
-          cat >dummy.c <<EOF
-#include <stdio.h>  /* for printf() prototype */
-        int main (argc, argv) int argc; char *argv[]; {
-#ifdef __MIPSEB__
-  printf ("linux-%s\n", argv[1]);
-#endif
-#ifdef __MIPSEL__
-  printf ("linux-%sel\n", argv[1]);
-#endif
-  return 0;
-}
-EOF
-	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
-	rm dummy dummy.c
-	;;
+  mips-*-linux?) OUT="linux-mips" ;;
  ppc-*-linux2) OUT="linux-ppc" ;;
  m68k-*-linux*) OUT="linux-m68k" ;;
  ia64-*-linux?) OUT="linux-ia64" ;;
  ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
-  ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
-  i386-apple-darwin*) OUT="darwin-i386-cc" ;;
  sparc64-*-linux2)
 	#Before we can uncomment following lines we have to wait at least
 	#till 64-bit glibc for SPARC is operational:-(
@@ -485,10 +466,8 @@ EOF
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
 		echo "         Type return if you want to continue, Ctrl-C to abort."
-		if [ "$TEST" = "false" ]; then
 		read waste < /dev/tty
 	fi
-	fi
 	OUT="solaris-sparcv9-$CC" ;;
  sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
  sun4d-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
@@ -510,9 +489,12 @@ EOF
  *-*-unixware7) OUT="unixware-7" ;;
  *-*-UnixWare7) OUT="unixware-7" ;;
  *-*-Unixware7) OUT="unixware-7" ;;
-  *-*-unixware[1-2]*) OUT="unixware-2.0" ;;
-  *-*-UnixWare[1-2]*) OUT="unixware-2.0" ;;
-  *-*-Unixware[1-2]*) OUT="unixware-2.0" ;;
+  *-*-unixware20*) OUT="unixware-2.0" ;;
+  *-*-unixware21*) OUT="unixware-2.1" ;;
+  *-*-UnixWare20*) OUT="unixware-2.0" ;;
+  *-*-UnixWare21*) OUT="unixware-2.1" ;;
+  *-*-Unixware20*) OUT="unixware-2.0" ;;
+  *-*-Unixware21*) OUT="unixware-2.1" ;;
  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
@@ -538,6 +520,16 @@ esac
 #  options="$options -DATALLA"
 #fi

+#get some basic shared lib support (behnke@trustcenter.de)
+case "$OUT" in
+   solaris-*-gcc)
+	if  [ "$SHARED" = "true" ] 
+	 then
+	  options="$options -DPIC -fPIC"
+        fi
+     ;;
+esac
+
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
 then
@@ -557,7 +549,7 @@ case "$GUESSOS" in
  i386-*) options="$options 386" ;;
 esac

-for i in bf cast des dh dsa ec hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+for i in bf cast des dh dsa hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
 do
  if [ ! -d crypto/$i ]
  then
@@ -565,27 +557,6 @@ do
  fi
 done

-# Discover Kerberos 5 (since it's still a prototype, we don't
-# do any guesses yet, that's why this section is commented away.
-#if [ -d /usr/kerberos ]; then
-#    krb5_dir=/usr/kerberos
-#    if [ \( -f $krb5_dir/lib/libgssapi_krb5.a -o -f $krb5_dir/lib/libgssapi_krb5.so* \)\
-#	-a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
-#	-a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
-#	-a \( -f $krb5_dir/lib/libk5crypto.a -o -f $krb5_dir/lib/libk5crypto.so* \)\
-#	-a \( -f $krb5_dir/include/krb5.h \) ]; then
-#	options="$options --with-krb5-flavor=MIT"
-#    fi
-#elif [ -d /usr/heimdal ]; then
-#    krb5_dir=/usr/heimdal
-#    if [ \( -f $krb5_dir/lib/libgssapi.a -o -f $krb5_dir/lib/libgssapi.so* \)\
-#	-a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
-#	-a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
-#	-a \( -f $krb5_dir/include/krb5.h \) ]; then
-#	options="$options --with-krb5-flavor=Heimdal"
-#    fi
-#fi
-
 if [ -z "$OUT" ]; then
  OUT="$CC"
 fi
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -5,15 +5,14 @@
 DIR=		crypto
 TOP=		..
 CC=		cc
-INCLUDE=	-I. -I$(TOP) -I../include
-INCLUDES=	-I.. -I../.. -I../../include
+INCLUDE=	-I. -I../include
+INCLUDES=	-I.. -I../../include
 CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPPROG=	makedepend
-MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=       Makefile.ssl
 RM=             rm -f
 AR=		ar r
@@ -28,9 +27,9 @@ LIBS=

 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa dh dso engine rijndael \
+	bn rsa dsa dh dso engine \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

 GENERAL=Makefile README crypto-lib.com install.com

@@ -74,7 +73,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making 'files' in crypto/$$i..." && \
+	(cd $$i; echo "making 'files' in crypto/$$i..."; \
 	$(MAKE) PERL='${PERL}' files ); \
 	done;

@@ -85,26 +84,27 @@ links:
 	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@for i in $(SDIRS); do \
-	(cd $$i && echo "making links in crypto/$$i..." && \
+	(cd $$i; echo "making links in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
 	done;

 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB) || echo Never mind.
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib

 libs:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making libs in crypto/$$i..." && \
+	(cd $$i; echo "making libs in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
 	done;

 tests:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making tests in crypto/$$i..." && \
+	(cd $$i; echo "making tests in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
 	done;

@@ -116,14 +116,14 @@ install:
 	done;
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making install in crypto/$$i..." && \
+	(cd $$i; echo "making install in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
 	done;

 lint:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making lint in crypto/$$i..." && \
+	(cd $$i; echo "making lint in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
 	done;

@@ -133,7 +133,7 @@ depend:
 	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making depend in crypto/$$i..." && \
+	(cd $$i; echo "making depend in crypto/$$i..."; \
 	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
 	done;

@@ -141,7 +141,7 @@ clean:
 	rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making clean in crypto/$$i..." && \
+	(cd $$i; echo "making clean in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
 	done;

@@ -150,56 +150,54 @@ dclean:
 	mv -f Makefile.new $(MAKEFILE)
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i && echo "making dclean in crypto/$$i..." && \
+	(cd $$i; echo "making dclean in crypto/$$i..."; \
 	$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
 	done;

 # DO NOT DELETE THIS LINE -- make depend depends on it.

 cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
-cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
 cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cpt_err.c
-cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
-cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-cryptlib.o: ../include/openssl/symhacks.h cryptlib.c cryptlib.h
-cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
-cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h cversion.c
-ebcdic.o: ../include/openssl/opensslconf.h ebcdic.c
-ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
-ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ex_data.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-ex_data.o: ../include/openssl/symhacks.h cryptlib.h ex_data.c
-mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
-mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c
-mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
-mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
-tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
-tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-tmdiff.o: ../include/openssl/symhacks.h ../include/openssl/tmdiff.h cryptlib.h
-tmdiff.o: tmdiff.c
-uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
+cversion.o: cryptlib.h
+ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
+uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
 uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-uid.o: ../include/openssl/symhacks.h uid.c
+uid.o: ../include/openssl/symhacks.h
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -60,9 +60,27 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>

+ASN1_BIT_STRING *ASN1_BIT_STRING_new(void)
+{ return M_ASN1_BIT_STRING_new(); }
+
+void ASN1_BIT_STRING_free(ASN1_BIT_STRING *x)
+{ M_ASN1_BIT_STRING_free(x); }
+
 int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
 { return M_ASN1_BIT_STRING_set(x, d, len); }

+int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+{
+	int len, ret;
+	len = i2c_ASN1_BIT_STRING(a, NULL);	
+	ret=ASN1_object_size(0,len,V_ASN1_BIT_STRING);
+	if(pp) {
+		ASN1_put_object(pp,0,len,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
+		i2c_ASN1_BIT_STRING(a, pp);	
+	}
+	return ret;
+}
+
 int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	{
 	int ret,j,bits,len;
@@ -111,6 +129,40 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	return(ret);
 	}

+
+/* Convert DER encoded ASN1 BIT_STRING to ASN1_BIT_STRING structure */
+ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
+	     long length)
+{
+	unsigned char *p;
+	long len;
+	int i;
+	int inf,tag,xclass;
+	ASN1_BIT_STRING *ret;
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_BIT_STRING)
+		{
+		i=ASN1_R_EXPECTING_A_BIT_STRING;
+		goto err;
+		}
+	if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
+	ret = c2i_ASN1_BIT_STRING(a, &p, len);
+	if(ret) *pp = p;
+	return ret;
+err:
+	ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
+	return(NULL);
+
+}
+
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
 	     long len)
 	{
--- a/crypto/asn1/a_bmp.c
+++ b/crypto/asn1/a_bmp.c
@@ -0,0 +1,89 @@
+/* crypto/asn1/a_bmp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+ASN1_BMPSTRING *ASN1_BMPSTRING_new(void)
+{ return M_ASN1_BMPSTRING_new(); }
+
+void ASN1_BMPSTRING_free(ASN1_BMPSTRING *x)
+{ M_ASN1_BMPSTRING_free(x); }
+
+int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp)
+	{
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_BMPSTRING,V_ASN1_UNIVERSAL));
+	}
+
+ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_BMPSTRING *ret=NULL;
+
+	ret=(ASN1_BMPSTRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
+		pp,length,V_ASN1_BMPSTRING,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_BMPSTRING,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+	return(ret);
+	}
+
--- a/crypto/asn1/a_bool.c
+++ b/crypto/asn1/a_bool.c
@@ -58,7 +58,7 @@

 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1t.h>
+#include <openssl/asn1.h>

 int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
 	{
@@ -110,5 +110,3 @@ err:
 	ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
 	return(ret);
 	}
-
-
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@@ -58,26 +58,19 @@

 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>

 static unsigned long tag2bit[32]={
 0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
 B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
 B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
 B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,   /* tags 16-19 */
-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
-B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,			       /* tags 23-24 */	
-B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
+0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
+0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
 	};

-unsigned long ASN1_tag2bit(int tag)
-{
-	if((tag < 0) || (tag > 30)) return 0;
-	return tag2bit[tag];
-}
-
 static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
 /* type is a 'bitmap' of acceptable string types.
 */
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -61,11 +61,9 @@
 #include <openssl/buffer.h>
 #include <openssl/asn1_mac.h>

-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
-
-#ifndef NO_OLD_ASN1
-#ifndef OPENSSL_NO_FP_API
+#define HEADER_SIZE   8

+#ifndef NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
 	     unsigned char **x)
        {
@@ -87,65 +85,10 @@ char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
 char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
 	     unsigned char **x)
 	{
-	BUF_MEM *b = NULL;
-	unsigned char *p;
-	char *ret=NULL;
-	int len;
-
-	len = asn1_d2i_read_bio(in, &b);
-	if(len < 0) goto err;
-
-	p=(unsigned char *)b->data;
-	ret=d2i(x,&p,len);
-err:
-	if (b != NULL) BUF_MEM_free(b);
-	return(ret);
-	}
-
-#endif
-
-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
-	{
-	BUF_MEM *b = NULL;
-	unsigned char *p;
-	void *ret=NULL;
-	int len;
-
-	len = asn1_d2i_read_bio(in, &b);
-	if(len < 0) goto err;
-
-	p=(unsigned char *)b->data;
-	ret=ASN1_item_d2i(x,&p,len, it);
-err:
-	if (b != NULL) BUF_MEM_free(b);
-	return(ret);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
-        {
-        BIO *b;
-        char *ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
-                return(NULL);
-		}
-        BIO_set_fp(b,in,BIO_NOCLOSE);
-        ret=ASN1_item_d2i_bio(it,b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-#define HEADER_SIZE   8
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
-	{
 	BUF_MEM *b;
 	unsigned char *p;
 	int i;
-	int ret=-1;
+	char *ret=NULL;
 	ASN1_CTX c;
 	int want=HEADER_SIZE;
 	int eos=0;
@@ -156,7 +99,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 	if (b == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
-		return -1;
+		return(NULL);
 		}

 	ERR_clear_error();
@@ -244,8 +187,8 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 			}
 		}

-	*pb = b;
-	return off;
+	p=(unsigned char *)b->data;
+	ret=d2i(x,&p,off);
 err:
 	if (b != NULL) BUF_MEM_free(b);
 	return(ret);
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -69,11 +69,10 @@
 #include <openssl/buffer.h>
 #include <openssl/x509.h>

-#ifndef NO_ASN1_OLD
-
 int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 		unsigned char *md, unsigned int *len)
 	{
+	EVP_MD_CTX ctx;
 	int i;
 	unsigned char *str,*p;

@@ -82,24 +81,9 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 	p=str;
 	i2d(data,&p);

-	EVP_Digest(str, i, md, len, type);
-	OPENSSL_free(str);
-	return(1);
-	}
-
-#endif
-
-
-int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
-		unsigned char *md, unsigned int *len)
-	{
-	int i;
-	unsigned char *str = NULL;
-
-	i=ASN1_item_i2d(asn,&str, it);
-	if (!str) return(0);
-
-	EVP_Digest(str, i, md, len, type);
+	EVP_DigestInit(&ctx,type);
+	EVP_DigestUpdate(&ctx,str,i);
+	EVP_DigestFinal(&ctx,md,len);
 	OPENSSL_free(str);
 	return(1);
 	}
--- a/crypto/asn1/a_dup.c
+++ b/crypto/asn1/a_dup.c
@@ -58,9 +58,9 @@

 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>

-#ifndef NO_OLD_ASN1
+#define READ_CHUNK   2048

 char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 	{
@@ -81,27 +81,3 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 	OPENSSL_free(b);
 	return(ret);
 	}
-
-#endif
-
-/* ASN1_ITEM version of dup: this follows the model above except we don't need
- * to allocate the buffer. At some point this could be rewritten to directly dup
- * the underlying structure instead of doing and encode and decode.
- */
-
-void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
-	{
-	unsigned char *b = NULL, *p;
-	long i;
-	void *ret;
-
-	if (x == NULL) return(NULL);
-
-	i=ASN1_item_i2d(x,&b,it);
-	if (b == NULL)
-		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
-	p= b;
-	ret=ASN1_item_d2i(NULL,&p,i, it);
-	OPENSSL_free(b);
-	return(ret);
-	}
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -65,6 +65,60 @@
 * for comments on encoding see a_int.c
 */

+ASN1_ENUMERATED *ASN1_ENUMERATED_new(void)
+{ return M_ASN1_ENUMERATED_new(); }
+
+void ASN1_ENUMERATED_free(ASN1_ENUMERATED *x)
+{ M_ASN1_ENUMERATED_free(x); }
+
+
+int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
+{
+	int len, ret;
+	if(!a) return 0;
+	len = i2c_ASN1_INTEGER(a, NULL);	
+	ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
+	if(pp) {
+		ASN1_put_object(pp,0,len,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
+		i2c_ASN1_INTEGER(a, pp);	
+	}
+	return ret;
+}
+
+ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
+	     long length)
+{
+	unsigned char *p;
+	long len;
+	int i;
+	int inf,tag,xclass;
+	ASN1_ENUMERATED *ret;
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_ENUMERATED)
+		{
+		i=ASN1_R_EXPECTING_AN_ENUMERATED;
+		goto err;
+		}
+	ret = c2i_ASN1_INTEGER(a, &p, len);
+	if(ret) {
+		ret->type = (V_ASN1_NEG & ret->type) | V_ASN1_ENUMERATED;
+		*pp = p;
+	}
+	return ret;
+err:
+	ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
+	return(NULL);
+
+}
+
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
 	{
 	int i,j,k;
@@ -114,7 +168,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 	if (i == V_ASN1_NEG_ENUMERATED)
 		neg=1;
 	else if (i != V_ASN1_ENUMERATED)
-		return -1;
+		return(0);
 	
 	if (a->length > sizeof(long))
 		{
@@ -122,7 +176,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 		return(0xffffffffL);
 		}
 	if (a->data == NULL)
-		return 0;
+		return(0);

 	for (i=0; i<a->length; i++)
 		{
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -63,7 +63,11 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>

-#if 0
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void)
+{ return M_ASN1_GENERALIZEDTIME_new(); }
+
+void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *x)
+{ M_ASN1_GENERALIZEDTIME_free(x); }

 int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
 	{
@@ -112,8 +116,6 @@ err:
 	return(NULL);
 	}

-#endif
-
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
 	{
 	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
@@ -180,7 +182,6 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
 			{
 			ASN1_STRING_set((ASN1_STRING *)s,
 				(unsigned char *)str,t.length);
-			s->type=V_ASN1_GENERALIZEDTIME;
 			}
 		return(1);
 		}
@@ -193,7 +194,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	{
 	char *p;
 	struct tm *ts;
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
+#if defined(THREADS) && !defined(WIN32)
 	struct tm data;
 #endif

@@ -202,7 +203,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	if (s == NULL)
 		return(NULL);

-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
+#if defined(THREADS) && !defined(WIN32)
 	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
 	ts=&data;
 #else
--- a/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.c
@@ -59,11 +59,9 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>

-#ifndef NO_OLD_ASN1
-
-#ifndef OPENSSL_NO_FP_API
+#ifndef NO_FP_API
 int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
        {
        BIO *b;
@@ -113,51 +111,3 @@ int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
 	OPENSSL_free(b);
 	return(ret);
 	}
-
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,out,BIO_NOCLOSE);
-        ret=ASN1_item_i2d_bio(it,b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
-	{
-	unsigned char *b = NULL;
-	int i,j=0,n,ret=1;
-
-	n = ASN1_item_i2d(x, &b, it);
-	if (b == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-
-	for (;;)
-		{
-		i=BIO_write(out,&(b[j]),n);
-		if (i == n) break;
-		if (i <= 0)
-			{
-			ret=0;
-			break;
-			}
-		j+=i;
-		n-=i;
-		}
-	OPENSSL_free(b);
-	return(ret);
-	}
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -60,12 +60,33 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>

+ASN1_INTEGER *ASN1_INTEGER_new(void)
+{ return M_ASN1_INTEGER_new();}
+
+void ASN1_INTEGER_free(ASN1_INTEGER *x)
+{ M_ASN1_INTEGER_free(x);}
+
 ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
 { return M_ASN1_INTEGER_dup(x);}

 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
 { return M_ASN1_INTEGER_cmp(x,y);}

+/* Output ASN1 INTEGER including tag+length */
+
+int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+{
+	int len, ret;
+	if(!a) return 0;
+	len = i2c_ASN1_INTEGER(a, NULL);	
+	ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
+	if(pp) {
+		ASN1_put_object(pp,0,len,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
+		i2c_ASN1_INTEGER(a, pp);	
+	}
+	return ret;
+}
+
 /* 
 * This converts an ASN1 INTEGER into its content encoding.
 * The internal representation is an ASN1_STRING whose data is a big endian
@@ -153,6 +174,39 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 	return(ret);
 	}

+/* Convert DER encoded ASN1 INTEGER to ASN1_INTEGER structure */
+ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
+	     long length)
+{
+	unsigned char *p;
+	long len;
+	int i;
+	int inf,tag,xclass;
+	ASN1_INTEGER *ret;
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_INTEGER)
+		{
+		i=ASN1_R_EXPECTING_AN_INTEGER;
+		goto err;
+		}
+	ret = c2i_ASN1_INTEGER(a, &p, len);
+	if(ret) *pp = p;
+	return ret;
+err:
+	ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
+	return(NULL);
+
+}
+
+
 /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */

 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
@@ -360,7 +414,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
 	if (i == V_ASN1_NEG_INTEGER)
 		neg=1;
 	else if (i != V_ASN1_INTEGER)
-		return -1;
+		return(0);
 	
 	if (a->length > sizeof(long))
 		{
@@ -368,7 +422,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
 		return(0xffffffffL);
 		}
 	if (a->data == NULL)
-		return 0;
+		return(0);

 	for (i=0; i<a->length; i++)
 		{
@@ -399,12 +453,6 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	len=((j == 0)?0:((j/8)+1));
 	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
 	ret->length=BN_bn2bin(bn,ret->data);
-	/* Correct zero case */
-	if(!ret->length)
-		{
-		ret->data[0] = 0;
-		ret->length = 1;
-		}
 	return(ret);
 err:
 	if (ret != ai) M_ASN1_INTEGER_free(ret);
--- a/crypto/asn1/a_null.c
+++ b/crypto/asn1/a_null.c
@@ -1,9 +1,9 @@
-/* dh_asn1.c */
+/* a_null.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
+ * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -58,30 +58,62 @@

 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/objects.h>
-#include <openssl/asn1t.h>
+#include <openssl/asn1.h>

-/* Override the default free and new methods */
-static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+/* ASN1 functions for NULL type. For compatibility with other ASN1 code
+ * it returns a pointer to an "ASN1_NULL" structure. The new/free functions
+ * don't need to do any allocating because nothing is stored in a NULL.
+ */
+
+int i2d_ASN1_NULL(ASN1_NULL *a, unsigned char **pp)
 	{
-	if(operation == ASN1_OP_NEW_PRE) {
-		*pval = (ASN1_VALUE *)DH_new();
-		if(*pval) return 2;
-		return 0;
-	} else if(operation == ASN1_OP_FREE_PRE) {
-		DH_free((DH *)*pval);
-		*pval = NULL;
+	if(!a) return 0;
+	if (pp) ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL);
 	return 2;
 	}
-	return 1;
+
+ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, unsigned char **pp, long length)
+	{
+	ASN1_NULL *ret = NULL;
+	unsigned char *p;
+	long len;
+	int inf,tag,xclass;
+	int i=0;
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
 		}

-ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
-	ASN1_SIMPLE(DH, p, BIGNUM),
-	ASN1_SIMPLE(DH, g, BIGNUM),
-	ASN1_OPT(DH, length, ZLONG),
-} ASN1_SEQUENCE_END_cb(DH, DHparams)
+	if (tag != V_ASN1_NULL)
+		{
+		i=ASN1_R_EXPECTING_A_NULL;
+		goto err;
+		}

-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
+	if (len != 0)
+		{
+		i=ASN1_R_NULL_IS_WRONG_LENGTH;
+		goto err;
+		}
+	ret=(ASN1_NULL *)1;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_NULL,i);
+	return(ret);
+	}
+
+ASN1_NULL *ASN1_NULL_new(void)
+{
+	return (ASN1_NULL *)1;
+}
+
+void ASN1_NULL_free(ASN1_NULL *a)
+{
+	return;
+}
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -302,7 +302,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
 	}

 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
-	     const char *sn, const char *ln)
+	     char *sn, char *ln)
 	{
 	ASN1_OBJECT o;

--- a/crypto/asn1/a_octet.c
+++ b/crypto/asn1/a_octet.c
@@ -60,6 +60,12 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>

+ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void)
+{ return M_ASN1_OCTET_STRING_new(); }
+
+void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *x)
+{ M_ASN1_OCTET_STRING_free(x); }
+
 ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
 { return M_ASN1_OCTET_STRING_dup(x); }

@@ -69,3 +75,21 @@ int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
 int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len)
 { return M_ASN1_OCTET_STRING_set(x, d, len); }

+int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **pp)
+{ return M_i2d_ASN1_OCTET_STRING(a, pp); }
+
+ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
+	     unsigned char **pp, long length)
+	{
+	ASN1_OCTET_STRING *ret=NULL;
+
+	ret=(ASN1_OCTET_STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
+		pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+	return(ret);
+	}
+
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -60,6 +60,50 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>

+ASN1_IA5STRING *ASN1_IA5STRING_new(void)
+{ return M_ASN1_IA5STRING_new();}
+
+void ASN1_IA5STRING_free(ASN1_IA5STRING *x)
+{ M_ASN1_IA5STRING_free(x);}
+
+int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **pp)
+	{ return(M_i2d_ASN1_IA5STRING(a,pp)); }
+
+ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_ASN1_IA5STRING(a,pp,l)); }
+
+ASN1_T61STRING *ASN1_T61STRING_new(void)
+{ return M_ASN1_T61STRING_new();}
+
+void ASN1_T61STRING_free(ASN1_T61STRING *x)
+{ M_ASN1_T61STRING_free(x);}
+
+ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_ASN1_T61STRING(a,pp,l)); }
+
+ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void)
+{ return M_ASN1_PRINTABLESTRING_new();}
+
+void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *x)
+{ M_ASN1_PRINTABLESTRING_free(x);}
+
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
+	     unsigned char **pp, long l)
+	{ return(M_d2i_ASN1_PRINTABLESTRING(a,pp,
+	     l)); }
+
+int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp)
+	{ return(M_i2d_ASN1_PRINTABLESTRING(a,pp)); }
+
+int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **pp)
+	{ return(M_i2d_ASN1_PRINTABLE(a,pp)); }
+
+ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_ASN1_PRINTABLE(a,pp,l)); }
+
 int ASN1_PRINTABLE_type(unsigned char *s, int len)
 	{
 	int c;
@@ -125,3 +169,29 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
 	s->type=ASN1_PRINTABLE_type(s->data,s->length);
 	return(1);
 	}
+
+ASN1_STRING *DIRECTORYSTRING_new(void)
+{ return M_DIRECTORYSTRING_new();}
+
+void DIRECTORYSTRING_free(ASN1_STRING *x)
+{ M_DIRECTORYSTRING_free(x);}
+
+int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **pp)
+	{ return(M_i2d_DIRECTORYSTRING(a,pp)); }
+
+ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_DIRECTORYSTRING(a,pp,l)); }
+
+ASN1_STRING *DISPLAYTEXT_new(void)
+{ return M_DISPLAYTEXT_new();}
+
+void DISPLAYTEXT_free(ASN1_STRING *x)
+{ M_DISPLAYTEXT_free(x);}
+
+int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **pp)
+	{ return(M_i2d_DISPLAYTEXT(a,pp)); }
+
+ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_DISPLAYTEXT(a,pp,l)); }
--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -60,8 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>

-#ifndef NO_ASN1_OLD
-
 typedef struct
    {
    unsigned char *pbData;
@@ -217,4 +215,3 @@ err:
 	return(NULL);
 	}

-#endif
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -71,8 +71,6 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>

-#ifndef NO_ASN1_OLD
-
 int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	     ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
 	     const EVP_MD *type)
@@ -148,78 +146,3 @@ err:
 		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
 	return(outl);
 	}
-
-#endif
-
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
-	     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
-	     const EVP_MD *type)
-	{
-	EVP_MD_CTX ctx;
-	unsigned char *buf_in=NULL,*buf_out=NULL;
-	int i,inl=0,outl=0,outll=0;
-	X509_ALGOR *a;
-
-	for (i=0; i<2; i++)
-		{
-		if (i == 0)
-			a=algor1;
-		else
-			a=algor2;
-		if (a == NULL) continue;
-		if (	(a->parameter == NULL) || 
-			(a->parameter->type != V_ASN1_NULL))
-			{
-			ASN1_TYPE_free(a->parameter);
-			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
-			a->parameter->type=V_ASN1_NULL;
-			}
-		ASN1_OBJECT_free(a->algorithm);
-		a->algorithm=OBJ_nid2obj(type->pkey_type);
-		if (a->algorithm == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
-			goto err;
-			}
-		if (a->algorithm->length == 0)
-			{
-			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-			goto err;
-			}
-		}
-	inl=ASN1_item_i2d(asn,&buf_in, it);
-	outll=outl=EVP_PKEY_size(pkey);
-	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
-	if ((buf_in == NULL) || (buf_out == NULL))
-		{
-		outl=0;
-		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	EVP_SignInit(&ctx,type);
-	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
-	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
-			(unsigned int *)&outl,pkey))
-		{
-		outl=0;
-		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
-		goto err;
-		}
-	if (signature->data != NULL) OPENSSL_free(signature->data);
-	signature->data=buf_out;
-	buf_out=NULL;
-	signature->length=outl;
-	/* In the interests of compatibility, I'll make sure that
-	 * the bit string has a 'not-used bits' value of 0
-	 */
-	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-err:
-	memset(&ctx,0,sizeof(ctx));
-	if (buf_in != NULL)
-		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
-	if (buf_out != NULL)
-		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
-	return(outl);
-	}
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -491,24 +491,12 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,

 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
 {
-	if(flags == XN_FLAG_COMPAT)
-		return X509_NAME_print(out, nm, indent);
 	return do_name_ex(send_bio_chars, out, nm, indent, flags);
 }


 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
 {
-	if(flags == XN_FLAG_COMPAT)
-		{
-		BIO *btmp;
-		int ret;
-		btmp = BIO_new_fp(fp, BIO_NOCLOSE);
-		if(!btmp) return -1;
-		ret = X509_NAME_print(btmp, nm, indent);
-		BIO_free(btmp);
-		return ret;
-		}
 	return do_name_ex(send_fp_chars, fp, nm, indent, flags);
 }

--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -64,13 +64,14 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include <openssl/asn1t.h>
+#include <openssl/asn1.h>

-IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
+ASN1_TIME *ASN1_TIME_new(void)
+{ return M_ASN1_TIME_new(); }

-IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
+void ASN1_TIME_free(ASN1_TIME *x)
+{ M_ASN1_TIME_free(x); }

-#if 0
 int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
 	{
 #ifdef CHARSET_EBCDIC
@@ -94,13 +95,25 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
 	ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
 	return -1;
 	}
-#endif
+
+
+ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
+	{
+	unsigned char tag;
+	tag = **pp & ~V_ASN1_CONSTRUCTED;
+	if(tag == (V_ASN1_UTCTIME|V_ASN1_UNIVERSAL))
+					 return d2i_ASN1_UTCTIME(a, pp, length);
+	if(tag == (V_ASN1_GENERALIZEDTIME|V_ASN1_UNIVERSAL))
+				return d2i_ASN1_GENERALIZEDTIME(a, pp, length);
+	ASN1err(ASN1_F_D2I_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
+	return(NULL);
+	}


 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 	{
 	struct tm *ts;
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(__CYGWIN32__)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
 	struct tm data;

 	gmtime_r(&t,&data);
@@ -112,49 +125,3 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 					return ASN1_UTCTIME_set(s, t);
 	return ASN1_GENERALIZEDTIME_set(s,t);
 	}
-
-int ASN1_TIME_check(ASN1_TIME *t)
-	{
-	if (t->type == V_ASN1_GENERALIZEDTIME)
-		return ASN1_GENERALIZEDTIME_check(t);
-	else if (t->type == V_ASN1_UTCTIME)
-		return ASN1_UTCTIME_check(t);
-	return 0;
-	}
-
-/* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
-	{
-	ASN1_GENERALIZEDTIME *ret;
-	char *str;
-
-	if (!ASN1_TIME_check(t)) return NULL;
-
-	if (!out || !*out)
-		{
-		if (!(ret = ASN1_GENERALIZEDTIME_new ()))
-			return NULL;
-		if (out) *out = ret;
-		}
-	else ret = *out;
-
-	/* If already GeneralizedTime just copy across */
-	if (t->type == V_ASN1_GENERALIZEDTIME)
-		{
-		if(!ASN1_STRING_set(ret, t->data, t->length))
-			return NULL;
-		return ret;
-		}
-
-	/* grow the string */
-	if (!ASN1_STRING_set(ret, NULL, t->length + 2))
-		return NULL;
-	str = (char *)ret->data;
-	/* Work out the century and prepend */
-	if (t->data[0] >= '5') strcpy(str, "19");
-	else strcpy(str, "20");
-
-	strcat(str, (char *)t->data);
-
-	return ret;
-	}
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -57,8 +57,236 @@
 */

 #include <stdio.h>
-#include <openssl/asn1t.h>
 #include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+
+static void ASN1_TYPE_component_free(ASN1_TYPE *a);
+int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
+	{
+	int r=0;
+
+	if (a == NULL) return(0);
+
+	switch (a->type)
+		{
+	case V_ASN1_NULL:
+		if (pp != NULL)
+			ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL);
+		r=2;
+		break;
+	case V_ASN1_INTEGER:
+	case V_ASN1_NEG_INTEGER:
+		r=i2d_ASN1_INTEGER(a->value.integer,pp);
+		break;
+	case V_ASN1_ENUMERATED:
+	case V_ASN1_NEG_ENUMERATED:
+		r=i2d_ASN1_ENUMERATED(a->value.enumerated,pp);
+		break;
+	case V_ASN1_BIT_STRING:
+		r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp);
+		break;
+	case V_ASN1_OCTET_STRING:
+		r=i2d_ASN1_OCTET_STRING(a->value.octet_string,pp);
+		break;
+	case V_ASN1_OBJECT:
+		r=i2d_ASN1_OBJECT(a->value.object,pp);
+		break;
+	case V_ASN1_PRINTABLESTRING:
+		r=M_i2d_ASN1_PRINTABLESTRING(a->value.printablestring,pp);
+		break;
+	case V_ASN1_T61STRING:
+		r=M_i2d_ASN1_T61STRING(a->value.t61string,pp);
+		break;
+	case V_ASN1_IA5STRING:
+		r=M_i2d_ASN1_IA5STRING(a->value.ia5string,pp);
+		break;
+	case V_ASN1_GENERALSTRING:
+		r=M_i2d_ASN1_GENERALSTRING(a->value.generalstring,pp);
+		break;
+	case V_ASN1_UNIVERSALSTRING:
+		r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp);
+		break;
+	case V_ASN1_UTF8STRING:
+		r=M_i2d_ASN1_UTF8STRING(a->value.utf8string,pp);
+		break;
+	case V_ASN1_VISIBLESTRING:
+		r=M_i2d_ASN1_VISIBLESTRING(a->value.visiblestring,pp);
+		break;
+	case V_ASN1_BMPSTRING:
+		r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp);
+		break;
+	case V_ASN1_UTCTIME:
+		r=i2d_ASN1_UTCTIME(a->value.utctime,pp);
+		break;
+	case V_ASN1_GENERALIZEDTIME:
+		r=i2d_ASN1_GENERALIZEDTIME(a->value.generalizedtime,pp);
+		break;
+	case V_ASN1_SET:
+	case V_ASN1_SEQUENCE:
+	case V_ASN1_OTHER:
+	default:
+		if (a->value.set == NULL)
+			r=0;
+		else
+			{
+			r=a->value.set->length;
+			if (pp != NULL)
+				{
+				memcpy(*pp,a->value.set->data,r);
+				*pp+=r;
+				}
+			}
+		break;
+		}
+	return(r);
+	}
+
+ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
+	{
+	ASN1_TYPE *ret=NULL;
+	unsigned char *q,*p,*max;
+	int inf,tag,xclass;
+	long len;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_TYPE_new()) == NULL) goto err;
+		}
+	else
+		ret=(*a);
+
+	p= *pp;
+	q=p;
+	max=(p+length);
+
+	inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
+	if (inf & 0x80) goto err;
+	/* If not universal tag we've no idea what it is */
+	if(xclass != V_ASN1_UNIVERSAL) tag = V_ASN1_OTHER;
+	
+	ASN1_TYPE_component_free(ret);
+
+	switch (tag)
+		{
+	case V_ASN1_NULL:
+		p=q;
+		ret->value.ptr=NULL;
+		break;
+	case V_ASN1_INTEGER:
+		if ((ret->value.integer=
+			d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_ENUMERATED:
+		if ((ret->value.enumerated=
+			d2i_ASN1_ENUMERATED(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_BIT_STRING:
+		if ((ret->value.bit_string=
+			d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_OCTET_STRING:
+		if ((ret->value.octet_string=
+			d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_VISIBLESTRING:
+		if ((ret->value.visiblestring=
+			d2i_ASN1_VISIBLESTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_UTF8STRING:
+		if ((ret->value.utf8string=
+			d2i_ASN1_UTF8STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_OBJECT:
+		if ((ret->value.object=
+			d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_PRINTABLESTRING:
+		if ((ret->value.printablestring=
+			d2i_ASN1_PRINTABLESTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_T61STRING:
+		if ((ret->value.t61string=
+			M_d2i_ASN1_T61STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_IA5STRING:
+		if ((ret->value.ia5string=
+			M_d2i_ASN1_IA5STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_GENERALSTRING:
+		if ((ret->value.generalstring=
+			M_d2i_ASN1_GENERALSTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_UNIVERSALSTRING:
+		if ((ret->value.universalstring=
+			M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_BMPSTRING:
+		if ((ret->value.bmpstring=
+			M_d2i_ASN1_BMPSTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_UTCTIME:
+		if ((ret->value.utctime=
+			d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_GENERALIZEDTIME:
+		if ((ret->value.generalizedtime=
+			d2i_ASN1_GENERALIZEDTIME(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_SET:
+	case V_ASN1_SEQUENCE:
+	case V_ASN1_OTHER:
+	default:
+		/* Sets and sequences are left complete */
+		if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
+		ret->value.set->type=tag;
+		len+=(q-p);
+		if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
+		p+=len;
+		break;
+		}
+
+	ret->type=tag;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_TYPE_free(ret);
+	return(NULL);
+	}
+
+ASN1_TYPE *ASN1_TYPE_new(void)
+	{
+	ASN1_TYPE *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret,ASN1_TYPE);
+	ret->type= -1;
+	ret->value.ptr=NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW);
+	}
+
+void ASN1_TYPE_free(ASN1_TYPE *a)
+	{
+	if (a == NULL) return;
+	ASN1_TYPE_component_free(a);
+	OPENSSL_free(a);
+	}

 int ASN1_TYPE_get(ASN1_TYPE *a)
 	{
@@ -71,11 +299,54 @@ int ASN1_TYPE_get(ASN1_TYPE *a)
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 	{
 	if (a->value.ptr != NULL)
-		ASN1_primitive_free((ASN1_VALUE **)&a, NULL);
+		ASN1_TYPE_component_free(a);
 	a->type=type;
 	a->value.ptr=value;
 	}

+static void ASN1_TYPE_component_free(ASN1_TYPE *a)
+	{
+	if (a == NULL) return;
+
+	if (a->value.ptr != NULL)
+		{
+		switch (a->type)
+			{
+		case V_ASN1_OBJECT:
+			ASN1_OBJECT_free(a->value.object);
+			break;
+		case V_ASN1_NULL:
+			break;
+		case V_ASN1_INTEGER:
+		case V_ASN1_NEG_INTEGER:
+		case V_ASN1_ENUMERATED:
+		case V_ASN1_NEG_ENUMERATED:
+		case V_ASN1_BIT_STRING:
+		case V_ASN1_OCTET_STRING:
+		case V_ASN1_SEQUENCE:
+		case V_ASN1_SET:
+		case V_ASN1_NUMERICSTRING:
+		case V_ASN1_PRINTABLESTRING:
+		case V_ASN1_T61STRING:
+		case V_ASN1_VIDEOTEXSTRING:
+		case V_ASN1_IA5STRING:
+		case V_ASN1_UTCTIME:
+		case V_ASN1_GENERALIZEDTIME:
+		case V_ASN1_GRAPHICSTRING:
+		case V_ASN1_VISIBLESTRING:
+		case V_ASN1_GENERALSTRING:
+		case V_ASN1_UNIVERSALSTRING:
+		case V_ASN1_BMPSTRING:
+		case V_ASN1_UTF8STRING:
+		case V_ASN1_OTHER:
+		default:
+			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
+			break;
+			}
+		a->type=0;
+		a->value.ptr=NULL;
+		}
+	}

 IMPLEMENT_STACK_OF(ASN1_TYPE)
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -58,15 +58,20 @@

 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 #include <descrip.h>
 #include <lnmdef.h>
 #include <starlet.h>
 #endif
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+ASN1_UTCTIME *ASN1_UTCTIME_new(void)
+{ return M_ASN1_UTCTIME_new(); }
+
+void ASN1_UTCTIME_free(ASN1_UTCTIME *x)
+{ M_ASN1_UTCTIME_free(x); }

-#if 0
 int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
 	{
 #ifndef CHARSET_EBCDIC
@@ -114,8 +119,6 @@ err:
 	return(NULL);
 	}

-#endif
-
 int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
 	{
 	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
@@ -179,7 +182,6 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
 			{
 			ASN1_STRING_set((ASN1_STRING *)s,
 				(unsigned char *)str,t.length);
-			s->type = V_ASN1_UTCTIME;
 			}
 		return(1);
 		}
@@ -191,7 +193,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	{
 	char *p;
 	struct tm *ts;
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(__CYGWIN32__)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)

 	struct tm data;
 #endif
@@ -201,13 +203,13 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	if (s == NULL)
 		return(NULL);

-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(__CYGWIN32__)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
 	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
 	ts=&data;
 #else
 	ts=gmtime(&t);
 #endif
-#ifdef OPENSSL_SYS_VMS
+#ifdef VMS
 	if (ts == NULL)
 		{
 		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
@@ -284,7 +286,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)

 	t -= offset*60; /* FIXME: may overflow in extreme cases */

-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(__CYGWIN32__)
+#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
 	{ struct tm data; gmtime_r(&t, &data); tm = &data; }
 #else
 	tm = gmtime(&t);
--- a/crypto/asn1/a_utf8.c
+++ b/crypto/asn1/a_utf8.c
@@ -60,6 +60,33 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>

+ASN1_UTF8STRING *ASN1_UTF8STRING_new(void)
+{ return M_ASN1_UTF8STRING_new();}
+
+void ASN1_UTF8STRING_free(ASN1_UTF8STRING *x)
+{ M_ASN1_UTF8STRING_free(x);}
+
+int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **pp)
+	{
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL));
+	}
+
+ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_UTF8STRING *ret=NULL;
+
+	ret=(ASN1_UTF8STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
+		pp,length,V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_UTF8STRING,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+	return(ret);
+	}
+

 /* UTF8 utilities */

--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -71,8 +71,6 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>

-#ifndef NO_ASN1_OLD
-
 int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	     char *data, EVP_PKEY *pkey)
 	{
@@ -119,53 +117,3 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 err:
 	return(ret);
 	}
-
-#endif
-
-
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
-	     void *asn, EVP_PKEY *pkey)
-	{
-	EVP_MD_CTX ctx;
-	const EVP_MD *type;
-	unsigned char *buf_in=NULL;
-	int ret= -1,i,inl;
-
-	i=OBJ_obj2nid(a->algorithm);
-	type=EVP_get_digestbyname(OBJ_nid2sn(i));
-	if (type == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-		goto err;
-		}
-
-	inl = ASN1_item_i2d(asn, &buf_in, it);
-	
-	if (buf_in == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	EVP_VerifyInit(&ctx,type);
-	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
-
-	memset(buf_in,0,(unsigned int)inl);
-	OPENSSL_free(buf_in);
-
-	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
-			(unsigned int)signature->length,pkey) <= 0)
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
-		goto err;
-		}
-	/* we don't need to zero the 'ctx' because we just checked
-	 * public information */
-	/* memset(&ctx,0,sizeof(ctx)); */
-	ret=1;
-err:
-	return(ret);
-	}
-
-
--- a/crypto/asn1/a_vis.c
+++ b/crypto/asn1/a_vis.c
@@ -0,0 +1,89 @@
+/* crypto/asn1/a_vis.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+ASN1_VISIBLESTRING *ASN1_VISIBLESTRING_new(void)
+{ return M_ASN1_VISIBLESTRING_new(); }
+
+void ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *x)
+{ M_ASN1_VISIBLESTRING_free(x); }
+
+int i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a, unsigned char **pp)
+	{
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_VISIBLESTRING,V_ASN1_UNIVERSAL));
+	}
+
+ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a,
+	     unsigned char **pp, long length)
+	{
+	ASN1_VISIBLESTRING *ret=NULL;
+
+	ret=(ASN1_VISIBLESTRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
+		pp,length,V_ASN1_VISIBLESTRING,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_VISIBLESTRING,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+	return(ret);
+	}
+
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -60,23 +60,15 @@
 #define HEADER_ASN1_H

 #include <time.h>
-#ifndef OPENSSL_NO_BIO
+#ifndef NO_BIO
 #include <openssl/bio.h>
 #endif
-#include <openssl/e_os2.h>
 #include <openssl/bn.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>

 #include <openssl/symhacks.h>

-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -92,7 +84,6 @@ extern "C" {

 #define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */
 #define V_ASN1_OTHER			-3	/* used in ASN1_TYPE */
-#define V_ASN1_ANY			-4	/* used in ASN1 template code */

 #define V_ASN1_NEG			0x100	/* negative flag */

@@ -145,8 +136,6 @@ extern "C" {
 #define B_ASN1_BMPSTRING	0x0800
 #define B_ASN1_UNKNOWN		0x1000
 #define B_ASN1_UTF8STRING	0x2000
-#define B_ASN1_UTCTIME		0x4000
-#define B_ASN1_GENERALIZEDTIME	0x8000

 /* For use with ASN1_mbstring_copy() */
 #define MBSTRING_FLAG		0x1000
@@ -204,21 +193,6 @@ typedef struct asn1_string_st
 	long flags;
 	} ASN1_STRING;

-/* ASN1_ENCODING structure: this is used to save the received
- * encoding of an ASN1 type. This is useful to get round
- * problems with invalid encodings which can break signatures.
- */
-
-typedef struct ASN1_ENCODING_st
-	{
-	unsigned char *enc;	/* DER encoding */
-	long len;		/* Length of encoding */
-	int modified;		 /* set to 1 if 'enc' is invalid */
-	} ASN1_ENCODING;
-
-/* Used with ASN1 LONG type: if a long is set to this it is omitted */
-#define ASN1_LONG_UNDEF	0x7fffffffL
-
 #define STABLE_FLAGS_MALLOC	0x01
 #define STABLE_NO_MASK		0x02
 #define DIRSTRING_TYPE	\
@@ -263,7 +237,6 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
 #define ASN1_VISIBLESTRING	ASN1_STRING
 #define ASN1_UTF8STRING		ASN1_STRING
 #define ASN1_BOOLEAN		int
-#define ASN1_NULL		int
 #else
 typedef struct asn1_string_st ASN1_INTEGER;
 typedef struct asn1_string_st ASN1_ENUMERATED;
@@ -281,119 +254,9 @@ typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
 typedef struct asn1_string_st ASN1_VISIBLESTRING;
 typedef struct asn1_string_st ASN1_UTF8STRING;
 typedef int ASN1_BOOLEAN;
+#endif
+
 typedef int ASN1_NULL;
-#endif
-
-/* Declarations for template structures: for full definitions
- * see asn1t.h
- */
-typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
-typedef struct ASN1_ITEM_st ASN1_ITEM;
-typedef struct ASN1_TLC_st ASN1_TLC;
-/* This is just an opaque pointer */
-typedef struct ASN1_VALUE_st ASN1_VALUE;
-
-/* Declare ASN1 functions: the implement macro in in asn1t.h */
-
-#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
-
-#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
-	type *name##_new(void); \
-	void name##_free(type *a); \
-	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
-
-#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
-	type *name##_new(void); \
-	void name##_free(type *a); \
-	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
-
-#define	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
-	type *d2i_##name(type **a, unsigned char **in, long len); \
-	int i2d_##name(type *a, unsigned char **out); \
-	DECLARE_ASN1_ITEM(itname)
-
-#define	DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
-	type *d2i_##name(type **a, const unsigned char **in, long len); \
-	int i2d_##name(const type *a, unsigned char **out); \
-	DECLARE_ASN1_ITEM(name)
-
-#define DECLARE_ASN1_FUNCTIONS_const(name) \
-	name *name##_new(void); \
-	void name##_free(name *a);
-
-
-/* The following macros and typedefs allow an ASN1_ITEM
- * to be embedded in a structure and referenced. Since
- * the ASN1_ITEM pointers need to be globally accessible
- * (possibly from shared libraries) they may exist in
- * different forms. On platforms that support it the
- * ASN1_ITEM structure itself will be globally exported.
- * Other platforms will export a function that returns
- * an ASN1_ITEM pointer.
- *
- * To handle both cases transparently the macros below
- * should be used instead of hard coding an ASN1_ITEM
- * pointer in a structure.
- *
- * The structure will look like this:
- *
- * typedef struct SOMETHING_st {
- *      ...
- *      ASN1_ITEM_EXP *iptr;
- *      ...
- * } SOMETHING; 
- *
- * It would be initialised as e.g.:
- *
- * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
- *
- * and the actual pointer extracted with:
- *
- * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
- *
- * Finally an ASN1_ITEM pointer can be extracted from an
- * appropriate reference with: ASN1_ITEM_rptr(X509). This
- * would be used when a function takes an ASN1_ITEM * argument.
- *
- */
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM ASN1_ITEM_EXP;
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#define ASN1_ITEM_ptr(iptr) (iptr)
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
-
-#define ASN1_ITEM_rptr(ref) (&(ref##_it))
-
-#define DECLARE_ASN1_ITEM(name) \
-	OPENSSL_EXTERN const ASN1_ITEM name##_it;
-
-#else
-
-/* Platforms that can't easily handle shared global variables are declared
- * as functions returning ASN1_ITEM pointers.
- */
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#define ASN1_ITEM_ptr(iptr) (iptr())
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#define ASN1_ITEM_ref(iptr) (iptr##_it)
-
-#define ASN1_ITEM_rptr(ref) (ref##_it())
-
-#define DECLARE_ASN1_ITEM(name) \
-	const ASN1_ITEM * name##_it(void);
-
-#endif

 /* Parameters used by ASN1_STRING_print_ex() */

@@ -575,11 +438,12 @@ typedef struct BIT_STRING_BITNAME_st {
 		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
 		V_ASN1_UNIVERSAL)

-#define B_ASN1_TIME \
-			B_ASN1_UTCTIME | \
-			B_ASN1_GENERALIZEDTIME
-
-#define B_ASN1_PRINTABLE \
+#define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+		pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
+		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
 			B_ASN1_PRINTABLESTRING| \
 			B_ASN1_T61STRING| \
 			B_ASN1_IA5STRING| \
@@ -587,28 +451,7 @@ typedef struct BIT_STRING_BITNAME_st {
 			B_ASN1_UNIVERSALSTRING|\
 			B_ASN1_BMPSTRING|\
 			B_ASN1_UTF8STRING|\
-			B_ASN1_UNKNOWN
-
-#define B_ASN1_DIRECTORYSTRING \
-			B_ASN1_PRINTABLESTRING| \
-			B_ASN1_TELETEXSTRING|\
-			B_ASN1_BMPSTRING|\
-			B_ASN1_UNIVERSALSTRING|\
-			B_ASN1_UTF8STRING
-
-#define B_ASN1_DISPLAYTEXT \
-			B_ASN1_IA5STRING| \
-			B_ASN1_VISIBLESTRING| \
-			B_ASN1_BMPSTRING|\
-			B_ASN1_UTF8STRING
-
-#define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-		pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_PRINTABLE)
+			B_ASN1_UNKNOWN)

 #define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
 #define M_DIRECTORYSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
@@ -616,7 +459,11 @@ typedef struct BIT_STRING_BITNAME_st {
 						pp,a->type,V_ASN1_UNIVERSAL)
 #define M_d2i_DIRECTORYSTRING(a,pp,l) \
 		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_DIRECTORYSTRING)
+			B_ASN1_PRINTABLESTRING| \
+			B_ASN1_TELETEXSTRING|\
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UNIVERSALSTRING|\
+			B_ASN1_UTF8STRING)

 #define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
 #define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
@@ -624,7 +471,9 @@ typedef struct BIT_STRING_BITNAME_st {
 						pp,a->type,V_ASN1_UNIVERSAL)
 #define M_d2i_DISPLAYTEXT(a,pp,l) \
 		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_DISPLAYTEXT)
+			B_ASN1_VISIBLESTRING| \
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UTF8STRING)

 #define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
 		ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
@@ -728,8 +577,10 @@ typedef struct BIT_STRING_BITNAME_st {
 #define IS_SEQUENCE	0
 #define IS_SET		1

-DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
-
+ASN1_TYPE *	ASN1_TYPE_new(void );
+void		ASN1_TYPE_free(ASN1_TYPE *a);
+int		i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
+ASN1_TYPE *	d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);

@@ -741,8 +592,6 @@ ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 			long length);

-DECLARE_ASN1_ITEM(ASN1_OBJECT)
-
 DECLARE_STACK_OF(ASN1_OBJECT)
 DECLARE_ASN1_SET_OF(ASN1_OBJECT)

@@ -759,8 +608,12 @@ void ASN1_STRING_length_set(ASN1_STRING *x, int n);
 int ASN1_STRING_type(ASN1_STRING *x);
 unsigned char * ASN1_STRING_data(ASN1_STRING *x);

-DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+ASN1_BIT_STRING *	ASN1_BIT_STRING_new(void);
+void		ASN1_BIT_STRING_free(ASN1_BIT_STRING *a);
+int		i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
 int		i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
+			long length);
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
 			long length);
 int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
@@ -768,7 +621,7 @@ int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
 int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
 int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);

-#ifndef OPENSSL_NO_BIO
+#ifndef NO_BIO
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
 				BIT_STRING_BITNAME *tbl, int indent);
 #endif
@@ -779,8 +632,12 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
 int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
 int 		d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);

-DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
+ASN1_INTEGER *	ASN1_INTEGER_new(void);
+void		ASN1_INTEGER_free(ASN1_INTEGER *a);
+int		i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
 int		i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
+			long length);
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
 			long length);
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
@@ -788,7 +645,11 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
 ASN1_INTEGER *	ASN1_INTEGER_dup(ASN1_INTEGER *x);
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);

-DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+ASN1_ENUMERATED *	ASN1_ENUMERATED_new(void);
+void		ASN1_ENUMERATED_free(ASN1_ENUMERATED *a);
+int		i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a,unsigned char **pp);
+ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
+			long length);

 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
@@ -802,33 +663,91 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 

-DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+ASN1_OCTET_STRING *	ASN1_OCTET_STRING_new(void);
+void		ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a);
+int		i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp);
+ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
+			unsigned char **pp,long length);
 ASN1_OCTET_STRING *	ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
 int 	ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
 int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len);

-DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
-DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+ASN1_VISIBLESTRING *	ASN1_VISIBLESTRING_new(void);
+void		ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a);
+int	i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a,unsigned char **pp);
+ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a,
+			unsigned char **pp,long length);
+
+ASN1_UTF8STRING *	ASN1_UTF8STRING_new(void);
+void		ASN1_UTF8STRING_free(ASN1_UTF8STRING *a);
+int		i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a,unsigned char **pp);
+ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a,
+			unsigned char **pp,long length);
+
+ASN1_NULL *	ASN1_NULL_new(void);
+void		ASN1_NULL_free(ASN1_NULL *a);
+int		i2d_ASN1_NULL(ASN1_NULL *a,unsigned char **pp);
+ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, unsigned char **pp,long length);
+
+ASN1_BMPSTRING *	ASN1_BMPSTRING_new(void);
+void		ASN1_BMPSTRING_free(ASN1_BMPSTRING *a);
+int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp);
+ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
+	long length);
+

 int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
 int UTF8_putc(unsigned char *str, int len, unsigned long value);

-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp);
+ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a,
+	unsigned char **pp, long l);

-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
-DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
+ASN1_PRINTABLESTRING *	ASN1_PRINTABLESTRING_new(void);
+void		ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a);
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
+	unsigned char **pp, long l);
+int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **pp);

+ASN1_STRING *	DIRECTORYSTRING_new(void);
+void		DIRECTORYSTRING_free(ASN1_STRING *a);
+int	i2d_DIRECTORYSTRING(ASN1_STRING *a,unsigned char **pp);
+ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
+								 long length);
+
+ASN1_STRING *	DISPLAYTEXT_new(void);
+void		DISPLAYTEXT_free(ASN1_STRING *a);
+int	i2d_DISPLAYTEXT(ASN1_STRING *a,unsigned char **pp);
+ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp, long length);
+
+ASN1_T61STRING *	ASN1_T61STRING_new(void);
+void		ASN1_T61STRING_free(ASN1_IA5STRING *a);
+ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a,
+	unsigned char **pp, long l);
+
+ASN1_IA5STRING *	ASN1_IA5STRING_new(void);
+void		ASN1_IA5STRING_free(ASN1_IA5STRING *a);
+int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp);
+ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a,
+	unsigned char **pp, long l);
+
+ASN1_UTCTIME *	ASN1_UTCTIME_new(void);
+void		ASN1_UTCTIME_free(ASN1_UTCTIME *a);
+int		i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp);
+ASN1_UTCTIME *	d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp,
+			long length);
+
+ASN1_GENERALIZEDTIME *	ASN1_GENERALIZEDTIME_new(void);
+void		ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a);
+int		i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a,unsigned char **pp);
+ASN1_GENERALIZEDTIME *	d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,unsigned char **pp,
+			long length);
+
+ASN1_TIME *	ASN1_TIME_new(void);
+void		ASN1_TIME_free(ASN1_TIME *a);
+int		i2d_ASN1_TIME(ASN1_TIME *a,unsigned char **pp);
+ASN1_TIME *	d2i_ASN1_TIME(ASN1_TIME **a,unsigned char **pp, long length);
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
-int ASN1_TIME_check(ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);

 int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
 			int (*func)(), int ex_tag, int ex_class, int is_set);
@@ -836,7 +755,7 @@ STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
 			char *(*func)(), void (*free_func)(void *),
 			int ex_tag, int ex_class);

-#ifndef OPENSSL_NO_BIO
+#ifndef NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
 int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
 int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
@@ -849,7 +768,7 @@ int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);

 int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
-	const char *sn, const char *ln);
+	char *sn, char *ln);

 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
 long ASN1_INTEGER_get(ASN1_INTEGER *a);
@@ -868,7 +787,6 @@ int ASN1_PRINTABLE_type(unsigned char *s, int max);
 int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
 ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
 	long length, int Ptag, int Pclass);
-unsigned long ASN1_tag2bit(int tag);
 /* type is one or more of the B_ASN1_ values. */
 ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
 		long length,int type);
@@ -887,23 +805,17 @@ int ASN1_object_size(int constructed, int length, int tag);
 /* Used to implement other functions */
 char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);

-void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
-
-#ifndef OPENSSL_NO_FP_API
+#ifndef NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
 int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
 int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
 #endif

 int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);

-#ifndef OPENSSL_NO_BIO
+#ifndef NO_BIO
 char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
 int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
 int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
 int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
 int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
@@ -944,9 +856,7 @@ STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
 unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
 			     int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
 ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);

 void ASN1_STRING_set_default_mask(unsigned long mask);
 int ASN1_STRING_set_default_mask_asc(char *p);
@@ -963,15 +873,6 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
 int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
 void ASN1_STRING_TABLE_cleanup(void);

-/* ASN1 template functions */
-
-/* Old API compatible functions */
-ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
-void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
-ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it);
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-
-
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -981,152 +882,267 @@ int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);

 /* Function codes. */
 #define ASN1_F_A2D_ASN1_OBJECT				 100
-#define ASN1_F_A2I_ASN1_ENUMERATED			 101
-#define ASN1_F_A2I_ASN1_INTEGER				 102
-#define ASN1_F_A2I_ASN1_STRING				 103
-#define ASN1_F_ASN1_CHECK_TLEN				 104
-#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 105
-#define ASN1_F_ASN1_COLLECT				 106
-#define ASN1_F_ASN1_D2I_BIO				 107
-#define ASN1_F_ASN1_D2I_EX_PRIMITIVE			 108
-#define ASN1_F_ASN1_D2I_FP				 109
-#define ASN1_F_ASN1_DO_ADB				 110
-#define ASN1_F_ASN1_DUP					 111
-#define ASN1_F_ASN1_ENUMERATED_SET			 112
-#define ASN1_F_ASN1_ENUMERATED_TO_BN			 113
-#define ASN1_F_ASN1_GET_OBJECT				 114
-#define ASN1_F_ASN1_HEADER_NEW				 115
-#define ASN1_F_ASN1_I2D_BIO				 116
-#define ASN1_F_ASN1_I2D_FP				 117
-#define ASN1_F_ASN1_INTEGER_SET				 118
-#define ASN1_F_ASN1_INTEGER_TO_BN			 119
-#define ASN1_F_ASN1_ITEM_EX_D2I				 120
-#define ASN1_F_ASN1_ITEM_NEW				 121
-#define ASN1_F_ASN1_MBSTRING_COPY			 122
-#define ASN1_F_ASN1_OBJECT_NEW				 123
-#define ASN1_F_ASN1_PACK_STRING				 124
-#define ASN1_F_ASN1_PBE_SET				 125
-#define ASN1_F_ASN1_SEQ_PACK				 126
-#define ASN1_F_ASN1_SEQ_UNPACK				 127
-#define ASN1_F_ASN1_SIGN				 128
-#define ASN1_F_ASN1_STRING_TABLE_ADD			 129
-#define ASN1_F_ASN1_STRING_TYPE_NEW			 130
-#define ASN1_F_ASN1_TEMPLATE_D2I			 131
-#define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
-#define ASN1_F_ASN1_TEMPLATE_NEW			 133
-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
-#define ASN1_F_ASN1_UNPACK_STRING			 136
-#define ASN1_F_ASN1_VERIFY				 137
-#define ASN1_F_BN_TO_ASN1_ENUMERATED			 138
-#define ASN1_F_BN_TO_ASN1_INTEGER			 139
-#define ASN1_F_COLLECT_DATA				 140
-#define ASN1_F_D2I_ASN1_BIT_STRING			 141
-#define ASN1_F_D2I_ASN1_BOOLEAN				 142
-#define ASN1_F_D2I_ASN1_BYTES				 143
-#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 144
-#define ASN1_F_D2I_ASN1_HEADER				 145
-#define ASN1_F_D2I_ASN1_INTEGER				 146
-#define ASN1_F_D2I_ASN1_OBJECT				 147
-#define ASN1_F_D2I_ASN1_SET				 148
-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 149
-#define ASN1_F_D2I_ASN1_UINTEGER			 150
-#define ASN1_F_D2I_ASN1_UTCTIME				 151
-#define ASN1_F_D2I_NETSCAPE_RSA				 152
-#define ASN1_F_D2I_NETSCAPE_RSA_2			 153
-#define ASN1_F_D2I_PRIVATEKEY				 154
-#define ASN1_F_D2I_PUBLICKEY				 155
-#define ASN1_F_D2I_X509					 156
-#define ASN1_F_D2I_X509_CINF				 157
-#define ASN1_F_D2I_X509_NAME				 158
-#define ASN1_F_D2I_X509_PKEY				 159
-#define ASN1_F_I2D_ASN1_TIME				 160
-#define ASN1_F_I2D_DSA_PUBKEY				 161
-#define ASN1_F_I2D_NETSCAPE_RSA				 162
-#define ASN1_F_I2D_PRIVATEKEY				 163
-#define ASN1_F_I2D_PUBLICKEY				 164
-#define ASN1_F_I2D_RSA_PUBKEY				 165
-#define ASN1_F_LONG_C2I					 166
-#define ASN1_F_PKCS5_PBE2_SET				 167
-#define ASN1_F_X509_CINF_NEW				 168
-#define ASN1_F_X509_CRL_ADD0_REVOKED			 169
-#define ASN1_F_X509_INFO_NEW				 170
-#define ASN1_F_X509_NAME_NEW				 171
-#define ASN1_F_X509_NEW					 172
-#define ASN1_F_X509_PKEY_NEW				 173
+#define ASN1_F_A2I_ASN1_ENUMERATED			 236
+#define ASN1_F_A2I_ASN1_INTEGER				 101
+#define ASN1_F_A2I_ASN1_STRING				 102
+#define ASN1_F_ACCESS_DESCRIPTION_NEW			 291
+#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 103
+#define ASN1_F_ASN1_D2I_BIO				 104
+#define ASN1_F_ASN1_D2I_FP				 105
+#define ASN1_F_ASN1_DUP					 106
+#define ASN1_F_ASN1_ENUMERATED_SET			 232
+#define ASN1_F_ASN1_ENUMERATED_TO_BN			 233
+#define ASN1_F_ASN1_GENERALIZEDTIME_NEW			 222
+#define ASN1_F_ASN1_GET_OBJECT				 107
+#define ASN1_F_ASN1_HEADER_NEW				 108
+#define ASN1_F_ASN1_I2D_BIO				 109
+#define ASN1_F_ASN1_I2D_FP				 110
+#define ASN1_F_ASN1_INTEGER_SET				 111
+#define ASN1_F_ASN1_INTEGER_TO_BN			 112
+#define ASN1_F_ASN1_MBSTRING_COPY			 282
+#define ASN1_F_ASN1_OBJECT_NEW				 113
+#define ASN1_F_ASN1_PACK_STRING				 245
+#define ASN1_F_ASN1_PBE_SET				 253
+#define ASN1_F_ASN1_SEQ_PACK				 246
+#define ASN1_F_ASN1_SEQ_UNPACK				 247
+#define ASN1_F_ASN1_SIGN				 114
+#define ASN1_F_ASN1_STRING_NEW				 115
+#define ASN1_F_ASN1_STRING_TABLE_ADD			 283
+#define ASN1_F_ASN1_STRING_TYPE_NEW			 116
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 117
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 118
+#define ASN1_F_ASN1_TYPE_NEW				 119
+#define ASN1_F_ASN1_UNPACK_STRING			 248
+#define ASN1_F_ASN1_UTCTIME_NEW				 120
+#define ASN1_F_ASN1_VERIFY				 121
+#define ASN1_F_AUTHORITY_KEYID_NEW			 237
+#define ASN1_F_BASIC_CONSTRAINTS_NEW			 226
+#define ASN1_F_BN_TO_ASN1_ENUMERATED			 234
+#define ASN1_F_BN_TO_ASN1_INTEGER			 122
+#define ASN1_F_D2I_ACCESS_DESCRIPTION			 284
+#define ASN1_F_D2I_ASN1_BIT_STRING			 123
+#define ASN1_F_D2I_ASN1_BMPSTRING			 124
+#define ASN1_F_D2I_ASN1_BOOLEAN				 125
+#define ASN1_F_D2I_ASN1_BYTES				 126
+#define ASN1_F_D2I_ASN1_ENUMERATED			 235
+#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 223
+#define ASN1_F_D2I_ASN1_HEADER				 127
+#define ASN1_F_D2I_ASN1_INTEGER				 128
+#define ASN1_F_D2I_ASN1_NULL				 292
+#define ASN1_F_D2I_ASN1_OBJECT				 129
+#define ASN1_F_D2I_ASN1_OCTET_STRING			 130
+#define ASN1_F_D2I_ASN1_PRINT_TYPE			 131
+#define ASN1_F_D2I_ASN1_SET				 132
+#define ASN1_F_D2I_ASN1_TIME				 224
+#define ASN1_F_D2I_ASN1_TYPE				 133
+#define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
+#define ASN1_F_D2I_ASN1_UINTEGER			 280
+#define ASN1_F_D2I_ASN1_UTCTIME				 135
+#define ASN1_F_D2I_ASN1_UTF8STRING			 266
+#define ASN1_F_D2I_ASN1_VISIBLESTRING			 267
+#define ASN1_F_D2I_AUTHORITY_KEYID			 238
+#define ASN1_F_D2I_BASIC_CONSTRAINTS			 227
+#define ASN1_F_D2I_DHPARAMS				 136
+#define ASN1_F_D2I_DIST_POINT				 276
+#define ASN1_F_D2I_DIST_POINT_NAME			 277
+#define ASN1_F_D2I_DSAPARAMS				 137
+#define ASN1_F_D2I_DSAPRIVATEKEY			 138
+#define ASN1_F_D2I_DSAPUBLICKEY				 139
+#define ASN1_F_D2I_GENERAL_NAME				 230
+#define ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE		 228
+#define ASN1_F_D2I_NETSCAPE_PKEY			 140
+#define ASN1_F_D2I_NETSCAPE_RSA				 141
+#define ASN1_F_D2I_NETSCAPE_RSA_2			 142
+#define ASN1_F_D2I_NETSCAPE_SPKAC			 143
+#define ASN1_F_D2I_NETSCAPE_SPKI			 144
+#define ASN1_F_D2I_NOTICEREF				 268
+#define ASN1_F_D2I_OTHERNAME				 287
+#define ASN1_F_D2I_PBE2PARAM				 262
+#define ASN1_F_D2I_PBEPARAM				 249
+#define ASN1_F_D2I_PBKDF2PARAM				 263
+#define ASN1_F_D2I_PKCS12				 254
+#define ASN1_F_D2I_PKCS12_BAGS				 255
+#define ASN1_F_D2I_PKCS12_MAC_DATA			 256
+#define ASN1_F_D2I_PKCS12_SAFEBAG			 257
+#define ASN1_F_D2I_PKCS7				 145
+#define ASN1_F_D2I_PKCS7_DIGEST				 146
+#define ASN1_F_D2I_PKCS7_ENCRYPT			 147
+#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 148
+#define ASN1_F_D2I_PKCS7_ENVELOPE			 149
+#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 150
+#define ASN1_F_D2I_PKCS7_RECIP_INFO			 151
+#define ASN1_F_D2I_PKCS7_SIGNED				 152
+#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 153
+#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 154
+#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO			 250
+#define ASN1_F_D2I_PKEY_USAGE_PERIOD			 239
+#define ASN1_F_D2I_POLICYINFO				 269
+#define ASN1_F_D2I_POLICYQUALINFO			 270
+#define ASN1_F_D2I_PRIVATEKEY				 155
+#define ASN1_F_D2I_PUBLICKEY				 156
+#define ASN1_F_D2I_RSAPRIVATEKEY			 157
+#define ASN1_F_D2I_RSAPUBLICKEY				 158
+#define ASN1_F_D2I_SXNET				 241
+#define ASN1_F_D2I_SXNETID				 243
+#define ASN1_F_D2I_USERNOTICE				 271
+#define ASN1_F_D2I_X509					 159
+#define ASN1_F_D2I_X509_ALGOR				 160
+#define ASN1_F_D2I_X509_ATTRIBUTE			 161
+#define ASN1_F_D2I_X509_CERT_AUX			 285
+#define ASN1_F_D2I_X509_CINF				 162
+#define ASN1_F_D2I_X509_CRL				 163
+#define ASN1_F_D2I_X509_CRL_INFO			 164
+#define ASN1_F_D2I_X509_EXTENSION			 165
+#define ASN1_F_D2I_X509_KEY				 166
+#define ASN1_F_D2I_X509_NAME				 167
+#define ASN1_F_D2I_X509_NAME_ENTRY			 168
+#define ASN1_F_D2I_X509_PKEY				 169
+#define ASN1_F_D2I_X509_PUBKEY				 170
+#define ASN1_F_D2I_X509_REQ				 171
+#define ASN1_F_D2I_X509_REQ_INFO			 172
+#define ASN1_F_D2I_X509_REVOKED				 173
+#define ASN1_F_D2I_X509_SIG				 174
+#define ASN1_F_D2I_X509_VAL				 175
+#define ASN1_F_DIST_POINT_NAME_NEW			 278
+#define ASN1_F_DIST_POINT_NEW				 279
+#define ASN1_F_GENERAL_NAME_NEW				 231
+#define ASN1_F_I2D_ASN1_HEADER				 176
+#define ASN1_F_I2D_ASN1_TIME				 225
+#define ASN1_F_I2D_DHPARAMS				 177
+#define ASN1_F_I2D_DSAPARAMS				 178
+#define ASN1_F_I2D_DSAPRIVATEKEY			 179
+#define ASN1_F_I2D_DSAPUBLICKEY				 180
+#define ASN1_F_I2D_DSA_PUBKEY				 290
+#define ASN1_F_I2D_NETSCAPE_RSA				 181
+#define ASN1_F_I2D_PKCS7				 182
+#define ASN1_F_I2D_PRIVATEKEY				 183
+#define ASN1_F_I2D_PUBLICKEY				 184
+#define ASN1_F_I2D_RSAPRIVATEKEY			 185
+#define ASN1_F_I2D_RSAPUBLICKEY				 186
+#define ASN1_F_I2D_RSA_PUBKEY				 289
+#define ASN1_F_I2D_X509_ATTRIBUTE			 187
+#define ASN1_F_I2T_ASN1_OBJECT				 188
+#define ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW		 229
+#define ASN1_F_NETSCAPE_PKEY_NEW			 189
+#define ASN1_F_NETSCAPE_SPKAC_NEW			 190
+#define ASN1_F_NETSCAPE_SPKI_NEW			 191
+#define ASN1_F_NOTICEREF_NEW				 272
+#define ASN1_F_OTHERNAME_NEW				 288
+#define ASN1_F_PBE2PARAM_NEW				 264
+#define ASN1_F_PBEPARAM_NEW				 251
+#define ASN1_F_PBKDF2PARAM_NEW				 265
+#define ASN1_F_PKCS12_BAGS_NEW				 258
+#define ASN1_F_PKCS12_MAC_DATA_NEW			 259
+#define ASN1_F_PKCS12_NEW				 260
+#define ASN1_F_PKCS12_SAFEBAG_NEW			 261
+#define ASN1_F_PKCS5_PBE2_SET				 281
+#define ASN1_F_PKCS7_DIGEST_NEW				 192
+#define ASN1_F_PKCS7_ENCRYPT_NEW			 193
+#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194
+#define ASN1_F_PKCS7_ENVELOPE_NEW			 195
+#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 196
+#define ASN1_F_PKCS7_NEW				 197
+#define ASN1_F_PKCS7_RECIP_INFO_NEW			 198
+#define ASN1_F_PKCS7_SIGNED_NEW				 199
+#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
+#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
+#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW			 252
+#define ASN1_F_PKEY_USAGE_PERIOD_NEW			 240
+#define ASN1_F_POLICYINFO_NEW				 273
+#define ASN1_F_POLICYQUALINFO_NEW			 274
+#define ASN1_F_SXNETID_NEW				 244
+#define ASN1_F_SXNET_NEW				 242
+#define ASN1_F_USERNOTICE_NEW				 275
+#define ASN1_F_X509_ALGOR_NEW				 202
+#define ASN1_F_X509_ATTRIBUTE_NEW			 203
+#define ASN1_F_X509_CERT_AUX_NEW			 286
+#define ASN1_F_X509_CINF_NEW				 204
+#define ASN1_F_X509_CRL_INFO_NEW			 205
+#define ASN1_F_X509_CRL_NEW				 206
+#define ASN1_F_X509_DHPARAMS_NEW			 207
+#define ASN1_F_X509_EXTENSION_NEW			 208
+#define ASN1_F_X509_INFO_NEW				 209
+#define ASN1_F_X509_KEY_NEW				 210
+#define ASN1_F_X509_NAME_ENTRY_NEW			 211
+#define ASN1_F_X509_NAME_NEW				 212
+#define ASN1_F_X509_NEW					 213
+#define ASN1_F_X509_PKEY_NEW				 214
+#define ASN1_F_X509_PUBKEY_NEW				 215
+#define ASN1_F_X509_REQ_INFO_NEW			 216
+#define ASN1_F_X509_REQ_NEW				 217
+#define ASN1_F_X509_REVOKED_NEW				 218
+#define ASN1_F_X509_SIG_NEW				 219
+#define ASN1_F_X509_VAL_FREE				 220
+#define ASN1_F_X509_VAL_NEW				 221

 /* Reason codes. */
-#define ASN1_R_AUX_ERROR				 100
-#define ASN1_R_BAD_CLASS				 101
-#define ASN1_R_BAD_OBJECT_HEADER			 102
-#define ASN1_R_BAD_PASSWORD_READ			 103
-#define ASN1_R_BAD_TAG					 104
-#define ASN1_R_BN_LIB					 105
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
-#define ASN1_R_BUFFER_TOO_SMALL				 107
-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 108
-#define ASN1_R_DATA_IS_WRONG				 109
-#define ASN1_R_DECODE_ERROR				 110
+#define ASN1_R_BAD_CLASS				 100
+#define ASN1_R_BAD_OBJECT_HEADER			 101
+#define ASN1_R_BAD_PASSWORD_READ			 102
+#define ASN1_R_BAD_PKCS7_CONTENT			 103
+#define ASN1_R_BAD_PKCS7_TYPE				 104
+#define ASN1_R_BAD_TAG					 105
+#define ASN1_R_BAD_TYPE					 106
+#define ASN1_R_BN_LIB					 107
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 108
+#define ASN1_R_BUFFER_TOO_SMALL				 109
+#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 166
+#define ASN1_R_DATA_IS_WRONG				 110
+#define ASN1_R_DECODE_ERROR				 155
 #define ASN1_R_DECODING_ERROR				 111
-#define ASN1_R_ENCODE_ERROR				 112
-#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113
-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114
-#define ASN1_R_EXPECTING_AN_INTEGER			 115
-#define ASN1_R_EXPECTING_AN_OBJECT			 116
+#define ASN1_R_ENCODE_ERROR				 156
+#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 112
+#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 157
+#define ASN1_R_EXPECTING_AN_ENUMERATED			 154
+#define ASN1_R_EXPECTING_AN_INTEGER			 113
+#define ASN1_R_EXPECTING_AN_OBJECT			 114
+#define ASN1_R_EXPECTING_AN_OCTET_STRING		 115
+#define ASN1_R_EXPECTING_A_BIT_STRING			 116
 #define ASN1_R_EXPECTING_A_BOOLEAN			 117
-#define ASN1_R_EXPECTING_A_TIME				 118
-#define ASN1_R_EXPLICIT_LENGTH_MISMATCH			 119
-#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED		 120
-#define ASN1_R_FIELD_MISSING				 121
-#define ASN1_R_FIRST_NUM_TOO_LARGE			 122
-#define ASN1_R_HEADER_TOO_LONG				 123
-#define ASN1_R_ILLEGAL_CHARACTERS			 124
-#define ASN1_R_ILLEGAL_NULL				 125
-#define ASN1_R_ILLEGAL_OPTIONAL_ANY			 126
-#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE		 170
-#define ASN1_R_ILLEGAL_TAGGED_ANY			 127
-#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
-#define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
-#define ASN1_R_INVALID_DIGIT				 130
-#define ASN1_R_INVALID_SEPARATOR			 131
-#define ASN1_R_INVALID_TIME_FORMAT			 132
-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133
-#define ASN1_R_INVALID_UTF8STRING			 134
-#define ASN1_R_IV_TOO_LARGE				 135
-#define ASN1_R_LENGTH_ERROR				 136
-#define ASN1_R_MISSING_EOC				 137
-#define ASN1_R_MISSING_SECOND_NUMBER			 138
-#define ASN1_R_MSTRING_NOT_UNIVERSAL			 139
-#define ASN1_R_MSTRING_WRONG_TAG			 140
-#define ASN1_R_NON_HEX_CHARACTERS			 141
-#define ASN1_R_NOT_ENOUGH_DATA				 142
-#define ASN1_R_NO_MATCHING_CHOICE_TYPE			 143
-#define ASN1_R_NULL_IS_WRONG_LENGTH			 144
-#define ASN1_R_ODD_NUMBER_OF_CHARS			 145
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 146
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 147
-#define ASN1_R_SEQUENCE_LENGTH_MISMATCH			 148
-#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED			 149
-#define ASN1_R_SHORT_LINE				 150
-#define ASN1_R_STRING_TOO_LONG				 151
-#define ASN1_R_STRING_TOO_SHORT				 152
-#define ASN1_R_TAG_VALUE_TOO_HIGH			 153
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
-#define ASN1_R_TOO_LONG					 155
-#define ASN1_R_TYPE_NOT_CONSTRUCTED			 156
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
-#define ASN1_R_UNEXPECTED_EOC				 159
-#define ASN1_R_UNKNOWN_FORMAT				 160
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 163
-#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE		 164
-#define ASN1_R_UNSUPPORTED_CIPHER			 165
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167
-#define ASN1_R_WRONG_TAG				 168
-#define ASN1_R_WRONG_TYPE				 169
+#define ASN1_R_EXPECTING_A_GENERALIZEDTIME		 151
+#define ASN1_R_EXPECTING_A_NULL				 164
+#define ASN1_R_EXPECTING_A_TIME				 152
+#define ASN1_R_EXPECTING_A_UTCTIME			 118
+#define ASN1_R_FIRST_NUM_TOO_LARGE			 119
+#define ASN1_R_GENERALIZEDTIME_TOO_LONG			 153
+#define ASN1_R_HEADER_TOO_LONG				 120
+#define ASN1_R_ILLEGAL_CHARACTERS			 158
+#define ASN1_R_INVALID_BMPSTRING_LENGTH			 159
+#define ASN1_R_INVALID_DIGIT				 121
+#define ASN1_R_INVALID_SEPARATOR			 122
+#define ASN1_R_INVALID_TIME_FORMAT			 123
+#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 160
+#define ASN1_R_INVALID_UTF8STRING			 161
+#define ASN1_R_IV_TOO_LARGE				 124
+#define ASN1_R_LENGTH_ERROR				 125
+#define ASN1_R_MISSING_SECOND_NUMBER			 126
+#define ASN1_R_NON_HEX_CHARACTERS			 127
+#define ASN1_R_NOT_ENOUGH_DATA				 128
+#define ASN1_R_NULL_IS_WRONG_LENGTH			 165
+#define ASN1_R_ODD_NUMBER_OF_CHARS			 129
+#define ASN1_R_PARSING					 130
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 131
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 132
+#define ASN1_R_SHORT_LINE				 133
+#define ASN1_R_STRING_TOO_LONG				 163
+#define ASN1_R_STRING_TOO_SHORT				 134
+#define ASN1_R_TAG_VALUE_TOO_HIGH			 135
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 136
+#define ASN1_R_TOO_LONG					 137
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 138
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 139
+#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 140
+#define ASN1_R_UNKNOWN_FORMAT				 162
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 141
+#define ASN1_R_UNKNOWN_OBJECT_TYPE			 142
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 143
+#define ASN1_R_UNSUPPORTED_CIPHER			 144
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 145
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 146
+#define ASN1_R_UTCTIME_TOO_LONG				 147
+#define ASN1_R_WRONG_PRINTABLE_TYPE			 148
+#define ASN1_R_WRONG_TAG				 149
+#define ASN1_R_WRONG_TYPE				 150

 #ifdef  __cplusplus
 }
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -63,31 +63,27 @@
 #include <openssl/asn1.h>

 /* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
+#ifndef NO_ERR
 static ERR_STRING_DATA ASN1_str_functs[]=
 	{
 {ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),	"a2d_ASN1_OBJECT"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),	"a2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),	"a2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),	"a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0),	"ASN1_CHECK_TLEN"},
+{ERR_PACK(0,ASN1_F_ACCESS_DESCRIPTION_NEW,0),	"ACCESS_DESCRIPTION_new"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),	"ASN1_COLLATE_PRIMITIVE"},
-{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0),	"ASN1_COLLECT"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),	"ASN1_d2i_bio"},
-{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0),	"ASN1_D2I_EX_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),	"ASN1_d2i_fp"},
-{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0),	"ASN1_DO_ADB"},
 {ERR_PACK(0,ASN1_F_ASN1_DUP,0),	"ASN1_dup"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),	"ASN1_ENUMERATED_set"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),	"ASN1_ENUMERATED_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_NEW,0),	"ASN1_GENERALIZEDTIME_new"},
 {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),	"ASN1_get_object"},
 {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),	"ASN1_HEADER_new"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),	"ASN1_i2d_bio"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0),	"ASN1_i2d_fp"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0),	"ASN1_INTEGER_set"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),	"ASN1_INTEGER_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0),	"ASN1_ITEM_EX_D2I"},
-{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0),	"ASN1_item_new"},
 {ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0),	"ASN1_mbstring_copy"},
 {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),	"ASN1_OBJECT_new"},
 {ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0),	"ASN1_pack_string"},
@@ -95,61 +91,186 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),	"ASN1_seq_pack"},
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),	"ASN1_seq_unpack"},
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_sign"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),	"ASN1_STRING_new"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),	"ASN1_STRING_TABLE_add"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
-{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),	"ASN1_TEMPLATE_D2I"},
-{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),	"ASN1_TEMPLATE_EX_D2I"},
-{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),	"ASN1_TEMPLATE_NEW"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
+{ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),	"ASN1_TYPE_new"},
 {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
+{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0),	"ASN1_UTCTIME_new"},
 {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_verify"},
+{ERR_PACK(0,ASN1_F_AUTHORITY_KEYID_NEW,0),	"AUTHORITY_KEYID_new"},
+{ERR_PACK(0,ASN1_F_BASIC_CONSTRAINTS_NEW,0),	"BASIC_CONSTRAINTS_new"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),	"BN_to_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_COLLECT_DATA,0),	"COLLECT_DATA"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"D2I_ASN1_BIT_STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ACCESS_DESCRIPTION,0),	"d2i_ACCESS_DESCRIPTION"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"d2i_ASN1_BIT_STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),	"d2i_ASN1_BMPSTRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0),	"d2i_ASN1_BOOLEAN"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),	"d2i_ASN1_bytes"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0),	"D2I_ASN1_GENERALIZEDTIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_ENUMERATED,0),	"d2i_ASN1_ENUMERATED"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0),	"d2i_ASN1_GENERALIZEDTIME"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),	"d2i_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"D2I_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"d2i_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_NULL,0),	"d2i_ASN1_NULL"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0),	"d2i_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_OCTET_STRING,0),	"d2i_ASN1_OCTET_STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_PRINT_TYPE,0),	"D2I_ASN1_PRINT_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0),	"d2i_ASN1_SET"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_TIME,0),	"d2i_ASN1_TIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0),	"d2i_ASN1_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),	"d2i_ASN1_type_bytes"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0),	"d2i_ASN1_UINTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"D2I_ASN1_UTCTIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"d2i_ASN1_UTCTIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTF8STRING,0),	"d2i_ASN1_UTF8STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_VISIBLESTRING,0),	"d2i_ASN1_VISIBLESTRING"},
+{ERR_PACK(0,ASN1_F_D2I_AUTHORITY_KEYID,0),	"d2i_AUTHORITY_KEYID"},
+{ERR_PACK(0,ASN1_F_D2I_BASIC_CONSTRAINTS,0),	"d2i_BASIC_CONSTRAINTS"},
+{ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0),	"d2i_DHparams"},
+{ERR_PACK(0,ASN1_F_D2I_DIST_POINT,0),	"d2i_DIST_POINT"},
+{ERR_PACK(0,ASN1_F_D2I_DIST_POINT_NAME,0),	"d2i_DIST_POINT_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0),	"d2i_DSAparams"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0),	"d2i_DSAPrivateKey"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0),	"d2i_DSAPublicKey"},
+{ERR_PACK(0,ASN1_F_D2I_GENERAL_NAME,0),	"d2i_GENERAL_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE,0),	"d2i_NETSCAPE_CERT_SEQUENCE"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_PKEY,0),	"D2I_NETSCAPE_PKEY"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0),	"d2i_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"D2I_NETSCAPE_RSA_2"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"d2i_Netscape_RSA_2"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"d2i_NETSCAPE_SPKAC"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"d2i_NETSCAPE_SPKI"},
+{ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0),	"d2i_NOTICEREF"},
+{ERR_PACK(0,ASN1_F_D2I_OTHERNAME,0),	"d2i_OTHERNAME"},
+{ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),	"d2i_PBE2PARAM"},
+{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),	"d2i_PBEPARAM"},
+{ERR_PACK(0,ASN1_F_D2I_PBKDF2PARAM,0),	"d2i_PBKDF2PARAM"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12,0),	"d2i_PKCS12"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12_BAGS,0),	"d2i_PKCS12_BAGS"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12_MAC_DATA,0),	"d2i_PKCS12_MAC_DATA"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12_SAFEBAG,0),	"d2i_PKCS12_SAFEBAG"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7,0),	"d2i_PKCS7"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0),	"d2i_PKCS7_DIGEST"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),	"d2i_PKCS7_ENCRYPT"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0),	"d2i_PKCS7_ENC_CONTENT"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0),	"d2i_PKCS7_ENVELOPE"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0),	"d2i_PKCS7_ISSUER_AND_SERIAL"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0),	"d2i_PKCS7_RECIP_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0),	"d2i_PKCS7_SIGNED"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0),	"d2i_PKCS7_SIGNER_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0),	"d2i_PKCS7_SIGN_ENVELOPE"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0),	"d2i_PKCS8_PRIV_KEY_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0),	"d2i_PKEY_USAGE_PERIOD"},
+{ERR_PACK(0,ASN1_F_D2I_POLICYINFO,0),	"d2i_POLICYINFO"},
+{ERR_PACK(0,ASN1_F_D2I_POLICYQUALINFO,0),	"d2i_POLICYQUALINFO"},
 {ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),	"d2i_PrivateKey"},
 {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),	"d2i_PublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_X509,0),	"D2I_X509"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"D2I_X509_CINF"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"D2I_X509_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),	"d2i_RSAPrivateKey"},
+{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0),	"d2i_RSAPublicKey"},
+{ERR_PACK(0,ASN1_F_D2I_SXNET,0),	"d2i_SXNET"},
+{ERR_PACK(0,ASN1_F_D2I_SXNETID,0),	"d2i_SXNETID"},
+{ERR_PACK(0,ASN1_F_D2I_USERNOTICE,0),	"d2i_USERNOTICE"},
+{ERR_PACK(0,ASN1_F_D2I_X509,0),	"d2i_X509"},
+{ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),	"d2i_X509_ALGOR"},
+{ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),	"d2i_X509_ATTRIBUTE"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CERT_AUX,0),	"d2i_X509_CERT_AUX"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"d2i_X509_CINF"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CRL,0),	"d2i_X509_CRL"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0),	"d2i_X509_CRL_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_X509_EXTENSION,0),	"d2i_X509_EXTENSION"},
+{ERR_PACK(0,ASN1_F_D2I_X509_KEY,0),	"D2I_X509_KEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"d2i_X509_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME_ENTRY,0),	"d2i_X509_NAME_ENTRY"},
 {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"d2i_X509_PKEY"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"I2D_ASN1_TIME"},
+{ERR_PACK(0,ASN1_F_D2I_X509_PUBKEY,0),	"d2i_X509_PUBKEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REQ,0),	"d2i_X509_REQ"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REQ_INFO,0),	"d2i_X509_REQ_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0),	"d2i_X509_REVOKED"},
+{ERR_PACK(0,ASN1_F_D2I_X509_SIG,0),	"d2i_X509_SIG"},
+{ERR_PACK(0,ASN1_F_D2I_X509_VAL,0),	"d2i_X509_VAL"},
+{ERR_PACK(0,ASN1_F_DIST_POINT_NAME_NEW,0),	"DIST_POINT_NAME_new"},
+{ERR_PACK(0,ASN1_F_DIST_POINT_NEW,0),	"DIST_POINT_new"},
+{ERR_PACK(0,ASN1_F_GENERAL_NAME_NEW,0),	"GENERAL_NAME_new"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0),	"i2d_ASN1_HEADER"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"i2d_ASN1_TIME"},
+{ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0),	"i2d_DHparams"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0),	"i2d_DSAparams"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0),	"i2d_DSAPrivateKey"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0),	"i2d_DSAPublicKey"},
 {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),	"i2d_DSA_PUBKEY"},
 {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"i2d_Netscape_RSA"},
+{ERR_PACK(0,ASN1_F_I2D_PKCS7,0),	"i2d_PKCS7"},
 {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"i2d_PrivateKey"},
 {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"i2d_PublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0),	"i2d_RSAPrivateKey"},
+{ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0),	"i2d_RSAPublicKey"},
 {ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0),	"i2d_RSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_LONG_C2I,0),	"LONG_C2I"},
+{ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0),	"i2d_X509_ATTRIBUTE"},
+{ERR_PACK(0,ASN1_F_I2T_ASN1_OBJECT,0),	"i2t_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW,0),	"NETSCAPE_CERT_SEQUENCE_new"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),	"NETSCAPE_PKEY_NEW"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_new"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_new"},
+{ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0),	"NOTICEREF_new"},
+{ERR_PACK(0,ASN1_F_OTHERNAME_NEW,0),	"OTHERNAME_new"},
+{ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),	"PBE2PARAM_new"},
+{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),	"PBEPARAM_new"},
+{ERR_PACK(0,ASN1_F_PBKDF2PARAM_NEW,0),	"PBKDF2PARAM_new"},
+{ERR_PACK(0,ASN1_F_PKCS12_BAGS_NEW,0),	"PKCS12_BAGS_new"},
+{ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0),	"PKCS12_MAC_DATA_new"},
+{ERR_PACK(0,ASN1_F_PKCS12_NEW,0),	"PKCS12_new"},
+{ERR_PACK(0,ASN1_F_PKCS12_SAFEBAG_NEW,0),	"PKCS12_SAFEBAG_new"},
 {ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),	"PKCS5_pbe2_set"},
-{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_NEW"},
-{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0),	"X509_CRL_add0_revoked"},
+{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0),	"PKCS7_DIGEST_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),	"PKCS7_ENCRYPT_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),	"PKCS7_ENC_CONTENT_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0),	"PKCS7_ENVELOPE_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0),	"PKCS7_ISSUER_AND_SERIAL_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_NEW,0),	"PKCS7_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0),	"PKCS7_RECIP_INFO_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0),	"PKCS7_SIGNED_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),	"PKCS7_SIGNER_INFO_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0),	"PKCS7_SIGN_ENVELOPE_new"},
+{ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0),	"PKCS8_PRIV_KEY_INFO_new"},
+{ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0),	"PKEY_USAGE_PERIOD_new"},
+{ERR_PACK(0,ASN1_F_POLICYINFO_NEW,0),	"POLICYINFO_new"},
+{ERR_PACK(0,ASN1_F_POLICYQUALINFO_NEW,0),	"POLICYQUALINFO_new"},
+{ERR_PACK(0,ASN1_F_SXNETID_NEW,0),	"SXNETID_new"},
+{ERR_PACK(0,ASN1_F_SXNET_NEW,0),	"SXNET_new"},
+{ERR_PACK(0,ASN1_F_USERNOTICE_NEW,0),	"USERNOTICE_new"},
+{ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),	"X509_ALGOR_new"},
+{ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),	"X509_ATTRIBUTE_new"},
+{ERR_PACK(0,ASN1_F_X509_CERT_AUX_NEW,0),	"X509_CERT_AUX_new"},
+{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_new"},
+{ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0),	"X509_CRL_INFO_new"},
+{ERR_PACK(0,ASN1_F_X509_CRL_NEW,0),	"X509_CRL_new"},
+{ERR_PACK(0,ASN1_F_X509_DHPARAMS_NEW,0),	"X509_DHPARAMS_NEW"},
+{ERR_PACK(0,ASN1_F_X509_EXTENSION_NEW,0),	"X509_EXTENSION_new"},
 {ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),	"X509_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_NEW"},
-{ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_NEW"},
+{ERR_PACK(0,ASN1_F_X509_KEY_NEW,0),	"X509_KEY_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NAME_ENTRY_NEW,0),	"X509_NAME_ENTRY_new"},
+{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_new"},
+{ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_new"},
 {ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),	"X509_PKEY_new"},
+{ERR_PACK(0,ASN1_F_X509_PUBKEY_NEW,0),	"X509_PUBKEY_new"},
+{ERR_PACK(0,ASN1_F_X509_REQ_INFO_NEW,0),	"X509_REQ_INFO_new"},
+{ERR_PACK(0,ASN1_F_X509_REQ_NEW,0),	"X509_REQ_new"},
+{ERR_PACK(0,ASN1_F_X509_REVOKED_NEW,0),	"X509_REVOKED_new"},
+{ERR_PACK(0,ASN1_F_X509_SIG_NEW,0),	"X509_SIG_new"},
+{ERR_PACK(0,ASN1_F_X509_VAL_FREE,0),	"X509_VAL_free"},
+{ERR_PACK(0,ASN1_F_X509_VAL_NEW,0),	"X509_VAL_new"},
 {0,NULL}
 	};

 static ERR_STRING_DATA ASN1_str_reasons[]=
 	{
-{ASN1_R_AUX_ERROR                        ,"aux error"},
 {ASN1_R_BAD_CLASS                        ,"bad class"},
 {ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
 {ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
+{ASN1_R_BAD_PKCS7_CONTENT                ,"bad pkcs7 content"},
+{ASN1_R_BAD_PKCS7_TYPE                   ,"bad pkcs7 type"},
 {ASN1_R_BAD_TAG                          ,"bad tag"},
+{ASN1_R_BAD_TYPE                         ,"bad type"},
 {ASN1_R_BN_LIB                           ,"bn lib"},
 {ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
 {ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
@@ -160,21 +281,20 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_ENCODE_ERROR                     ,"encode error"},
 {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
 {ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
+{ASN1_R_EXPECTING_AN_ENUMERATED          ,"expecting an enumerated"},
 {ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
 {ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
+{ASN1_R_EXPECTING_AN_OCTET_STRING        ,"expecting an octet string"},
+{ASN1_R_EXPECTING_A_BIT_STRING           ,"expecting a bit string"},
 {ASN1_R_EXPECTING_A_BOOLEAN              ,"expecting a boolean"},
+{ASN1_R_EXPECTING_A_GENERALIZEDTIME      ,"expecting a generalizedtime"},
+{ASN1_R_EXPECTING_A_NULL                 ,"expecting a null"},
 {ASN1_R_EXPECTING_A_TIME                 ,"expecting a time"},
-{ASN1_R_EXPLICIT_LENGTH_MISMATCH         ,"explicit length mismatch"},
-{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED     ,"explicit tag not constructed"},
-{ASN1_R_FIELD_MISSING                    ,"field missing"},
+{ASN1_R_EXPECTING_A_UTCTIME              ,"expecting a utctime"},
 {ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
+{ASN1_R_GENERALIZEDTIME_TOO_LONG         ,"generalizedtime too long"},
 {ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
 {ASN1_R_ILLEGAL_CHARACTERS               ,"illegal characters"},
-{ASN1_R_ILLEGAL_NULL                     ,"illegal null"},
-{ASN1_R_ILLEGAL_OPTIONAL_ANY             ,"illegal optional any"},
-{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"},
-{ASN1_R_ILLEGAL_TAGGED_ANY               ,"illegal tagged any"},
-{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG       ,"integer too large for long"},
 {ASN1_R_INVALID_BMPSTRING_LENGTH         ,"invalid bmpstring length"},
 {ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
 {ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
@@ -183,37 +303,32 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_INVALID_UTF8STRING               ,"invalid utf8string"},
 {ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
 {ASN1_R_LENGTH_ERROR                     ,"length error"},
-{ASN1_R_MISSING_EOC                      ,"missing eoc"},
 {ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
-{ASN1_R_MSTRING_NOT_UNIVERSAL            ,"mstring not universal"},
-{ASN1_R_MSTRING_WRONG_TAG                ,"mstring wrong tag"},
 {ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
 {ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
-{ASN1_R_NO_MATCHING_CHOICE_TYPE          ,"no matching choice type"},
 {ASN1_R_NULL_IS_WRONG_LENGTH             ,"null is wrong length"},
 {ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
+{ASN1_R_PARSING                          ,"parsing"},
 {ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
 {ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
-{ASN1_R_SEQUENCE_LENGTH_MISMATCH         ,"sequence length mismatch"},
-{ASN1_R_SEQUENCE_NOT_CONSTRUCTED         ,"sequence not constructed"},
 {ASN1_R_SHORT_LINE                       ,"short line"},
 {ASN1_R_STRING_TOO_LONG                  ,"string too long"},
 {ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
 {ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
 {ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
 {ASN1_R_TOO_LONG                         ,"too long"},
-{ASN1_R_TYPE_NOT_CONSTRUCTED             ,"type not constructed"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
-{ASN1_R_UNEXPECTED_EOC                   ,"unexpected eoc"},
+{ASN1_R_UNKNOWN_ATTRIBUTE_TYPE           ,"unknown attribute type"},
 {ASN1_R_UNKNOWN_FORMAT                   ,"unknown format"},
 {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
 {ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
 {ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
-{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE  ,"unsupported any defined by type"},
 {ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
 {ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
 {ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
+{ASN1_R_UTCTIME_TOO_LONG                 ,"utctime too long"},
+{ASN1_R_WRONG_PRINTABLE_TYPE             ,"wrong printable type"},
 {ASN1_R_WRONG_TAG                        ,"wrong tag"},
 {ASN1_R_WRONG_TYPE                       ,"wrong type"},
 {0,NULL}
@@ -228,7 +343,7 @@ void ERR_load_ASN1_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef OPENSSL_NO_ERR
+#ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
 #endif
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>

 static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
 static void asn1_put_length(unsigned char **pp, int length);
@@ -300,7 +301,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length)
 		return(0);
 		}
 	if (c->inf == (1|V_ASN1_CONSTRUCTED))
-		c->slen= *length+ *(c->pp)-c->p;
+		c->slen= *length;
 	c->eos=0;
 	return(1);
 	}
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -70,14 +70,14 @@ extern "C" {
 #endif 

 #define ASN1_MAC_H_err(f,r,line) \
-	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
+	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),ERR_file_name,(line))

 #define M_ASN1_D2I_vars(a,type,func) \
 	ASN1_CTX c; \
 	type ret=NULL; \
 	\
-	c.pp=(unsigned char **)pp; \
-	c.q= *(unsigned char **)pp; \
+	c.pp=pp; \
+	c.q= *pp; \
 	c.error=ERR_R_NESTED_ASN1_ERROR; \
 	if ((a == NULL) || ((*a) == NULL)) \
 		{ if ((ret=(type)func()) == NULL) \
@@ -85,13 +85,13 @@ extern "C" {
 	else	ret=(*a);

 #define M_ASN1_D2I_Init() \
-	c.p= *(unsigned char **)pp; \
+	c.p= *pp; \
 	c.max=(length == 0)?0:(c.p+length);

 #define M_ASN1_D2I_Finish_2(a) \
 	if (!asn1_Finish(&c)) \
 		{ c.line=__LINE__; goto err; } \
-	*(unsigned char **)pp=c.p; \
+	*pp=c.p; \
 	if (a != NULL) (*a)=ret; \
 	return(ret);

@@ -99,7 +99,7 @@ extern "C" {
 	M_ASN1_D2I_Finish_2(a); \
 err:\
 	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
+	asn1_add_error(*pp,(int)(c.q- *pp)); \
 	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
 	return(NULL)

@@ -196,6 +196,9 @@ err:\
 	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);

+#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
+	if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
 	if ((c.slen != 0) && \
 		(M_ASN1_next == \
@@ -389,6 +392,9 @@ err:\
 		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);

+#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
+		if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_I2D_len_IMP_SET(a,f,x) \
 		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);

@@ -452,6 +458,15 @@ err:\
 			ret+=ASN1_object_size(1,v,mtag); \
 			}

+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+		if (a)\
+			{ \
+			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+						 V_ASN1_UNIVERSAL, \
+						 IS_SEQUENCE); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
 /* Put Macros */
 #define M_ASN1_I2D_put(a,f)	f(a,&p)

@@ -536,6 +551,14 @@ err:\
 					       IS_SEQUENCE); \
 			}

+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+		if (a) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+					       IS_SEQUENCE); \
+			}
+
 #define M_ASN1_I2D_seq_total() \
 		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
 		if (pp == NULL) return(r); \
--- a/crypto/asn1/asn1t.h
+++ b/crypto/asn1/asn1t.h
@@ -1,840 +0,0 @@
-/* asn1t.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_ASN1T_H
-#define HEADER_ASN1T_H
-
-#include <stddef.h>
-#include <openssl/e_os2.h>
-#include <openssl/asn1.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-/* ASN1 template defines, structures and functions */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
-
-
-/* Macros for start and end of ASN1_ITEM definition */
-
-#define ASN1_ITEM_start(itname) \
-	OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
-
-#define ASN1_ITEM_end(itname) \
-		};
-
-#else
-
-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
-
-
-/* Macros for start and end of ASN1_ITEM definition */
-
-#define ASN1_ITEM_start(itname) \
-	const ASN1_ITEM * itname##_it(void) \
-	{ \
-		static const ASN1_ITEM local_it = { \
-
-#define ASN1_ITEM_end(itname) \
-		}; \
-	return &local_it; \
-	}
-
-#endif
-
-
-/* Macros to aid ASN1 template writing */
-
-#define ASN1_ITEM_TEMPLATE(tname) \
-	const static ASN1_TEMPLATE tname##_item_tt 
-
-#define ASN1_ITEM_TEMPLATE_END(tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_PRIMITIVE,\
-		-1,\
-		&tname##_item_tt,\
-		0,\
-		NULL,\
-		0,\
-		#tname \
-	ASN1_ITEM_end(tname)
-
-
-/* This is a ASN1 type which just embeds a template */
- 
-/* This pair helps declare a SEQUENCE. We can do:
- *
- * 	ASN1_SEQUENCE(stname) = {
- * 		... SEQUENCE components ...
- * 	} ASN1_SEQUENCE_END(stname)
- *
- * 	This will produce an ASN1_ITEM called stname_it
- *	for a structure called stname.
- *
- * 	If you want the same structure but a different
- *	name then use:
- *
- * 	ASN1_SEQUENCE(itname) = {
- * 		... SEQUENCE components ...
- * 	} ASN1_SEQUENCE_END_name(stname, itname)
- *
- *	This will create an item called itname_it using
- *	a structure called stname.
- */
-
-#define ASN1_SEQUENCE(tname) \
-	const static ASN1_TEMPLATE tname##_seq_tt[] 
-
-#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
-
-#define ASN1_SEQUENCE_END_name(stname, tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_SEQUENCE,\
-		V_ASN1_SEQUENCE,\
-		tname##_seq_tt,\
-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-		NULL,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-#define ASN1_SEQUENCE_cb(tname, cb) \
-	const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_BROKEN_SEQUENCE(tname) \
-	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_SEQUENCE_ref(tname, cb, lck) \
-	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_SEQUENCE_enc(tname, enc, cb) \
-	const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
-
-#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-
-#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-
-#define ASN1_SEQUENCE_END_ref(stname, tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_SEQUENCE,\
-		V_ASN1_SEQUENCE,\
-		tname##_seq_tt,\
-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-		&tname##_aux,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-
-/* This pair helps declare a CHOICE type. We can do:
- *
- * 	ASN1_CHOICE(chname) = {
- * 		... CHOICE options ...
- * 	ASN1_CHOICE_END(chname)
- *
- * 	This will produce an ASN1_ITEM called chname_it
- *	for a structure called chname. The structure
- *	definition must look like this:
- *	typedef struct {
- *		int type;
- *		union {
- *			ASN1_SOMETHING *opt1;
- *			ASN1_SOMEOTHER *opt2;
- *		} value;
- *	} chname;
- *	
- *	the name of the selector must be 'type'.
- * 	to use an alternative selector name use the
- *      ASN1_CHOICE_END_selector() version.
- */
-
-#define ASN1_CHOICE(tname) \
-	const static ASN1_TEMPLATE tname##_ch_tt[] 
-
-#define ASN1_CHOICE_cb(tname, cb) \
-	const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
-	ASN1_CHOICE(tname)
-
-#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
-
-#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
-
-#define ASN1_CHOICE_END_selector(stname, tname, selname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_CHOICE,\
-		offsetof(stname,selname) ,\
-		tname##_ch_tt,\
-		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
-		NULL,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-#define ASN1_CHOICE_END_cb(stname, tname, selname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_CHOICE,\
-		offsetof(stname,selname) ,\
-		tname##_ch_tt,\
-		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
-		&tname##_aux,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-/* This helps with the template wrapper form of ASN1_ITEM */
-
-#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
-	(flags), (tag), 0,\
-	#name, ASN1_ITEM_ref(type) }
-
-/* These help with SEQUENCE or CHOICE components */
-
-/* used to declare other types */
-
-#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
-	(flags), (tag), offsetof(stname, field),\
-	#field, ASN1_ITEM_ref(type) }
-
-/* used when the structure is combined with the parent */
-
-#define ASN1_EX_COMBINE(flags, tag, type) { \
-	(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
-
-/* implicit and explicit helper macros */
-
-#define ASN1_IMP_EX(stname, field, type, tag, ex) \
-		ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
-
-#define ASN1_EXP_EX(stname, field, type, tag, ex) \
-		ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
-
-/* Any defined by macros: the field used is in the table itself */
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
-#else
-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
-#endif
-/* Plain simple type */
-#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
-
-/* OPTIONAL simple type */
-#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* IMPLICIT tagged simple type */
-#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
-
-/* IMPLICIT tagged OPTIONAL simple type */
-#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
-
-/* Same as above but EXPLICIT */
-
-#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
-#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
-
-/* SEQUENCE OF type */
-#define ASN1_SEQUENCE_OF(stname, field, type) \
-		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
-
-/* OPTIONAL SEQUENCE OF */
-#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
-		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* Same as above but for SET OF */
-
-#define ASN1_SET_OF(stname, field, type) \
-		ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
-
-#define ASN1_SET_OF_OPT(stname, field, type) \
-		ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
-
-#define ASN1_IMP_SET_OF(stname, field, type, tag) \
-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
-
-#define ASN1_EXP_SET_OF(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
-
-#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
-
-#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
-
-#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
-
-/* Macros for the ASN1_ADB structure */
-
-#define ASN1_ADB(name) \
-	const static ASN1_ADB_TABLE name##_adbtbl[] 
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
-	;\
-	const static ASN1_ADB name##_adb = {\
-		flags,\
-		offsetof(name, field),\
-		app_table,\
-		name##_adbtbl,\
-		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
-		def,\
-		none\
-	}
-
-#else
-
-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
-	;\
-	const static ASN1_ITEM *name##_adb(void) \
-	{ \
-	const static ASN1_ADB internal_adb = \
-		{\
-		flags,\
-		offsetof(name, field),\
-		app_table,\
-		name##_adbtbl,\
-		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
-		def,\
-		none\
-		}; \
-		return (const ASN1_ITEM *) &internal_adb; \
-	} \
-	void dummy_function(void)
-
-#endif
-
-#define ADB_ENTRY(val, template) {val, template}
-
-#define ASN1_ADB_TEMPLATE(name) \
-	const static ASN1_TEMPLATE name##_tt 
-
-/* This is the ASN1 template structure that defines
- * a wrapper round the actual type. It determines the
- * actual position of the field in the value structure,
- * various flags such as OPTIONAL and the field name.
- */
-
-struct ASN1_TEMPLATE_st {
-unsigned long flags;		/* Various flags */
-long tag;			/* tag, not used if no tagging */
-unsigned long offset;		/* Offset of this field in structure */
-#ifndef NO_ASN1_FIELD_NAMES
-char *field_name;		/* Field name */
-#endif
-ASN1_ITEM_EXP *item;		/* Relevant ASN1_ITEM or ASN1_ADB */
-};
-
-/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
-
-#define ASN1_TEMPLATE_item(t) (t->item_ptr)
-#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
-
-typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
-typedef struct ASN1_ADB_st ASN1_ADB;
-
-struct ASN1_ADB_st {
-	unsigned long flags;	/* Various flags */
-	unsigned long offset;	/* Offset of selector field */
-	STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
-	const ASN1_ADB_TABLE *tbl;	/* Table of possible types */
-	long tblcount;		/* Number of entries in tbl */
-	const ASN1_TEMPLATE *default_tt;  /* Type to use if no match */
-	const ASN1_TEMPLATE *null_tt;  /* Type to use if selector is NULL */
-};
-
-struct ASN1_ADB_TABLE_st {
-	long value;		/* NID for an object or value for an int */
-	const ASN1_TEMPLATE tt;		/* item for this value */
-};
-
-/* template flags */
-
-/* Field is optional */
-#define ASN1_TFLG_OPTIONAL	(0x1)
-
-/* Field is a SET OF */
-#define ASN1_TFLG_SET_OF	(0x1 << 1)
-
-/* Field is a SEQUENCE OF */
-#define ASN1_TFLG_SEQUENCE_OF	(0x2 << 1)
-
-/* Special case: this refers to a SET OF that
- * will be sorted into DER order when encoded *and*
- * the corresponding STACK will be modified to match
- * the new order.
- */
-#define ASN1_TFLG_SET_ORDER	(0x3 << 1)
-
-/* Mask for SET OF or SEQUENCE OF */
-#define ASN1_TFLG_SK_MASK	(0x3 << 1)
-
-/* These flags mean the tag should be taken from the
- * tag field. If EXPLICIT then the underlying type
- * is used for the inner tag.
- */
-
-/* IMPLICIT tagging */
-#define ASN1_TFLG_IMPTAG	(0x1 << 3)
-
-
-/* EXPLICIT tagging, inner tag from underlying type */
-#define ASN1_TFLG_EXPTAG	(0x2 << 3)
-
-#define ASN1_TFLG_TAG_MASK	(0x3 << 3)
-
-/* context specific IMPLICIT */
-#define ASN1_TFLG_IMPLICIT	ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
-
-/* context specific EXPLICIT */
-#define ASN1_TFLG_EXPLICIT	ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
-
-/* If tagging is in force these determine the
- * type of tag to use. Otherwise the tag is
- * determined by the underlying type. These 
- * values reflect the actual octet format.
- */
-
-/* Universal tag */ 
-#define ASN1_TFLG_UNIVERSAL	(0x0<<6)
-/* Application tag */ 
-#define ASN1_TFLG_APPLICATION	(0x1<<6)
-/* Context specific tag */ 
-#define ASN1_TFLG_CONTEXT	(0x2<<6)
-/* Private tag */ 
-#define ASN1_TFLG_PRIVATE	(0x3<<6)
-
-#define ASN1_TFLG_TAG_CLASS	(0x3<<6)
-
-/* These are for ANY DEFINED BY type. In this case
- * the 'item' field points to an ASN1_ADB structure
- * which contains a table of values to decode the
- * relevant type
- */
-
-#define ASN1_TFLG_ADB_MASK	(0x3<<8)
-
-#define ASN1_TFLG_ADB_OID	(0x1<<8)
-
-#define ASN1_TFLG_ADB_INT	(0x1<<9)
-
-/* This flag means a parent structure is passed
- * instead of the field: this is useful is a
- * SEQUENCE is being combined with a CHOICE for
- * example. Since this means the structure and
- * item name will differ we need to use the
- * ASN1_CHOICE_END_name() macro for example.
- */
-
-#define ASN1_TFLG_COMBINE	(0x1<<10)
-
-/* This is the actual ASN1 item itself */
-
-struct ASN1_ITEM_st {
-char itype;			/* The item type, primitive, SEQUENCE, CHOICE or extern */
-long utype;			/* underlying type */
-const ASN1_TEMPLATE *templates;	/* If SEQUENCE or CHOICE this contains the contents */
-long tcount;			/* Number of templates if SEQUENCE or CHOICE */
-const void *funcs;		/* functions that handle this type */
-long size;			/* Structure size (usually)*/
-#ifndef NO_ASN1_FIELD_NAMES
-const char *sname;		/* Structure name */
-#endif
-};
-
-/* These are values for the itype field and
- * determine how the type is interpreted.
- *
- * For PRIMITIVE types the underlying type
- * determines the behaviour if items is NULL.
- *
- * Otherwise templates must contain a single 
- * template and the type is treated in the
- * same way as the type specified in the template.
- *
- * For SEQUENCE types the templates field points
- * to the members, the size field is the
- * structure size.
- *
- * For CHOICE types the templates field points
- * to each possible member (typically a union)
- * and the 'size' field is the offset of the
- * selector.
- *
- * The 'funcs' field is used for application
- * specific functions. 
- *
- * For COMPAT types the funcs field gives a
- * set of functions that handle this type, this
- * supports the old d2i, i2d convention.
- *
- * The EXTERN type uses a new style d2i/i2d.
- * The new style should be used where possible
- * because it avoids things like the d2i IMPLICIT
- * hack.
- *
- * MSTRING is a multiple string type, it is used
- * for a CHOICE of character strings where the
- * actual strings all occupy an ASN1_STRING
- * structure. In this case the 'utype' field
- * has a special meaning, it is used as a mask
- * of acceptable types using the B_ASN1 constants.
- *
- */
-
-#define ASN1_ITYPE_PRIMITIVE	0x0
-
-#define ASN1_ITYPE_SEQUENCE	0x1
-
-#define ASN1_ITYPE_CHOICE	0x2
-
-#define ASN1_ITYPE_COMPAT	0x3
-
-#define ASN1_ITYPE_EXTERN	0x4
-
-#define ASN1_ITYPE_MSTRING	0x5
-
-/* Cache for ASN1 tag and length, so we
- * don't keep re-reading it for things
- * like CHOICE
- */
-
-struct ASN1_TLC_st{
-	char valid;	/* Values below are valid */
-	int ret;	/* return value */
-	long plen;	/* length */
-	int ptag;	/* class value */
-	int pclass;	/* class value */
-	int hdrlen;	/* header length */
-};
-
-/* Typedefs for ASN1 function pointers */
-
-typedef ASN1_VALUE * ASN1_new_func(void);
-typedef void ASN1_free_func(ASN1_VALUE *a);
-typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, unsigned char ** in, long length);
-typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
-
-typedef int ASN1_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
-					int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
-typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-typedef struct ASN1_COMPAT_FUNCS_st {
-	ASN1_new_func *asn1_new;
-	ASN1_free_func *asn1_free;
-	ASN1_d2i_func *asn1_d2i;
-	ASN1_i2d_func *asn1_i2d;
-} ASN1_COMPAT_FUNCS;
-
-typedef struct ASN1_EXTERN_FUNCS_st {
-	void *app_data;
-	ASN1_ex_new_func *asn1_ex_new;
-	ASN1_ex_free_func *asn1_ex_free;
-	ASN1_ex_free_func *asn1_ex_clear;
-	ASN1_ex_d2i *asn1_ex_d2i;
-	ASN1_ex_i2d *asn1_ex_i2d;
-} ASN1_EXTERN_FUNCS;
-
-typedef struct ASN1_PRIMITIVE_FUNCS_st {
-	void *app_data;
-	unsigned long flags;
-	ASN1_ex_new_func *prim_new;
-	ASN1_ex_free_func *prim_free;
-	ASN1_ex_free_func *prim_clear;
-	ASN1_primitive_c2i *prim_c2i;
-	ASN1_primitive_i2c *prim_i2c;
-} ASN1_PRIMITIVE_FUNCS;
-
-/* This is the ASN1_AUX structure: it handles various
- * miscellaneous requirements. For example the use of
- * reference counts and an informational callback.
- *
- * The "informational callback" is called at various
- * points during the ASN1 encoding and decoding. It can
- * be used to provide minor customisation of the structures
- * used. This is most useful where the supplied routines
- * *almost* do the right thing but need some extra help
- * at a few points. If the callback returns zero then
- * it is assumed a fatal error has occurred and the 
- * main operation should be abandoned.
- *
- * If major changes in the default behaviour are required
- * then an external type is more appropriate.
- */
-
-typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
-
-typedef struct ASN1_AUX_st {
-	void *app_data;
-	int flags;
-	int ref_offset;		/* Offset of reference value */
-	int ref_lock;		/* Lock type to use */
-	ASN1_aux_cb *asn1_cb;
-	int enc_offset;		/* Offset of ASN1_ENCODING structure */
-} ASN1_AUX;
-
-/* Flags in ASN1_AUX */
-
-/* Use a reference count */
-#define ASN1_AFLG_REFCOUNT	1
-/* Save the encoding of structure (useful for signatures) */
-#define ASN1_AFLG_ENCODING	2
-/* The Sequence length is invalid */
-#define ASN1_AFLG_BROKEN	4
-
-/* operation values for asn1_cb */
-
-#define ASN1_OP_NEW_PRE		0
-#define ASN1_OP_NEW_POST	1
-#define ASN1_OP_FREE_PRE	2
-#define ASN1_OP_FREE_POST	3
-#define ASN1_OP_D2I_PRE		4
-#define ASN1_OP_D2I_POST	5
-#define ASN1_OP_I2D_PRE		6
-#define ASN1_OP_I2D_POST	7
-
-/* Macro to implement a primitive type */
-#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
-#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
-				ASN1_ITEM_start(itname) \
-					ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
-				ASN1_ITEM_end(itname)
-
-/* Macro to implement a multi string type */
-#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
-				ASN1_ITEM_start(itname) \
-					ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
-				ASN1_ITEM_end(itname)
-
-/* Macro to implement an ASN1_ITEM in terms of old style funcs */
-
-#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
-
-#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
-	static const ASN1_COMPAT_FUNCS sname##_ff = { \
-		(ASN1_new_func *)sname##_new, \
-		(ASN1_free_func *)sname##_free, \
-		(ASN1_d2i_func *)d2i_##sname, \
-		(ASN1_i2d_func *)i2d_##sname, \
-	}; \
-	ASN1_ITEM_start(sname) \
-		ASN1_ITYPE_COMPAT, \
-		tag, \
-		NULL, \
-		0, \
-		&sname##_ff, \
-		0, \
-		#sname \
-	ASN1_ITEM_end(sname)
-
-#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
-	ASN1_ITEM_start(sname) \
-		ASN1_ITYPE_EXTERN, \
-		tag, \
-		NULL, \
-		0, \
-		&fptrs, \
-		0, \
-		#sname \
-	ASN1_ITEM_end(sname)
-
-/* Macro to implement standard functions in terms of ASN1_ITEM structures */
-
-#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
-			IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
-
-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
-	stname *fname##_new(void) \
-	{ \
-		return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
-	} \
-	void fname##_free(stname *a) \
-	{ \
-		ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
-	}
-
-#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
-	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
-	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
-
-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
-	stname *d2i_##fname(stname **a, unsigned char **in, long len) \
-	{ \
-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
-	} \
-	int i2d_##fname(stname *a, unsigned char **out) \
-	{ \
-		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
-	} 
-
-/* This includes evil casts to remove const: they will go away when full
- * ASN1 constification is done.
- */
-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
-	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
-	{ \
-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\
-	} \
-	int i2d_##fname(const stname *a, unsigned char **out) \
-	{ \
-		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
-	} 
-
-#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
-		IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
-	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
-	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
-
-/* external definitions for primitive types */
-
-DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_ANY)
-DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
-DECLARE_ASN1_ITEM(CBIGNUM)
-DECLARE_ASN1_ITEM(BIGNUM)
-DECLARE_ASN1_ITEM(LONG)
-DECLARE_ASN1_ITEM(ZLONG)
-
-DECLARE_STACK_OF(ASN1_VALUE)
-
-/* Functions used internally by the ASN1 code */
-
-int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt);
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
-				int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
-
-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-
-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
-
-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
-
-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
@@ -60,8 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>

-#ifndef NO_ASN1_OLD
-
 /* ASN1 packing and unpacking functions */

 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
@@ -145,47 +143,3 @@ ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_STRING **oct)
 	return octmp;
 }

-#endif
-
-/* ASN1_ITEM versions of the above */
-
-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
-{
-	ASN1_STRING *octmp;
-
-	if (!oct || !*oct) {
-		if (!(octmp = ASN1_STRING_new ())) {
-			ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-			return NULL;
-		}
-		if (oct) *oct = octmp;
-	} else octmp = *oct;
-
-	if(octmp->data) {
-		OPENSSL_free(octmp->data);
-		octmp->data = NULL;
-	}
-		
-	if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
-		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
-		return NULL;
-	}
-	if (!octmp->data) {
-		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	return octmp;
-}
-
-/* Extract an ASN1 object from an ASN1_STRING */
-
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
-{
-	unsigned char *p;
-	void *ret;
-
-	p = oct->data;
-	if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
-		ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
-	return ret;
-}
--- a/crypto/asn1/d2i_dhp.c
+++ b/crypto/asn1/d2i_dhp.c
@@ -0,0 +1,101 @@
+/* crypto/asn1/d2i_dhp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DH
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+
+DH *d2i_DHparams(DH **a, unsigned char **pp, long length)
+	{
+	int i=ERR_R_NESTED_ASN1_ERROR;
+	ASN1_INTEGER *bs=NULL;
+	long v=0;
+	M_ASN1_D2I_vars(a,DH *,DH_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
+
+	if (!M_ASN1_D2I_end_sequence())
+		{
+		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+		for (i=0; i<bs->length; i++)
+			v=(v<<8)|(bs->data[i]);
+		ret->length=(int)v;
+		}
+
+	M_ASN1_BIT_STRING_free(bs);
+
+	M_ASN1_D2I_Finish_2(a);
+
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_DHPARAMS,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DH_free(ret);
+	if (bs != NULL) M_ASN1_BIT_STRING_free(bs);
+	return(NULL);
+	}
+#endif
--- a/crypto/asn1/d2i_dsap.c
+++ b/crypto/asn1/d2i_dsap.c
@@ -0,0 +1,98 @@
+/* crypto/asn1/d2i_dsap.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef NO_DSA
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+
+#ifndef NO_NEG_PUBKEY_BUG
+#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
+#endif
+
+DSA *d2i_DSAparams(DSA **a, unsigned char **pp, long length)
+	{
+	int i=ERR_R_NESTED_ASN1_ERROR;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,DSA *,DSA_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL) goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
+
+	M_ASN1_BIT_STRING_free(bs);
+
+	M_ASN1_D2I_Finish_2(a);
+
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	ASN1err(ASN1_F_D2I_DSAPARAMS,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_free(ret);
+	if (bs != NULL) M_ASN1_BIT_STRING_free(bs);
+	return(NULL);
+	}
+#endif
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -82,20 +82,18 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 	ret->type=EVP_PKEY_type(type);
 	switch (ret->type)
 		{
-#ifndef OPENSSL_NO_RSA
+#ifndef NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL)
 			{
 			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
 #endif
-#ifndef OPENSSL_NO_DSA
+#ifndef NO_DSA
 	case EVP_PKEY_DSA:
-		if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+		if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,pp,length)) == NULL)
 			{
 			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
 			goto err;
--- a/Show More
+++ b/Show More