This commit was manufactured by cvs2svn to create tag

'LEVITTE_before_const'.
2004-03-15 23:02:56 +00:00
1195 changed files with 44702 additions and 107777 deletions
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,4 +1,5 @@
 openssl.pc
 Makefile.ssl
 MINFO
 makefile.one
 tmp
@@ -13,6 +14,3 @@ cctest.c
 cctest.a
 libcrypto.so.*
 libssl.so.*
 *.flc
 semantic.cache
 Makefile
--- a/1198
+++ b/1198
--- a/ChangeLog.0_9_7-stable_not-in-head
+++ b/ChangeLog.0_9_7-stable_not-in-head
@@ -1,163 +0,0 @@
 This file, together with ChangeLog.0_9_7-stable_not-in-head_FIPS,
 provides a collection of those CVS change log entries for the
 0.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in
 0.9.8-dev (CVS head).
 ChangeLog.0_9_7-stable_not-in-head_FIPS  -  "FIPS" related changes
 ChangeLog.0_9_7-stable_not-in-head       -  everything else
 Some obvious false positives have been eliminated: e.g., we do not
 care about a simple "make update"; and we don't care about changes
 identified to the 0.9.7 branch that were explicitly identified as
 backports from head.
 Eliminating all other entries (and finally this file and its
 compantion), either as false positives or as things that should go
 into 0.9.8, remains to be done.  Any additional changes to 0.9.7 that
 are not immediately put into 0.9.8, but belong there as well, should
 be added to the end of this file.
 2002-11-04 17:33  levitte
 	Changed:
 		Configure (1.314.2.38), "Exp", lines: +4 -2
 	Return my normal debug targets to something not so extreme, and
 	make the extreme ones special (or 'extreme', if you will :-)).
 2002-12-16 19:17  appro
 	Changed:
 		crypto/bn/bn_lcl.h (1.23.2.3), "Exp", lines: +3 -0
 		crypto/bn/bn_mul.c (1.28.2.4), "Exp", lines: +84 -445
 	This is rollback to 0.9.6h bn_mul.c to address problem reported in
 	RT#272.
 2003-07-27 15:46  ben
 	Changed:
 		crypto/aes/aes.h (1.1.2.5), "Exp", lines: +3 -0
 		crypto/aes/aes_cfb.c (1.1.2.4), "Exp", lines: +57 -0
 	Add untested CFB-r mode. Will be tested soon.
 2003-07-28 17:07  ben
 	Changed:
 		Makefile.org (1.154.2.69), "Exp", lines: +5 -1
 		crypto/aes/aes.h (1.1.2.6), "Exp", lines: +3 -0
 		crypto/aes/aes_cfb.c (1.1.2.5), "Exp", lines: +19 -0
 		crypto/dsa/Makefile.ssl (1.49.2.6), "Exp", lines: +3 -2
 		crypto/err/Makefile.ssl (1.48.2.4), "Exp", lines: +17 -16
 		crypto/evp/e_aes.c (1.6.2.5), "Exp", lines: +8 -0
 		crypto/evp/e_des.c (1.5.2.2), "Exp", lines: +1 -1
 		crypto/evp/e_des3.c (1.8.2.3), "Exp", lines: +2 -2
 		crypto/evp/evp.h (1.86.2.11), "Exp", lines: +28 -11
 		crypto/evp/evp_locl.h (1.7.2.3), "Exp", lines: +2 -2
 		crypto/objects/obj_dat.h (1.49.2.13), "Exp", lines: +10 -5
 		crypto/objects/obj_mac.h (1.19.2.13), "Exp", lines: +5 -0
 		crypto/objects/obj_mac.num (1.15.2.9), "Exp", lines: +1 -0
 		crypto/objects/objects.txt (1.20.2.14), "Exp", lines: +4 -0
 		fips/Makefile.ssl (1.1.2.3), "Exp", lines: +7 -0
 		fips/aes/Makefile.ssl (1.1.2.2), "Exp", lines: +23 -1
 		fips/aes/fips_aesavs.c (1.1.2.3), "Exp", lines: +9 -1
 		test/Makefile.ssl (1.84.2.30), "Exp", lines: +101 -43
 	Add support for partial CFB modes, make tests work, update
 	dependencies.
 2003-07-29 12:56  ben
 	Changed:
 		crypto/aes/aes_cfb.c (1.1.2.6), "Exp", lines: +9 -6
 		crypto/evp/c_allc.c (1.8.2.3), "Exp", lines: +1 -0
 		crypto/evp/evp_test.c (1.14.2.11), "Exp", lines: +17 -8
 		crypto/evp/evptests.txt (1.9.2.2), "Exp", lines: +48 -1
 	Working CFB1 and test vectors.
 2003-07-29 15:24  ben
 	Changed:
 		crypto/evp/e_aes.c (1.6.2.6), "Exp", lines: +14 -0
 		crypto/objects/obj_dat.h (1.49.2.14), "Exp", lines: +15 -5
 		crypto/objects/obj_mac.h (1.19.2.14), "Exp", lines: +10 -0
 		crypto/objects/obj_mac.num (1.15.2.10), "Exp", lines: +2 -0
 		crypto/objects/objects.txt (1.20.2.15), "Exp", lines: +2 -0
 		fips/aes/Makefile.ssl (1.1.2.3), "Exp", lines: +1 -1
 		fips/aes/fips_aesavs.c (1.1.2.4), "Exp", lines: +34 -19
 	The rest of the keysizes for CFB1, working AES AVS test for CFB1.
 2003-07-29 19:05  ben
 	Changed:
 		crypto/aes/aes.h (1.1.2.7), "Exp", lines: +3 -0
 		crypto/aes/aes_cfb.c (1.1.2.7), "Exp", lines: +14 -0
 		crypto/evp/c_allc.c (1.8.2.4), "Exp", lines: +1 -0
 		crypto/evp/e_aes.c (1.6.2.7), "Exp", lines: +4 -9
 		crypto/evp/evptests.txt (1.9.2.3), "Exp", lines: +48 -0
 		crypto/objects/obj_dat.h (1.49.2.15), "Exp", lines: +20 -5
 		crypto/objects/obj_mac.h (1.19.2.15), "Exp", lines: +15 -0
 		crypto/objects/obj_mac.num (1.15.2.11), "Exp", lines: +3 -0
 		crypto/objects/objects.txt (1.20.2.16), "Exp", lines: +3 -0
 		fips/aes/fips_aesavs.c (1.1.2.7), "Exp", lines: +11 -0
 	AES CFB8.
 2003-07-30 20:30  ben
 	Changed:
 		Makefile.org (1.154.2.70), "Exp", lines: +16 -5
 		crypto/des/cfb_enc.c (1.7.2.1), "Exp", lines: +2 -1
 		crypto/des/des_enc.c (1.11.2.2), "Exp", lines: +4 -0
 		crypto/evp/e_aes.c (1.6.2.8), "Exp", lines: +7 -14
 		crypto/evp/e_des.c (1.5.2.3), "Exp", lines: +37 -1
 		crypto/evp/evp.h (1.86.2.12), "Exp", lines: +6 -0
 		crypto/evp/evp_locl.h (1.7.2.4), "Exp", lines: +9 -0
 		crypto/objects/obj_dat.h (1.49.2.16), "Exp", lines: +48 -23
 		crypto/objects/obj_mac.h (1.19.2.16), "Exp", lines: +31 -6
 		crypto/objects/obj_mac.num (1.15.2.12), "Exp", lines: +5 -0
 		crypto/objects/objects.txt (1.20.2.17), "Exp", lines: +12 -6
 		fips/Makefile.ssl (1.1.2.4), "Exp", lines: +8 -1
 		fips/fips_make_sha1 (1.1.2.3), "Exp", lines: +3 -0
 		fips/aes/Makefile.ssl (1.1.2.4), "Exp", lines: +1 -1
 		fips/des/.cvsignore (1.1.2.1), "Exp", lines: +3 -0
 		fips/des/Makefile.ssl (1.1.2.1), "Exp", lines: +96 -0
 		fips/des/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
 		fips/des/fips_des_enc.c (1.1.2.1), "Exp", lines: +288 -0
 		fips/des/fips_des_locl.h (1.1.2.1), "Exp", lines: +428 -0
 		fips/des/fips_desmovs.c (1.1.2.1), "Exp", lines: +659 -0
 	Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.
 2003-08-01 12:25  ben
 	Changed:
 		crypto/des/cfb_enc.c (1.7.2.2), "Exp", lines: +45 -36
 		crypto/evp/c_allc.c (1.8.2.5), "Exp", lines: +2 -0
 		crypto/evp/e_des.c (1.5.2.4), "Exp", lines: +8 -3
 		crypto/evp/evptests.txt (1.9.2.4), "Exp", lines: +6 -0
 	Fix DES CFB-r.
 2003-08-01 12:31  ben
 	Changed:
 		crypto/evp/evptests.txt (1.9.2.5), "Exp", lines: +4 -0
 	DES CFB8 test.
 2005-04-19 16:21  appro
 	Changed:
 		Configure (1.314.2.117), "Exp", lines: +24 -21
 		Makefile.org (1.154.2.100), "Exp", lines: +1 -11
 		TABLE (1.99.2.52), "Exp", lines: +20 -20
 		apps/Makefile (1.1.4.15), "Exp", lines: +1 -1
 		test/Makefile (1.1.4.12), "Exp", lines: +1 -1
 	Enable shared link on HP-UX.
--- a/ChangeLog.0_9_7-stable_not-in-head_FIPS
+++ b/ChangeLog.0_9_7-stable_not-in-head_FIPS
--- a/1135
+++ b/1135
--- a/153
+++ b/153
@@ -31,7 +31,6 @@ OpenSSL  -  Frequently Asked Questions
 * Why does my browser give a warning about a mismatched hostname?
 * How do I install a CA certificate into a browser?
 * Why is OpenSSL x509 DN output not conformant to RFC2253?
 * What is a "128 bit certificate"? Can I create one with OpenSSL?
 [BUILD] Questions about building and testing OpenSSL
@@ -47,16 +46,12 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the OpenSSL test suite fail on MacOS X?
 * Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
 * Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
 * Why does the OpenSSL test suite fail in sha512t on x86 CPU?
 * Why does compiler fail to compile sha512.c?
 * Test suite still fails, what to do?
 [PROG] Questions about programming with OpenSSL
 * Is OpenSSL thread-safe?
 * I've compiled a program under Windows and it crashes: why?
 * How do I read or write a DER encoded buffer using the ASN1 functions?
 * OpenSSL uses DER but I need BER format: does OpenSSL support BER?
 * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
 * I've called <some function> and it fails, why?
 * I just get a load of numbers for the error output, what do they mean?
@@ -65,7 +60,6 @@ OpenSSL  -  Frequently Asked Questions
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 * Why doesn't my server application receive a client certificate?
 * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
 * I think I've detected a memory leak, is this a bug?
 ===============================================================================
@@ -74,7 +68,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8e was released on February 23rd, 2007.
+OpenSSL 0.9.7c was released on September 30, 2003.
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -145,8 +139,8 @@ less Unix-centric, it might have been used much earlier.
 With version 0.9.6 OpenSSL was extended to interface to external crypto
 hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 the changes were merged into the main development line,
+version 0.9.7 (not yet released) the changes were merged into the main
-so that the special release is no longer necessary.
+development line, so that the special release is no longer necessary.
 * How do I check the authenticity of the OpenSSL distribution?
@@ -156,8 +150,7 @@ Use MD5 to check that a tarball from a mirror site is identical:
   md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
 You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server, see a
+member public key used to sign it (download it from a key server). Then
 list of keys at <URL: http://www.openssl.org/about/>). Then
 just do:
   pgp TARBALL.asc
@@ -171,8 +164,8 @@ you if you want to use OpenSSL.  For information on intellectual
 property rights, please consult a lawyer.  The OpenSSL team does not
 offer legal advice.
-You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
+You can configure OpenSSL so as not to use RC5 and IDEA by using
- ./config no-idea no-mdc2 no-rc5
+ ./config no-rc5 no-idea
 * Can I use OpenSSL with GPL software?
@@ -388,43 +381,6 @@ interface, the "-nameopt" option could be introduded. See the manual
 page of the "openssl x509" commandline tool for details. The old behaviour
 has however been left as default for the sake of compatibility.
 * What is a "128 bit certificate"? Can I create one with OpenSSL?
 The term "128 bit certificate" is a highly misleading marketing term. It does
 *not* refer to the size of the public key in the certificate! A certificate
 containing a 128 bit RSA key would have negligible security.
 There were various other names such as "magic certificates", "SGC
 certificates", "step up certificates" etc.
 You can't generally create such a certificate using OpenSSL but there is no
 need to any more. Nowadays web browsers using unrestricted strong encryption
 are generally available.
 When there were tight export restrictions on the export of strong encryption
 software from the US only weak encryption algorithms could be freely exported
 (initially 40 bit and then 56 bit). It was widely recognised that this was
 inadequate. A relaxation the rules allowed the use of strong encryption but
 only to an authorised server.
 Two slighly different techniques were developed to support this, one used by
 Netscape was called "step up", the other used by MSIE was called "Server Gated
 Cryptography" (SGC). When a browser initially connected to a server it would
 check to see if the certificate contained certain extensions and was issued by
 an authorised authority. If these test succeeded it would reconnect using
 strong encryption.
 Only certain (initially one) certificate authorities could issue the
 certificates and they generally cost more than ordinary certificates.
 Although OpenSSL can create certificates containing the appropriate extensions
 the certificate would not come from a permitted authority and so would not
 be recognized.
 The export laws were later changed to allow almost unrestricted use of strong
 encryption so these certificates are now obsolete.
 [BUILD] =======================================================================
 * Why does the linker complain about undefined symbols?
@@ -514,10 +470,6 @@ This will only compile sha_dgst.c with -O0, the rest with the optimization
 level chosen by the configuration process.  When the above is done, do the
 test and installation and you're set.
 3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It 
 should not be used and is not used in SSL/TLS nor any other recognized
 protocol in either case.
 * Why does the OpenSSL compilation fail with "ar: command not found"?
@@ -639,35 +591,6 @@ Reportedly elder *BSD a.out platforms also suffer from this problem and
 remedy should be same. Provided binary is statically linked and should be
 working across wider range of *BSD branches, not just OpenBSD.
 * Why does the OpenSSL test suite fail in sha512t on x86 CPU?
 If the test program in question fails withs SIGILL, Illegal Instruction
 exception, then you more than likely to run SSE2-capable CPU, such as
 Intel P4, under control of kernel which does not support SSE2
 instruction extentions. See accompanying INSTALL file and
 OPENSSL_ia32cap(3) documentation page for further information.
 * Why does compiler fail to compile sha512.c?
 OpenSSL SHA-512 implementation depends on compiler support for 64-bit
 integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
 couple] lack support for this and therefore are incapable of compiling
 the module in question. The recommendation is to disable SHA-512 by
 adding no-sha512 to ./config [or ./Configure] command line. Another
 possible alternative might be to switch to GCC.
 * Test suite still fails, what to do?
 Another common reason for failure to complete some particular test is
 simply bad code generated by a buggy component in toolchain or deficiency
 in run-time environment. There are few cases documented in PROBLEMS file,
 consult it for possible workaround before you beat the drum. Even if you
 don't find solution or even mention there, do reserve for possibility of
 a compiler bug. Compiler bugs might appear in rather bizarre ways, they
 never make sense, and tend to emerge when you least expect them. In order
 to identify one, drop optimization level, e.g. by editing CFLAG line in
 top-level Makefile, recompile and re-run the test.
 [PROG] ========================================================================
 * Is OpenSSL thread-safe?
@@ -679,9 +602,8 @@ libraries.  If your platform is not one of these, consult the INSTALL
 file.
 Multi-threaded applications must provide two callback functions to
-OpenSSL by calling CRYPTO_set_locking_callback() and
+OpenSSL.  This is described in the threads(3) manpage.
-CRYPTO_set_id_callback().  This is described in the threads(3)
+
 manpage.
 * I've compiled a program under Windows and it crashes: why?
@@ -701,10 +623,10 @@ your application must link  against the same by which OpenSSL was
 built.  If you are using MS Visual C++ (Studio) this can be changed
 by:
- 1. Select Settings... from the Project Menu.
+1.  Select Settings... from the Project Menu.
- 2. Select the C/C++ Tab.
+2.  Select the C/C++ Tab.
- 3. Select "Code Generation from the "Category" drop down list box
+3.  Select "Code Generation from the "Category" drop down list box
- 4. Select the Appropriate library (see table below) from the "Use
+4.  Select the Appropriate library (see table below) from the "Use
    run-time library" drop down list box.  Perform this step for both
    your debug and release versions of your application (look at the
    top left of the settings panel to change between the two)
@@ -723,20 +645,6 @@ by:
 Note that debug and release libraries are NOT interchangeable.  If you
 built OpenSSL with /MD your application must use /MD and cannot use /MDd.
 As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
 .DLLs compiled with some specific run-time option [we insist on the
 default /MD] can be deployed with application compiled with different
 option or even different compiler. But there is a catch! Instead of
 re-compiling OpenSSL toolkit, as you would have to with prior versions,
 you have to compile small C snippet with compiler and/or options of
 your choice. The snippet gets installed as
 <install-root>/include/openssl/applink.c and should be either added to
 your application project or simply #include-d in one [and only one]
 of your application source files. Failure to link this shim module
 into your application manifests itself as fatal "no OPENSSL_Applink"
 run-time error. An explicit reminder is due that in this situation
 [mixing compiler options] it is as important to add CRYPTO_malloc_init
 prior first call to OpenSSL.
 * How do I read or write a DER encoded buffer using the ASN1 functions?
@@ -775,20 +683,6 @@ and attempts to free the buffer will have unpredictable results
 because it no longer points to the same address.
 * OpenSSL uses DER but I need BER format: does OpenSSL support BER?
 The short answer is yes, because DER is a special case of BER and OpenSSL
 ASN1 decoders can process BER.
 The longer answer is that ASN1 structures can be encoded in a number of
 different ways. One set of ways is the Basic Encoding Rules (BER) with various
 permissible encodings. A restriction of BER is the Distinguished Encoding
 Rules (DER): these uniquely specify how a given structure is encoded.
 Therefore, because DER is a special case of BER, DER is an acceptable encoding
 for BER.
 * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
 This usually happens when you try compiling something using the PKCS#12
@@ -871,28 +765,5 @@ The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
 Change your code to use the new name when compiling against OpenSSL 0.9.7.
 * I think I've detected a memory leak, is this a bug?
 In most cases the cause of an apparent memory leak is an OpenSSL internal table
 that is allocated when an application starts up. Since such tables do not grow
 in size over time they are harmless.
 These internal tables can be freed up when an application closes using various
 functions.  Currently these include following:
 Thread-local cleanup functions:
  ERR_remove_state()
 Application-global cleanup functions that are aware of usage (and therefore
 thread-safe):
  ENGINE_cleanup() and CONF_modules_unload()
 "Brutal" (thread-unsafe) Application-global cleanup functions:
  ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
 ===============================================================================
--- a/30
+++ b/30
@@ -75,30 +75,14 @@
  no-asm        Do not use assembler code.
  386           Use the 80386 instruction set only (the default x86 code is
-                more efficient, but requires at least a 486). Note: Use
+                more efficient, but requires at least a 486).
                compiler flags for any other CPU specific configuration,
                e.g. "-m32" to build x86 code on an x64 system.
  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extention is
 		detected at run-time, but the decision whether or not the
 		machine code will be executed is taken solely on CPU
 		capability vector. This means that if you happen to run OS
 		kernel which does not support SSE2 extension on Intel P4
 		processor, then your application might be exposed to
 		"illegal instruction" exception. There might be a way
 		to enable support in kernel, e.g. FreeBSD kernel can be
 		compiled with CPU_ENABLE_SSE, and there is a way to
 		disengage SSE2 code pathes upon application start-up,
 		but if you aim for wider "audience" running such kernel,
 		consider no-sse2. Both 386 and no-asm options above imply
 		no-sse2.
  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
                The crypto/<cipher> directory can be removed after running
                "make depend".
-  -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will
+  -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
                be passed through to the compiler to allow you to
                define preprocessor symbols, specify additional libraries,
                library directories or other compiler options.
@@ -302,10 +286,10 @@
 Note on shared libraries
 ------------------------
- Shared libraries have certain caveats.  Binary backward compatibility
+ Shared library is currently an experimental feature.  The only reason to
- can't be guaranteed before OpenSSL version 1.0.  The only reason to
+ have them would be to conserve memory on systems where several program
- use them would be to conserve memory on systems where several programs
+ are using OpenSSL.  Binary backward compatibility can't be guaranteed
- are using OpenSSL.
+ before OpenSSL version 1.0.
 For some systems, the OpenSSL Configure script knows what is needed to
 build shared libraries for libcrypto and libssl.  On these systems,
@@ -330,7 +314,7 @@
 Note on support for multiple builds
 -----------------------------------
- OpenSSL is usually built in its source tree.  Unfortunately, this doesn't
+ OpenSSL is usually built in it's source tree.  Unfortunately, this doesn't
 support building for multiple platforms from the same source tree very well.
 It is however possible to build in a separate tree through the use of lots
 of symbolic links, which should be prepared like this:
--- a/INSTALL.DJGPP
+++ b/INSTALL.DJGPP
@@ -3,45 +3,32 @@
 INSTALLATION ON THE DOS PLATFORM WITH DJGPP
 -------------------------------------------
- OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
+ Openssl has been ported to DOS, but only with long filename support. If
- environment for 16-bit DOS, but only with long filename support.
+ you wish to compile on native DOS with 8+3 filenames, you will have to
- If you wish to compile on native DOS with 8+3 filenames, you will
+ tweak the installation yourself, including renaming files with illegal
- have to tweak the installation yourself, including renaming files
+ or duplicate names.
 with illegal or duplicate names.
 You should have a full DJGPP environment installed, including the
 latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
 requires that PERL and BC also be installed.
- All of these can be obtained from the usual DJGPP mirror sites or
+ All of these can be obtained from the usual DJGPP mirror sites, such
- directly at "http://www.delorie.com/pub/djgpp". For help on which
+ as "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to
- files to download, see the DJGPP "ZIP PICKER" page at
+ have the WATT-32 networking package installed before you try to compile
- "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
+ openssl. This can be obtained from "http://www.bgnett.no/~giva/".
 the WATT-32 networking package installed before you try to compile
 OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
 The Makefile assumes that the WATT-32 code is in the directory
 specified by the environment variable WATT_ROOT. If you have watt-32
 in directory "watt32" under your main DJGPP directory, specify
 WATT_ROOT="/dev/env/DJDIR/watt32".
- To compile OpenSSL, start your BASH shell, then configure for DJGPP by
+ To compile openssl, start your BASH shell. Then configure for DOS by
- running "./Configure" with appropriate arguments:
+ running "./Configure" with appropriate arguments. The basic syntax for
-
+ DOS is:
-	./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
+ ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
- And finally fire up "make". You may run out of DPMI selectors when
+ You may run out of DPMI selectors when running in a DOS box under
- running in a DOS box under Windows. If so, just close the BASH
+ Windows. If so, just close the BASH shell, go back to Windows, and
- shell, go back to Windows, and restart BASH. Then run "make" again.
+ restart BASH. Then run "make" again.
- RUN-TIME CAVEAT LECTOR
+ Building openssl under DJGPP has been tested with DJGPP 2.03,
- --------------
+ GCC 2.952, GCC 2.953, perl 5.005_02 and perl 5.006_01.
 Quoting FAQ:
  "Cryptographic software needs a source of unpredictable data to work
   correctly.  Many open source operating systems provide a "randomness
   device" (/dev/urandom or /dev/random) that serves this purpose."
 As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
 party "randomness" DOS driver. One such driver, NOISE.SYS, can be
 obtained from "http://www.rahul.net/dkaufman/index.html".
--- a/INSTALL.NW
+++ b/INSTALL.NW
@@ -32,10 +32,6 @@ The necessary LibC functionality ships with NetWare 6.  However, earlier
 NetWare 5.x versions will require updates in order to run the OpenSSL LibC
 build.
 As of June 2005, the LibC build can be configured to use BSD sockets instead
 of WinSock sockets. Call Configure (usually through netware\build.bat) using
 a target of "netware-libc-bsdsock" instead of "netware-libc".
 REQUIRED TOOLS:
 ---------------
@@ -99,18 +95,13 @@ following tools may be required:
         Microsoft SDK.  Note: The winsock2.h support headers may change
         with various versions of winsock2.h.  Check the dependencies
         section on the NDK WinSock2 download page for the latest
-         information on dependencies. These components are unsupported by
+         information on dependencies.
         Novell. They are provided as a courtesy, but it is strongly
         suggested that all development be done using LIBC, not CLIB.
         As of June 2005, the WinSock2 components are available at:
         http://forgeftp.novell.com//ws2comp/
      NLM and NetWare libraries for C (including CLIB and XPlat):
-         If you are going to build a CLIB version of OpenSSL, you will
+			If you are going to build a CLIB version of OpenSSL, you will
-         need the CLIB headers and imports.  The March, 2001 NDK release or 
+			need the CLIB headers and imports.  The March, 2001 NDK release or 
-         later is recommended.
+			later is recommended.
         Earlier versions should work but haven't been tested.  In recent
         versions the import files have been consolidated and function
@@ -124,14 +115,13 @@ following tools may be required:
   LIBC - BUILDS:
      Libraries for C (LibC) - LibC headers and import files
-         If you are going to build a LibC version of OpenSSL, you will
+			If you are going to build a LibC version of OpenSSL, you will
-         need the LibC headers and imports.  The March 14, 2002 NDK release or
+			need the LibC headers and imports.  The March 14, 2002 NDK release or
-         later is required.  
+			later is required.  
         NOTE: The LibC SDK includes the necessary WinSock2 support.  It
         It is not necessary to download the WinSock2 Developer when building
-         for LibC. The LibC SDK also includes the appropriate BSD socket support
+         for LibC.
         if configuring to use BSD sockets.
 BUILDING:
@@ -143,8 +133,8 @@ The set_env.bat file is a template you can use to set up the path
 and environment variables you will need to build.  Modify the
 various lines to point to YOUR tools and run set_env.bat.
-   netware\set_env.bat [target]
+	netware\set_env.bat [target]
-
+	
      target        - "netware-clib" - CLib NetWare build
                    - "netware-libc" - LibC NetWare build
@@ -155,21 +145,23 @@ environment variables:
   MWCIncludes - The location of the NDK include files.
-            CLIB ex: set MWCIncludes=c:\ndk\nwsdk\include\nlm
+			CLIB ex: set MWCIncludes=c:\ndk\nwsdk\include\nlm
-            LibC ex: set MWCIncludes=c:\ndk\libc\include
+			LibC ex: set MWCIncludes=c:\ndk\libc\include
   PRELUDE - The absolute path of the prelude object to link with.  For
-            a CLIB build it is recommended you use the "clibpre.o" files shipped
+			a CLIB build it is recommended you use the "nwpre.obj" file shipped
-            with the Metrowerks PDK for NetWare.  For a LibC build you should 
+			with the Metrowerks PDK for NetWare.  For a LibC build you should 
-            use the "libcpre.o" file delivered with the LibC NDK components.
+			use the "libcpre.o" file delivered with the LibC NDK components.
-
+         
-            CLIB ex: set PRELUDE=c:\ndk\nwsdk\imports\clibpre.o
+			CLIB ex: set PRELUDE=c:\codewar\novell support\metrowerks support\
-            LibC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o
+                               libraries\runtime\nwpre.obj
 			LibC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o
   IMPORTS - The locaton of the NDK import files.
-
+         
-            CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports
+			CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports
-            LibC ex: set IMPORTS=c:\ndk\libc\imports
+			LibC ex: set IMPORTS=c:\ndk\libc\imports
 In order to build, you need to run the Perl scripts to configure the build
@@ -181,10 +173,9 @@ If an assembly option is specified, it also runs the scripts to generate
 the assembly code.  Always run build.bat from the "openssl" directory.
   netware\build [target] [debug opts] [assembly opts] [configure opts]
-
+	
-      target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
+      target        - "netware-clib" - CLib NetWare build
-                    - "netware-libc" - LibC NetWare build (WinSock Sockets)
+                    - "netware-libc" - LibC NetWare build
                    - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
      debug opts    - "debug"  - build debug
@@ -193,39 +184,35 @@ the assembly code.  Always run build.bat from the "openssl" directory.
                      "no-asm"   - don't use assembly
      configure opts- all unrecognized arguments are passed to the
-                      perl configure script
+                       perl configure script
   examples:
-
+	
-      CLIB build, debug, without assembly:
+		CLIB build, debug, without assembly:
-         netware\build.bat netware-clib debug no-asm
+			netware\build.bat netware-clib debug no-asm
-
+		
-      LibC build, non-debug, using NASM assembly:
+		LibC build, non-debug, using NASM assembly:
-         netware\build.bat netware-libc nw-nasm
+			netware\build.bat netware-libc nw-nasm
-
+		
      LibC build, BSD sockets, non-debug, without assembly:
         netware\build.bat netware-libc-bsdsock no-asm
 Running build.bat generates a make file to be processed by your make 
 tool (gmake or nmake):
-   CLIB ex: gmake -f netware\nlm_clib_dbg.mak 
+   CLIB ex: gmake -f netware\nlm_clib.mak 
   LibC ex: gmake -f netware\nlm_libc.mak 
   LibC ex: gmake -f netware\nlm_libc_bsdsock.mak 
 You can also run the build scripts manually if you do not want to use the
 build.bat file.  Run the following scripts in the "\openssl"
 subdirectory (in the order listed below):
-   perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock]
+   perl configure no-asm [other config opts] [netware-clib|netware-libc]
      configures no assembly build for specified netware environment
-      (CLIB or LibC).
+		(CLIB or LibC).
   perl util\mkfiles.pl >MINFO
      generates a listing of source files (used by mk1mf)
-   perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock >netware\nlm.mak
+   perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc >netware\nlm.mak
      generates the makefile for NetWare
   gmake -f netware\nlm.mak
@@ -303,6 +290,13 @@ The do_tests.pl script generates a log file "\openssl\test_out\tests.log"
 which should be reviewed for errors.  Any errors will be denoted by the word
 "ERROR" in the log.
 NOTE:  Currently (11/2002), the LibC test nlms report an error while loading
       when launched from the perl script (do_tests.pl).  The problems are 
       being addressed by the LibC development team and should be fixed in the
       next release.  Until the problems are corrected, the LibC test nlms 
       will have to be executed manually.  
 DEVELOPING WITH THE OPENSSL SDK:
 --------------------------------
 Now that everything is built and tested, you are ready to use the OpenSSL
@@ -440,5 +434,4 @@ functions are actually delivered in the binaries, but they were left out of
 the import files.  The issues should be fixed in the September 2001 release 
 of the NDK.  If you experience the problems you can temporarily
 work around it by manually adding the missing symbols to your version of 
-"clib.imp".
+"clib.imp".  
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -3,7 +3,6 @@
 ----------------------------------
 [Instructions for building for Windows CE can be found in INSTALL.WCE]
 [Instructions for building for Win64 can be found in INSTALL.W64]
 Heres a few comments about building OpenSSL in Windows environments.  Most
 of this is tested on Win32 but it may also work in Win 3.1 with some
@@ -49,9 +48,7 @@
 Firstly you should run Configure:
- > perl Configure VC-WIN32 --prefix=c:/some/openssl/dir
+ > perl Configure VC-WIN32
 Where the prefix argument specifies where OpenSSL will be installed to.
 Next you need to build the Makefiles and optionally the assembly language
 files:
@@ -79,12 +76,8 @@ Where the prefix argument specifies where OpenSSL will be installed to.
 If all is well it should compile and you will have some DLLs and executables
 in out32dll. If you want to try the tests then do:
- > nmake -f ms\ntdll.mak test
+ > cd out32dll
-
+ > ..\ms\test
 To install OpenSSL to the specified location do:
 > nmake -f ms\ntdll.mak install
 Tweaks:
@@ -94,12 +87,6 @@ To install OpenSSL to the specified location do:
 compiled in. Note that mk1mf.pl expects the platform to be the last argument
 on the command line, so 'debug' must appear before that, as all other options.
 By default in 0.9.8 OpenSSL will compile builtin ENGINES into the libeay32.dll
 shared library. If you specify the "no-static-engine" option on the command
 line to Configure the shared library build (ms\ntdll.mak) will compile the
 engines as separate DLLs.
 The default Win32 environment is to leave out any Windows NT specific
 features.
@@ -110,8 +97,6 @@ To install OpenSSL to the specified location do:
 You can also build a static version of the library using the Makefile
 ms\nt.mak
 Borland C++ builder 5
 ---------------------
@@ -301,21 +286,3 @@ To install OpenSSL to the specified location do:
 (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
 rely on CRYPTO_malloc_init() solving your problem, and you should
 consistently use the multithreaded library.
 Linking your application
 ------------------------
 If you link with static OpenSSL libraries [those built with ms/nt.mak],
 then you're expected to additionally link your application with
 WSOCK32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing
 non-interactive service applications might feel concerned about linking
 with latter two, as they are justly associated with interactive desktop,
 which is not available to service processes. The toolkit is designed
 to detect in which context it's currently executed, GUI, console app
 or service, and act accordingly, namely whether or not to actually make
 GUI calls.
 If you link with OpenSSL .DLLs, then you're expected to include into
 your application code small "shim" snippet, which provides glue between
 OpenSSL BIO layer and your compiler run-time. Look up OPENSSL_Applink
 reference page for further details.
--- a/INSTALL.W64
+++ b/INSTALL.W64
@@ -1,66 +0,0 @@
 INSTALLATION ON THE WIN64 PLATFORM
 ----------------------------------
 Caveat lector
 -------------
 As of moment of this writing Win64 support is classified "initial"
 for the following reasons.
 - No assembler modules are engaged upon initial 0.9.8 release.
 - API might change within 0.9.8 life-span, *but* in a manner which
   doesn't break backward binary compatibility. Or in other words,
   application programs compiled with initial 0.9.8 headers will
   be expected to work with future minor release .DLL without need
   to re-compile, even if future minor release features modified API.
 - Above mentioned API modifications have everything to do with
   elimination of a number of limitations, which are normally
   considered inherent to 32-bit platforms. Which in turn is why they
   are treated as limitations on 64-bit platform such as Win64:-)
   The current list comprises [but not necessarily limited to]:
   - null-terminated strings may not be longer than 2G-1 bytes,
     longer strings are treated as zero-length;
   - dynamically and *internally* allocated chunks can't be larger
     than 2G-1 bytes;
   - inability to encrypt/decrypt chunks of data larger than 4GB
     [it's possibly to *hash* chunks of arbitrary size through];
   Neither of these is actually big deal and hardly encountered
   in real-life applications.
 Compiling procedure
 -------------------
 You will need Perl. You can run under Cygwin or you can download
 ActiveState Perl from http://www.activestate.com/ActivePerl.
 You will need Microsoft Platform SDK, available for download at
 http://www.microsoft.com/msdownload/platformsdk/sdkupdate/. As per
 April 2005 Platform SDK is equipped with Win64 compilers, as well
 as assemblers, but it might change in the future.
 To build for Win64/x64:
 > perl Configure VC-WIN64A
 > ms\do_win64a
 > nmake -f ms\ntdll.mak
 > cd out32dll
 > ..\ms\test
 To build for Win64/IA64:
 > perl Configure VC-WIN64I
 > ms\do_win64i
 > nmake -f ms\ntdll.mak
 > cd out32dll
 > ..\ms\test
 Naturally test-suite itself has to be executed on the target platform.
 Installation
 ------------
 TBD, for now see INSTALL.W32.
--- a/INSTALL.WCE
+++ b/INSTALL.WCE
@@ -11,11 +11,8 @@
 You also need Perl for Win32.  You will need ActiveState Perl, available
 from http://www.activestate.com/ActivePerl.
- Windows CE support in OpenSSL relies on wcecompat and therefore it's
+ Windows CE support in OpenSSL relies on wcecompat.  All Windows CE specific
- appropriate to check http://www.essemer.com.au/windowsce/ for updates in
+ issues should be directed to www.essemer.com.au.
 case of compilation problems. As for the moment of this writing version
 1.1 is available and actually required for WCE 4.2 and newer platforms.
 All Windows CE specific issues should be directed to www.essemer.com.au.
 The C Runtime Library implementation for Windows CE that is included with
 Microsoft eMbedded Visual C++ 3.0 is incomplete and in some places
--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/Makefile.org
+++ b/Makefile.org
@@ -57,15 +57,15 @@ OPENSSLDIR=/usr/local/ssl
 # equal 4.
 # PKCS1_CHECK - pkcs1 tests.
-CC= cc
+CC= gcc
-CFLAG= -O
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 DEPFLAG= 
 PEX_LIBS= 
 EX_LIBS= 
 EXE_EXT= 
 ARFLAGS=
 AR=ar $(ARFLAGS) r
 ARD=ar $(ARFLAGS) d
 RANLIB= ranlib
 PERL= perl
 TAR= tar
@@ -80,77 +80,115 @@ MAKEDEPPROG=makedepend
 AS=$(CC) -c
 ASFLAG=$(CFLAG)
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
 #BN_ASM= bn_asm.o
 #BN_ASM= asm/bn86-elf.o	# elf, linux-elf
 #BN_ASM= asm/bn86-sol.o # solaris
 #BN_ASM= asm/bn86-out.o # a.out, FreeBSD
 #BN_ASM= asm/bn86bsdi.o # bsdi
 #BN_ASM= asm/alpha.o    # DEC Alpha
 #BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
 #BN_ASM= asm/r3000.o    # SGI MIPS cpu
 #BN_ASM= asm/sparc.o    # Sun solaris/SunOS
 #BN_ASM= asm/bn-win32.o # Windows 95/NT
 #BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
 #BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
 # For x86 assembler: Set PROCESSOR to 386 if you want to support
 # the 80386.
 PROCESSOR=
-# CPUID module collects small commonly used assembler snippets
+# Set DES_ENC to des_enc.o if you want to use the C version
-CPUID_OBJ= 
+#There are 4 x86 assember options.
-BN_ASM= bn_asm.o
+DES_ENC= asm/dx86-out.o asm/yx86-out.o
-DES_ENC= des_enc.o fcrypt_b.o
+#DES_ENC= des_enc.o fcrypt_b.o          # C
-AES_ASM_OBJ=aes_core.o aes_cbc.o
+#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
-BF_ENC= bf_enc.o
+#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
-CAST_ENC= c_enc.o
+#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
-RC4_ENC= rc4_enc.o
+#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
-RC5_ENC= rc5_enc.o
+
-MD5_ASM_OBJ= 
+# Set BF_ENC to bf_enc.o if you want to use the C version
-SHA1_ASM_OBJ= 
+#There are 4 x86 assember options.
-RMD160_ASM_OBJ= 
+BF_ENC= asm/bx86-out.o
 #BF_ENC= bf_enc.o
 #BF_ENC= asm/bx86-elf.o # elf
 #BF_ENC= asm/bx86-sol.o # solaris
 #BF_ENC= asm/bx86-out.o # a.out, FreeBSD
 #BF_ENC= asm/bx86bsdi.o # bsdi
 # Set CAST_ENC to c_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 CAST_ENC= asm/cx86-out.o
 #CAST_ENC= c_enc.o
 #CAST_ENC= asm/cx86-elf.o # elf
 #CAST_ENC= asm/cx86-sol.o # solaris
 #CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
 #CAST_ENC= asm/cx86bsdi.o # bsdi
 # Set RC4_ENC to rc4_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 RC4_ENC= asm/rx86-out.o
 #RC4_ENC= rc4_enc.o
 #RC4_ENC= asm/rx86-elf.o # elf
 #RC4_ENC= asm/rx86-sol.o # solaris
 #RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
 #RC4_ENC= asm/rx86bsdi.o # bsdi
 # Set RC5_ENC to rc5_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 RC5_ENC= asm/r586-out.o
 #RC5_ENC= rc5_enc.o
 #RC5_ENC= asm/r586-elf.o # elf
 #RC5_ENC= asm/r586-sol.o # solaris
 #RC5_ENC= asm/r586-out.o # a.out, FreeBSD
 #RC5_ENC= asm/r586bsdi.o # bsdi
 # Also need MD5_ASM defined
 MD5_ASM_OBJ= asm/mx86-out.o
 #MD5_ASM_OBJ= asm/mx86-elf.o        # elf
 #MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
 #MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
 #MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
 # Also need SHA1_ASM defined
 SHA1_ASM_OBJ= asm/sx86-out.o
 #SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
 #SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
 #SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
 #SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
 # Also need RMD160_ASM defined
 RMD160_ASM_OBJ= asm/rm86-out.o
 #RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
 #RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
 #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
 # KRB5 stuff
 KRB5_INCLUDES=
 LIBKRB5=
-# Zlib stuff
+DIRS=   crypto ssl engines apps test tools
-ZLIB_INCLUDE=
+SHLIBDIRS= crypto ssl
 LIBZLIB=
 # This is the location of fipscanister.o and friends.
 # The FIPS module build will place it $(INSTALLTOP)/lib
 # but since $(INSTALLTOP) can only take the default value
 # when the module is built it will be in /usr/local/ssl/lib
 # $(INSTALLTOP) for this build make be different so hard
 # code the path.
 FIPSLIBDIR=/usr/local/ssl/lib/
 # This is set to "y" if fipscanister.o is compiled internally as
 # opposed to coming from an external validated location.
 FIPSCANISTERINTERNAL=n
 # The location of the library which contains fipscanister.o
 # normally it will be libcrypto unless fipsdso is set in which
 # case it will be libfips. If not compiling in FIPS mode at all
 # this is empty making it a useful test for a FIPS compile.
 FIPSCANLIB=
 # Shared library base address. Currently only used on Windows.
 #
 BASEADDR=
 DIRS=   crypto fips ssl engines apps test tools
 SHLIBDIRS= crypto ssl fips
 # dirs in crypto to build
 SDIRS=  \
 	objects \
 	md2 md4 md5 sha mdc2 hmac ripemd \
-	des aes rc2 rc4 rc5 idea bf cast camellia seed \
+	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa ecdsa dh ecdh dso engine \
+	bn ec rsa dsa ecdsa dh ecdh dso engine aes \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-	store pqueue
+	store
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
 # tests to perform.  "alltests" is a special word indicating that all tests
 # should be performed.
 TESTS = alltests
-MAKEFILE= Makefile
+MAKEFILE= Makefile.ssl
 NEWMAKE=  make
 MAKE=     $(NEWMAKE) -f Makefile.ssl
 MANDIR=$(OPENSSLDIR)/man
 MAN1=1
@@ -165,234 +203,60 @@ WDIRS=  windows
 LIBS=   libcrypto.a libssl.a
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
 SHARED_FIPS=
 SHARED_LIBS=
 SHARED_LIBS_LINK_EXTS=
 SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
-NAME=           $(BASENAME)-fips-$(VERSION)
+NAME=           $(BASENAME)-$(VERSION)
 TARFILE=        $(NAME).tar
 WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+all: Makefile.ssl build_all openssl.pc
-# as we stick to -e, CLEARENV ensures that local variables in lower
+BUILD_CMD=if echo " $(DIRS) " | grep " $$i " >/dev/null 2>/dev/null; then \
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+	if [ -d "$$i" ]; then \
-# shell, which [annoyingly enough] terminates unset with error if VAR
+		(cd $$i && echo "making all in $$i..." && \
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
-# which terminates unset with error if no variable was present:-(
+	else \
-CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\
+		$(MAKE) $$i; \
-		$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES}	\
+	fi; fi
 		$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC}		\
 		$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL}	\
 		$${EXHEADER+EXHEADER} $${HEADER+HEADER}		\
 		$${GENERAL+GENERAL} $${CFLAGS+CFLAGS}		\
 		$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}		\
 		$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS}		\
 		$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}	\
 		$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
 BUILDENV=	PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
 		CC='${CC}' CFLAG='${CFLAG}' 			\
 		AS='${CC}' ASFLAG='${CFLAG} -c'			\
 		AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}'	\
 		SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib'	\
 		INSTALL_PREFIX='${INSTALL_PREFIX}'		\
 		INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}'	\
 		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
 		DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}'	\
 		MAKEDEPPROG='${MAKEDEPPROG}'			\
 		SHARED_LDFLAGS='${SHARED_LDFLAGS}'		\
 		KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}'	\
 		EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}'	\
 		SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}'	\
 		PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}'	\
 		CPUID_OBJ='${CPUID_OBJ}'			\
 		BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' 	\
 		AES_ASM_OBJ='${AES_ASM_OBJ}'			\
 		BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}'	\
 		RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}'	\
 		SHA1_ASM_OBJ='${SHA1_ASM_OBJ}'			\
 		MD5_ASM_OBJ='${MD5_ASM_OBJ}'			\
 		RMD160_ASM_OBJ='${RMD160_ASM_OBJ}'		\
 		FIPSLIBDIR='${FIPSLIBDIR}' FIPSCANLIB='${FIPSCANLIB}' \
 		FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}'	\
 		FIPS_EX_OBJ='${FIPS_EX_OBJ}'	\
 		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
 # which in turn eliminates ambiguities in variable treatment with -e.
 # BUILD_CMD is a generic macro to build a given target in a given
 # subdirectory.  The target must be given through the shell variable
 # `target' and the subdirectory to build in must be given through `dir'.
 # This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
 # BUILD_ONE_CMD instead.
 #
 # BUILD_ONE_CMD is a macro to build a given target in a given
 # subdirectory if that subdirectory is part of $(DIRS).  It requires
 # exactly the same shell variables as BUILD_CMD.
 #
 # RECURSIVE_BUILD_CMD is a macro to build a given target in all
 # subdirectories defined in $(DIRS).  It requires that the target
 # is given through the shell variable `target'.
 BUILD_CMD=  if [ -d "$$dir" ]; then \
 	    (	cd $$dir && echo "making $$target in $$dir..." && \
 		$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
 	    ) || exit 1; \
 	    fi
 RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
 BUILD_ONE_CMD=\
 	if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
 		$(BUILD_CMD); \
 	fi
 reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
 FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
 	../crypto/aes/aes_ecb.o \
 	../crypto/aes/aes_ofb.o \
 	../crypto/bn/bn_add.o \
 	../crypto/bn/bn_blind.o \
 	../crypto/bn/bn_ctx.o \
 	../crypto/bn/bn_div.o \
 	../crypto/bn/bn_exp2.o \
 	../crypto/bn/bn_exp.o \
 	../crypto/bn/bn_gcd.o \
 	../crypto/bn/bn_lib.o \
 	../crypto/bn/bn_mod.o \
 	../crypto/bn/bn_mont.o \
 	../crypto/bn/bn_mul.o \
 	../crypto/bn/bn_prime.o \
 	../crypto/bn/bn_rand.o \
 	../crypto/bn/bn_recp.o \
 	../crypto/bn/bn_shift.o \
 	../crypto/bn/bn_sqr.o \
 	../crypto/bn/bn_word.o \
 	../crypto/bn/bn_x931p.o \
 	../crypto/buffer/buf_str.o \
 	../crypto/cryptlib.o \
 	../crypto/des/cfb64ede.o \
 	../crypto/des/cfb64enc.o \
 	../crypto/des/cfb_enc.o \
 	../crypto/des/ecb3_enc.o \
 	../crypto/des/ecb_enc.o \
 	../crypto/des/ofb64ede.o \
 	../crypto/des/ofb64enc.o \
 	../crypto/des/fcrypt.o \
 	../crypto/des/set_key.o \
 	../crypto/dsa/dsa_utl.o \
 	../crypto/dsa/dsa_sign.o \
 	../crypto/dsa/dsa_vrf.o \
 	../crypto/err/err.o \
 	../crypto/evp/digest.o \
 	../crypto/evp/enc_min.o \
 	../crypto/evp/e_aes.o \
 	../crypto/evp/e_des3.o \
 	../crypto/evp/p_sign.o \
 	../crypto/evp/p_verify.o \
 	../crypto/mem_clr.o \
 	../crypto/mem.o \
 	../crypto/rand/md_rand.o \
 	../crypto/rand/rand_egd.o \
 	../crypto/rand/randfile.o \
 	../crypto/rand/rand_lib.o \
 	../crypto/rand/rand_os2.o \
 	../crypto/rand/rand_unix.o \
 	../crypto/rand/rand_win.o \
 	../crypto/rsa/rsa_lib.o \
 	../crypto/rsa/rsa_none.o \
 	../crypto/rsa/rsa_oaep.o \
 	../crypto/rsa/rsa_pk1.o \
 	../crypto/rsa/rsa_pss.o \
 	../crypto/rsa/rsa_ssl.o \
 	../crypto/rsa/rsa_x931.o \
 	../crypto/sha/sha1dgst.o \
 	../crypto/sha/sha256.o \
 	../crypto/sha/sha512.o \
 	../crypto/uid.o
 sub_all: build_all
 build_all: build_libs build_apps build_tests build_tools
-build_libs: build_crypto build_fips build_ssl build_shared build_engines
+build_libs: build_crypto build_ssl build_engines
 build_crypto:
-	if [ -n "$(FIPSCANLIB)" ]; then \
+	@i=crypto; $(BUILD_CMD)
 		EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
 		ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
 	else \
 		ARX='${AR}' ; \
 	fi ; export ARX ; \
 		dir=crypto; target=all; $(BUILD_ONE_CMD)
 build_fips:
 	@dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
 build_ssl:
-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
+	@i=ssl; $(BUILD_CMD)
 build_engines:
-	@dir=engines; target=all; $(BUILD_ONE_CMD)
+	@i=engines; $(BUILD_CMD)
 build_apps:
-	@dir=apps; target=all; $(BUILD_ONE_CMD)
+	@i=apps; $(BUILD_CMD)
 build_tests:
-	@dir=test; target=all; $(BUILD_ONE_CMD)
+	@i=test; $(BUILD_CMD)
 build_tools:
-	@dir=tools; target=all; $(BUILD_ONE_CMD)
+	@i=tools; $(BUILD_CMD)
-all_testapps: build_libs build_testapps
+libcrypto$(SHLIB_EXT): libcrypto.a
 build_testapps:
 	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
 build_shared:	$(SHARED_LIBS)
 libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+		$(MAKE) SHLIBDIRS=crypto build-shared; \
 			$(ARD) libcrypto.a fipscanister.o ; \
 			$(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
 			$(AR) libcrypto.a fips/fipscanister.o ; \
 		else \
 			if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
 				FIPSLD_CC=$(CC); CC=fips/fipsld; \
 				export CC FIPSLD_CC; \
 			fi; \
 			$(MAKE) -e SHLIBDIRS='crypto' build-shared; \
 		fi \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \
 	fi
 libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		shlibdeps=-lcrypto; \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
 		[ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
 		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2 ; \
 		exit 1; \
 	fi
 fips/fipscanister.o:	build_fips
 libfips$(SHLIB_EXT):		fips/fipscanister.o
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
 		FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \
 		$(MAKE) -f Makefile.shared -e $(BUILDENV) \
 			CC=$${CC} LIBNAME=fips THIS=$@ \
 			LIBEXTRAS=fips/fipscanister.o \
 			LIBDEPS="$(EX_LIBS)" \
 			LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \
 	fi
 libfips.a:
 	dir=fips; target=all; $(BUILD_ONE_CMD)
 clean-shared:
 	@set -e; for i in $(SHLIBDIRS); do \
 		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
@@ -409,7 +273,7 @@ clean-shared:
 link-shared:
 	@ set -e; for i in ${SHLIBDIRS}; do \
-		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+		$(NEWMAKE) -f $(HERE)/Makefile.shared \
 			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
 			symlink.$(SHLIB_TARGET); \
@@ -423,41 +287,18 @@ do_$(SHLIB_TARGET):
 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
-		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+		$(NEWMAKE) -f Makefile.shared \
 			CC="$(CC)" LDFLAGS="$(LDFLAGS)" \
 			SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \
 			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
 			LIBDEPS="$$libs $(EX_LIBS)" \
 			LIBRPATH="$(INSTALLTOP)/lib" \
 			link_a.$(SHLIB_TARGET); \
 		libs="-l$$i $$libs"; \
 	done
-libcrypto.pc: Makefile
+openssl.pc: Makefile.ssl
 	@ ( echo 'prefix=$(INSTALLTOP)'; \
 	    echo 'exec_prefix=$${prefix}'; \
 	    echo 'libdir=$${exec_prefix}/lib'; \
 	    echo 'includedir=$${prefix}/include'; \
 	    echo ''; \
 	    echo 'Name: OpenSSL-libcrypto'; \
 	    echo 'Description: OpenSSL cryptography library'; \
 	    echo 'Version: '$(VERSION); \
 	    echo 'Requires: '; \
 	    echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
 libssl.pc: Makefile
 	@ ( echo 'prefix=$(INSTALLTOP)'; \
 	    echo 'exec_prefix=$${prefix}'; \
 	    echo 'libdir=$${exec_prefix}/lib'; \
 	    echo 'includedir=$${prefix}/include'; \
 	    echo ''; \
 	    echo 'Name: OpenSSL'; \
 	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
 	    echo 'Version: '$(VERSION); \
 	    echo 'Requires: '; \
 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
 openssl.pc: Makefile
 	@ ( echo 'prefix=$(INSTALLTOP)'; \
 	    echo 'exec_prefix=$${prefix}'; \
 	    echo 'libdir=$${exec_prefix}/lib'; \
@@ -470,19 +311,25 @@ openssl.pc: Makefile
 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-Makefile: Makefile.org Configure config
+Makefile.ssl: Makefile.org
-	@echo "Makefile is older than Makefile.org, Configure or config."
+	@echo "Makefile.ssl is older than Makefile.org."
 	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
 	@false
 libclean:
-	rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
+	rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
 clean:	libclean
 	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
-	@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS) ;\
-	rm -f $(LIBS)
+	do \
-	rm -f openssl.pc libssl.pc libcrypto.pc
+	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making clean in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
 		rm -f $(LIBS); \
 	fi; \
 	done;
 	rm -f openssl.pc
 	rm -f speed.* .pure
 	rm -f $(TARFILE)
 	@set -e; for i in $(ONEDIRS) ;\
@@ -495,56 +342,99 @@ makefile.one: files
 	sh util/do_ms.sh
 files:
-	$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
-	@set -e; target=files; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making 'files' in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
 	fi; \
 	done;
 links:
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
 	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
-	@set -e; target=links; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS); do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making links in $$i..." && \
 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
 	fi; \
 	done;
 gentests:
 	@(cd test && echo "generating dummy tests (if needed)..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
 dclean:
 	rm -f *.bak
-	@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dclean in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
 	fi; \
 	done;
 rehash: rehash.time
-rehash.time: certs apps
+rehash.time: certs
-	@if [ -z "$(CROSS_COMPILE)" ]; then \
+	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
 		(OPENSSL="`pwd`/util/opensslwrap.sh"; \
 		OPENSSL_DEBUG_MEMORY=on; \
 		export OPENSSL OPENSSL_DEBUG_MEMORY; \
-		$(PERL) tools/c_rehash certs) && \
+		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
-		touch rehash.time; \
+		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
-	else :; fi
+		SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
 		LIBPATH="`pwd`:$$LIBPATH"; \
 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
 		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 		$(PERL) tools/c_rehash certs)
 	touch rehash.time
 test:   tests
 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
-	util/opensslwrap.sh version -a
+	@LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
 	DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
 	SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
 	LIBPATH="`pwd`:$$LIBPATH"; \
 	if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
 	export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 	apps/openssl version -a
 report:
 	@$(PERL) util/selftest.pl
 depend:
-	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
 	fi; \
 	done;
 lint:
-	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making lint $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
 	fi; \
 	done;
 tags:
-	rm -f TAGS
+	@set -e; for i in $(DIRS) ;\
-	find . -name '[^.]*.[ch]' | xargs etags -a
+	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making tags $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
 	fi; \
 	done;
 errors:
 	$(PERL) util/mkerr.pl -recurse -write
 	(cd engines; $(MAKE) PERL=$(PERL) errors)
 	$(PERL) util/ck_errf.pl */*.c */*/*.c
 stacks:
 	$(PERL) util/mkstack.pl -write
@@ -560,18 +450,11 @@ crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
 crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
 	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
 apps/openssl-vms.cnf: apps/openssl.cnf
 	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
 crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
 	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
@@ -586,7 +469,7 @@ tar:
 	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
-	      --prefix=openssl-fips-$(VERSION) - |\
+	      --prefix=openssl-$(VERSION) - |\
 	gzip --best >../$(TARFILE).gz; \
 	rm -f ../$(TARFILE).list; \
 	ls -l ../$(TARFILE).gz
@@ -606,25 +489,30 @@ dist:
 	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
 dist_pem_h:
-	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
-install: all install_sw
+install: all install_docs
 install_sw:
 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/engines \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/private \
-	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/lib
 	@set -e; for i in $(EXHEADER) ;\
 	do \
 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i; echo "installing $$i..."; \
 		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' install ); \
 	fi; \
 	done
 	@set -e; for i in $(LIBS) ;\
 	do \
 		if [ -f "$$i" ]; then \
@@ -646,19 +534,19 @@ install_sw:
 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
-					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+					c=`echo $$i | sed 's/^lib/cyg/'`; \
 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
 					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 				fi ); \
 			fi; \
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
+			$(NEWMAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
 		if [ "$(INSTALLTOP)" != "/usr" ]; then \
 			echo 'OpenSSL shared libraries have been installed in:'; \
 			echo '  $(INSTALLTOP)'; \
@@ -666,10 +554,6 @@ install_sw:
 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
 		fi; \
 	fi
 	cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
 	cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
 	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
@@ -682,12 +566,12 @@ install_docs:
 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
 	here="`pwd`"; \
 	filecase=; \
-	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
 		filecase=-i; \
 	fi; \
 	set -e; for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
 		sh -c "$$pod2man \
@@ -695,8 +579,8 @@ install_docs:
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
+			grep -v $$filecase "^$$fn\$$" | \
-			(grep -v "[	]"; true) | \
+			grep -v "[	]" | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -704,7 +588,7 @@ install_docs:
 	done; \
 	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
 		sh -c "$$pod2man \
@@ -712,8 +596,8 @@ install_docs:
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
+			grep -v $$filecase "^$$fn\$$" | \
-			(grep -v "[	]"; true) | \
+			grep -v "[	]" | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -7,7 +7,6 @@
 # CC contains the current compiler.  This one MUST be defined
 CC=cc
 CFLAGS=$(CFLAG)
 # LDFLAGS contains flags to be used when temporary object files (when building
 # shared libraries) are created, or when an application is linked.
 # SHARED_LDFLAGS contains flags to be used when the shared library is created.
@@ -67,8 +66,8 @@ LIBDEPS=
 #------------------------------------------------------------------------------
 # The rest is private to this makefile.
-SET_X=:
+#DEBUG=:
-#SET_X=set -x
+DEBUG=set -x
 top:
 	echo "Trying to use this makefile interactively?  Don't."
@@ -88,53 +87,45 @@ CALC_VERSIONS=	\
 	fi
 LINK_APP=	\
-  ( $(SET_X);   \
+  ( $(DEBUG);   \
    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
    LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
+    $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS )
 LINK_SO=	\
-  ( $(SET_X);   \
+  ( $(DEBUG);   \
-    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+    nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
    SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
    LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $${SHAREDCMD} $${SHAREDFLAGS} \
+    $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS ) && \
-	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
+  $(SYMLINK_SO); ( $(DEBUG); rm -f lib$(LIBNAME).exp )
  ) && $(SYMLINK_SO)
 SYMLINK_SO=	\
 	if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
 		prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
 		if [ -n "$$SHLIB_COMPAT" ]; then \
 			for x in $$SHLIB_COMPAT; do \
-				( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
+				( $(DEBUG); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
 				  ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
 				prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
 			done; \
 		fi; \
 		if [ -n "$$SHLIB_SOVER" ]; then \
-			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+			( $(DEBUG); rm -f $$SHLIB$$SHLIB_SUFFIX; \
 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
 		fi; \
 	fi
 LINK_SO_A=	SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
 LINK_SO_O=	SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
 LINK_SO_A_VIA_O=	\
  SHOBJECTS=lib$(LIBNAME).o; \
  ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
-  ( $(SET_X); \
+  ( $(DEBUG); \
    ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
  $(LINK_SO) && rm -f $(LIBNAME).o
 LINK_SO_A_UNPACKED=	\
  UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
  (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
@@ -147,11 +138,15 @@ DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
 DO_GNU_SO=$(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \
-
+	SHAREDCMD='$(CC)'
-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+DO_GNU_APP=LDCMD=$(CC);\
 	LDFLAGS="-Wl,-rpath,$(LIBRPATH)"; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME=$(APPNAME)
 #This is rather special.  It's a special target with which one can link
 #applications without bothering with any features that have anything to
@@ -159,6 +154,10 @@ DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
 #libraries.  It's mostly here to avoid a lot of conditionals everywhere
 #else...
 link_app.:
 	LDCMD=$(CC); \
 	LDFLAGS=""; \
 	LIBDEPS="$(LIBDEPS)"; \
 	APPNAME="$(APPNAME)"; \
 	$(LINK_APP)
 link_o.gnu:
@@ -168,45 +167,16 @@ link_a.gnu:
 link_app.gnu:
 	@ $(DO_GNU_APP); $(LINK_APP)
 link_o.bsd:
 	@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
 	$(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS=" "; \
 	ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
 	NOALLSYMSFLAGS=; \
 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
 	fi; $(LINK_SO_O)
 link_a.bsd:
 	@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
 	$(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS=" "; \
 	ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
 	NOALLSYMSFLAGS=; \
 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
 	fi; $(LINK_SO_A)
 link_app.bsd:
 	@if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
 	LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBPATH)"; \
 	fi; $(LINK_APP)
 # For Darwin AKA Mac OS/X (dyld)
 # link_o.darwin produces .so, because we let it use dso_dlfcn module,
 # which has .so extension hard-coded. One can argue that one should
 # develop special dso module for MacOS X. At least manual encourages
 # to use native NSModule(3) API and refers to dlfcn as termporary hack.
 link_o.darwin:
 	@ $(CALC_VERSIONS); \
-	SHLIB=`expr "$$THIS" : '.*/\([^/\.]*\)\.'`; \
+	SHLIB=lib$(LIBNAME); \
-	SHLIB=$${SHLIB:-lib$(LIBNAME)}; \
+	SHLIB_SUFFIX=.dylib; \
-	SHLIB_SUFFIX=`expr "$$THIS" : '.*\(\.[^\.]*\)$$'`; \
+	LIBDEPS="$(LIBDEPS) -lc"; \
 	SHLIB_SUFFIX=$${SHLIB_SUFFIX:-.so}; \
 	ALLSYMSFLAGS='-all_load'; \
 	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
+	SHAREDFLAGS="-dynamiclib"; \
 	SHAREDCMD='$(CC)'; \
 	if [ -n "$(LIBVERSION)" ]; then \
 		SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
 	fi; \
@@ -218,55 +188,54 @@ link_a.darwin:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME); \
 	SHLIB_SUFFIX=.dylib; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='-all_load'; \
 	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
+	SHAREDFLAGS="-dynamiclib"; \
 	SHAREDCMD='$(CC)'; \
 	if [ -n "$(LIBVERSION)" ]; then \
 		SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
 	fi; \
 	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
 		SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
 	fi; \
 	SHAREDFLAGS="$$SHAREDFLAGS -install_name ${INSTALLTOP}/lib/$$SHLIB${SHLIB_EXT}"; \
 	$(LINK_SO_A)
-link_app.darwin:	# is there run-path on darwin?
+link_app.darwin:
 	LDCMD=$(CC);\
 	LDFLAGS=""; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME="$(APPNAME)"; \
 	$(LINK_APP)
 link_o.cygwin:
 	@ $(CALC_VERSIONS); \
 	INHIBIT_SYMLINKS=yes; \
 	SHLIB=cyg$(LIBNAME); \
 	base=-Wl,--enable-auto-image-base; \
 	if expr $(PLATFORM) : 'mingw' > /dev/null; then \
 		SHLIB=$(LIBNAME)eay32; base=; \
 	fi; \
 	SHLIB_SUFFIX=.dll; \
-	LIBVERSION="$(LIBVERSION)"; \
+	LIBDEPS="$(LIBDEPS) -lc"; \
-	SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
+	SHLIB_SOVER=-$(LIBVERSION); \
 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
+	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
 	SHAREDCMD='${CC}'; \
 	$(LINK_SO_O)
 link_a.cygwin:
 	@ $(CALC_VERSIONS); \
 	INHIBIT_SYMLINKS=yes; \
 	SHLIB=cyg$(LIBNAME); \
 	base=-Wl,--enable-auto-image-base; \
 	if expr $(PLATFORM) : 'mingw' > /dev/null; then \
 		SHLIB=$(LIBNAME)eay32; \
 		base=;  [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
 	fi; \
 	SHLIB_SUFFIX=.dll; \
-	SHLIB_SOVER=-$(LIBVERSION); \
+	LIBDEPS="$(LIBDEPS) -lc"; \
 	SHLIB_SOVER=; \
 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
+	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
-	[ -f apps/$$SHLIB$$SHLIB_SUFFIX ] && rm apps/$$SHLIB$$SHLIB_SUFFIX; \
+	SHAREDCMD='${CC}'; \
-	[ -f test/$$SHLIB$$SHLIB_SUFFIX ] && rm test/$$SHLIB$$SHLIB_SUFFIX; \
+	$(LINK_SO_A)
 	$(LINK_SO_A) || exit 1; \
 	cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX apps/; \
 	cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX test/
 link_app.cygwin:
 	LDCMD=$(CC);\
 	LDFLAGS=""; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME="$(APPNAME).exe"
 	$(LINK_APP)
 link_o.alpha-osf1:
@@ -275,6 +244,7 @@ link_o.alpha-osf1:
 	else \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
@@ -284,9 +254,10 @@ link_o.alpha-osf1:
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
+		SHAREDFLAGS="-shared"; \
 		SHAREDCMD='$(CC)'; \
 		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
+			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
 		fi; \
 	fi; \
 	$(LINK_SO_O)
@@ -296,6 +267,7 @@ link_a.alpha-osf1:
 	else \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
@@ -305,17 +277,139 @@ link_a.alpha-osf1:
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
+		SHAREDFLAGS="-shared"; \
 		SHAREDCMD='$(CC)'; \
 		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
+			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
 		fi; \
 	fi; \
 	$(LINK_SO_A)
 link_app.alpha-osf1:
-	@if ${DETECT_GNU_LD}; then \
+	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
-		LDFLAGS="$(CFLAGS) -rpath $(LIBRPATH)"; \
+		LDCMD=$(CC);\
 		LDFLAGS=""; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"
 	fi; \
 	$(LINK_APP)
 # The difference between alpha-osf1-shared and tru64-shared is the `-msym'
 # option passed to the linker.
 link_o.tru64:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_SO); \
 	else \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
 		else \
 			SHLIB_HIST="$(LIBVERSION)"; \
 		fi; \
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
 		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
 		fi; \
 	fi; \
 	$(LINK_SO_O)
 link_a.tru64:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_SO); \
 	else \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
 		else \
 			SHLIB_HIST="$(LIBVERSION)"; \
 		fi; \
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
 		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
 		fi; \
 	fi; \
 	$(LINK_SO_A)
 link_app.tru64:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
 		LDCMD=$(CC);\
 		LDFLAGS="-rpath $(LIBRPATH)"; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"; \
 	fi; \
 	$(LINK_APP)
 # The difference between tru64-shared and tru64-shared-rpath is the
 # -rpath ${LIBRPATH} passed to the linker.
 link_o.tru64-rpath:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_SO); \
 	else \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
 		else \
 			SHLIB_HIST="$(LIBVERSION)"; \
 		fi; \
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
 		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
 		fi; \
 	fi; \
 	$(LINK_SO_O)
 link_a.tru64-rpath:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_SO); \
 	else \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
 		else \
 			SHLIB_HIST="$(LIBVERSION)"; \
 		fi; \
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
 		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
 		fi; \
 	fi; \
 	$(LINK_SO_A)
 link_app.tru64-rpath:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
 		LDCMD=$(CC);\
 		LDFLAGS="-rpath $(LIBRPATH)"; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"; \
 	fi; \
 	$(LINK_APP)
@@ -325,12 +419,14 @@ link_o.solaris:
 	else \
 		$(CALC_VERSIONS); \
 		MINUSZ='-z '; \
-		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+		(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		ALLSYMSFLAGS="$${MINUSZ}allextract"; \
 		NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
+		SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -R $(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_O)
 link_a.solaris:
@@ -342,16 +438,21 @@ link_a.solaris:
 		(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=;\
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		ALLSYMSFLAGS="$${MINUSZ}allextract"; \
 		NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
+		SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -R $(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_A)
 link_app.solaris:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
-		LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
+		LDCMD=$(CC);\
 		LDFLAGS="-R $(LIBRPATH)"; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"; \
 	fi; \
 	$(LINK_APP)
@@ -363,9 +464,11 @@ link_o.svr3:
 		$(CALC_VERSIONS); \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		ALLSYMSFLAGS=''; \
 		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+		SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_O)
 link_a.svr3:
@@ -375,13 +478,22 @@ link_a.svr3:
 		$(CALC_VERSIONS); \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		ALLSYMSFLAGS=''; \
 		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+		SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_A_UNPACKED)
 link_app.svr3:
-	@${DETECT_GNU_LD} && $(DO_GNU_APP); \
+	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
 		LDCMD=$(CC);\
 		LDFLAGS=""; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"; \
 	fi; \
 	$(LINK_APP)
 # UnixWare 7 and OpenUNIX 8 native compilers used
@@ -391,12 +503,14 @@ link_o.svr5:
 	else \
 		$(CALC_VERSIONS); \
 		SHARE_FLAG='-G'; \
-		($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
+		(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		ALLSYMSFLAGS=''; \
 		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+		SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_O)
 link_a.svr5:
@@ -408,13 +522,22 @@ link_a.svr5:
 		(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		ALLSYMSFLAGS=''; \
 		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+		SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_A_UNPACKED)
 link_app.svr5:
-	@${DETECT_GNU_LD} && $(DO_GNU_APP); \
+	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
 		LDCMD=$(CC);\
 		LDFLAGS=""; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"; \
 	fi; \
 	$(LINK_APP)
 link_o.irix:
@@ -424,11 +547,13 @@ link_o.irix:
 		$(CALC_VERSIONS); \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		MINUSWL=""; \
 		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
 		ALLSYMSFLAGS="$${MINUSWL}-all"; \
-		NOALLSYMSFLAGS="$${MINUSWL}-none"; \
+		NOALLSYMSFLAGS="$${MINUSWL}-notall"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
+		SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_O)
 link_a.irix:
@@ -438,98 +563,150 @@ link_a.irix:
 		$(CALC_VERSIONS); \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		MINUSWL=""; \
 		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
 		ALLSYMSFLAGS="$${MINUSWL}-all"; \
-		NOALLSYMSFLAGS="$${MINUSWL}-none"; \
+		NOALLSYMSFLAGS="$${MINUSWL}-notall"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
+		SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_A)
 link_app.irix:
-	@LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
+	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
 		LDCMD=$(CC);\
 		LDFLAGS="-Wl,-rpath,$(LIBRPATH)"; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"; \
 	fi; \
 	$(LINK_APP)
-# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
+# HP-UX includes the full pathname of libs we depend on, so we would get
-# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# rules imply that we can only link one level down in catalog structure,
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# but that's what takes place for the moment of this writing. +cdp option
+# anyway.
-# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
+# The object modules are loaded from lib$i.a using the undocumented -Fl
-# editor context only [it's simply ignored in other cases, which are all
+# option.
 # ELFs by the way].
 #
-link_o.hpux:
+# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
-	@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
+#          by temporarily specifying "+s"!
-	$(CALC_VERSIONS); \
+#
 link_o.hpux32:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).sl; \
 	expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
-	ALLSYMSFLAGS='-Wl,-Fl'; \
+	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='-Fl'; \
 	NOALLSYMSFLAGS=''; \
-	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+	SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
+	SHAREDCMD='/usr/ccs/bin/ld'; \
 	fi; \
 	rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
 	$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_a.hpux:
+link_a.hpux32:
-	@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
+	@ $(CALC_VERSIONS); \
 	$(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).sl; \
 	expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
-	ALLSYMSFLAGS='-Wl,-Fl'; \
+	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='-Fl'; \
 	NOALLSYMSFLAGS=''; \
-	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+	SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
+	SHAREDCMD='/usr/ccs/bin/ld'; \
 	fi; \
 	rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
 	$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_app.hpux:
+link_app.hpux32:
-	@if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
+	LDCMD=$(CC);\
-	LDFLAGS="$(CFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
+	LDFLAGS="-Wl,+b,$(LIBRPATH)"; \
-	fi; \
+	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME="$(APPNAME)"
 	$(LINK_APP)
 # HP-UX includes the full pathname of libs we depend on, so we would get
 # ./libcrypto (with ./ as path information) compiled into libssl, hence
 # we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
 # anyway.
 #
 # HP-UX in 64bit mode has "+s" enabled by default; it will search for
 # shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
 #
 link_o.hpux64:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).sl; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='+forceload'; \
 	NOALLSYMSFLAGS=''; \
 	SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
 	SHAREDCMD='/usr/ccs/bin/ld'; \
 	$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
 link_a.hpux64:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).sl; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='+forceload'; \
 	NOALLSYMSFLAGS=''; \
 	SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
 	SHAREDCMD='/usr/ccs/bin/ld'; \
 	$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
 link_app.hpux64:
 	LDCMD=$(CC);\
 	LDFLAGS="-Wl,+b,$(LIBRPATH)"; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME="$(APPNAME)"
 	$(LINK_APP)
 link_o.aix:
 	@ $(CALC_VERSIONS); \
 	OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]*\(64\)'` || :; \
 	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	ALLSYMSFLAGS=''; \
 	NOALLSYMSFLAGS=''; \
 	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-G,-bexpall,-bnolibpath,-bM:SRE'; \
 	$(LINK_SO_O);
 link_a.aix:
 	@ $(CALC_VERSIONS); \
 	OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]*\(64\)'` || : ; \
 	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='-bnogc'; \
 	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-G,-bexpall,-bnolibpath,-bM:SRE'; \
+	SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE -blibpath:$(LIBRPATH)'; \
 	SHAREDCMD='$(CC)'; \
 	$(LINK_SO_O)
 link_a.aix:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='-bnogc'; \
 	NOALLSYMSFLAGS=''; \
 	SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE -blibpath:$(LIBRPATH)'; \
 	SHAREDCMD='$(CC)'; \
 	$(LINK_SO_A_VIA_O)
 link_app.aix:
-	LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
+	LDCMD=$(CC);\
 	LDFLAGS="-blibpath:$(LIBRPATH)"; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME="$(APPNAME)"
 	$(LINK_APP)
 link_o.reliantunix:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS=; \
 	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='$(CFLAGS) -G'; \
+	SHAREDFLAGS='-G'; \
 	SHAREDCMD='$(CC)'; \
 	$(LINK_SO_O)
 link_a.reliantunix:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS=; \
 	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='$(CFLAGS) -G'; \
+	SHAREDFLAGS='-G'; \
 	SHAREDCMD='$(CC)'; \
 	$(LINK_SO_A_UNPACKED)
 link_app.reliantunix:
 	LDCMD=$(CC);\
 	LDFLAGS=""; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME="$(APPNAME)"
 	$(LINK_APP)
 # Targets to build symbolic links when needed
@@ -543,22 +720,18 @@ symlink.darwin:
 	SHLIB=lib$(LIBNAME); \
 	SHLIB_SUFFIX=.dylib; \
 	$(SYMLINK_SO)
-symlink.hpux:
+symlink.hpux32 symlink.hpux64:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).sl; \
 	expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
 	$(SYMLINK_SO)
 # The following lines means those specific architectures do no symlinks
-symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
+symlink.cygwin symlib.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
 # Compatibility targets
 link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
 link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
 link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
-symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
+symlink.bsd-gcc-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
 link_o.bsd-shared: link_o.bsd
 link_a.bsd-shared: link_a.bsd
 link_app.bsd-shared: link_app.bsd
 link_o.darwin-shared: link_o.darwin
 link_a.darwin-shared: link_a.darwin
 link_app.darwin-shared: link_app.darwin
@@ -595,10 +768,14 @@ link_o.irix-shared: link_o.irix
 link_a.irix-shared: link_a.irix
 link_app.irix-shared: link_app.irix
 symlink.irix-shared: symlink.irix
-link_o.hpux-shared: link_o.hpux
+link_o.hpux-shared: link_o.hpux32
-link_a.hpux-shared: link_a.hpux
+link_a.hpux-shared: link_a.hpux32
-link_app.hpux-shared: link_app.hpux
+link_app.hpux-shared: link_app.hpux32
-symlink.hpux-shared: symlink.hpux
+symlink.hpux-shared: symlink.hpux32
 link_o.hpux64-shared: link_o.hpux64
 link_a.hpux64-shared: link_a.hpux64
 link_app.hpux64-shared: link_app.hpux64
 symlink.hpux64-shared: symlink.hpux64
 link_o.aix-shared: link_o.aix
 link_a.aix-shared: link_a.aix
 link_app.aix-shared: link_app.aix
--- a/159
+++ b/159
@@ -5,165 +5,6 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e:
      o Various ciphersuite selection fixes.
      o RFC3779 support.
  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
      o Changes to ciphersuite selection algorithm
  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
      o New cipher Camellia
  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:
      o Cipher string fixes.
      o Fixes for VC++ 2005.
      o Updated ECC cipher suite support.
      o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
      o Zlib compression usage fixes.
      o Built in dynamic engine compilation support on Win32.
      o Fixes auto dynamic engine loading in Win32.
  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
      o Fix potential SSL 2.0 rollback, CVE-2005-2969
      o Extended Windows CE support
  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
      o Major work on the BIGNUM library for higher efficiency and to
        make operations more streamlined and less contradictory.  This
        is the result of a major audit of the BIGNUM library.
      o Addition of BIGNUM functions for fields GF(2^m) and NIST
        curves, to support the Elliptic Crypto functions.
      o Major work on Elliptic Crypto; ECDH and ECDSA added, including
        the use through EVP, X509 and ENGINE.
      o New ASN.1 mini-compiler that's usable through the OpenSSL
        configuration file.
      o Added support for ASN.1 indefinite length constructed encoding.
      o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
      o Complete rework of shared library construction and linking
        programs with shared or static libraries, through a separate
        Makefile.shared.
      o Rework of the passing of parameters from one Makefile to another.
      o Changed ENGINE framework to load dynamic engine modules
        automatically from specifically given directories.
      o New structure and ASN.1 functions for CertificatePair.
      o Changed the ZLIB compression method to be stateful.
      o Changed the key-generation and primality testing "progress"
        mechanism to take a structure that contains the ticker
        function and an argument.
      o New engine module: GMP (performs private key exponentiation).
      o New engine module: VIA PadLOck ACE extension in VIA C3
        Nehemiah processors.
      o Added support for IPv6 addresses in certificate extensions.
        See RFC 1884, section 2.2.
      o Added support for certificate policy mappings, policy
        constraints and name constraints.
      o Added support for multi-valued AVAs in the OpenSSL
        configuration file.
      o Added support for multiple certificates with the same subject
        in the 'openssl ca' index file.
      o Make it possible to create self-signed certificates using
        'openssl ca -selfsign'.
      o Make it possible to generate a serial number file with
        'openssl ca -create_serial'.
      o New binary search functions with extended functionality.
      o New BUF functions.
      o New STORE structure and library to provide an interface to all
        sorts of data repositories.  Supports storage of public and
        private keys, certificates, CRLs, numbers and arbitrary blobs.
 	This library is unfortunately unfinished and unused withing
 	OpenSSL.
      o New control functions for the error stack.
      o Changed the PKCS#7 library to support one-pass S/MIME
        processing.
      o Added the possibility to compile without old deprecated
        functionality with the OPENSSL_NO_DEPRECATED macro or the
        'no-deprecated' argument to the config and Configure scripts.
      o Constification of all ASN.1 conversion functions, and other
        affected functions.
      o Improved platform support for PowerPC.
      o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
      o New X509_VERIFY_PARAM structure to support parametrisation
        of X.509 path validation.
      o Major overhaul of RC4 performance on Intel P4, IA-64 and
        AMD64.
      o Changed the Configure script to have some algorithms disabled
        by default.  Those can be explicitely enabled with the new
        argument form 'enable-xxx'.
      o Change the default digest in 'openssl' commands from MD5 to
        SHA-1.
      o Added support for DTLS.
      o New BIGNUM blinding.
      o Added support for the RSA-PSS encryption scheme
      o Added support for the RSA X.931 padding.
      o Added support for BSD sockets on NetWare.
      o Added support for files larger than 2GB.
      o Added initial support for Win64.
      o Added alternate pkg-config files.
  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
      o Visual C++ 2005 fixes.
      o Update Windows build system for FIPS.
  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
      o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
      o Fix SSL 2.0 Rollback, CVE-2005-2969
      o Allow use of fixed-length exponent on DSA signing
      o Default fixed-window RSA, DSA, DH private-key operations
  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
      o More compilation issues fixed.
      o Adaptation to more modern Kerberos API.
      o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
      o Enhanced x86_64 assembler BIGNUM module.
      o More constification.
      o Added processing of proxy certificates (RFC 3820).
  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
      o Several compilation issues fixed.
      o Many memory allocation failure checks added.
      o Improved comparison of X509 Name type.
      o Mandatory basic checks on certificates.
      o Performance improvements.
  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
      o Fix race condition in CRL checking code.
      o Fixes to PKCS#7 (S/MIME) code.
  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
      o Security: Fix null-pointer assignment in do_change_cipher_spec()
      o Allow multiple active certificates with same subject in CA index
      o Multiple X509 verification fixes
      o Speed up HMAC and other operations
  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
      o Security: fix various ASN1 parsing bugs.
--- a/Netware/build.bat
+++ b/Netware/build.bat
@@ -6,15 +6,14 @@ rem
 rem   usage:
 rem      build [target] [debug opts] [assembly opts] [configure opts]
 rem
-rem      target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
+rem      target        - "netware-clib" - CLib NetWare build
-rem                    - "netware-libc" - LibC NKS NetWare build (WinSock Sockets)
+rem                    - "netware-libc" - LibC NKS NetWare build
 rem                    - "netware-libc-bsdsock" - LibC NKS NetWare build (BSD Sockets)
 rem 
 rem      debug opts    - "debug"  - build debug
 rem
 rem      assembly opts - "nw-mwasm" - use Metrowerks assembler
-rem                    - "nw-nasm"  - use NASM assembler
+rem      "nw-nasm"  - use NASM assembler
-rem                    - "no-asm"   - don't use assembly
+rem      "no-asm"   - don't use assembly
 rem
 rem      configure opts- all unrecognized arguments are passed to the
 rem                       perl configure script
@@ -77,8 +76,6 @@ if "%1" == "netware-clib" set BLD_TARGET=netware-clib
 if "%1" == "netware-clib" set ARG_PROCESSED=YES
 if "%1" == "netware-libc" set BLD_TARGET=netware-libc
 if "%1" == "netware-libc" set ARG_PROCESSED=YES
 if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock
 if "%1" == "netware-libc-bsdsock" set ARG_PROCESSED=YES
 rem   If we didn't recognize the argument, consider it an option for config
 if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1
@@ -95,7 +92,6 @@ rem build the nlm make file name which includes target and debug info
 set NLM_MAKE=
 if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
 if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
 if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock
 if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
 if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak
@@ -188,9 +184,8 @@ echo .  No build target specified!!!
 echo .
 echo .  usage: build [target] [debug opts] [assembly opts] [configure opts]
 echo .
-echo .     target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
+echo .     target        - "netware-clib" - CLib NetWare build
-echo .                   - "netware-libc" - LibC NKS NetWare build (WinSock Sockets)
+echo .                   - "netware-libc" - LibC NKS NetWare build
 echo .                   - "netware-libc-bsdsock" - LibC NKS NetWare build (BSD Sockets)
 echo .
 echo .     debug opts    - "debug"  - build debug
 echo .
--- a/Netware/do_tests.pl
+++ b/Netware/do_tests.pl
@@ -42,8 +42,8 @@ sub main()
   encryption_tests();
   pem_tests();
   verify_tests();
   ca_tests();
   ssl_tests();
   ca_tests();
   close(OUT);
@@ -67,17 +67,10 @@ sub algorithm_tests
   foreach $i (@tests)
   {
-      if (-e "$base_path\\$i.nlm")
+      $outFile = "$output_path\\$i.out";
-	  {
+      system("$i > $outFile");
-         $outFile = "$output_path\\$i.out";
+      log_desc("Test: $i\.nlm:");
-         system("$i > $outFile");
+      log_output("", $outFile );
         log_desc("Test: $i\.nlm:");
         log_output("", $outFile );
 	  }
 	  else
 	  {
         log_desc("Test: $i\.nlm: file not found");
 	  }
   }
 }
@@ -253,63 +246,61 @@ sub verify_tests
 sub ssl_tests
 {
   my $outFile = "$output_path\\ssl_tst.out";
   my($CAcert) = "$output_path\\certCA.ss";
   my($Ukey)   = "$output_path\\keyU.ss";
   my($Ucert)  = "$output_path\\certU.ss";
   my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert";
   print( "\nRUNNING SSL TESTS:\n\n");
   print( OUT "\n========================================================\n");
   print( OUT "SSL TESTS:\n\n");
   make_tmp_cert_file();
   system("ssltest -ssl2 >$outFile");
   log_desc("Testing sslv2:");
   log_output("ssltest -ssl2", $outFile);
-   system("$ssltest -ssl2 -server_auth >$outFile");
+   system("ssltest -ssl2 -server_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2 with server authentication:");
-   log_output("$ssltest -ssl2 -server_auth", $outFile);
+   log_output("ssltest -ssl2 -server_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -ssl2 -client_auth >$outFile");
+   system("ssltest -ssl2 -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2 with client authentication:");
-   log_output("$ssltest -ssl2 -client_auth", $outFile);
+   log_output("ssltest -ssl2 -client_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -ssl2 -server_auth -client_auth >$outFile");
+   system("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2 with both client and server authentication:");
-   log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile);
+   log_output("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
   system("ssltest -ssl3 >$outFile");
   log_desc("Testing sslv3:");
   log_output("ssltest -ssl3", $outFile);
-   system("$ssltest -ssl3 -server_auth >$outFile");
+   system("ssltest -ssl3 -server_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv3 with server authentication:");
-   log_output("$ssltest -ssl3 -server_auth", $outFile);
+   log_output("ssltest -ssl3 -server_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -ssl3 -client_auth >$outFile");
+   system("ssltest -ssl3 -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv3 with client authentication:");
-   log_output("$ssltest -ssl3 -client_auth", $outFile);
+   log_output("ssltest -ssl3 -client_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -ssl3 -server_auth -client_auth >$outFile");
+   system("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv3 with both client and server authentication:");
-   log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);
+   log_output("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
   system("ssltest >$outFile");
   log_desc("Testing sslv2/sslv3:");
   log_output("ssltest", $outFile);
-   system("$ssltest -server_auth >$outFile");
+   system("ssltest -server_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2/sslv3 with server authentication:");
-   log_output("$ssltest -server_auth", $outFile);
+   log_output("ssltest -server_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -client_auth >$outFile");
+   system("ssltest -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2/sslv3 with client authentication:");
-   log_output("$ssltest -client_auth ", $outFile);
+   log_output("ssltest -client_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -server_auth -client_auth >$outFile");
+   system("ssltest -server_auth -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2/sslv3 with both client and server authentication:");
-   log_output("$ssltest -server_auth -client_auth", $outFile);
+   log_output("ssltest -server_auth -client_auth -CAfile $tmp_cert", $outFile);
   system("ssltest -bio_pair -ssl2 >$outFile");
   log_desc("Testing sslv2 via BIO pair:");
@@ -319,49 +310,49 @@ sub ssl_tests
   log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
   log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
-   system("$ssltest -bio_pair -ssl2 -server_auth >$outFile");
+   system("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2 with server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile);
+   log_output("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -bio_pair -ssl2 -client_auth >$outFile");
+   system("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2 with client authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile);
+   log_output("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -bio_pair -ssl2 -server_auth -client_auth >$outFile");
+   system("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile);
+   log_output("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
   system("ssltest -bio_pair -ssl3 >$outFile");
   log_desc("Testing sslv3 via BIO pair:");
   log_output("ssltest -bio_pair -ssl3", $outFile);
-   system("$ssltest -bio_pair -ssl3 -server_auth >$outFile");
+   system("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv3 with server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);
+   log_output("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -bio_pair -ssl3 -client_auth >$outFile");
+   system("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv3 with client authentication  via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);
+   log_output("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -bio_pair -ssl3 -server_auth -client_auth >$outFile");
+   system("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);
+   log_output("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
   system("ssltest -bio_pair >$outFile");
   log_desc("Testing sslv2/sslv3 via BIO pair:");
   log_output("ssltest -bio_pair", $outFile);
-   system("$ssltest -bio_pair -server_auth >$outFile");
+   system("ssltest -bio_pair -server_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -server_auth", $outFile);
+   log_output("ssltest -bio_pair -server_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -bio_pair -client_auth >$outFile");
+   system("ssltest -bio_pair -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -client_auth", $outFile);
+   log_output("ssltest -bio_pair -client_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -bio_pair -server_auth -client_auth >$outFile");
+   system("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
+   log_output("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert", $outFile);
 }
--- a/Netware/set_env.bat
+++ b/Netware/set_env.bat
@@ -60,10 +60,10 @@ if "%LIBC_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\libc\imports
 if "%CLIB_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\nwsdk\imports
 rem   Set PRELUDE to the absolute path of the prelude object to link with in
-rem   the Metrowerks NetWare PDK - NOTE: for Clib builds "clibpre.o" is 
+rem   the Metrowerks NetWare PDK - NOTE: for Clib builds "nwpre.obj" is 
 rem   recommended, for LibC NKS builds libcpre.o must be used
-if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.o
+if "%LIBC_BUILD%" == "Y" set PRELUDE=%TOOLS%\ndk\libc\imports\libcpre.o
-if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o
+if "%CLIB_BUILD%" == "Y" set PRELUDE=%TOOLS%\codewar\pdk_21\novell support\metrowerks support\libraries\runtime\nwpre.obj
 if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
--- a/102
+++ b/102
@@ -12,8 +12,8 @@ along the whole library path before it bothers looking for .a libraries.  This
 means that -L switches won't matter unless OpenSSL is built with shared
 library support.
-The workaround may be to change the following lines in apps/Makefile and
+The workaround may be to change the following lines in apps/Makefile.ssl and
-test/Makefile:
+test/Makefile.ssl:
  LIBCRYPTO=-L.. -lcrypto
  LIBSSL=-L.. -lssl
@@ -48,34 +48,20 @@ will interfere with each other and lead to test failure.
 The solution is simple for now: don't run parallell make when testing.
-* Bugs in gcc triggered
+* Bugs in gcc 3.0 triggered
- According to a problem report, there are bugs in gcc 3.0 that are
+According to a problem report, there are bugs in gcc 3.0 that are
-  triggered by some of the code in OpenSSL, more specifically in
+triggered by some of the code in OpenSSL, more specifically in
-  PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
+PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
 	header+=11;
 	if (*header != '4') return(0); header++;
 	if (*header != ',') return(0); header++;
-  What happens is that gcc might optimize a little too agressively, and
+What happens is that gcc might optimize a little too agressively, and
-  you end up with an extra incrementation when *header != '4'.
+you end up with an extra incrementation when *header != '4'.
-  We recommend that you upgrade gcc to as high a 3.x version as you can.
+We recommend that you upgrade gcc to as high a 3.x version as you can.
 - According to multiple problem reports, some of our message digest
  implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
  and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
  latter - SHA one.
  The recomendation is to upgrade your compiler. This naturally applies to
  other similar cases.
 - There is a subtle Solaris x86-specific gcc run-time environment bug, which
  "falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
  manifests itself as Segmentation Fault upon early application start-up.
  The problem can be worked around by patching the environment according to
  http://www.openssl.org/~appro/values.c.
 * solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
@@ -104,6 +90,15 @@ failures in other parts of the code.
 Workaround: modify the target to +O2 when building with no-asm.
 * Poor support for AIX shared builds.
 do_aix-shared rule is not flexible enough to parameterize through a
 config-line. './Configure aix43-cc shared' is working, but not
 './Configure aix64-gcc shared'. In latter case make fails to create shared
 libraries. It's possible to build 64-bit shared libraries by running
 'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
 supporting even gcc shared builds. See RT#463 for background information.
 * Problems building shared libraries on SCO OpenServer Release 5.0.6
  with gcc 2.95.3
@@ -134,64 +129,3 @@ Any information helping to solve this issue would be deeply
 appreciated.
 NOTE: building non-shared doesn't come with this problem.
 * ULTRIX build fails with shell errors, such as "bad substitution"
  and "test: argument expected"
 The problem is caused by ULTRIX /bin/sh supporting only original
 Bourne shell syntax/semantics, and the trouble is that the vast
 majority is so accustomed to more modern syntax, that very few
 people [if any] would recognize the ancient syntax even as valid.
 This inevitably results in non-trivial scripts breaking on ULTRIX,
 and OpenSSL isn't an exclusion. Fortunately there is workaround,
 hire /bin/ksh to do the job /bin/sh fails to do.
 1. Trick make(1) to use /bin/ksh by setting up following environ-
   ment variables *prior* you execute ./Configure and make:
 	PROG_ENV=POSIX
 	MAKESHELL=/bin/ksh
 	export PROG_ENV MAKESHELL
   or if your shell is csh-compatible:
 	setenv PROG_ENV POSIX
 	setenv MAKESHELL /bin/ksh
 2. Trick /bin/sh to use alternative expression evaluator. Create
   following 'test' script for example in /tmp:
 	#!/bin/ksh
 	${0##*/} "$@"
   Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
   your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
   natively just replace system /bin/test and /bin/[ with the
   above script.
 * hpux64-ia64-cc fails blowfish test.
 Compiler bug, presumably at particular patch level. It should be noted
 that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc
 target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
 * no-engines generates errors.
 Unfortunately, the 'no-engines' configuration option currently doesn't
 work properly.  Use 'no-hw' and you'll will at least get no hardware
 support.  We'll see how we fix that on OpenSSL versions past 0.9.8.
 * 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
  if elder GNU binutils were deployed to link shared libcrypto.so.
 As subject suggests the failure is caused by a bug in elder binutils,
 either as or ld, and was observed on FreeBSD and Linux. There are two
 options. First is naturally to upgrade binutils, the second one - to
 reconfigure with additional no-sse2 [or 386] option passed to ./config.
 * If configured with ./config no-dso, toolkit still gets linked with -ldl,
  which most notably poses a problem when linking with dietlibc.
 We don't have framework to associate -ldl with no-dso, therefore the only
 way is to edit Makefile right after ./config no-dso and remove -ldl from
 EX_LIBS line.
--- a/57
+++ b/57
@@ -1,16 +1,10 @@
- OpenSSL 0.9.8f-fips-dev test version
+ OpenSSL 0.9.8-dev XX xxx XXXX
- Copyright (c) 1998-2007 The OpenSSL Project
+ Copyright (c) 1998-2002 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.
 WARNING
 -------
 This version of OpenSSL is an initial port of the FIPS 140-2 code to OpenSSL
 0.9.8. See the file README.FIPS for brief usage details.
 DESCRIPTION
 -----------
@@ -42,13 +36,12 @@
     actually logically part of it. It includes routines for the following:
     Ciphers
-        libdes - EAY's libdes DES encryption package which was floating
+        libdes - EAY's libdes DES encryption package which has been floating
-                 around the net for a few years, and was then relicensed by
+                 around the net for a few years.  It includes 15
-                 him as part of SSLeay.  It includes 15 'modes/variations'
+                 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
-                 of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
+                 cbc, cfb and ofb; pcbc and a more general form of cfb and
-                 pcbc and a more general form of cfb and ofb) including desx
+                 ofb) including desx in cbc mode, a fast crypt(3), and
-                 in cbc mode, a fast crypt(3), and routines to read
+                 routines to read passwords from the keyboard.
                 passwords from the keyboard.
        RC4 encryption,
        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
@@ -87,16 +80,16 @@
        A simple stack.
        A Configuration loader that uses a format similar to MS .ini files.
- openssl:
+ openssl: 
     A command line tool that can be used for:
        Creation of RSA, DH and DSA key parameters
-        Creation of X.509 certificates, CSRs and CRLs
+        Creation of X.509 certificates, CSRs and CRLs 
        Calculation of Message Digests
        Encryption and Decryption with Ciphers
        SSL/TLS Client and Server Tests
        Handling of S/MIME signed or encrypted mail
-
+        
 PATENTS
 -------
@@ -111,19 +104,13 @@
 licensing conditions. Their web page is http://www.rsasecurity.com/.
 RC4 is a trademark of RSA Security, so use of this label should perhaps
- only be used with RSA Security's permission.
+ only be used with RSA Security's permission. 
 The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
 Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They
 should be contacted if that algorithm is to be used; their web page is
 http://www.ascom.ch/.
 The MDC2 algorithm is patented by IBM.
 NTT and Mitsubishi have patents and pending patents on the Camellia
 algorithm, but allow use at no charge without requiring an explicit
 licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
 INSTALLATION
 ------------
@@ -142,7 +129,7 @@
 or application author.  We try to collect those in doc/PROBLEMS, with current
 thoughts on how they should be solved in a future of OpenSSL.
- SUPPORT
+ SUPPORT 
 -------
 If you have any problems with OpenSSL then please take the following steps
@@ -151,7 +138,7 @@
    - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
      to see if the problem has already been addressed
    - Remove ASM versions of libraries
-    - Remove compiler optimisation flags
+    - Remove compiler optimisation flags 
 If you wish to report a bug then please include the following information in
 any bug report:
@@ -167,7 +154,7 @@
    - Stack Traceback (if the application dumps core)
 Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/support/rt2.html) by mail to:
+ (http://www.openssl.org/rt2.html) by mail to:
    openssl-bugs@openssl.org
@@ -186,17 +173,11 @@
 textual explanation of what your patch does.
 Note: For legal reasons, contributions from the US can be accepted only
- if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
+ if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
- (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
+ see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
- please take some time to look at
+ and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
    http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
 and
    http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
 for the details. If "your encryption source code is too large to serve as
 an email attachment", they are glad to receive it by fax instead; hope you
 have a cheap long-distance plan.
- Our preferred format for changes is "diff -u" output. You might
+ The preferred format for changes is "diff -u" output. You might
 generate it like this:
 # cd openssl-work
--- a/README.FIPS
+++ b/README.FIPS
@@ -1,35 +0,0 @@
 Brief instructions on using OpenSSL 0.9.8 FIPS test branch.
 To avoid any confusion that this might generate a validate library just
 supplying "fips" on the command line wont work. Additional options are
 needed...
 To build fipscanister and produce a usable distribution the configuration
 option "fipscanisterbuild" is used to either the config or Configure scripts.
 For example:
 ./config fipscanisterbuild
 This builds static libraries in a way similar to the FIPS 1.1.1 distro.
 To build the shared library fipscanister version use the configuration
 options "fipsdso".
 Note that the fipscanister.o file is totally incompatible with the version
 produced by the FIPS 1.1.1 distribution and cannot be made to work with
 it.
 Both options should also work under Windows and VC++. With this version the
 use of MinGW is unnecessary and the normal VC++ build procedure can be
 followed *except* the GNU linker "ld.exe" (for example from MinGW) must be
 accessible somewhere on the PATH. For example:
 perl Configure VC-WIN32 fipsdso
 ms\do_masm
 nmake -f ms\ntdll.mak
 Note that any warnings from a Windows version of "tar" about being unable to
 create symbolic links can be ignored.
--- a/35
+++ b/35
@@ -1,34 +1,12 @@
  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2007/02/23 12:12:27 $
+  ______________                           $Date: 2003/02/28 15:17:45 $
  DEVELOPMENT STATE
-    o  OpenSSL 0.9.9:  Under development...
+    o  OpenSSL 0.9.8:  Under development...
    o  OpenSSL 0.9.8e: Released on February  23rd, 2007
    o  OpenSSL 0.9.8d: Released on September 28th, 2006
    o  OpenSSL 0.9.8c: Released on September  5th, 2006
    o  OpenSSL 0.9.8b: Released on May        4th, 2006
    o  OpenSSL 0.9.8a: Released on October   11th, 2005
    o  OpenSSL 0.9.8:  Released on July       5th, 2005
    o  OpenSSL 0.9.7m: Released on February  23rd, 2007
    o  OpenSSL 0.9.7l: Released on September 28th, 2006
    o  OpenSSL 0.9.7k: Released on September  5th, 2006
    o  OpenSSL 0.9.7j: Released on May        4th, 2006
    o  OpenSSL 0.9.7i: Released on October   14th, 2005
    o  OpenSSL 0.9.7h: Released on October   11th, 2005
    o  OpenSSL 0.9.7g: Released on April     11th, 2005
    o  OpenSSL 0.9.7f: Released on March     22nd, 2005
    o  OpenSSL 0.9.7e: Released on October   25th, 2004
    o  OpenSSL 0.9.7d: Released on March     17th, 2004
    o  OpenSSL 0.9.7c: Released on September 30th, 2003
    o  OpenSSL 0.9.7b: Released on April     10th, 2003
    o  OpenSSL 0.9.7a: Released on February  19th, 2003
    o  OpenSSL 0.9.7:  Released on December  31st, 2002
    o  OpenSSL 0.9.6m: Released on March     17th, 2004
    o  OpenSSL 0.9.6l: Released on November   4th, 2003
    o  OpenSSL 0.9.6k: Released on September 30th, 2003
    o  OpenSSL 0.9.6j: Released on April     10th, 2003
    o  OpenSSL 0.9.6i: Released on February  19th, 2003
    o  OpenSSL 0.9.6h: Released on December   5th, 2002
    o  OpenSSL 0.9.6g: Released on August     9th, 2002
@@ -51,7 +29,6 @@
  RELEASE SHOWSTOPPERS
    o The Makefiles fail with some SysV makes.
    o 
  AVAILABLE PATCHES
@@ -68,8 +45,16 @@
 	Private key, certificate and CRL API and implementation.
 	Developing and bugfixing PKCS#7 (S/MIME code).
        Various X509 issues: character sets, certificate request extensions.
    o Geoff and Richard are currently working on:
 	ENGINE (the new code that gives hardware support among others).
    o Richard is currently working on:
 	UI (User Interface)
 	UTIL (a new set of library functions to support some higher level
 	      functionality that is currently missing).
 	Shared library support for VMS.
 	Kerberos 5 authentication (Heimdal)
 	Constification
 	Compression
 	Attribute Certificate support
 	Certificate Pair support
 	Storage Engines (primarly an LDAP storage engine)
--- a/3088
+++ b/3088
--- a/VMS/VMSify-conf.pl
+++ b/VMS/VMSify-conf.pl
@@ -1,34 +0,0 @@
 #! /usr/bin/perl
 use strict;
 use warnings;
 my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
 my @file_vars = ( "database", "certificate", "serial", "crlnumber",
 		  "crl", "private_key", "RANDFILE" );
 while(<STDIN>) {
    chomp;
    foreach my $d (@directory_vars) {
 	if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
 	    $_ = "$1sys\\\$disk:\[.$2$3";
 	} elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
 	    $_ = "$1sys\\\$disk:\[.$2$3";
 	}
 	s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
 	while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
 	    $_ = "$1.$3]$4";
 	}
    }
    foreach my $f (@file_vars) {
 	s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
 	while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
 	    $_ = "$1.$3$4";
 	}
 	if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
 	    $_ = "$1]$3.$4";
 	} elsif  (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
 	    $_ = "$1]$3$4";
 	}
   }
    print $_,"\n";
 }
--- a/VMS/tcpip_shr_decc.opt
+++ b/VMS/tcpip_shr_decc.opt
@@ -1 +0,0 @@
 sys$share:tcpip$ipc_shr.exe/share
--- a/apps/.cvsignore
+++ b/apps/.cvsignore
@@ -3,5 +3,3 @@ Makefile.save
 der_chop
 der_chop.bak
 CA.pl
 *.flc
 semantic.cache
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -36,22 +36,14 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 my $openssl;
 if(defined $ENV{OPENSSL}) {
 	$openssl = $ENV{OPENSSL};
 } else {
 	$openssl = "openssl";
 	$ENV{OPENSSL} = $openssl;
 }
 $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";	# 1 year
 $CADAYS="-days 1095";	# 3 years
-$REQ="$openssl req $SSLEAY_CONFIG";
+$REQ="openssl req $SSLEAY_CONFIG";
-$CA="$openssl ca $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
-$VERIFY="$openssl verify";
+$VERIFY="openssl verify";
-$X509="$openssl x509";
+$X509="openssl x509";
-$PKCS12="$openssl pkcs12";
+$PKCS12="openssl pkcs12";
 $CATOP="./demoCA";
 $CAKEY="cakey.pem";
@@ -68,19 +60,19 @@ foreach (@ARGV) {
 	    exit 0;
 	} elsif (/^-newcert$/) {
 	    # create a certificate
-	    system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
+	    system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
-	    print "Certificate is in newcert.pem, private key is in newkey.pem\n"
+	    print "Certificate (and private key) is in newreq.pem\n"
 	} elsif (/^-newreq$/) {
 	    # create a certificate request
-	    system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
+	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
-	    print "Request is in newreq.pem, private key is in newkey.pem\n";
+	    print "Request (and private key) is in newreq.pem\n";
 	} elsif (/^-newreq-nodes$/) {
 	    # create a certificate request
-	    system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
+	    system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
-	    print "Request is in newreq.pem, private key is in newkey.pem\n";
+	    print "Request (and private key) is in newreq.pem\n";
 	} elsif (/^-newca$/) {
 		# if explicitly asked for or it doesn't exist then setup the
 		# directory structure that Eric likes to manage things 
@@ -92,11 +84,11 @@ foreach (@ARGV) {
 		mkdir "${CATOP}/crl", $DIRMODE ;
 		mkdir "${CATOP}/newcerts", $DIRMODE;
 		mkdir "${CATOP}/private", $DIRMODE;
-		open OUT, ">${CATOP}/index.txt";
+		open OUT, ">${CATOP}/serial";
 		close OUT;
 		open OUT, ">${CATOP}/crlnumber";
 		print OUT "01\n";
 		close OUT;
 		open OUT, ">${CATOP}/index.txt";
 		close OUT;
 	    }
 	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
 		print "CA certificate filename (or enter to create)\n";
@@ -113,10 +105,8 @@ foreach (@ARGV) {
 		    print "Making CA certificate ...\n";
 		    system ("$REQ -new -keyout " .
 			"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
-		    system ("$CA -create_serial " .
+		    system ("$CA -out ${CATOP}/$CACERT $CADAYS -batch " . 
 			"-out ${CATOP}/$CACERT $CADAYS -batch " . 
 			"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
 			"-extensions v3_ca " .
 			"-infiles ${CATOP}/$CAREQ ");
 		    $RET=$?;
 		}
@@ -124,11 +114,10 @@ foreach (@ARGV) {
 	} elsif (/^-pkcs12$/) {
 	    my $cname = $ARGV[1];
 	    $cname = "My Certificate" unless defined $cname;
-	    system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
+	    system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
 			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
 			"-export -name \"$cname\"");
 	    $RET=$?;
 	    print "PKCS #12 file is in newcert.p12\n";
 	    exit $RET;
 	} elsif (/^-xsign$/) {
 	    system ("$CA -policy policy_anything -infiles newreq.pem");
--- a/apps/CA.sh
+++ b/apps/CA.sh
@@ -30,14 +30,12 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
 DAYS="-days 365"	# 1 year
 CADAYS="-days 1095"	# 3 years
-REQ="$OPENSSL req $SSLEAY_CONFIG"
+REQ="openssl req $SSLEAY_CONFIG"
-CA="$OPENSSL ca $SSLEAY_CONFIG"
+CA="openssl ca $SSLEAY_CONFIG"
-VERIFY="$OPENSSL verify"
+VERIFY="openssl verify"
-X509="$OPENSSL x509"
+X509="openssl x509"
 CATOP=./demoCA
 CAKEY=./cakey.pem
@@ -53,15 +51,15 @@ case $i in
    ;;
 -newcert) 
    # create a certificate
-    $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
+    $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
    RET=$?
-    echo "Certificate is in newcert.pem, private key is in newkey.pem"
+    echo "Certificate (and private key) is in newreq.pem"
    ;;
 -newreq) 
    # create a certificate request
-    $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
+    $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
    RET=$?
-    echo "Request is in newreq.pem, private key is in newkey.pem"
+    echo "Request (and private key) is in newreq.pem"
    ;;
 -newca)     
    # if explicitly asked for or it doesn't exist then setup the directory
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -1,923 +0,0 @@
 #
 #  apps/Makefile
 #
 DIR=		apps
 TOP=		..
 CC=		cc
 INCLUDES=	-I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=		-g -static
 MAKEFILE=	Makefile
 PERL=		perl
 RM=		rm -f
 # KRB5 stuff
 KRB5_INCLUDES=
 LIBKRB5=
 PEX_LIBS=
 EX_LIBS= 
 EXE_EXT= 
 SHLIB_TARGET=
 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
 GENERAL=Makefile makeapps.com install.com
 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl
 PROGRAM= openssl
 SCRIPTS=CA.sh CA.pl
 EXE= $(PROGRAM)$(EXE_EXT)
 E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa rsautl dsa dsaparam ec ecparam \
 	x509 genrsa gendsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
 	pkcs8 spkac smime rand engine ocsp prime
 PROGS= $(PROGRAM).c
 A_OBJ=apps.o
 A_SRC=apps.c
 S_OBJ=	s_cb.o s_socket.o
 S_SRC=	s_cb.c s_socket.c
 RAND_OBJ=app_rand.o
 RAND_SRC=app_rand.c
 E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
 	ca.o pkcs7.o crl2p7.o crl.o \
 	rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
 	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \
 	ocsp.o prime.o
 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
 	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \
 	ocsp.c prime.c
 SRC=$(E_SRC)
 EXHEADER=
 HEADER=	apps.h progs.h s_apps.h \
 	testdsa.h testrsa.h \
 	$(EXHEADER)
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
 all:	exe
 exe:	$(EXE)
 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
 	fi; \
 	$(MAKE) -f $(TOP)/Makefile.shared -e \
 		APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
 		link_app.$${shlib_target}
 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
 install:
 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
 	@set -e; for i in $(EXE); \
 	do  \
 	(echo installing $$i; \
 	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
 	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
 	 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
 	 done;
 	@set -e; for i in $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
 	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
 	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
 	 mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
 	 done
 	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
 	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
 	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
 tags:
 	ctags $(SRC)
 tests:
 links:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 depend:
 	@if [ -z "$(THIS)" ]; then \
 	    $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
 	else \
 	    $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
 	fi
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 clean:
 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
 	rm -f req
 $(DLIBSSL):
 	(cd ..; $(MAKE) DIRS=ssl all)
 $(DLIBCRYPTO):
 	(cd ..; $(MAKE) DIRS=crypto all)
 $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(EXE)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
 	elif [ -n "$(FIPSCANLIB)" ]; then \
 	  FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
 	fi; \
 	LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
 	[ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
 	$(MAKE) -f $(TOP)/Makefile.shared -e \
 		CC="$${CC}" APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
 		link_app.$${shlib_target}
 progs.h: progs.pl
 	$(PERL) progs.pl $(E_EXE) >progs.h
 	$(RM) $(PROGRAM).o
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 app_rand.o: ../include/openssl/evp.h ../include/openssl/fips.h
 app_rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 app_rand.o: ../include/openssl/x509_vfy.h app_rand.c apps.h
 apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 apps.o: ../include/openssl/engine.h ../include/openssl/err.h
 apps.o: ../include/openssl/evp.h ../include/openssl/fips.h
 apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
 apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
 apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 apps.o: ../include/openssl/ui.h ../include/openssl/x509.h
 apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
 asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
 asn1pars.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 asn1pars.o: ../include/openssl/x509_vfy.h apps.h asn1pars.c
 ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ca.o: ../include/openssl/engine.h ../include/openssl/err.h
 ca.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
 ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
 ciphers.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ciphers.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 ciphers.o: ciphers.c
 crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 crl.o: ../include/openssl/err.h ../include/openssl/evp.h
 crl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
 crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
 crl2p7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 crl2p7.o: ../include/openssl/x509_vfy.h apps.h crl2p7.c
 dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
 dgst.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
 dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c
 dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
 dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dh.o: ../include/openssl/err.h ../include/openssl/evp.h
 dh.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 dh.o: ../include/openssl/x509_vfy.h apps.h dh.c
 dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
 dsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 dsa.o: ../include/openssl/x509_vfy.h apps.h dsa.c
 dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
 dsaparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
 dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
 dsaparam.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 dsaparam.o: dsaparam.c
 ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ec.o: ../include/openssl/err.h ../include/openssl/evp.h
 ec.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 ec.o: ../include/openssl/x509_vfy.h apps.h ec.c
 ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
 ecparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ecparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ecparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ecparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ecparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ecparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
 ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 ecparam.o: ecparam.c
 enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 enc.o: ../include/openssl/err.h ../include/openssl/evp.h
 enc.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 enc.o: ../include/openssl/rand.h ../include/openssl/safestack.h
 enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
 enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c
 engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
 engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 engine.o: ../include/openssl/engine.h ../include/openssl/err.h
 engine.o: ../include/openssl/evp.h ../include/openssl/fips.h
 engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 engine.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 engine.o: engine.c
 errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
 errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
 errstr.o: ../include/openssl/evp.h ../include/openssl/fips.h
 errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 errstr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 errstr.o: errstr.c
 gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
 gendh.o: ../include/openssl/evp.h ../include/openssl/fips.h
 gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
 gendh.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c
 gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
 gendsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 gendsa.o: ../include/openssl/x509_vfy.h apps.h gendsa.c
 genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 genrsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
 genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
 genrsa.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 genrsa.o: genrsa.c
 nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
 nseq.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 nseq.o: ../include/openssl/x509_vfy.h apps.h nseq.c
 ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
 ocsp.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 ocsp.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
 ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
 openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
 openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
 openssl.o: ../include/openssl/evp.h ../include/openssl/fips.h
 openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 openssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 openssl.o: openssl.c progs.h s_apps.h
 passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
 passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
 passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
 passwd.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
 passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 passwd.o: ../include/openssl/x509_vfy.h apps.h passwd.c
 pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
 pkcs12.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 pkcs12.o: pkcs12.c
 pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
 pkcs7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 pkcs7.o: ../include/openssl/x509_vfy.h apps.h pkcs7.c
 pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
 pkcs8.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs8.c
 prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 prime.o: ../include/openssl/engine.h ../include/openssl/evp.h
 prime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 prime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 prime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 prime.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
 prime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 prime.o: ../include/openssl/x509_vfy.h apps.h prime.c
 rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 rand.o: ../include/openssl/err.h ../include/openssl/evp.h
 rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
 rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
 rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
 rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c
 req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 req.o: ../include/openssl/engine.h ../include/openssl/err.h
 req.o: ../include/openssl/evp.h ../include/openssl/fips.h
 req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 req.o: ../include/openssl/sha.h ../include/openssl/stack.h
 req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 req.o: ../include/openssl/x509v3.h apps.h req.c
 rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 rsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
 rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
 rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 rsa.o: ../include/openssl/x509_vfy.h apps.h rsa.c
 rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
 rsautl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
 rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 rsautl.o: rsautl.c
 s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
 s_cb.o: ../include/openssl/evp.h ../include/openssl/fips.h
 s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_cb.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
 s_cb.o: s_cb.c
 s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
 s_client.o: ../include/openssl/evp.h ../include/openssl/fips.h
 s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_client.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h
 s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c timeouts.h
 s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
 s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
 s_server.o: ../include/openssl/evp.h ../include/openssl/fips.h
 s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_server.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
 s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_server.o: s_apps.h s_server.c timeouts.h
 s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h
 s_socket.o: ../include/openssl/fips.h ../include/openssl/kssl.h
 s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
 s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c
 s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
 s_time.o: ../include/openssl/evp.h ../include/openssl/fips.h
 s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_time.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_time.o: s_apps.h s_time.c
 sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
 sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
 sess_id.o: ../include/openssl/evp.h ../include/openssl/fips.h
 sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 sess_id.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 sess_id.o: sess_id.c
 smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 smime.o: ../include/openssl/err.h ../include/openssl/evp.h
 smime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 smime.o: smime.c
 speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
 speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
 speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h
 speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 speed.o: ../include/openssl/engine.h ../include/openssl/err.h
 speed.o: ../include/openssl/evp.h ../include/openssl/fips.h
 speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
 speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
 speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
 speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h
 speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
 speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
 speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h speed.c
 speed.o: testdsa.h testrsa.h
 spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
 spkac.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 spkac.o: ../include/openssl/x509_vfy.h apps.h spkac.c
 verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 verify.o: ../include/openssl/err.h ../include/openssl/evp.h
 verify.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 verify.o: verify.c
 version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 version.o: ../include/openssl/crypto.h ../include/openssl/des.h
 version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
 version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 version.o: ../include/openssl/evp.h ../include/openssl/fips.h
 version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
 version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
 version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 version.o: ../include/openssl/pkcs7.h ../include/openssl/rc4.h
 version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 version.o: ../include/openssl/x509_vfy.h apps.h version.c
 x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 x509.o: ../include/openssl/err.h ../include/openssl/evp.h
 x509.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
 x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 x509.o: ../include/openssl/x509v3.h apps.h x509.c
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -0,0 +1,998 @@
 #
 #  apps/Makefile.ssl
 #
 DIR=		apps
 TOP=		..
 CC=		cc
 INCLUDES=	-I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=		-g -static
 INSTALL_PREFIX=
 INSTALLTOP=	/usr/local/ssl
 OPENSSLDIR=	/usr/local/ssl
 NEWMAKE=	make
 MAKE=		$(NEWMAKE) -f Makefile.ssl
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 PERL=		perl
 RM=		rm -f
 # KRB5 stuff
 KRB5_INCLUDES=
 LIBKRB5=
 PEX_LIBS=
 EX_LIBS= 
 EXE_EXT= 
 SHLIB_TARGET=
 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
 GENERAL=Makefile makeapps.com install.com
 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl
 PROGRAM= openssl
 SCRIPTS=CA.sh CA.pl der_chop
 EXE= $(PROGRAM)$(EXE_EXT)
 E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa rsautl dsa dsaparam ec ecparam \
 	x509 genrsa gendsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
 	pkcs8 spkac smime rand engine ocsp
 PROGS= $(PROGRAM).c
 A_OBJ=apps.o
 A_SRC=apps.c
 S_OBJ=	s_cb.o s_socket.o
 S_SRC=	s_cb.c s_socket.c
 RAND_OBJ=app_rand.o
 RAND_SRC=app_rand.c
 E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
 	ca.o pkcs7.o crl2p7.o crl.o \
 	rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
 	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o
 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
 	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c
 SRC=$(E_SRC)
 EXHEADER=
 HEADER=	apps.h progs.h s_apps.h \
 	testdsa.h testrsa.h \
 	$(EXHEADER)
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
 all:	exe
 exe:	$(PROGRAM)
 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
 	fi; \
 	$(NEWMAKE) -f $(TOP)/Makefile.shared \
 		APPNAME=req LDFLAGS="$(CFLAG)" \
 		OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
 		LIBRPATH=$(INSTALLTOP)/lib \
 		link_app.$${shlib_target}
 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 install:
 	@set -e; for i in $(EXE); \
 	do  \
 	(echo installing $$i; \
 	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
 	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
 	 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
 	 done;
 	@set -e; for i in $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
 	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
 	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
 	 mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
 	 done
 	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
 	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
 	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
 tags:
 	ctags $(SRC)
 tests:
 links:
 	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 depend:
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 clean:
 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
 	rm -f req
 $(DLIBSSL):
 	(cd ..; $(MAKE) DIRS=ssl all)
 $(DLIBCRYPTO):
 	(cd ..; $(MAKE) DIRS=crypto all)
 $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(PROGRAM)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
 	fi; \
 	if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \
 	  LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \
 	else \
 	  LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
 	fi; \
 	$(NEWMAKE) -f $(TOP)/Makefile.shared \
 		APPNAME=$(PROGRAM) LDFLAGS="$(CFLAG)" \
 		OBJECTS="$(PROGRAM).o $(E_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
 		LIBRPATH=$(INSTALLTOP)/lib \
 		link_app.$${shlib_target}
 	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
 		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
 		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
 		SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
 		LIBPATH="`pwd`:$$LIBPATH"; \
 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
 		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 		$(PERL) tools/c_rehash certs)
 progs.h: progs.pl
 	$(PERL) progs.pl $(E_EXE) >progs.h
 	$(RM) $(PROGRAM).o
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 app_rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 app_rand.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 app_rand.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h
 app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
 app_rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 app_rand.o: ../include/openssl/stack.h ../include/openssl/store.h
 app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 app_rand.o: ../include/openssl/ui.h ../include/openssl/x509.h
 app_rand.o: ../include/openssl/x509_vfy.h app_rand.c apps.h
 apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 apps.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 apps.o: ../include/openssl/engine.h ../include/openssl/err.h
 apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 apps.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
 apps.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 apps.o: ../include/openssl/x509v3.h apps.c apps.h
 asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 asn1pars.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 asn1pars.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
 asn1pars.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 asn1pars.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 asn1pars.o: ../include/openssl/stack.h ../include/openssl/store.h
 asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 asn1pars.o: ../include/openssl/ui.h ../include/openssl/x509.h
 asn1pars.o: ../include/openssl/x509_vfy.h apps.h asn1pars.c
 ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ca.o: ../include/openssl/engine.h ../include/openssl/err.h
 ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
 ca.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ca.o: ../include/openssl/x509v3.h apps.h ca.c
 ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ciphers.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 ciphers.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 ciphers.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
 ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ciphers.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 ciphers.o: ../include/openssl/stack.h ../include/openssl/store.h
 ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 ciphers.o: ciphers.c
 crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 crl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 crl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 crl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 crl.o: ../include/openssl/engine.h ../include/openssl/err.h
 crl.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 crl.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 crl.o: ../include/openssl/stack.h ../include/openssl/store.h
 crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 crl.o: ../include/openssl/ui.h ../include/openssl/x509.h
 crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
 crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 crl2p7.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 crl2p7.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
 crl2p7.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 crl2p7.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 crl2p7.o: ../include/openssl/stack.h ../include/openssl/store.h
 crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 crl2p7.o: ../include/openssl/ui.h ../include/openssl/x509.h
 crl2p7.o: ../include/openssl/x509_vfy.h apps.h crl2p7.c
 dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 dgst.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 dgst.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
 dgst.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dgst.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dgst.o: ../include/openssl/stack.h ../include/openssl/store.h
 dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dgst.o: ../include/openssl/ui.h ../include/openssl/x509.h
 dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c
 dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 dh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 dh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 dh.o: ../include/openssl/engine.h ../include/openssl/err.h
 dh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dh.o: ../include/openssl/stack.h ../include/openssl/store.h
 dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dh.o: ../include/openssl/ui.h ../include/openssl/x509.h
 dh.o: ../include/openssl/x509_vfy.h apps.h dh.c
 dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 dsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 dsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 dsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dsa.o: ../include/openssl/stack.h ../include/openssl/store.h
 dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
 dsa.o: ../include/openssl/x509_vfy.h apps.h dsa.c
 dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
 dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
 dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
 dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c
 ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ec.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ec.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ec.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 ec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ec.o: ../include/openssl/engine.h ../include/openssl/err.h
 ec.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ec.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ec.o: ../include/openssl/stack.h ../include/openssl/store.h
 ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 ec.o: ../include/openssl/ui.h ../include/openssl/x509.h
 ec.o: ../include/openssl/x509_vfy.h apps.h ec.c
 ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ecparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
 ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ecparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ecparam.o: ../include/openssl/stack.h ../include/openssl/store.h
 ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 ecparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
 ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c
 enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 enc.o: ../include/openssl/engine.h ../include/openssl/err.h
 enc.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 enc.o: ../include/openssl/stack.h ../include/openssl/store.h
 enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 enc.o: ../include/openssl/ui.h ../include/openssl/x509.h
 enc.o: ../include/openssl/x509_vfy.h apps.h enc.c
 engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
 engine.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 engine.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 engine.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 engine.o: ../include/openssl/err.h ../include/openssl/evp.h
 engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 engine.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 engine.o: ../include/openssl/stack.h ../include/openssl/store.h
 engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 engine.o: engine.c
 errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
 errstr.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 errstr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 errstr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
 errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 errstr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 errstr.o: ../include/openssl/stack.h ../include/openssl/store.h
 errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 errstr.o: errstr.c
 gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
 gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
 gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
 gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c
 gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 gendsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 gendsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 gendsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 gendsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 gendsa.o: ../include/openssl/stack.h ../include/openssl/store.h
 gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 gendsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
 gendsa.o: ../include/openssl/x509_vfy.h apps.h gendsa.c
 genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
 genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
 genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c
 nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 nseq.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 nseq.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
 nseq.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 nseq.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 nseq.o: ../include/openssl/stack.h ../include/openssl/store.h
 nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 nseq.o: ../include/openssl/ui.h ../include/openssl/x509.h
 nseq.o: ../include/openssl/x509_vfy.h apps.h nseq.c
 ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ocsp.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 ocsp.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 ocsp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ocsp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h
 ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 ocsp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 ocsp.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 ocsp.o: ../include/openssl/ui.h ../include/openssl/x509.h
 ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
 openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
 openssl.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 openssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
 openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 openssl.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 openssl.o: ../include/openssl/stack.h ../include/openssl/store.h
 openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 openssl.o: openssl.c progs.h s_apps.h
 passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 passwd.o: ../include/openssl/des.h ../include/openssl/des_old.h
 passwd.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 passwd.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 passwd.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
 passwd.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
 passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
 passwd.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 passwd.o: ../include/openssl/x509_vfy.h apps.h passwd.c
 pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 pkcs12.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
 pkcs12.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs12.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 pkcs12.o: pkcs12.c
 pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 pkcs7.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
 pkcs7.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 pkcs7.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs7.o: ../include/openssl/stack.h ../include/openssl/store.h
 pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 pkcs7.o: ../include/openssl/ui.h ../include/openssl/x509.h
 pkcs7.o: ../include/openssl/x509_vfy.h apps.h pkcs7.c
 pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 pkcs8.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
 pkcs8.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs8.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs8.c
 rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 rand.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 rand.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 rand.o: ../include/openssl/engine.h ../include/openssl/err.h
 rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
 rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rand.o: ../include/openssl/stack.h ../include/openssl/store.h
 rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 rand.o: ../include/openssl/ui.h ../include/openssl/x509.h
 rand.o: ../include/openssl/x509_vfy.h apps.h rand.c
 req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/asn1.h
 req.o: ../include/openssl/bio.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 req.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 req.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 req.o: ../include/openssl/err.h ../include/openssl/evp.h
 req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 req.o: ../include/openssl/sha.h ../include/openssl/stack.h
 req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 req.o: ../include/openssl/x509v3.h apps.h req.c
 rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 rsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rsa.o: ../include/openssl/stack.h ../include/openssl/store.h
 rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 rsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
 rsa.o: ../include/openssl/x509_vfy.h apps.h rsa.c
 rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsautl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 rsautl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 rsautl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
 rsautl.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 rsautl.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rsautl.o: ../include/openssl/stack.h ../include/openssl/store.h
 rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 rsautl.o: ../include/openssl/ui.h ../include/openssl/x509.h
 rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c
 s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_cb.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 s_cb.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 s_cb.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_cb.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_cb.o: ../include/openssl/stack.h ../include/openssl/store.h
 s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
 s_cb.o: s_cb.c
 s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_client.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 s_client.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 s_client.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s_client.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_client.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_client.o: ../include/openssl/stack.h ../include/openssl/store.h
 s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_client.o: s_apps.h s_client.c
 s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 s_server.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 s_server.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
 s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_server.o: s_apps.h s_server.c
 s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_socket.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 s_socket.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_socket.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_socket.o: ../include/openssl/stack.h ../include/openssl/store.h
 s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_socket.o: s_apps.h s_socket.c
 s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_time.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 s_time.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 s_time.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_time.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_time.o: ../include/openssl/stack.h ../include/openssl/store.h
 s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_time.o: s_apps.h s_time.c
 sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
 sess_id.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 sess_id.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 sess_id.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
 sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 sess_id.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 sess_id.o: ../include/openssl/stack.h ../include/openssl/store.h
 sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 sess_id.o: sess_id.c
 smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 smime.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 smime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 smime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 smime.o: ../include/openssl/engine.h ../include/openssl/err.h
 smime.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 smime.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 smime.o: ../include/openssl/stack.h ../include/openssl/store.h
 smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 smime.o: ../include/openssl/ui.h ../include/openssl/x509.h
 smime.o: ../include/openssl/x509_vfy.h apps.h smime.c
 speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
 speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
 speed.o: ../include/openssl/des_old.h ../include/openssl/dh.h
 speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 speed.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 speed.o: ../include/openssl/err.h ../include/openssl/evp.h
 speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
 speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
 speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
 speed.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h
 spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 spkac.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 spkac.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 spkac.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
 spkac.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 spkac.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 spkac.o: ../include/openssl/stack.h ../include/openssl/store.h
 spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 spkac.o: ../include/openssl/ui.h ../include/openssl/x509.h
 spkac.o: ../include/openssl/x509_vfy.h apps.h spkac.c
 verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 verify.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 verify.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 verify.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 verify.o: ../include/openssl/engine.h ../include/openssl/err.h
 verify.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 verify.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 verify.o: ../include/openssl/stack.h ../include/openssl/store.h
 verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 verify.o: ../include/openssl/ui.h ../include/openssl/x509.h
 verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 verify.o: verify.c
 version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 version.o: ../include/openssl/crypto.h ../include/openssl/des.h
 version.o: ../include/openssl/des_old.h ../include/openssl/dh.h
 version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 version.o: ../include/openssl/err.h ../include/openssl/evp.h
 version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
 version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
 version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 version.o: ../include/openssl/rc4.h ../include/openssl/rsa.h
 version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 version.o: ../include/openssl/stack.h ../include/openssl/store.h
 version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
 version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 version.o: version.c
 x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 x509.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 x509.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 x509.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 x509.o: ../include/openssl/engine.h ../include/openssl/err.h
 x509.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 x509.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 x509.o: ../include/openssl/stack.h ../include/openssl/store.h
 x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 x509.o: ../include/openssl/ui.h ../include/openssl/x509.h
 x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -125,17 +125,13 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #include <openssl/bn.h>
 #define NON_MAIN
 #include "apps.h"
 #undef NON_MAIN
 typedef struct {
-	const char *name;
+	char *name;
 	unsigned long flag;
 	unsigned long mask;
 } NAME_EX_TBL;
@@ -345,6 +341,44 @@ void program_name(char *in, char *out, int size)
 #endif
 #endif
 #ifdef OPENSSL_SYS_WIN32
 int WIN32_rename(char *from, char *to)
 	{
 #ifndef OPENSSL_SYS_WINCE
 	/* Windows rename gives an error if 'to' exists, so delete it
 	 * first and ignore file not found errror
 	 */
 	if((remove(to) != 0) && (errno != ENOENT))
 		return -1;
 #undef rename
 	return rename(from, to);
 #else
 	/* convert strings to UNICODE */
 	{
 	BOOL result = FALSE;
 	WCHAR* wfrom;
 	WCHAR* wto;
 	int i;
 	wfrom = malloc((strlen(from)+1)*2);
 	wto = malloc((strlen(to)+1)*2);
 	if (wfrom != NULL && wto != NULL)
 		{
 		for (i=0; i<(int)strlen(from)+1; i++)
 			wfrom[i] = (short)from[i];
 		for (i=0; i<(int)strlen(to)+1; i++)
 			wto[i] = (short)to[i];
 		result = MoveFile(wfrom, wto);
 		}
 	if (wfrom != NULL)
 		free(wfrom);
 	if (wto != NULL)
 		free(wto);
 	return result;
 	}
 #endif
 	}
 #endif
 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
@@ -376,17 +410,10 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 		/* The start of something good :-) */
 		if (num >= arg->count)
 			{
-			char **tmp_p;
+			arg->count+=20;
-			int tlen = arg->count + 20;
+			arg->data=(char **)OPENSSL_realloc(arg->data,
-			tmp_p = (char **)OPENSSL_realloc(arg->data,
+				sizeof(char *)*arg->count);
-				sizeof(char *)*tlen);
+			if (argc == 0) return(0);
 			if (tmp_p == NULL)
 				return 0;
 			arg->data  = tmp_p;
 			arg->count = tlen;
 			/* initialize newly allocated data */
 			for (i = num; i < arg->count; i++)
 				arg->data[i] = NULL;
 			}
 		arg->data[num++]=p;
@@ -548,7 +575,7 @@ int password_callback(char *buf, int bufsiz, int verify,
 		char *prompt = NULL;
 		prompt = UI_construct_prompt(ui, "pass phrase",
-			prompt_info);
+			cb_data->prompt_info);
 		ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
 		UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
@@ -697,51 +724,6 @@ int add_oid_section(BIO *err, CONF *conf)
 	return 1;
 }
 static int load_pkcs12(BIO *err, BIO *in, const char *desc,
 		pem_password_cb *pem_cb,  void *cb_data,
 		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
 	{
 	const char *pass;
 	char tpass[PEM_BUFSIZE];
 	int len, ret = 0;
 	PKCS12 *p12;
 	p12 = d2i_PKCS12_bio(in, NULL);
 	if (p12 == NULL)
 		{
 		BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);	
 		goto die;
 		}
 	/* See if an empty password will do */
 	if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
 		pass = "";
 	else
 		{
 		if (!pem_cb)
 			pem_cb = (pem_password_cb *)password_callback;
 		len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
 		if (len < 0) 
 			{
 			BIO_printf(err, "Passpharse callback error for %s\n",
 					desc);
 			goto die;
 			}
 		if (len < PEM_BUFSIZE)
 			tpass[len] = 0;
 		if (!PKCS12_verify_mac(p12, tpass, len))
 			{
 			BIO_printf(err,
 	"Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);	
 			goto die;
 			}
 		pass = tpass;
 		}
 	ret = PKCS12_parse(p12, pass, pkey, cert, ca);
 	die:
 	if (p12)
 		PKCS12_free(p12);
 	return ret;
 	}
 X509 *load_cert(BIO *err, const char *file, int format,
 	const char *pass, ENGINE *e, const char *cert_descrip)
 	{
@@ -776,7 +758,7 @@ X509 *load_cert(BIO *err, const char *file, int format,
 		x=d2i_X509_bio(cert,NULL);
 	else if (format == FORMAT_NETSCAPE)
 		{
-		const unsigned char *p,*op;
+		unsigned char *p,*op;
 		int size=0,i;
 		/* We sort of have to do it this way because it is sort of nice
@@ -822,9 +804,11 @@ X509 *load_cert(BIO *err, const char *file, int format,
 			(pem_password_cb *)password_callback, NULL);
 	else if (format == FORMAT_PKCS12)
 		{
-		if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
+		PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
-					NULL, &x, NULL))
+
-			goto end;
+		PKCS12_parse(p12, NULL, NULL, &x, NULL);
 		PKCS12_free(p12);
 		p12 = NULL;
 		}
 	else	{
 		BIO_printf(err,"bad input format specified for %s\n",
@@ -903,10 +887,11 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 #endif
 	else if (format == FORMAT_PKCS12)
 		{
-		if (!load_pkcs12(err, key, key_descrip,
+		PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
-				(pem_password_cb *)password_callback, &cb_data,
+
-				&pkey, NULL, NULL))
+		PKCS12_parse(p12, pass, &pkey, NULL, NULL);
-			goto end;
+		PKCS12_free(p12);
 		p12 = NULL;
 		}
 	else
 		{
@@ -1278,7 +1263,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T
 	return 0;
 }
-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
+void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 {
 	char *buf;
 	char mline = 0;
@@ -1486,9 +1471,12 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
 			}
 		else
 			{
 			ASN1_INTEGER_set(ai,1);
 			ret=BN_new();
-			if (ret == NULL || !rand_serial(ret, ai))
+			if (ret == NULL)
 				BIO_printf(bio_err, "Out of memory\n");
 			else
 				BN_one(ret);
 			}
 		}
 	else
@@ -1613,9 +1601,8 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
 		{
 		if (errno != ENOENT 
 #ifdef ENOTDIR
-			&& errno != ENOTDIR
+			&& errno != ENOTDIR)
 #endif
 		   )
 			goto err;
 		}
 	else
@@ -1651,33 +1638,6 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
 	return 0;
 	}
 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
 	{
 	BIGNUM *btmp;
 	int ret = 0;
 	if (b)
 		btmp = b;
 	else
 		btmp = BN_new();
 	if (!btmp)
 		return 0;
 	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
 		goto error;
 	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
 		goto error;
 	ret = 1;
 	error:
 	if (!b)
 		BN_free(btmp);
 	return ret;
 	}
 CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
 	{
 	CA_DB *retdb = NULL;
@@ -1784,7 +1744,7 @@ int index_index(CA_DB *db)
 	return 1;
 	}
-int save_index(const char *dbfile, const char *suffix, CA_DB *db)
+int save_index(char *dbfile, char *suffix, CA_DB *db)
 	{
 	char buf[3][BSIZE];
 	BIO *out = BIO_new(BIO_s_file());
@@ -1851,7 +1811,7 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
 	return 0;
 	}
-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
+int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
 	{
 	char buf[5][BSIZE];
 	int i,j;
@@ -1903,9 +1863,8 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf
 		{
 		if (errno != ENOENT 
 #ifdef ENOTDIR
-			&& errno != ENOTDIR
+			&& errno != ENOTDIR)
 #endif
 		   )
 			goto err;
 		}
 	else
@@ -1940,9 +1899,8 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf
 		{
 		if (errno != ENOENT 
 #ifdef ENOTDIR
-			&& errno != ENOTDIR
+			&& errno != ENOTDIR)
 #endif
 		   )
 			goto err;
 		}
 	else
@@ -1991,7 +1949,7 @@ void free_index(CA_DB *db)
 		}
 	}
-int parse_yesno(const char *str, int def)
+int parse_yesno(char *str, int def)
 	{
 	int ret = def;
 	if (str)
@@ -2156,180 +2114,3 @@ error:
 	return NULL;
 }
 /* This code MUST COME AFTER anything that uses rename() */
 #ifdef OPENSSL_SYS_WIN32
 int WIN32_rename(const char *from, const char *to)
 	{
 #ifndef OPENSSL_SYS_WINCE
 	/* Windows rename gives an error if 'to' exists, so delete it
 	 * first and ignore file not found errror
 	 */
 	if((remove(to) != 0) && (errno != ENOENT))
 		return -1;
 #undef rename
 	return rename(from, to);
 #else
 	/* convert strings to UNICODE */
 	{
 	BOOL result = FALSE;
 	WCHAR* wfrom;
 	WCHAR* wto;
 	int i;
 	wfrom = malloc((strlen(from)+1)*2);
 	wto = malloc((strlen(to)+1)*2);
 	if (wfrom != NULL && wto != NULL)
 		{
 		for (i=0; i<(int)strlen(from)+1; i++)
 			wfrom[i] = (short)from[i];
 		for (i=0; i<(int)strlen(to)+1; i++)
 			wto[i] = (short)to[i];
 		result = MoveFile(wfrom, wto);
 		}
 	if (wfrom != NULL)
 		free(wfrom);
 	if (wto != NULL)
 		free(wto);
 	return result;
 	}
 #endif
 	}
 #endif
 int args_verify(char ***pargs, int *pargc,
 			int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
 	{
 	ASN1_OBJECT *otmp = NULL;
 	unsigned long flags = 0;
 	int i;
 	int purpose = 0;
 	char **oldargs = *pargs;
 	char *arg = **pargs, *argn = (*pargs)[1];
 	if (!strcmp(arg, "-policy"))
 		{
 		if (!argn)
 			*badarg = 1;
 		else
 			{
 			otmp = OBJ_txt2obj(argn, 0);
 			if (!otmp)
 				{
 				BIO_printf(err, "Invalid Policy \"%s\"\n",
 									argn);
 				*badarg = 1;
 				}
 			}
 		(*pargs)++;
 		}
 	else if (strcmp(arg,"-purpose") == 0)
 		{
 		X509_PURPOSE *xptmp;
 		if (!argn)
 			*badarg = 1;
 		else
 			{
 			i = X509_PURPOSE_get_by_sname(argn);
 			if(i < 0)
 				{
 				BIO_printf(err, "unrecognized purpose\n");
 				*badarg = 1;
 				}
 			else
 				{
 				xptmp = X509_PURPOSE_get0(i);
 				purpose = X509_PURPOSE_get_id(xptmp);
 				}
 			}
 		(*pargs)++;
 		}
 	else if (!strcmp(arg, "-ignore_critical"))
 		flags |= X509_V_FLAG_IGNORE_CRITICAL;
 	else if (!strcmp(arg, "-issuer_checks"))
 		flags |= X509_V_FLAG_CB_ISSUER_CHECK;
 	else if (!strcmp(arg, "-crl_check"))
 		flags |=  X509_V_FLAG_CRL_CHECK;
 	else if (!strcmp(arg, "-crl_check_all"))
 		flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
 	else if (!strcmp(arg, "-policy_check"))
 		flags |= X509_V_FLAG_POLICY_CHECK;
 	else if (!strcmp(arg, "-explicit_policy"))
 		flags |= X509_V_FLAG_EXPLICIT_POLICY;
 	else if (!strcmp(arg, "-x509_strict"))
 		flags |= X509_V_FLAG_X509_STRICT;
 	else if (!strcmp(arg, "-policy_print"))
 		flags |= X509_V_FLAG_NOTIFY_POLICY;
 	else
 		return 0;
 	if (*badarg)
 		{
 		if (*pm)
 			X509_VERIFY_PARAM_free(*pm);
 		*pm = NULL;
 		goto end;
 		}
 	if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
 		{
 		*badarg = 1;
 		goto end;
 		}
 	if (otmp)
 		X509_VERIFY_PARAM_add0_policy(*pm, otmp);
 	if (flags)
 		X509_VERIFY_PARAM_set_flags(*pm, flags);
 	if (purpose)
 		X509_VERIFY_PARAM_set_purpose(*pm, purpose);
 	end:
 	(*pargs)++;
 	if (pargc)
 		*pargc -= *pargs - oldargs;
 	return 1;
 	}
 static void nodes_print(BIO *out, const char *name,
 	STACK_OF(X509_POLICY_NODE) *nodes)
 	{
 	X509_POLICY_NODE *node;
 	int i;
 	BIO_printf(out, "%s Policies:", name);
 	if (nodes)
 		{
 		BIO_puts(out, "\n");
 		for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
 			{
 			node = sk_X509_POLICY_NODE_value(nodes, i);
 			X509_POLICY_NODE_print(out, node, 2);
 			}
 		}
 	else
 		BIO_puts(out, " <empty>\n");
 	}
 void policies_print(BIO *out, X509_STORE_CTX *ctx)
 	{
 	X509_POLICY_TREE *tree;
 	int explicit_policy;
 	int free_out = 0;
 	if (out == NULL)
 		{
 		out = BIO_new_fp(stderr, BIO_NOCLOSE);
 		free_out = 1;
 		}
 	tree = X509_STORE_CTX_get0_policy_tree(ctx);
 	explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
 	BIO_printf(out, "Require explicit Policy: %s\n",
 				explicit_policy ? "True" : "False");
 	nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
 	nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
 	if (free_out)
 		BIO_free(out);
 	}
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -114,7 +114,9 @@
 #include "e_os.h"
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
@@ -136,7 +138,7 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
 #ifdef OPENSSL_SYS_WIN32
 #define rename(from,to) WIN32_rename((from),(to))
-int WIN32_rename(const char *oldname,const char *newname);
+int WIN32_rename(char *oldname,char *newname);
 #endif
 #ifndef MONOLITH
@@ -146,11 +148,9 @@ int WIN32_rename(const char *oldname,const char *newname);
 #ifndef NON_MAIN
 CONF *config=NULL;
 BIO *bio_err=NULL;
 int in_FIPS_mode=0;
 #else
 extern CONF *config;
 extern BIO *bio_err;
 extern int in_FIPS_mode;
 #endif
 #else
@@ -159,7 +159,6 @@ extern int in_FIPS_mode;
 extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;
 extern int in_FIPS_mode;
 #endif
@@ -257,7 +256,7 @@ void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 #ifdef HEADER_X509_H
 int dump_cert_text(BIO *out, X509 *x);
-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);
+void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
 int set_cert_ex(unsigned long *flags, const char *arg);
 int set_name_ex(unsigned long *flags, const char *arg);
@@ -283,7 +282,7 @@ char *make_config_name(void);
 /* Functions defined in ca.c and also used in ocsp.c */
 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
-			ASN1_GENERALIZEDTIME **pinvtm, const char *str);
+			ASN1_GENERALIZEDTIME **pinvtm, char *str);
 #define DB_type         0
 #define DB_exp_date     1
@@ -310,19 +309,15 @@ typedef struct ca_db_st
 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
 int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
 CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
 int index_index(CA_DB *db);
-int save_index(const char *dbfile, const char *suffix, CA_DB *db);
+int save_index(char *dbfile, char *suffix, CA_DB *db);
-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
+int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
 void free_index(CA_DB *db);
 int index_name_cmp(const char **a, const char **b);
-int parse_yesno(const char *str, int def);
+int parse_yesno(char *str, int def);
 X509_NAME *parse_name(char *str, long chtype, int multirdn);
 int args_verify(char ***pargs, int *pargc,
 			int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
 void policies_print(BIO *out, X509_STORE_CTX *ctx);
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
@@ -343,6 +338,4 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx);
 #define APP_PASS_LEN	1024
 #define SERIAL_RAND_BITS	64
 #endif
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -94,7 +94,6 @@ int MAIN(int argc, char **argv)
 	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
 	char *genstr=NULL, *genconf=NULL;
 	unsigned char *tmpbuf;
 	const unsigned char *ctmpbuf;
 	BUF_MEM *buf=NULL;
 	STACK *osk=NULL;
 	ASN1_TYPE *at=NULL;
@@ -196,7 +195,7 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
+		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
@@ -309,7 +308,6 @@ bad:
 		for (i=0; i<sk_num(osk); i++)
 			{
 			ASN1_TYPE *atmp;
 			int typ;
 			j=atoi(sk_value(osk,i));
 			if (j == 0)
 				{
@@ -319,8 +317,7 @@ bad:
 			tmpbuf+=j;
 			tmplen-=j;
 			atmp = at;
-			ctmpbuf = tmpbuf;
+			at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen);
 			at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen);
 			ASN1_TYPE_free(atmp);
 			if(!at)
 				{
@@ -328,15 +325,6 @@ bad:
 				ERR_print_errors(bio_err);
 				goto end;
 				}
 			typ = ASN1_TYPE_get(at);
 			if ((typ == V_ASN1_OBJECT)
 				|| (typ == V_ASN1_NULL))
 				{
 				BIO_printf(bio_err, "Can't parse %s type\n",
 					typ == V_ASN1_NULL ? "NULL" : "OBJECT");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
 			/* hmm... this is a little evil but it works */
 			tmpbuf=at->value.asn1_string->data;
 			tmplen=at->value.asn1_string->length;
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -105,9 +105,6 @@
 #define ENV_DEFAULT_CA		"default_ca"
 #define STRING_MASK	"string_mask"
 #define UTF8_IN			"utf8"
 #define ENV_DIR			"dir"
 #define ENV_CERTS		"certs"
 #define ENV_CRL_DIR		"crl_dir"
@@ -146,7 +143,7 @@
 #define REV_KEY_COMPROMISE	3	/* Value is cert key compromise time */
 #define REV_CA_COMPROMISE	4	/* Value is CA key compromise time */
-static const char *ca_usage[]={
+static char *ca_usage[]={
 "usage: ca args\n",
 "\n",
 " -verbose        - Talk alot while doing things\n",
@@ -177,7 +174,6 @@ static const char *ca_usage[]={
 " -msie_hack      - msie modifications to handle all those universal strings\n",
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -subj arg       - Use arg instead of request's subject\n",
 " -utf8           - input characters are UTF8 (default ASCII)\n",
 " -multivalue-rdn - enable support for multivalued RDNs\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -extfile file   - Configuration file with X509v3 extentions to add\n",
@@ -196,30 +192,30 @@ extern int EF_PROTECT_BELOW;
 extern int EF_ALIGNMENT;
 #endif
-static void lookup_fail(const char *name, const char *tag);
+static void lookup_fail(char *name,char *tag);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
-		   BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate,
+		   BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate,
 		   char *enddate, long days, int batch, char *ext_sect, CONF *conf,
 		   int verbose, unsigned long certopt, unsigned long nameopt,
 		   int default_op, int ext_copy, int selfsign);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn,
+			CA_DB *db, BIGNUM *serial, char *subj, int multirdn, int email_dn,
 			char *startdate, char *enddate, long days, int batch,
 			char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
 			unsigned long nameopt, int default_op, int ext_copy,
 			ENGINE *e);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			 CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn,
+			 CA_DB *db, BIGNUM *serial,char *subj, int multirdn, int email_dn,
 			 char *startdate, char *enddate, long days, char *ext_sect,
 			 CONF *conf, int verbose, unsigned long certopt, 
 			 unsigned long nameopt, int default_op, int ext_copy);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
+	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, int multirdn,
 	int email_dn, char *startdate, char *enddate, long days, int batch,
       	int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
 	unsigned long certopt, unsigned long nameopt, int default_op,
@@ -229,7 +225,7 @@ static int get_certificate_status(const char *ser_status, CA_DB *db);
 static int do_updatedb(CA_DB *db);
 static int check_time_format(char *str);
 char *make_revocation_str(int rev_type, char *rev_arg);
-int make_revoked(X509_REVOKED *rev, const char *str);
+int make_revoked(X509_REVOKED *rev, char *str);
 int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
 static CONF *conf=NULL;
 static CONF *extconf=NULL;
@@ -245,7 +241,6 @@ int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	char *key=NULL,*passargin=NULL;
 	int create_ser = 0;
 	int free_key = 0;
 	int total=0;
 	int total_done=0;
@@ -279,7 +274,6 @@ int MAIN(int argc, char **argv)
 	char *extensions=NULL;
 	char *extfile=NULL;
 	char *subj=NULL;
 	unsigned long chtype = MBSTRING_ASC;
 	int multirdn = 0;
 	char *tmp_email_dn=NULL;
 	char *crl_ext=NULL;
@@ -305,8 +299,7 @@ int MAIN(int argc, char **argv)
 	X509_REVOKED *r=NULL;
 	ASN1_TIME *tmptm;
 	ASN1_INTEGER *tmpser;
-	char *f;
+	char **pp,*p,*f;
 	const char *p, **pp;
 	int i,j;
 	const EVP_MD *dgst=NULL;
 	STACK_OF(CONF_VALUE) *attribs=NULL;
@@ -361,10 +354,6 @@ EF_ALIGNMENT=0;
 			subj= *(++argv);
 			/* preserve=1; */
 			}
 		else if (strcmp(*argv,"-utf8") == 0)
 			chtype = MBSTRING_UTF8;
 		else if (strcmp(*argv,"-create_serial") == 0)
 			create_ser = 1;
 		else if (strcmp(*argv,"-multivalue-rdn") == 0)
 			multirdn=1;
 		else if (strcmp(*argv,"-startdate") == 0)
@@ -557,6 +546,10 @@ bad:
 	ERR_load_crypto_strings();
 #ifndef OPENSSL_NO_ENGINE
 	e = setup_engine(bio_err, engine, 0);
 #endif
 	/*****************************************************************/
 	tofree=NULL;
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
@@ -601,10 +594,6 @@ bad:
 	if (!load_config(bio_err, conf))
 		goto err;
 #ifndef OPENSSL_NO_ENGINE
 	e = setup_engine(bio_err, engine, 0);
 #endif
 	/* Lets get the config section we are using */
 	if (section == NULL)
 		{
@@ -652,23 +641,6 @@ bad:
 		ERR_clear_error();
 	app_RAND_load_file(randfile, bio_err, 0);
 	f = NCONF_get_string(conf, section, STRING_MASK);
 	if (!f)
 		ERR_clear_error();
 	if(f && !ASN1_STRING_set_default_mask_asc(f)) {
 		BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
 		goto err;
 	}
 	if (chtype != MBSTRING_UTF8){
 		f = NCONF_get_string(conf, section, UTF8_IN);
 		if (!f)
 			ERR_clear_error();
 		else if (!strcmp(f, "yes"))
 			chtype = MBSTRING_UTF8;
 	}
 	db_attr.unique_subject = 1;
 	p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
 	if (p)
@@ -678,10 +650,8 @@ bad:
 #endif
 		db_attr.unique_subject = parse_yesno(p,1);
 		}
 	else
 		ERR_clear_error();
 #ifdef RL_DEBUG
-	if (!p)
+	else
 		BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
 #endif
 #ifdef RL_DEBUG
@@ -882,7 +852,7 @@ bad:
 	/* Lets check some fields */
 	for (i=0; i<sk_num(db->db->data); i++)
 		{
-		pp=(const char **)sk_value(db->db->data,i);
+		pp=(char **)sk_value(db->db->data,i);
 		if ((pp[DB_type][0] != DB_TYPE_REV) &&
 			(pp[DB_rev_date][0] != '\0'))
 			{
@@ -895,7 +865,7 @@ bad:
 			BIO_printf(bio_err," in entry %d\n", i+1);
 			goto err;
 			}
-		if (!check_time_format((char *)pp[DB_exp_date]))
+		if (!check_time_format(pp[DB_exp_date]))
 			{
 			BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
 			goto err;
@@ -969,6 +939,7 @@ bad:
 			if (verbose) BIO_printf(bio_err,
 				"Done. %d entries marked as expired\n",i); 
 	      		}
 			goto err;
 	  	}
 	/*****************************************************************/
@@ -1019,27 +990,25 @@ bad:
 			}
 		}
 	if ((md == NULL) && ((md=NCONF_get_string(conf,
 		section,ENV_DEFAULT_MD)) == NULL))
 		{
 		lookup_fail(section,ENV_DEFAULT_MD);
 		goto err;
 		}
 	if ((dgst=EVP_get_digestbyname(md)) == NULL)
 		{
 		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
 		goto err;
 		}
 	if (req)
 		{
 		if ((md == NULL) && ((md=NCONF_get_string(conf,
 			section,ENV_DEFAULT_MD)) == NULL))
 			{
 			lookup_fail(section,ENV_DEFAULT_MD);
 			goto err;
 			}
 		if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
 			section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
 			{
 			if(strcmp(tmp_email_dn,"no") == 0)
 				email_dn=0;
 			}
 		if ((dgst=EVP_get_digestbyname(md)) == NULL)
 			{
 			BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
 			goto err;
 			}
 		if (verbose)
 			BIO_printf(bio_err,"message digest is %s\n",
 				OBJ_nid2ln(dgst->type));
@@ -1126,7 +1095,7 @@ bad:
 			goto err;
 			}
-		if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)
+		if ((serial=load_serial(serialfile, 0, NULL)) == NULL)
 			{
 			BIO_printf(bio_err,"error while loading serial number\n");
 			goto err;
@@ -1158,7 +1127,7 @@ bad:
 			{
 			total++;
 			j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
-				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions,
+				serial,subj,multirdn,email_dn,startdate,enddate,days,extensions,
 				conf,verbose,certopt,nameopt,default_op,ext_copy);
 			if (j < 0) goto err;
 			if (j > 0)
@@ -1182,7 +1151,7 @@ bad:
 			{
 			total++;
 			j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
-				db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
+				db,serial,subj,multirdn,email_dn,startdate,enddate,days,batch,
 				extensions,conf,verbose, certopt, nameopt,
 				default_op, ext_copy, e);
 			if (j < 0) goto err;
@@ -1202,7 +1171,7 @@ bad:
 			{
 			total++;
 			j=certify(&x,infile,pkey,x509p,dgst,attribs,db,
-				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
+				serial,subj,multirdn,email_dn,startdate,enddate,days,batch,
 				extensions,conf,verbose, certopt, nameopt,
 				default_op, ext_copy, selfsign);
 			if (j < 0) goto err;
@@ -1222,7 +1191,7 @@ bad:
 			{
 			total++;
 			j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db,
-				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
+				serial,subj,multirdn,email_dn,startdate,enddate,days,batch,
 				extensions,conf,verbose, certopt, nameopt,
 				default_op, ext_copy, selfsign);
 			if (j < 0) goto err;
@@ -1275,7 +1244,7 @@ bad:
 			x=sk_X509_value(cert_sk,i);
 			j=x->cert_info->serialNumber->length;
-			p=(const char *)x->cert_info->serialNumber->data;
+			p=(char *)x->cert_info->serialNumber->data;
 			if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
 				{
@@ -1396,7 +1365,7 @@ bad:
 		for (i=0; i<sk_num(db->db->data); i++)
 			{
-			pp=(const char **)sk_value(db->db->data,i);
+			pp=(char **)sk_value(db->db->data,i);
 			if (pp[DB_type][0] == DB_TYPE_REV)
 				{
 				if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -1422,15 +1391,28 @@ bad:
 		/* we now have a CRL */
 		if (verbose) BIO_printf(bio_err,"signing CRL\n");
-#ifndef OPENSSL_NO_DSA
+		if (md != NULL)
-		if (pkey->type == EVP_PKEY_DSA) 
+			{
-			dgst=EVP_dss1();
+			if ((dgst=EVP_get_digestbyname(md)) == NULL)
 				{
 				BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
 				goto err;
 				}
 			}
 		else
 			{
 #ifndef OPENSSL_NO_DSA
 			if (pkey->type == EVP_PKEY_DSA) 
 				dgst=EVP_dss1();
 			else
 #endif
 #ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_EC)
+			if (pkey->type == EVP_PKEY_EC)
-			dgst=EVP_ecdsa();
+				dgst=EVP_ecdsa();
 			else
 #endif
 				dgst=EVP_md5();
 			}
 		/* Add any extensions asked for */
@@ -1520,20 +1502,19 @@ err:
 	if (x509) X509_free(x509);
 	X509_CRL_free(crl);
 	NCONF_free(conf);
 	NCONF_free(extconf);
 	OBJ_cleanup();
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
-static void lookup_fail(const char *name, const char *tag)
+static void lookup_fail(char *name, char *tag)
 	{
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}
 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-	     BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
+	     BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
 	     int ext_copy, int selfsign)
@@ -1589,7 +1570,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	else
 		BIO_printf(bio_err,"Signature ok\n");
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn,
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, multirdn, email_dn,
 		startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
 		certopt, nameopt, default_op, ext_copy, selfsign);
@@ -1601,7 +1582,7 @@ err:
 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-	     BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
+	     BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
 	     int ext_copy, ENGINE *e)
@@ -1643,7 +1624,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
 		goto err;
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate,
 		days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
 		ext_copy, 0);
@@ -1655,7 +1636,7 @@ err:
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	     STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
-	     unsigned long chtype, int multirdn,
+	     int multirdn,
 	     int email_dn, char *startdate, char *enddate, long days, int batch,
 	     int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1671,7 +1652,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	X509_NAME_ENTRY *tne,*push;
 	EVP_PKEY *pktmp;
 	int ok= -1,i,j,last,nid;
-	const char *p;
+	char *p;
 	CONF_VALUE *cv;
 	char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
 	char buf[25];
@@ -1688,7 +1669,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	if (subj)
 		{
-		X509_NAME *n = parse_name(subj, chtype, multirdn);
+		X509_NAME *n = parse_name(subj, MBSTRING_ASC, multirdn);
 		if (!n)
 			{
@@ -2225,7 +2206,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-	     BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
+	     BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate,
 	     long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
 	     unsigned long nameopt, int default_op, int ext_copy)
 	{
@@ -2366,7 +2347,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	X509_REQ_set_pubkey(req,pktmp);
 	EVP_PKEY_free(pktmp);
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate,
 		   days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op,
 			ext_copy, 0);
 err:
@@ -2679,7 +2660,7 @@ err:
 	return (cnt);
 	}
-static const char *crl_reasons[] = {
+static char *crl_reasons[] = {
 	/* CRL reason strings */
 	"unspecified",
 	"keyCompromise",
@@ -2707,8 +2688,7 @@ static const char *crl_reasons[] = {
 char *make_revocation_str(int rev_type, char *rev_arg)
 	{
-	char *other = NULL, *str;
+	char *reason = NULL, *other = NULL, *str;
 	const char *reason = NULL;
 	ASN1_OBJECT *otmp;
 	ASN1_UTCTIME *revtm = NULL;
 	int i;
@@ -2802,7 +2782,7 @@ char *make_revocation_str(int rev_type, char *rev_arg)
 */
-int make_revoked(X509_REVOKED *rev, const char *str)
+int make_revoked(X509_REVOKED *rev, char *str)
 	{
 	char *tmp = NULL;
 	int reason_code = -1;
@@ -2895,7 +2875,7 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
 	return 1;
 	}
-int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str)
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str)
 	{
 	char *tmp = NULL;
 	char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -69,7 +69,7 @@
 #undef PROG
 #define PROG	ciphers_main
-static const char *ciphers_usage[]={
+static char *ciphers_usage[]={
 "usage: ciphers args\n",
 " -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
 " -ssl2       - SSL2 mode\n",
@@ -84,7 +84,7 @@ int MAIN(int argc, char **argv)
 	{
 	int ret=1,i;
 	int verbose=0;
-	const char **pp;
+	char **pp;
 	const char *p;
 	int badops=0;
 	SSL_CTX *ctx=NULL;
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -72,7 +72,7 @@
 #undef POSTFIX
 #define	POSTFIX	".rvk"
-static const char *crl_usage[]={
+static char *crl_usage[]={
 "usage: crl args\n",
 "\n",
 " -inform arg     - input format - default PEM (DER or PEM)\n",
@@ -108,14 +108,14 @@ int MAIN(int argc, char **argv)
 	char *infile=NULL,*outfile=NULL;
 	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
 	int fingerprint = 0;
-	const char **pp;
+	char **pp;
 	X509_STORE *store = NULL;
 	X509_STORE_CTX ctx;
 	X509_LOOKUP *lookup = NULL;
 	X509_OBJECT xobj;
 	EVP_PKEY *pkey;
 	int do_ver = 0;
-	const EVP_MD *md_alg,*digest=EVP_sha1();
+	const EVP_MD *md_alg,*digest=EVP_md5();
 	apps_startup();
@@ -355,11 +355,7 @@ bad:
 	if (text) X509_CRL_print(out, x);
-	if (noout) 
+	if (noout) goto end;
 		{
 		ret = 0;
 		goto end;
 		}
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
--- a/apps/der_chop.in
+++ b/apps/der_chop.in
@@ -0,0 +1,305 @@
 #!/usr/local/bin/perl
 #
 # der_chop ... this is one total hack that Eric is really not proud of
 #              so don't look at it and don't ask for support
 #
 # The "documentation" for this (i.e. all the comments) are my fault --tjh
 #
 # This program takes the "raw" output of derparse/asn1parse and 
 # converts it into tokens and then runs regular expression matches
 # to try to figure out what to grab to get the things that are needed
 # and it is possible that this will do the wrong thing as it is a *hack*
 #
 # SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET)
 # [I know ... promises promises :-)]
 #
 # To convert a Netscape Certificate:
 #    der_chop < ServerCert.der > cert.pem
 # To convert a Netscape Key (and encrypt it again to protect it)
 #    rsa -inform NET -in ServerKey.der -des > key.pem
 #
 # 23-Apr-96 eay    Added the extra ASN.1 string types, I still think this
 #		   is an evil hack.  If nothing else the parsing should
 #		   be relative, not absolute.
 # 19-Apr-96 tjh    hacked (with eay) into 0.5.x format
 #
 # Tim Hudson
 # tjh@cryptsoft.com
 #
 require 'getopts.pl';
 $debug=0;
 # this was the 0.4.x way of doing things ...
 $cmd="derparse";
 $x509_cmd="x509";
 $crl_cmd="crl";
 $rc4_cmd="rc4";
 $md2_cmd="md2";
 $md4_cmd="md4";
 $rsa_cmd="rsa -des -inform der ";
 # this was the 0.5.x way of doing things ...
 $cmd="openssl asn1parse";
 $x509_cmd="openssl x509";
 $crl_cmd="openssl crl";
 $rc4_cmd="openssl rc4";
 $md2_cmd="openssl md2";
 $md4_cmd="openssl md4";
 $rsa_cmd="openssl rsa -des -inform der ";
 &Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
 $depth=($opt_d =~ /^\d+$/)?$opt_d:0;
 &init_der();
 if ($#ARGV != -1)
 	{
 	foreach $file (@ARGV)
 		{
 		print STDERR "doing $file\n";
 		&dofile($file);
 		}
 	}
 else
 	{
 	$file="/tmp/a$$.DER";
 	open(OUT,">$file") || die "unable to open $file:$!\n";
 	for (;;)
 		{
 		$i=sysread(STDIN,$b,1024*10);
 		last if ($i <= 0);
 		$i=syswrite(OUT,$b,$i);
 		}
 	&dofile($file);
 	unlink($file);
 	}
 sub dofile
 	{
 	local($file)=@_;
 	local(@p);
 	$b=&load_file($file);
 	@p=&load_file_parse($file);
 	foreach $_ (@p)
 		{
 		($off,$d,$hl,$len)=&parse_line($_);
 		$d-=$depth;
 		next if ($d != 0);
 		next if ($len == 0);
 		$o=substr($b,$off,$len+$hl);
 		($str,@data)=&der_str($o);
 		print "$str\n" if ($opt_v);
 		if ($str =~ /^$crl/)
 			{
 			open(OUT,"|$crl_cmd -inform d -hash -issuer") ||
 				die "unable to run $crl_cmd:$!\n";
 			print OUT $o;
 			close(OUT);
 			}
 		elsif ($str =~ /^$x509/)
 			{
 			open(OUT,"|$x509_cmd -inform d -hash -subject -issuer")
 				|| die "unable to run $x509_cmd:$!\n";
 			print OUT $o;
 			close(OUT);
 			}
 		elsif ($str =~ /^$rsa/)
 			{
 			($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
 			next unless ($type eq "rsaEncryption");
 			($off,$d,$hl,$len)=&parse_line($data[5]);
 			$os=substr($o,$off+$hl,$len);
 			open(OUT,"|$rsa_cmd")
 				|| die "unable to run $rsa_cmd:$!\n";
 			print OUT $os;
 			close(OUT);
 			}
 		elsif ($str =~ /^0G-1D-1G/)
 			{
 			($off,$d,$hl,$len)=&parse_line($data[1]);
 			$os=substr($o,$off+$hl,$len);
 			print STDERR "<$os>\n" if $opt_v;
 			&do_certificate($o,@data)
 				if (($os eq "certificate") &&
 				    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
 			&do_private_key($o,@data)
 				if (($os eq "private-key") &&
 				    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
 			}
 		}
 	}
 sub der_str
 	{
 	local($str)=@_;
 	local(*OUT,*IN,@a,$t,$d,$ret);
 	local($file)="/tmp/b$$.DER";
 	local(@ret);
 	open(OUT,">$file");
 	print OUT $str;
 	close(OUT);
 	open(IN,"$cmd -inform 'd' -in $file |") ||
 		die "unable to run $cmd:$!\n";
 	$ret="";
 	while (<IN>)
 		{
 		chop;
 		push(@ret,$_);
 		print STDERR "$_\n" if ($debug);
 		@a=split(/\s*:\s*/);
 		($d)=($a[1] =~ /d=\s*(\d+)/);
 		$a[2] =~ s/\s+$//;
 		$t=$DER_s2i{$a[2]};
 		$ret.="$d$t-";
 		}
 	close(IN);
 	unlink($file);
 	chop $ret;
 	$ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g;
 	$ret =~ s/(-3G-4B-4L)+/-RCERT/g;
 	return($ret,@ret);
 	}
 sub init_der
 	{
 	$crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C";
 	$x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C";
 	$rsa= "0G-1B-1G-2F-2E-1D";
 	%DER_i2s=(
 		# SSLeay 0.4.x has this list
 		"A","EOC",
 		"B","INTEGER",
 		"C","BIT STRING",
 		"D","OCTET STRING",
 		"E","NULL",
 		"F","OBJECT",
 		"G","SEQUENCE",
 		"H","SET",
 		"I","PRINTABLESTRING",
 		"J","T61STRING",
 		"K","IA5STRING",
 		"L","UTCTIME",
 		"M","NUMERICSTRING",
 		"N","VIDEOTEXSTRING",
 		"O","GENERALIZEDTIME",
 		"P","GRAPHICSTRING",
 		"Q","ISO64STRING",
 		"R","GENERALSTRING",
 		"S","UNIVERSALSTRING",
 		# SSLeay 0.5.x changed some things ... and I'm
 		# leaving in the old stuff but adding in these
 		# to handle the new as well --tjh
 		# - Well I've just taken them out and added the extra new
 		# ones :-) - eay
 		);
 	foreach (keys %DER_i2s)
 		{ $DER_s2i{$DER_i2s{$_}}=$_; }
 	}
 sub parse_line
 	{
 	local($_)=@_;
 	return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/);
 	}
 #  0:d=0 hl=4 l=377 cons: univ: SEQUENCE          
 #  4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING      
 # 17:d=1 hl=4 l=360 cons: univ: SEQUENCE          
 # 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE          
 # 23:d=3 hl=2 l=  8 prim: univ: OBJECT_IDENTIFIER :rc4
 # 33:d=3 hl=2 l=  0 prim: univ: NULL              
 # 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING
 sub do_private_key
 	{
 	local($data,@struct)=@_;
 	local($file)="/tmp/b$$.DER";
 	local($off,$d,$hl,$len,$_,$b,@p,$s);
 	($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
 	if ($type eq "rc4")
 		{
 		($off,$d,$hl,$len)=&parse_line($struct[6]);
 		open(OUT,"|$rc4_cmd >$file") ||
 			die "unable to run $rc4_cmd:$!\n";
 		print OUT substr($data,$off+$hl,$len);
 		close(OUT);
 		$b=&load_file($file);
 		unlink($file);
 		($s,@p)=&der_str($b);
 		die "unknown rsa key type\n$s\n"
 			if ($s ne '0G-1B-1G-2F-2E-1D');
 		local($off,$d,$hl,$len)=&parse_line($p[5]);
 		$b=substr($b,$off+$hl,$len);
 		($s,@p)=&der_str($b);
 		open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n";
 		print OUT $b;
 		close(OUT);
 		}
 	else
 		{
 		print "'$type' is unknown\n";
 		exit(1);
 		}
 	}
 sub do_certificate
 	{
 	local($data,@struct)=@_;
 	local($file)="/tmp/b$$.DER";
 	local($off,$d,$hl,$len,$_,$b,@p,$s);
 	($off,$d,$hl,$len)=&parse_line($struct[2]);
 	$b=substr($data,$off,$len+$hl);
 	open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n";
 	print OUT $b;
 	close(OUT);
 	}
 sub load_file
 	{
 	local($file)=@_;
 	local(*IN,$r,$b,$i);
 	$r="";
 	open(IN,"<$file") || die "unable to open $file:$!\n";
 	for (;;)
 		{
 		$i=sysread(IN,$b,10240);
 		last if ($i <= 0);
 		$r.=$b;
 		}
 	close(IN);
 	return($r);
 	}
 sub load_file_parse
 	{
 	local($file)=@_;
 	local(*IN,$r,@ret,$_,$i,$n,$b);
 	open(IN,"$cmd -inform d -in $file|")
 		|| die "unable to run der_parse\n";
 	while (<IN>)
 		{
 		chop;
 		push(@ret,$_);
 		}
 	return($r,@ret);
 	}
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -66,7 +66,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/hmac.h>
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -76,7 +75,7 @@
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow);
+	  const char *file);
 int MAIN(int, char **);
@@ -101,16 +100,12 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
 	unsigned int sig_flags = 0;
 	char *passargin = NULL, *passin = NULL;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif
 	char *hmac_key=NULL;
 	int non_fips_allow = 0;
 	apps_startup();
-ERR_load_crypto_strings();
+
 	if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
@@ -150,12 +145,6 @@ ERR_load_crypto_strings();
 			if (--argc < 1) break;
 			keyfile=*(++argv);
 			}
 		else if (!strcmp(*argv,"-passin"))
 			{
 			if (--argc < 1)
 				break;
 			passargin=*++argv;
 			}
 		else if (strcmp(*argv,"-verify") == 0)
 			{
 			if (--argc < 1) break;
@@ -169,27 +158,6 @@ ERR_load_crypto_strings();
 			keyfile=*(++argv);
 			do_verify = 1;
 			}
 		else if (strcmp(*argv,"-x931") == 0)
 			sig_flags = EVP_MD_CTX_FLAG_PAD_X931;
 		else if (strcmp(*argv,"-pss_saltlen") == 0)
 			{
 			int saltlen;
 			if (--argc < 1) break;
 			saltlen=atoi(*(++argv));
 			if (saltlen == -1)
 				sig_flags = EVP_MD_CTX_FLAG_PSS_MREC;
 			else if (saltlen == -2)
 				sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN;
 			else if (saltlen < -2 || saltlen >= 0xFFFE)
 				{
 				BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen);
 				goto end;
 				}
 			else
 				sig_flags = saltlen;
 			sig_flags <<= 16;
 			sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS;
 			}
 		else if (strcmp(*argv,"-signature") == 0)
 			{
 			if (--argc < 1) break;
@@ -213,14 +181,6 @@ ERR_load_crypto_strings();
 			out_bin = 1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
 		else if (strcmp(*argv,"-non-fips-allow") == 0)
 			non_fips_allow=1;
 		else if (!strcmp(*argv,"-hmac"))
 			{
 			if (--argc < 1)
 				break;
 			hmac_key=*++argv;
 			}
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			md=m;
 		else
@@ -256,33 +216,19 @@ ERR_load_crypto_strings();
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 #endif
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_md4,LN_md4);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_md2,LN_md2);
-#ifndef OPENSSL_NO_SHA
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha1,LN_sha1);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_sha,LN_sha);
-#ifndef OPENSSL_NO_SHA256
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha224,LN_sha224);
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha256,LN_sha256);
 #endif
 #ifndef OPENSSL_NO_SHA512
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha384,LN_sha384);
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha512,LN_sha512);
 #endif
 #endif
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_mdc2,LN_mdc2);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_ripemd160,LN_ripemd160);
 		err=1;
 		goto end;
@@ -298,13 +244,7 @@ ERR_load_crypto_strings();
 		{
 		BIO_set_callback(in,BIO_debug_callback);
 		/* needed for windows 3.1 */
-		BIO_set_callback_arg(in,(char *)bio_err);
+		BIO_set_callback_arg(in,bio_err);
 		}
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
 		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 		}
 	if ((in == NULL) || (bmd == NULL))
@@ -348,7 +288,7 @@ ERR_load_crypto_strings();
 			sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
 				e, "key file");
 		else
-			sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
+			sigkey = load_key(bio_err, keyfile, keyform, 0, NULL,
 				e, "key file");
 		if (!sigkey)
 			{
@@ -378,36 +318,18 @@ ERR_load_crypto_strings();
 			goto end;
 		}
 	}
 	if (non_fips_allow)
 		{
 		EVP_MD_CTX *md_ctx;
 		BIO_get_md_ctx(bmd,&md_ctx);
 		EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 		}
 	if (sig_flags)
 		{
 		EVP_MD_CTX *md_ctx;
 		BIO_get_md_ctx(bmd,&md_ctx);
 		EVP_MD_CTX_set_flags(md_ctx, sig_flags);
 		}
 	/* we use md as a filter, reading from 'in' */
-	if (!BIO_set_md(bmd,md))
+	BIO_set_md(bmd,md);
 		{
 		BIO_printf(bio_err, "Error setting digest %s\n", pname);
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	inp=BIO_push(bmd,in);
 	if (argc == 0)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
-			  siglen,"","(stdin)",bmd,hmac_key,non_fips_allow);
+			  siglen,"","(stdin)");
 		}
 	else
 		{
@@ -425,15 +347,14 @@ ERR_load_crypto_strings();
 				}
 			if(!out_bin)
 				{
-				size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;
+				size_t len = strlen(name)+strlen(argv[i])+5;
 				tmp=tofree=OPENSSL_malloc(len);
-				BIO_snprintf(tmp,len,"%s%s(%s)= ",
+				BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
 							 hmac_key ? "HMAC-" : "",name,argv[i]);
 				}
 			else
 				tmp="";
 			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
-				siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow);
+				siglen,tmp,argv[i]);
 			if(r)
 			    err=r;
 			if(tofree)
@@ -448,8 +369,6 @@ end:
 		OPENSSL_free(buf);
 		}
 	if (in != NULL) BIO_free(in);
 	if (passin)
 		OPENSSL_free(passin);
 	BIO_free_all(out);
 	EVP_PKEY_free(sigkey);
 	if(sigbuf) OPENSSL_free(sigbuf);
@@ -460,23 +379,11 @@ end:
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow)
+	  const char *file)
 	{
-	unsigned int len;
+	int len;
 	int i;
 	EVP_MD_CTX *md_ctx;
 	HMAC_CTX hmac_ctx;
 	if (hmac_key)
 		{
 		EVP_MD *md;
 		BIO_get_md(bmd,&md);
 		HMAC_CTX_init(&hmac_ctx);
 		HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);
 		BIO_get_md_ctx(bmd,&md_ctx);
 		BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
 		}
 	for (;;)
 		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
@@ -519,11 +426,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			return 1;
 			}
 		}
 	else if(hmac_key)
 		{
 		HMAC_Final(&hmac_ctx,buf,&len);
 		HMAC_CTX_cleanup(&hmac_ctx);
 		}
 	else
 		len=BIO_gets(bp,(char *)buf,BUFSIZE);
@@ -531,7 +433,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	else 
 		{
 		BIO_write(out,title,strlen(title));
-		for (i=0; i<(int)len; i++)
+		for (i=0; i<len; i++)
 			{
 			if (sep && (i != 0))
 				BIO_printf(out, ":");
@@ -539,10 +441,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			}
 		BIO_printf(out, "\n");
 		}
 	if (hmac_key)
 		{
 		BIO_set_md_ctx(bmd,md_ctx);
 		}
 	return 0;
 	}
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -57,7 +57,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DH */
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <stdlib.h>
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -109,7 +109,6 @@
 *
 */
 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DH */
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <stdlib.h>
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -56,7 +56,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
 #ifndef OPENSSL_NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
@@ -69,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/bn.h>
 #undef PROG
 #define PROG	dsa_main
@@ -84,10 +82,6 @@
 * -aes128	- encrypt output if PEM format
 * -aes192	- encrypt output if PEM format
 * -aes256	- encrypt output if PEM format
 * -camellia128 - encrypt output if PEM format
 * -camellia192 - encrypt output if PEM format
 * -camellia256 - encrypt output if PEM format
 * -seed        - encrypt output if PEM format
 * -text	- print a text version
 * -modulus	- print the DSA public key
 */
@@ -215,13 +209,6 @@ bad:
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
 		BIO_printf(bio_err," -noout          don't print key out\n");
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -56,7 +56,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
 * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -3,7 +3,7 @@
 * Written by Nils Larsch for the OpenSSL project.
 */
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -56,7 +56,6 @@
 *
 */
 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_EC
 #include <stdio.h>
 #include <stdlib.h>
@@ -85,12 +84,9 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE 	*e = NULL;
 #endif
 	int 	ret = 1;
 	EC_KEY 	*eckey = NULL;
 	const EC_GROUP *group;
 	int 	i, badops = 0;
 	const EVP_CIPHER *enc = NULL;
 	BIO 	*in = NULL, *out = NULL;
@@ -253,9 +249,7 @@ bad:
 	ERR_load_crypto_strings();
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 
 		{
@@ -330,13 +324,14 @@ bad:
 			}
 		}
 	group = EC_KEY_get0_group(eckey);
 	if (new_form)
-		EC_KEY_set_conv_form(eckey, form);
+		{
 		EC_GROUP_set_point_conversion_form(eckey->group, form);
 		eckey->conv_form = form;
 		}
 	if (new_asn1_flag)
-		EC_KEY_set_asn1_flag(eckey, asn1_flag);
+		EC_GROUP_set_asn1_flag(eckey->group, asn1_flag);
 	if (text) 
 		if (!EC_KEY_print(out, eckey, 0))
@@ -347,16 +342,13 @@ bad:
 			}
 	if (noout) 
 		{
 		ret = 0;
 		goto end;
 		}
 	BIO_printf(bio_err, "writing EC key\n");
 	if (outformat == FORMAT_ASN1) 
 		{
 		if (param_out)
-			i = i2d_ECPKParameters_bio(out, group);
+			i = i2d_ECPKParameters_bio(out, eckey->group);
 		else if (pubin || pubout) 
 			i = i2d_EC_PUBKEY_bio(out, eckey);
 		else 
@@ -365,7 +357,7 @@ bad:
 	else if (outformat == FORMAT_PEM) 
 		{
 		if (param_out)
-			i = PEM_write_bio_ECPKParameters(out, group);
+			i = PEM_write_bio_ECPKParameters(out, eckey->group);
 		else if (pubin || pubout)
 			i = PEM_write_bio_EC_PUBKEY(out, eckey);
 		else 
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -3,7 +3,7 @@
 * Written by Nils Larsch for the OpenSSL project.
 */
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -68,8 +68,6 @@
 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
 *
 */
 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_EC
 #include <assert.h>
 #include <stdio.h>
@@ -129,9 +127,7 @@ int MAIN(int argc, char **argv)
 	char	*infile = NULL, *outfile = NULL, *prog;
 	BIO 	*in = NULL, *out = NULL;
 	int 	informat, outformat, noout = 0, C = 0, ret = 1;
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE	*e = NULL;
 #endif
 	char	*engine = NULL;
 	BIGNUM	*ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
@@ -339,19 +335,18 @@ bad:
 			}
 		}
 #ifndef OPENSSL_NO_ENGINE
 	e = setup_engine(bio_err, engine, 0);
 #endif
 	if (list_curves)
 		{
 		EC_builtin_curve *curves = NULL;
 		size_t crv_len = 0;
 		size_t n = 0;
 		size_t len;
 		crv_len = EC_get_builtin_curves(NULL, 0);
-		curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));
+		curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
 		if (curves == NULL)
 			goto end;
@@ -374,8 +369,11 @@ bad:
 			if (sname == NULL)
 				sname = "";
-			BIO_printf(out, "  %-10s: ", sname);
+			len = BIO_printf(out, "  %-10s: ", sname);
-			BIO_printf(out, "%s\n", comment);
+			if (len + strlen(comment) > 80)
 				BIO_printf(out, "\n%80s\n", comment);
 			else
 				BIO_printf(out, "%s\n", comment);
 			} 
 		OPENSSL_free(curves);
@@ -413,7 +411,7 @@ bad:
 			goto end;
 			}
-		group = EC_GROUP_new_by_curve_name(nid);
+		group = EC_GROUP_new_by_nid(nid);
 		if (group == NULL)
 			{
 			BIO_printf(bio_err, "unable to create curve (%s)\n", 
@@ -649,11 +647,11 @@ bad:
 		assert(need_rand);
-		if (EC_KEY_set_group(eckey, group) == 0)
+		eckey->group = group;
 			goto end;
 		if (!EC_KEY_generate_key(eckey))
 			{
 			eckey->group = NULL;
 			EC_KEY_free(eckey);
 			goto end;
 			}
@@ -666,9 +664,11 @@ bad:
 			{
 			BIO_printf(bio_err, "bad output format specified "
 				"for outfile\n");
 			eckey->group = NULL;
 			EC_KEY_free(eckey);
 			goto end;
 			}
 		eckey->group = NULL;
 		EC_KEY_free(eckey);
 		}
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -114,11 +114,9 @@ int MAIN(int argc, char **argv)
 	unsigned char salt[PKCS5_SALT_LEN];
 	char *str=NULL, *passarg = NULL, *pass = NULL;
 	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
 	char *md=NULL;
 	int enc=1,printkey=0,i,base64=0;
 	int debug=0,olb64=0,nosalt=0;
 	const EVP_CIPHER *cipher=NULL,*c;
 	EVP_CIPHER_CTX *ctx = NULL;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
@@ -126,8 +124,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 	char *engine = NULL;
 #endif
 	const EVP_MD *dgst=NULL;
 	int non_fips_allow = 0;
 	apps_startup();
@@ -257,13 +253,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			hiv= *(++argv);
 			}
 		else if (strcmp(*argv,"-md") == 0)
 			{
 			if (--argc < 1) goto bad;
 			md= *(++argv);
 			}
 		else if (strcmp(*argv,"-non-fips-allow") == 0)
 			non_fips_allow = 1;
 		else if	((argv[0][0] == '-') &&
 			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
 			{
@@ -282,10 +271,8 @@ bad:
 			BIO_printf(bio_err,"%-14s encrypt\n","-e");
 			BIO_printf(bio_err,"%-14s decrypt\n","-d");
 			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
-			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
+			BIO_printf(bio_err,"%-14s key is the next argument\n","-k");
-			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
+			BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile");
 			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
 			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
@@ -309,20 +296,6 @@ bad:
        e = setup_engine(bio_err, engine, 0);
 #endif
 	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
 		{
 		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
 		goto end;
 		}
 	if (dgst == NULL)
 		{
 		if (in_FIPS_mode)
 			dgst = EVP_sha1();
 		else
 			dgst = EVP_md5();
 		}
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -346,7 +319,7 @@ bad:
 			}
 		/* It must be large enough for a base64 encoded line */
-		if (base64 && n < 80) n=80;
+		if (n < 80) n=80;
 		bsize=(int)n;
 		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
@@ -371,16 +344,12 @@ bad:
 		{
 		BIO_set_callback(in,BIO_debug_callback);
 		BIO_set_callback(out,BIO_debug_callback);
-		BIO_set_callback_arg(in,(char *)bio_err);
+		BIO_set_callback_arg(in,bio_err);
-		BIO_set_callback_arg(out,(char *)bio_err);
+		BIO_set_callback_arg(out,bio_err);
 		}
 	if (inf == NULL)
 	        {
 		if (bufsize != NULL)
 			setvbuf(stdin, (char *)NULL, _IONBF, 0);
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	        }
 	else
 		{
 		if (BIO_read_filename(in,inf) <= 0)
@@ -431,8 +400,6 @@ bad:
 	if (outf == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 		if (bufsize != NULL)
 			setvbuf(stdout, (char *)NULL, _IONBF, 0);
 #ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
@@ -459,7 +426,7 @@ bad:
 		if (debug)
 			{
 			BIO_set_callback(b64,BIO_debug_callback);
-			BIO_set_callback_arg(b64,(char *)bio_err);
+			BIO_set_callback_arg(b64,bio_err);
 			}
 		if (olb64)
 			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
@@ -516,7 +483,7 @@ bad:
 				sptr = salt;
 			}
-			EVP_BytesToKey(cipher,dgst,sptr,
+			EVP_BytesToKey(cipher,EVP_md5(),sptr,
 				(unsigned char *)str,
 				strlen(str),1,key,iv);
 			/* zero the complete buffer or the string
@@ -549,40 +516,17 @@ bad:
 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
 			goto end;
-
+		BIO_set_cipher(benc,cipher,key,iv,enc);
 		/* Since we may be changing parameters work on the encryption
 		 * context rather than calling BIO_set_cipher().
 		 */
 		BIO_get_cipher_ctx(benc, &ctx);
 		if (non_fips_allow)
 			EVP_CIPHER_CTX_set_flags(ctx,
 				EVP_CIPH_FLAG_NON_FIPS_ALLOW);
 		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
 			{
 			BIO_printf(bio_err, "Error setting cipher %s\n",
 				EVP_CIPHER_name(cipher));
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (nopad)
 			EVP_CIPHER_CTX_set_padding(ctx, 0);
 		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
 			{
-			BIO_printf(bio_err, "Error setting cipher %s\n",
+			EVP_CIPHER_CTX *ctx;
-				EVP_CIPHER_name(cipher));
+			BIO_get_cipher_ctx(benc, &ctx);
-			ERR_print_errors(bio_err);
+			EVP_CIPHER_CTX_set_padding(ctx, 0);
 			goto end;
 			}
 		if (debug)
 			{
 			BIO_set_callback(benc,BIO_debug_callback);
-			BIO_set_callback_arg(benc,(char *)bio_err);
+			BIO_set_callback_arg(benc,bio_err);
 			}
 		if (printkey)
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -72,7 +72,7 @@
 #undef PROG
 #define PROG	engine_main
-static const char *engine_usage[]={
+static char *engine_usage[]={
 "usage: engine opts [engine ...]\n",
 " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
 "               -vv will additionally display each command's description\n",
@@ -344,7 +344,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	int ret=1,i;
-	const char **pp;
+	char **pp;
 	int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
 	ENGINE *e;
 	STACK *engines = sk_new_null();
@@ -394,15 +394,11 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-pre") == 0)
 			{
 			argc--; argv++;
 			if (argc == 0)
 				goto skip_arg_loop;
 			sk_push(pre_cmds,*argv);
 			}
 		else if (strcmp(*argv,"-post") == 0)
 			{
 			argc--; argv++;
 			if (argc == 0)
 				goto skip_arg_loop;
 			sk_push(post_cmds,*argv);
 			}
 		else if ((strncmp(*argv,"-h",2) == 0) ||
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -57,7 +57,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
 * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -56,7 +56,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
 #ifndef OPENSSL_NO_DSA
 #include <stdio.h>
 #include <string.h>
@@ -140,10 +139,6 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
 #ifndef OPENSSL_NO_SEED
 		else if (strcmp(*argv,"-seed") == 0)
 			enc=EVP_seed_cbc();
 #endif
 #ifndef OPENSSL_NO_AES
 		else if (strcmp(*argv,"-aes128") == 0)
 			enc=EVP_aes_128_cbc();
@@ -151,14 +146,6 @@ int MAIN(int argc, char **argv)
 			enc=EVP_aes_192_cbc();
 		else if (strcmp(*argv,"-aes256") == 0)
 			enc=EVP_aes_256_cbc();
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		else if (strcmp(*argv,"-camellia128") == 0)
 			enc=EVP_camellia_128_cbc();
 		else if (strcmp(*argv,"-camellia192") == 0)
 			enc=EVP_camellia_192_cbc();
 		else if (strcmp(*argv,"-camellia256") == 0)
 			enc=EVP_camellia_256_cbc();
 #endif
 		else if (**argv != '-' && dsaparams == NULL)
 			{
@@ -182,18 +169,10 @@ bad:
 #ifndef OPENSSL_NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf(bio_err," -seed\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 #endif
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -56,7 +56,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
 * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
@@ -93,9 +92,9 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 #endif
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
 	long l;
 	int use_x931 = 0;
 	const EVP_CIPHER *enc=NULL;
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
@@ -105,10 +104,6 @@ int MAIN(int argc, char **argv)
 #endif
 	char *inrand=NULL;
 	BIO *out=NULL;
 	BIGNUM *bn = BN_new();
 	RSA *rsa = RSA_new();
 	if(!bn || !rsa) goto err;
 	apps_startup();
 	BN_GENCB_set(&cb, genrsa_cb, bio_err);
@@ -139,8 +134,6 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
 		else if (strcmp(*argv,"-x931") == 0)
 			use_x931 = 1;
 #ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
@@ -163,10 +156,6 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
 #ifndef OPENSSL_NO_SEED
 		else if (strcmp(*argv,"-seed") == 0)
 			enc=EVP_seed_cbc();
 #endif
 #ifndef OPENSSL_NO_AES
 		else if (strcmp(*argv,"-aes128") == 0)
 			enc=EVP_aes_128_cbc();
@@ -174,14 +163,6 @@ int MAIN(int argc, char **argv)
 			enc=EVP_aes_192_cbc();
 		else if (strcmp(*argv,"-aes256") == 0)
 			enc=EVP_aes_256_cbc();
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		else if (strcmp(*argv,"-camellia128") == 0)
 			enc=EVP_camellia_128_cbc();
 		else if (strcmp(*argv,"-camellia192") == 0)
 			enc=EVP_camellia_192_cbc();
 		else if (strcmp(*argv,"-camellia256") == 0)
 			enc=EVP_camellia_256_cbc();
 #endif
 		else if (strcmp(*argv,"-passout") == 0)
 			{
@@ -202,17 +183,9 @@ bad:
 #ifndef OPENSSL_NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt the generated key with IDEA in cbc mode\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf(bio_err," -seed\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf(bio_err," -out file       output the key to 'file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
@@ -269,21 +242,13 @@ bad:
 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-	if (use_x931)
+	if(((rsa = RSA_new()) == NULL) || !RSA_generate_key_ex(rsa, num, f4, &cb))
 		{
 		BIGNUM *pubexp;
 		pubexp = BN_new();
 		if (!BN_set_word(pubexp, f4))
 			goto err;
 		if (!RSA_X931_generate_key_ex(rsa, num, pubexp, &cb))
 			goto err;
 		BN_free(pubexp);
 		}
 	else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
 		goto err;
 	app_RAND_write_file(NULL, bio_err);
 	if (rsa == NULL) goto err;
 	/* We need to do the following for when the base number size is <
 	 * long, esp windows 3.1 :-(. */
 	l=0L;
@@ -307,9 +272,8 @@ bad:
 	ret=0;
 err:
-	if (bn) BN_free(bn);
+	if (rsa != NULL) RSA_free(rsa);
-	if (rsa) RSA_free(rsa);
+	if (out != NULL) BIO_free_all(out);
 	if (out) BIO_free_all(out);
 	if(passout) OPENSSL_free(passout);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -142,10 +142,27 @@ $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "RSA;RSAUTL;DSA;DSAPARAM;EC;ECPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
-	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP;PRIME"
+	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
 	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
 	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,EC.OBJ,ECPARAM.OBJ,-
 	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
 	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",OPENSSL,"
 $!$ APP_FILES := VERIFY;ASN1PARS;REQ;DGST;DH;ENC;GENDH;ERRSTR;CA;-
 $!	       PKCS7;CRL2P7;CRL;-
 $!	       RSA;DSA;DSAPARAM;-
 $!	       X509;GENRSA;GENDSA;-
 $!	       S_SERVER,'OBJ_DIR'S_SOCKET.OBJ,'OBJ_DIR'S_CB.OBJ;-
 $!	       S_CLIENT,'OBJ_DIR'S_SOCKET.OBJ,'OBJ_DIR'S_CB.OBJ;-
 $!	       SPEED;-
 $!	       S_TIME,'OBJ_DIR'S_CB.OBJ;VERSION;SESS_ID;CIPHERS;NSEQ
 $!$ TCPIP_PROGRAMS = ",,"
 $!$ IF COMPILER .EQS. "VAXC" THEN -
 $!     TCPIP_PROGRAMS = ",S_SERVER,S_CLIENT,SESS_ID,CIPHERS,S_TIME,"
 $!
 $! Setup exceptional compilations
 $!
@@ -633,7 +650,7 @@ $ CCDEFS = "MONOLITH"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
@@ -662,7 +679,7 @@ $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -694,7 +711,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -726,7 +743,7 @@ $!    Use GNU C...
 $!
 $     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
 $     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -64,7 +64,6 @@
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/bn.h>
 /* Maximum leeway in validity period: default 5 minutes */
 #define MAX_VALIDITY_PERIOD	(5 * 60)
@@ -139,7 +138,6 @@ int MAIN(int argc, char **argv)
 	if (!load_config(bio_err, NULL))
 		goto end;
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 	args = argv + 1;
 	reqnames = sk_new_null();
 	ids = sk_OCSP_CERTID_new_null();
@@ -727,11 +725,6 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err, "SSL is disabled\n");
 			goto end;
 #endif
 			if (ctx == NULL)
 				{
 				BIO_printf(bio_err, "Error creating SSL context.\n");
 				goto end;
 				}
 			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
 			sbio = BIO_new_ssl(ctx, 1);
 			cbio = BIO_push(sbio, cbio);
@@ -1227,7 +1220,7 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
 		return 0;
 	BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
 	i2d_OCSP_RESPONSE_bio(cbio, resp);
-	(void)BIO_flush(cbio);
+	BIO_flush(cbio);
 	return 1;
 	}
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -3,13 +3,9 @@
 # This is mostly being used for generation of certificate requests.
 #
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
-
+oid_file		= $ENV::HOME/.oid
-# Uncomment out to enable OpenSSL configuration see config(3)
+oid_section		= new_oids
 # openssl_conf = openssl_init
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
@@ -18,22 +14,13 @@ RANDFILE		= $ENV::HOME/.rnd
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 [openssl_init]
 # Extra OBJECT IDENTIFIER info:
 oid_section = new_oids
 alg_section = algs
 [ new_oids ]
-# We can add new OIDs in here for use by any config aware application
+# We can add new OIDs in here for use by 'ca' and 'req'.
 # Add a simple OID like this:
-# shortname=Long Object Identifier Name, 1.2.3.4
+# testoid1=1.2.3.4
 # Or use config file substitution like this:
-# testoid2=OID2 LONG NAME, ${testoid1}.5.6, OTHER OID
+# testoid2=${testoid1}.5.6
 [ algs ]
 # Algorithm configuration options. Currently just fips_mode
 fips_mode = no
 ####################################################################
 [ ca ]
@@ -42,40 +29,27 @@ default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
-dir		= sys\$disk:[.demoCA		# Where everything is kept
+dir		= sys\$disk:[.demoCA	# Where everything is kept
 certs		= $dir.certs]		# Where the issued certs are kept
 crl_dir		= $dir.crl]		# Where the issued crl are kept
 database	= $dir]index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
+new_certs_dir	= $dir.newcerts]	# default place for new certs.
 					# several ctificates with same subject.
 new_certs_dir	= $dir.newcerts]		# default place for new certs.
 certificate	= $dir]cacert.pem 	# The CA certificate
-serial		= $dir]serial. 		# The current serial number
+serial		= $dir]serial.		# The current serial number
 crlnumber	= $dir]crlnumber.	# the current crl number
 					# must be commented out to leave a V1 CRL
 crl		= $dir]crl.pem 		# The current CRL
 private_key	= $dir.private]cakey.pem# The private key
 RANDFILE	= $dir.private].rand	# private random number file
 x509_extensions	= usr_cert		# The extentions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
 name_opt 	= ca_default		# Subject Name options
 cert_opt 	= ca_default		# Certificate field options
 # Extension copying option: use with caution.
 # copy_extensions = copy
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crlnumber must also be commented out to leave a V1 CRL.
 # crl_extensions	= crl_ext
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
-default_md	= sha1			# which md to use.
+default_md	= md5			# which md to use.
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
@@ -112,19 +86,16 @@ distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
-# Passwords for private keys if not present they will be prompted for
+# This sets the permitted types in a DirectoryString. There are several
-# input_password = secret
+# options. 
 # output_password = secret
 # This sets a mask for permitted string types. There are several options. 
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString.
 # utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# nobmp : PrintableString, T61String (no BMPStrings).
 # MASK:XXXX a literal mask value.
 # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
 # so use this option with caution!
-string_mask = nombstr
+dirstring_type = nobmp
 # req_extensions = v3_req # The extensions to add to a certificate request
@@ -153,7 +124,7 @@ commonName			= Common Name (eg, YOUR name)
 commonName_max			= 64
 emailAddress			= Email Address
-emailAddress_max		= 64
+emailAddress_max		= 40
 # SET-ex3			= SET extension number 3
@@ -196,14 +167,11 @@ nsComment			= "OpenSSL Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
+authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 # An alternative to produce certificates that aren't
 # deprecated according to PKIX.
 # subjectAltName=email:move
 # Copy subject details
 # issuerAltName=issuer:copy
@@ -266,56 +234,3 @@ basicConstraints = CA:true
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
 [ proxy_cert_ext ]
 # These extensions should be added when creating a proxy certificate
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 # nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 # For normal client use this is typical
 # nsCertType = client, email
 # and for everything including object signing:
 # nsCertType = client, email, objsign
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "OpenSSL Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 # An alternative to produce certificates that aren't
 # deprecated according to PKIX.
 # subjectAltName=email:move
 # Copy subject details
 # issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 # This really needs to be in place for it to be a proxy certificate.
 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -147,7 +147,6 @@ char *default_config_file=NULL;
 #ifdef MONOLITH
 CONF *config=NULL;
 BIO *bio_err=NULL;
 int in_FIPS_mode=0;
 #endif
@@ -221,8 +220,7 @@ int main(int Argc, char *Argv[])
 #define PROG_NAME_SIZE	39
 	char pname[PROG_NAME_SIZE+1];
 	FUNCTION f,*fp;
-	MS_STATIC const char *prompt;
+	MS_STATIC char *prompt,buf[1024];
 	MS_STATIC char buf[1024];
 	char *to_free=NULL;
 	int n,i,ret=0;
 	int argc;
@@ -233,19 +231,6 @@ int main(int Argc, char *Argv[])
 	arg.data=NULL;
 	arg.count=0;
 	in_FIPS_mode = 0;
 #ifdef OPENSSL_FIPS
 	if(getenv("OPENSSL_FIPS")) {
 		if (!FIPS_mode_set(1)) {
 			ERR_load_crypto_strings();
 			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
 			EXIT(1);
 		}
 		in_FIPS_mode = 1;
 		}
 #endif
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
@@ -459,11 +444,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		for (fp=functions; fp->name != NULL; fp++)
 			{
 			nl=0;
 #ifdef OPENSSL_NO_CAMELLIA
 			if (((i++) % 5) == 0)
 #else
 			if (((i++) % 4) == 0)
 #endif
 				{
 				BIO_printf(bio_err,"\n");
 				nl=1;
@@ -484,11 +465,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
 					}
 				}
 #ifdef OPENSSL_NO_CAMELLIA
 			BIO_printf(bio_err,"%-15s",fp->name);
 #else
 			BIO_printf(bio_err,"%-18s",fp->name);
 #endif
 			}
 		BIO_printf(bio_err,"\n\n");
 		ret=0;
@@ -511,7 +488,7 @@ static LHASH *prog_init(void)
 	{
 	LHASH *ret;
 	FUNCTION *f;
-	size_t i;
+	int i;
 	/* Purely so it looks nice when the user hits ? */
 	for(i=0,f=functions ; f->name != NULL ; ++f,++i)
@@ -529,12 +506,12 @@ static LHASH *prog_init(void)
 /* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
 static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
 	{
-	return(strncmp(((const FUNCTION *)a_void)->name,
+	return(strncmp(((FUNCTION *)a_void)->name,
-			((const FUNCTION *)b_void)->name,8));
+			((FUNCTION *)b_void)->name,8));
 	}
 /* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
 static unsigned long MS_CALLBACK hash(const void *a_void)
 	{
-	return(lh_strhash(((const FUNCTION *)a_void)->name));
+	return(lh_strhash(((FUNCTION *)a_void)->name));
 	}
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -8,8 +8,9 @@
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
-# Uncomment out to enable OpenSSL configuration see config(3)
+# Extra OBJECT IDENTIFIER info:
-# openssl_conf = openssl_init
+#oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
@@ -18,22 +19,13 @@ RANDFILE		= $ENV::HOME/.rnd
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 [openssl_init]
 # Extra OBJECT IDENTIFIER info:
 oid_section = new_oids
 alg_section = algs
 [ new_oids ]
-# We can add new OIDs in here for use by any config aware application
+# We can add new OIDs in here for use by 'ca' and 'req'.
 # Add a simple OID like this:
-# shortname=Long Object Identifier Name, 1.2.3.4
+# testoid1=1.2.3.4
 # Or use config file substitution like this:
-# testoid2=OID2 LONG NAME, ${testoid1}.5.6, OTHER OID
+# testoid2=${testoid1}.5.6
 [ algs ]
 # Algorithm configuration options. Currently just fips_mode
 fips_mode = no
 ####################################################################
 [ ca ]
@@ -75,7 +67,7 @@ cert_opt 	= ca_default		# Certificate field options
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
-default_md	= sha1			# which md to use.
+default_md	= md5			# which md to use.
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
@@ -196,7 +188,7 @@ nsComment			= "OpenSSL Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
+authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
@@ -266,56 +258,3 @@ basicConstraints = CA:true
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
 [ proxy_cert_ext ]
 # These extensions should be added when creating a proxy certificate
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 # nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 # For normal client use this is typical
 # nsCertType = client, email
 # and for everything including object signing:
 # nsCertType = client, email, objsign
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "OpenSSL Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 # An alternative to produce certificates that aren't
 # deprecated according to PKIX.
 # subjectAltName=email:move
 # Copy subject details
 # issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 # This really needs to be in place for it to be a proxy certificate.
 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -359,13 +359,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	for (i = 0; i < 1000; i++)
 		{
 		EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
-		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,
+		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,
 		                       (i & 1) ? passwd_len : sizeof buf);
 		if (i % 3)
 			EVP_DigestUpdate(&md2, salt_out, salt_len);
 		if (i % 7)
 			EVP_DigestUpdate(&md2, passwd, passwd_len);
-		EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd,
+		EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,
 		                       (i & 1) ? sizeof buf : passwd_len);
 		EVP_DigestFinal_ex(&md2, buf, NULL);
 		}
@@ -474,8 +474,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	if ((strlen(passwd) > pw_maxlen))
 		{
 		if (!quiet)
-			/* XXX: really we should know how to print a size_t, not cast it */
+			BIO_printf(bio_err, "Warning: truncating password to %u characters\n", pw_maxlen);
 			BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen);
 		passwd[pw_maxlen] = 0;
 		}
 	assert(strlen(passwd) <= pw_maxlen);
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,9 +1,11 @@
 /* pkcs12.c */
 #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project.
 */
 /* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -56,9 +58,6 @@
 *
 */
 #include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -84,7 +83,7 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int opti
 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
 			  int passlen, int options, char *pempass);
 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
 int alg_print(BIO *x, X509_ALGOR *alg);
 int cert_load(BIO *in, STACK_OF(X509) *sk);
@@ -110,7 +109,7 @@ int MAIN(int argc, char **argv)
    int maciter = PKCS12_DEFAULT_ITER;
    int twopass = 0;
    int keytype = 0;
-    int cert_pbe;
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    int ret = 1;
    int macver = 1;
@@ -127,13 +126,6 @@ int MAIN(int argc, char **argv)
    apps_startup();
 #ifdef OPENSSL_FIPS
    if (FIPS_mode())
 	cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    else
 #endif
    cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
    enc = EVP_des_ede3_cbc();
    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
@@ -160,22 +152,14 @@ int MAIN(int argc, char **argv)
    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 		else if (!strcmp (*args, "-export")) export_cert = 1;
 		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
 		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
 #ifndef OPENSSL_NO_IDEA
 		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
 #endif
-#ifndef OPENSSL_NO_SEED
+		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
 		else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();
 #endif
 #ifndef OPENSSL_NO_AES
 		else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
 		else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
 		else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
 		else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
 		else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
 #endif
 		else if (!strcmp (*args, "-noiter")) iter = 1;
 		else if (!strcmp (*args, "-maciter"))
@@ -190,8 +174,7 @@ int MAIN(int argc, char **argv)
 				args++;
 				if (!strcmp(*args, "NONE"))
 					cert_pbe = -1;
-				else
+				cert_pbe=OBJ_txt2nid(*args);
 					cert_pbe=OBJ_txt2nid(*args);
 				if(cert_pbe == NID_undef) {
 					BIO_printf(bio_err,
 						 "Unknown PBE algorithm %s\n", *args);
@@ -316,16 +299,9 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_IDEA
 	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 	BIO_printf (bio_err, "-seed         encrypt private keys with seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 	BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
 	BIO_printf (bio_err, "              encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
 	BIO_printf (bio_err, "              encrypt PEM output with cbc camellia\n");
 #endif
 	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
 	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
@@ -549,11 +525,8 @@ int MAIN(int argc, char **argv)
 		    X509_free(sk_X509_value(chain2, 0));
 		    sk_X509_free(chain2);
 		} else {
-			if (vret >= 0)
+			BIO_printf (bio_err, "Error %s getting chain.\n",
 				BIO_printf (bio_err, "Error %s getting chain.\n",
 					X509_verify_cert_error_string(vret));
 			else
 				ERR_print_errors(bio_err);
 			goto export_end;
 		}			
    	}
@@ -565,10 +538,6 @@ int MAIN(int argc, char **argv)
 		catmp = (unsigned char *)sk_value(canames, i);
 		X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
 		}
 	if (csp_name && key)
 		EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
 				MBSTRING_ASC, (unsigned char *)csp_name, -1);
 #ifdef CRYPTO_MDEBUG
@@ -652,7 +621,7 @@ int MAIN(int argc, char **argv)
    CRYPTO_push_info("verify MAC");
 #endif
 	/* If we enter empty password try no password first */
-	if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+	if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
 		/* If mac and crypto pass the same set it to NULL too */
 		if(!twopass) cpass = NULL;
 	} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
@@ -696,10 +665,9 @@ int MAIN(int argc, char **argv)
 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 	     int passlen, int options, char *pempass)
 {
-	STACK_OF(PKCS7) *asafes = NULL;
+	STACK_OF(PKCS7) *asafes;
 	STACK_OF(PKCS12_SAFEBAG) *bags;
 	int i, bagnid;
 	int ret = 0;
 	PKCS7 *p7;
 	if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
@@ -717,22 +685,16 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 			}
 			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
 		} else continue;
-		if (!bags) goto err;
+		if (!bags) return 0;
 	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
 						 options, pempass)) {
 			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
-			goto err;
+			return 0;
 		}
 		sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
 		bags = NULL;
 	}
-	ret = 1;
+	sk_PKCS7_pop_free (asafes, PKCS7_free);
-
+	return 1;
 	err:
 	if (asafes)
 		sk_PKCS7_pop_free (asafes, PKCS7_free);
 	return ret;
 }
 int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@@ -827,7 +789,7 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 {
 	X509_STORE_CTX store_ctx;
 	STACK_OF(X509) *chn;
-	int i = 0;
+	int i;
 	/* FIXME: Should really check the return status of X509_STORE_CTX_init
 	 * for an error, but how that fits into the return value of this
@@ -835,17 +797,13 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
 	if (X509_verify_cert(&store_ctx) <= 0) {
 		i = X509_STORE_CTX_get_error (&store_ctx);
 		if (i == 0)
 			/* avoid returning 0 if X509_verify_cert() did not
 			 * set an appropriate error value in the context */
 			i = -1;
 		chn = NULL;
 		goto err;
-	} else
+	}
-		chn = X509_STORE_CTX_get1_chain(&store_ctx);
+	chn =  X509_STORE_CTX_get1_chain(&store_ctx);
 	i = 0;
 	*chain = chn;
 err:
 	X509_STORE_CTX_cleanup(&store_ctx);
 	*chain = chn;
 	return i;
 }	
@@ -853,16 +811,14 @@ err:
 int alg_print (BIO *x, X509_ALGOR *alg)
 {
 	PBEPARAM *pbe;
-	const unsigned char *p;
+	unsigned char *p;
 	p = alg->parameter->value.sequence->data;
-	pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+	pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
 	if (!pbe)
 		return 1;
 	BIO_printf (bio_err, "%s, Iteration %ld\n", 
 		OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
 		ASN1_INTEGER_get(pbe->iter));
 	PBEPARAM_free (pbe);
-	return 1;
+	return 0;
 }
 /* Load all certificates from a given file */
@@ -894,7 +850,7 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
 /* Generalised attribute print: handle PKCS#8 and bag attributes */
-int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
+int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
 {
 	X509_ATTRIBUTE *attr;
 	ASN1_TYPE *av;
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -1,6 +1,6 @@
 /* pkcs8.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999-2004.
+ * project 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -68,7 +68,7 @@
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
-	{
+{
 	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
@@ -100,70 +100,43 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
-	while (!badarg && *args && *args[0] == '-')
+	while (!badarg && *args && *args[0] == '-') {
-		{
+		if (!strcmp(*args,"-v2")) {
-		if (!strcmp(*args,"-v2"))
+			if (args[1]) {
 			{
 			if (args[1])
 				{
 				args++;
 				cipher=EVP_get_cipherbyname(*args);
-				if (!cipher)
+				if(!cipher) {
 					{
 					BIO_printf(bio_err,
 						 "Unknown cipher %s\n", *args);
 					badarg = 1;
 					}
 				}
-			else
+			} else badarg = 1;
-				badarg = 1;
+		} else if (!strcmp(*args,"-v1")) {
-			}
+			if (args[1]) {
 		else if (!strcmp(*args,"-v1"))
 			{
 			if (args[1])
 				{
 				args++;
 				pbe_nid=OBJ_txt2nid(*args);
-				if (pbe_nid == NID_undef)
+				if(pbe_nid == NID_undef) {
 					{
 					BIO_printf(bio_err,
 						 "Unknown PBE algorithm %s\n", *args);
 					badarg = 1;
 					}
 				}
-			else
+			} else badarg = 1;
-				badarg = 1;
+		} else if (!strcmp(*args,"-inform")) {
-			}
+			if (args[1]) {
 		else if (!strcmp(*args,"-inform"))
 			{
 			if (args[1])
 				{
 				args++;
 				informat=str2fmt(*args);
-				}
+			} else badarg = 1;
-			else badarg = 1;
+		} else if (!strcmp(*args,"-outform")) {
-			}
+			if (args[1]) {
 		else if (!strcmp(*args,"-outform"))
 			{
 			if (args[1])
 				{
 				args++;
 				outformat=str2fmt(*args);
-				}
+			} else badarg = 1;
-			else badarg = 1;
+		} else if (!strcmp (*args, "-topk8")) topk8 = 1;
-			}
+		else if (!strcmp (*args, "-noiter")) iter = 1;
-		else if (!strcmp (*args, "-topk8"))
+		else if (!strcmp (*args, "-nocrypt")) nocrypt = 1;
-			topk8 = 1;
+		else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;
-		else if (!strcmp (*args, "-noiter"))
+		else if (!strcmp (*args, "-nsdb")) p8_broken = PKCS8_NS_DB;
-			iter = 1;
+		else if (!strcmp (*args, "-embed")) p8_broken = PKCS8_EMBEDDED_PARAM;
 		else if (!strcmp (*args, "-nocrypt"))
 			nocrypt = 1;
 		else if (!strcmp (*args, "-nooct"))
 			p8_broken = PKCS8_NO_OCTET;
 		else if (!strcmp (*args, "-nsdb"))
 			p8_broken = PKCS8_NS_DB;
 		else if (!strcmp (*args, "-embed"))
 			p8_broken = PKCS8_EMBEDDED_PARAM;
 		else if (!strcmp(*args,"-passin"))
 			{
 			if (!args[1]) goto bad;
@@ -181,30 +154,21 @@ int MAIN(int argc, char **argv)
 			engine= *(++args);
 			}
 #endif
-		else if (!strcmp (*args, "-in"))
+		else if (!strcmp (*args, "-in")) {
-			{
+			if (args[1]) {
 			if (args[1])
 				{
 				args++;
 				infile = *args;
-				}
+			} else badarg = 1;
-			else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
-			}
+			if (args[1]) {
 		else if (!strcmp (*args, "-out"))
 			{
 			if (args[1])
 				{
 				args++;
 				outfile = *args;
-				}
+			} else badarg = 1;
-			else badarg = 1;
+		} else badarg = 1;
 			}
 		else badarg = 1;
 		args++;
-		}
+	}
-	if (badarg)
+	if (badarg) {
 		{
 		bad:
 		BIO_printf(bio_err, "Usage pkcs8 [options]\n");
 		BIO_printf(bio_err, "where options are\n");
@@ -225,199 +189,164 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
-		return 1;
+		return (1);
-		}
+	}
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
-	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		{
 		BIO_printf(bio_err, "Error getting passwords\n");
-		return 1;
+		return (1);
-		}
+	}
-	if ((pbe_nid == -1) && !cipher)
+	if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC;
 		pbe_nid = NID_pbeWithMD5AndDES_CBC;
-	if (infile)
+	if (infile) {
-		{
+		if (!(in = BIO_new_file(infile, "rb"))) {
 		if (!(in = BIO_new_file(infile, "rb")))
 			{
 			BIO_printf(bio_err,
 				 "Can't open input file %s\n", infile);
 			return (1);
 			}
 		}
-	else
+	} else in = BIO_new_fp (stdin, BIO_NOCLOSE);
 		in = BIO_new_fp (stdin, BIO_NOCLOSE);
-	if (outfile)
+	if (outfile) {
-		{
+		if (!(out = BIO_new_file (outfile, "wb"))) {
 		if (!(out = BIO_new_file (outfile, "wb")))
 			{
 			BIO_printf(bio_err,
 				 "Can't open output file %s\n", outfile);
 			return (1);
 			}
 		}
-	else
+	} else {
 		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
-			{
+		{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
 			}
 #endif
 		}
 #endif
 	}
 	if (topk8)
 		{
 		BIO_free(in); /* Not needed in this section */
 		pkey = load_key(bio_err, infile, informat, 1,
 			passin, e, "key");
-		if (!pkey)
+		if (!pkey) {
 			{
 			BIO_free_all(out);
-			return 1;
+			return (1);
-			}
+		}
-		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
+		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
 			{
 			BIO_printf(bio_err, "Error converting key\n");
 			ERR_print_errors(bio_err);
 			EVP_PKEY_free(pkey);
 			BIO_free_all(out);
-			return 1;
+			return (1);
-			}
+		}
-		if (nocrypt)
+		if(nocrypt) {
-			{
+			if(outformat == FORMAT_PEM) 
 			if (outformat == FORMAT_PEM) 
 				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
-			else if (outformat == FORMAT_ASN1)
+			else if(outformat == FORMAT_ASN1)
 				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
-			else
+			else {
 				{
 				BIO_printf(bio_err, "Bad format specified for key\n");
 				PKCS8_PRIV_KEY_INFO_free(p8inf);
 				EVP_PKEY_free(pkey);
 				BIO_free_all(out);
 				return (1);
 				}
 			}
-		else
+		} else {
-			{
+			if(passout) p8pass = passout;
-			if (passout)
+			else {
 				p8pass = passout;
 			else
 				{
 				p8pass = pass;
 				if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
-					{
+				{
 					PKCS8_PRIV_KEY_INFO_free(p8inf);
 					EVP_PKEY_free(pkey);
 					BIO_free_all(out);
 					return (1);
 					}
 				}
 			}
 			app_RAND_load_file(NULL, bio_err, 0);
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
 					p8pass, strlen(p8pass),
-					NULL, 0, iter, p8inf)))
+					NULL, 0, iter, p8inf))) {
 				{
 				BIO_printf(bio_err, "Error encrypting key\n");
 				ERR_print_errors(bio_err);
 				PKCS8_PRIV_KEY_INFO_free(p8inf);
 				EVP_PKEY_free(pkey);
 				BIO_free_all(out);
 				return (1);
-				}
+			}
 			app_RAND_write_file(NULL, bio_err);
-			if (outformat == FORMAT_PEM) 
+			if(outformat == FORMAT_PEM) 
 				PEM_write_bio_PKCS8(out, p8);
-			else if (outformat == FORMAT_ASN1)
+			else if(outformat == FORMAT_ASN1)
 				i2d_PKCS8_bio(out, p8);
-			else
+			else {
 				{
 				BIO_printf(bio_err, "Bad format specified for key\n");
 				PKCS8_PRIV_KEY_INFO_free(p8inf);
 				EVP_PKEY_free(pkey);
 				BIO_free_all(out);
 				return (1);
 				}
 			X509_SIG_free(p8);
 			}
-
+			X509_SIG_free(p8);
 		}
 		PKCS8_PRIV_KEY_INFO_free (p8inf);
 		EVP_PKEY_free(pkey);
 		BIO_free_all(out);
-		if (passin)
+		if(passin) OPENSSL_free(passin);
-			OPENSSL_free(passin);
+		if(passout) OPENSSL_free(passout);
 		if (passout)
 			OPENSSL_free(passout);
 		return (0);
-		}
+	}
-	if (nocrypt)
+	if(nocrypt) {
-		{
+		if(informat == FORMAT_PEM) 
 		if (informat == FORMAT_PEM) 
 			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
-		else if (informat == FORMAT_ASN1)
+		else if(informat == FORMAT_ASN1)
 			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
-		else
+		else {
 			{
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			return (1);
 			}
 		}
-	else
+	} else {
-		{
+		if(informat == FORMAT_PEM) 
 		if (informat == FORMAT_PEM) 
 			p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
-		else if (informat == FORMAT_ASN1)
+		else if(informat == FORMAT_ASN1)
 			p8 = d2i_PKCS8_bio(in, NULL);
-		else
+		else {
 			{
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			return (1);
-			}
+		}
-		if (!p8)
+		if (!p8) {
 			{
 			BIO_printf (bio_err, "Error reading key\n");
 			ERR_print_errors(bio_err);
 			return (1);
-			}
+		}
-		if (passin)
+		if(passin) p8pass = passin;
-			p8pass = passin;
+		else {
 		else
 			{
 			p8pass = pass;
 			EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
-			}
+		}
 		p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
 		X509_SIG_free(p8);
-		}
+	}
-	if (!p8inf)
+	if (!p8inf) {
 		{
 		BIO_printf(bio_err, "Error decrypting key\n");
 		ERR_print_errors(bio_err);
 		return (1);
-		}
+	}
-	if (!(pkey = EVP_PKCS82PKEY(p8inf)))
+	if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
 		{
 		BIO_printf(bio_err, "Error converting key\n");
 		ERR_print_errors(bio_err);
 		return (1);
-		}
+	}
-	if (p8inf->broken)
+	if (p8inf->broken) {
 		{
 		BIO_printf(bio_err, "Warning: broken key encoding: ");
-		switch (p8inf->broken)
+		switch (p8inf->broken) {
 			{
 			case PKCS8_NO_OCTET:
 			BIO_printf(bio_err, "No Octet String in PrivateKey\n");
 			break;
@@ -437,24 +366,21 @@ int MAIN(int argc, char **argv)
 	}
 	PKCS8_PRIV_KEY_INFO_free(p8inf);
-	if (outformat == FORMAT_PEM) 
+	if(outformat == FORMAT_PEM) 
 		PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
-	else if (outformat == FORMAT_ASN1)
+	else if(outformat == FORMAT_ASN1)
 		i2d_PrivateKey_bio(out, pkey);
-	else
+	else {
 		{
 		BIO_printf(bio_err, "Bad format specified for key\n");
 			return (1);
-		}
+	}
 	end:
 	EVP_PKEY_free(pkey);
 	BIO_free_all(out);
 	BIO_free(in);
-	if (passin)
+	if(passin) OPENSSL_free(passin);
-		OPENSSL_free(passin);
+	if(passout) OPENSSL_free(passout);
 	if (passout)
 		OPENSSL_free(passout);
 	return (0);
-	}
+}
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -1,130 +0,0 @@
 /* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
 #include <string.h>
 #include "apps.h"
 #include <openssl/bn.h>
 #undef PROG
 #define PROG prime_main
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
    {
    int hex=0;
    int checks=20;
    BIGNUM *bn=NULL;
    BIO *bio_out;
    apps_startup();
    if (bio_err == NULL)
 	if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 	    BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
    --argc;
    ++argv;
    while (argc >= 1 && **argv == '-')
 	{
 	if(!strcmp(*argv,"-hex"))
 	    hex=1;
 	else if(!strcmp(*argv,"-checks"))
 	    if(--argc < 1)
 		goto bad;
 	    else
 		checks=atoi(*++argv);
 	else
 	    {
 	    BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
 	    goto bad;
 	    }
 	--argc;
 	++argv;
 	}
    if (argv[0] == NULL)
 	{
 	BIO_printf(bio_err,"No prime specified\n");
 	goto bad;
 	}
   if ((bio_out=BIO_new(BIO_s_file())) != NULL)
 	{
 	BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 	    {
 	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	    bio_out = BIO_push(tmpbio, bio_out);
 	    }
 #endif
 	}
    if(hex)
 	BN_hex2bn(&bn,argv[0]);
    else
 	BN_dec2bn(&bn,argv[0]);
    BN_print(bio_out,bn);
    BIO_printf(bio_out," is %sprime\n",
 	       BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
    BN_free(bn);
    BIO_free_all(bio_out);
    return 0;
    bad:
    BIO_printf(bio_err,"options are\n");
    BIO_printf(bio_err,"%-14s hex\n","-hex");
    BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");
    return 1;
    }
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -37,9 +37,10 @@ extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
 extern int rand_main(int argc,char *argv[]);
 #ifndef OPENSSL_NO_ENGINE
 extern int engine_main(int argc,char *argv[]);
 #endif
 extern int ocsp_main(int argc,char *argv[]);
 extern int prime_main(int argc,char *argv[]);
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -47,8 +48,8 @@ extern int prime_main(int argc,char *argv[]);
 typedef struct {
 	int type;
-	const char *name;
+	char *name;
-	int (*func)(int argc,char *argv[]);
+	int (*func)();
 	} FUNCTION;
 FUNCTION functions[] = {
@@ -126,7 +127,6 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"engine",engine_main},
 #endif
 	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
 	{FUNC_TYPE_GENERAL,"prime",prime_main},
 #ifndef OPENSSL_NO_MD2
 	{FUNC_TYPE_MD,"md2",dgst_main},
 #endif
@@ -165,24 +165,6 @@ FUNCTION functions[] = {
 #endif
 #ifndef OPENSSL_NO_AES
 	{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	{FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	{FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	{FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	{FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	{FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	{FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},
 #endif
 	{FUNC_TYPE_CIPHER,"base64",enc_main},
 #ifndef OPENSSL_NO_DES
@@ -197,9 +179,6 @@ FUNCTION functions[] = {
 #ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea",enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
 	{FUNC_TYPE_CIPHER,"seed",enc_main},
 #endif
 #ifndef OPENSSL_NO_RC4
 	{FUNC_TYPE_CIPHER,"rc4",enc_main},
 #endif
@@ -266,18 +245,6 @@ FUNCTION functions[] = {
 #ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
 	{FUNC_TYPE_CIPHER,"seed-cbc",enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
 	{FUNC_TYPE_CIPHER,"seed-ecb",enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
 	{FUNC_TYPE_CIPHER,"seed-cfb",enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
 	{FUNC_TYPE_CIPHER,"seed-ofb",enc_main},
 #endif
 #ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
 #endif
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -16,8 +16,8 @@ print <<'EOF';
 typedef struct {
 	int type;
-	const char *name;
+	char *name;
-	int (*func)(int argc,char *argv[]);
+	int (*func)();
 	} FUNCTION;
 FUNCTION functions[] = {
@@ -29,10 +29,6 @@ foreach (@ARGV)
 	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
 		{ print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } 
 	elsif ( ($_ =~ /^speed$/))
 		{ print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^engine$/))
 		{ print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) 
 		{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
@@ -57,18 +53,14 @@ foreach (
 	"aes-128-cbc", "aes-128-ecb",
 	"aes-192-cbc", "aes-192-ecb",
 	"aes-256-cbc", "aes-256-ecb",
 	"camellia-128-cbc", "camellia-128-ecb",
 	"camellia-192-cbc", "camellia-192-ecb",
 	"camellia-256-cbc", "camellia-256-ecb",
 	"base64",
-	"des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
+	"des", "des3", "desx", "idea", "rc4", "rc4-40",
 	"rc2", "bf", "cast", "rc5",
 	"des-ecb", "des-ede",    "des-ede3",
 	"des-cbc", "des-ede-cbc","des-ede3-cbc",
 	"des-cfb", "des-ede-cfb","des-ede3-cfb",
 	"des-ofb", "des-ede-ofb","des-ede3-ofb",
-	"idea-cbc","idea-ecb",    "idea-cfb", "idea-ofb",
+	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
 	"seed-cbc","seed-ecb",    "seed-cfb", "seed-ofb",
 	"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
 	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",
 	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
@@ -79,9 +71,7 @@ foreach (
 	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
 	if    ($_ =~ /des/)  { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
 	elsif ($_ =~ /aes/)  { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
 	elsif ($_ =~ /camellia/)  { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
 	elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
 	elsif ($_ =~ /seed/) { $t="#ifndef OPENSSL_NO_SEED\n${t}#endif\n"; }
 	elsif ($_ =~ /rc4/)  { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
 	elsif ($_ =~ /rc2/)  { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
 	elsif ($_ =~ /bf/)   { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -213,7 +213,7 @@ int MAIN(int argc, char **argv)
 		BIO_write(out, buf, chunk);
 		num -= chunk;
 		}
-	(void)BIO_flush(out);
+	BIO_flush(out);
 	app_RAND_write_file(NULL, bio_err);
 	ret = 0;
--- a/apps/req.c
+++ b/apps/req.c
@@ -79,13 +79,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
-#include <openssl/bn.h>
+#include "../crypto/cryptlib.h"
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 #define SECTION		"req"
@@ -136,16 +130,16 @@ static int prompt_info(X509_REQ *req,
 static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
 				STACK_OF(CONF_VALUE) *attr, int attribs,
 				unsigned long chtype);
-static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+static int add_attribute_object(X509_REQ *req, char *text,
-				char *value, int nid, int n_min,
+				char *def, char *value, int nid, int n_min,
 				int n_max, unsigned long chtype);
-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
+static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int nid,int n_min,int n_max, unsigned long chtype, int mval);
 #ifndef OPENSSL_NO_RSA
 static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb);
 #endif
 static int req_check_len(int len,int n_min,int n_max);
-static int check_end(const char *str, const char *end);
+static int check_end(char *str, char *end);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
 #endif
@@ -193,7 +187,7 @@ int MAIN(int argc, char **argv)
 	char *p;
 	char *subj = NULL;
 	int multirdn = 0;
-	const EVP_MD *md_alg=NULL,*digest=EVP_sha1();
+	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 	unsigned long chtype = MBSTRING_ASC;
 #ifndef MONOLITH
 	char *to_free;
@@ -350,7 +344,6 @@ int MAIN(int argc, char **argv)
 				{
 				X509 *xtmp=NULL;
 				EVP_PKEY *dtmp;
 				EC_GROUP *group;
 				pkey_type=TYPE_EC;
 				p+=3;
@@ -361,10 +354,10 @@ int MAIN(int argc, char **argv)
 					}
 				if ((ec_params = EC_KEY_new()) == NULL)
 					goto end;
-				group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
+				if ((ec_params->group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL)) == NULL)
 				if (group == NULL)
 					{
-					EC_KEY_free(ec_params);
+					if (ec_params)
 						EC_KEY_free(ec_params);
 					ERR_clear_error();
 					(void)BIO_reset(in);
 					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
@@ -376,7 +369,7 @@ int MAIN(int argc, char **argv)
 					if ((dtmp=X509_get_pubkey(xtmp))==NULL)
 						goto end;
 					if (dtmp->type == EVP_PKEY_EC)
-						ec_params = EC_KEY_dup(dtmp->pkey.ec);
+						ec_params = ECParameters_dup(dtmp->pkey.eckey);
 					EVP_PKEY_free(dtmp);
 					X509_free(xtmp);
 					if (ec_params == NULL)
@@ -385,16 +378,12 @@ int MAIN(int argc, char **argv)
 						goto end;
 						}
 					}
 				else
 					{
 					if (EC_KEY_set_group(ec_params, group) == 0)
 						goto end;
 					EC_GROUP_free(group);
 					}
 				BIO_free(in);
 				in=NULL;
-				newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params));
+				
 				newkey = EC_GROUP_get_degree(ec_params->group);
 				}
 			else
 #endif
@@ -578,16 +567,13 @@ bad:
 	else
 		{
 		req_conf=config;
-
+		if( verbose )
 		if (req_conf == NULL)
 			{
 			BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file);
 			if (newreq)
 				goto end;
 			}
 		else if( verbose )
 			BIO_printf(bio_err,"Using configuration from %s\n",
 			default_config_file);
 		if (req_conf == NULL)
 			{
 			BIO_printf(bio_err,"Unable to load config info\n");
 			}
 		}
 	if (req_conf != NULL)
@@ -731,9 +717,7 @@ bad:
 	if (newreq && (pkey == NULL))
 		{
 #ifndef OPENSSL_NO_RSA
 		BN_GENCB cb;
 #endif
 		char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 		if (randfile == NULL)
 			ERR_clear_error();
@@ -764,16 +748,12 @@ bad:
 		if (pkey_type == TYPE_RSA)
 			{
 			RSA *rsa = RSA_new();
-			BIGNUM *bn = BN_new();
+			if(!rsa || !RSA_generate_key_ex(rsa, newkey, 0x10001, &cb) ||
 			if(!bn || !rsa || !BN_set_word(bn, 0x10001) ||
 					!RSA_generate_key_ex(rsa, newkey, bn, &cb) ||
 					!EVP_PKEY_assign_RSA(pkey, rsa))
 				{
 				if(bn) BN_free(bn);
 				if(rsa) RSA_free(rsa);
 				goto end;
 				}
 			BN_free(bn);
 			}
 		else
 #endif
@@ -939,9 +919,7 @@ loop:
 				}
 			else
 				{
-				if (!rand_serial(NULL,
+				if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
 					X509_get_serialNumber(x509ss)))
 						goto end;
 				}
 			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
@@ -1293,8 +1271,7 @@ static int prompt_info(X509_REQ *req,
 	char buf[100];
 	int nid, mval;
 	long n_min,n_max;
-	char *type, *value;
+	char *type,*def,*value;
 	const char *def;
 	CONF_VALUE *v;
 	X509_NAME *subj;
 	subj = X509_REQ_get_subject_name(req);
@@ -1520,7 +1497,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
 	}
-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
+static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	     int nid, int n_min, int n_max, unsigned long chtype, int mval)
 	{
 	int i,ret=0;
@@ -1576,8 +1553,8 @@ err:
 	return(ret);
 	}
-static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+static int add_attribute_object(X509_REQ *req, char *text,
-				char *value, int nid, int n_min,
+				char *def, char *value, int nid, int n_min,
 				int n_max, unsigned long chtype)
 	{
 	int i;
@@ -1674,10 +1651,10 @@ static int req_check_len(int len, int n_min, int n_max)
 	}
 /* Check if the end of a string matches 'end' */
-static int check_end(const char *str, const char *end)
+static int check_end(char *str, char *end)
 {
 	int elen, slen;	
-	const char *tmp;
+	char *tmp;
 	elen = strlen(end);
 	slen = strlen(str);
 	if(elen > slen) return 1;
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -56,7 +56,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <stdlib.h>
@@ -69,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/bn.h>
 #undef PROG
 #define PROG	rsa_main
@@ -81,13 +79,9 @@
 * -des		- encrypt output if PEM format with DES in cbc mode
 * -des3	- encrypt output if PEM format
 * -idea	- encrypt output if PEM format
 * -seed	- encrypt output if PEM format
 * -aes128	- encrypt output if PEM format
 * -aes192	- encrypt output if PEM format
 * -aes256	- encrypt output if PEM format
 * -camellia128 - encrypt output if PEM format
 * -camellia192 - encrypt output if PEM format
 * -camellia256 - encrypt output if PEM format
 * -text	- print a text version
 * -modulus	- print the RSA key modulus
 * -check	- verify key consistency
@@ -212,16 +206,9 @@ bad:
 #ifndef OPENSSL_NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
 		BIO_printf(bio_err," -noout          don't print key out\n");
@@ -320,7 +307,7 @@ bad:
 			BIO_printf(out,"RSA key ok\n");
 		else if (r == 0)
 			{
-			unsigned long err;
+			long err;
 			while ((err = ERR_peek_error()) != 0 &&
 				ERR_GET_LIB(err) == ERR_LIB_RSA &&
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -56,14 +56,12 @@
 *
 */
 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_RSA
 #include "apps.h"
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #define RSA_SIGN 	1
 #define RSA_VERIFY 	2
@@ -149,7 +147,6 @@ int MAIN(int argc, char **argv)
 		else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
 		else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
 		else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
 		else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
 		else if(!strcmp(*argv, "-sign")) {
 			rsa_mode = RSA_SIGN;
 			need_priv = 1;
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -148,20 +148,19 @@ typedef fd_mask fd_set;
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+int do_server(int port, int *ret, int (*cb) (), char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #endif
 #ifdef HEADER_SSL_H
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
 #endif
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, int port);
 int should_retry(int i);
 int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
-long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret);
 #ifdef HEADER_SSL_H
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -229,36 +229,8 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 	return(1);
 	}
-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
-	{
+	     long argl, long ret)
 	if (cert ==  NULL)
 		return 1;
 	if (SSL_CTX_use_certificate(ctx,cert) <= 0)
 		{
 		BIO_printf(bio_err,"error setting certificate\n");
 		ERR_print_errors(bio_err);
 		return 0;
 		}
 	if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
 		{
 		BIO_printf(bio_err,"error setting private key\n");
 		ERR_print_errors(bio_err);
 		return 0;
 		}
 		/* Now we know that a key and cert have been set against
 		 * the SSL context */
 	if (!SSL_CTX_check_private_key(ctx))
 		{
 		BIO_printf(bio_err,"Private key does not match the certificate public key\n");
 		return 0;
 		}
 	return 1;
 	}
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret)
 	{
 	BIO *out;
@@ -283,7 +255,7 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
 	{
-	const char *str;
+	char *str;
 	int w;
 	w=where& ~SSL_ST_MASK;
@@ -346,14 +318,14 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
 		if (len > 0)
 			{
-			switch (((const unsigned char*)buf)[0])
+			switch (((unsigned char*)buf)[0])
 				{
 				case 0:
 					str_details1 = ", ERROR:";
 					str_details2 = " ???";
 					if (len >= 3)
 						{
-						unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
+						unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2];
 						switch (err)
 							{
@@ -422,7 +394,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
 			if (len == 2)
 				{
-				switch (((const unsigned char*)buf)[0])
+				switch (((unsigned char*)buf)[0])
 					{
 				case 1:
 					str_details1 = ", warning";
@@ -433,7 +405,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
 					}
 				str_details2 = " ???";
-				switch (((const unsigned char*)buf)[1])
+				switch (((unsigned char*)buf)[1])
 					{
 				case 0:
 					str_details2 = " close_notify";
@@ -514,7 +486,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
 			if (len > 0)
 				{
-				switch (((const unsigned char*)buf)[0])
+				switch (((unsigned char*)buf)[0])
 					{
 				case 0:
 					str_details1 = ", HelloRequest";
@@ -567,11 +539,11 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
 			{
 			if (i % 16 == 0 && i > 0)
 				BIO_printf(bio, "\n   ");
-			BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
+			BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]);
 			}
 		if (i < len)
 			BIO_printf(bio, " ...");
 		BIO_printf(bio, "\n");
 		}
-	(void)BIO_flush(bio);
+	BIO_flush(bio);
 	}
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -135,7 +135,6 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 #include "s_apps.h"
 #include "timeouts.h"
 #ifdef OPENSSL_SYS_WINCE
 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
@@ -188,22 +187,16 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -port port     - use -connect instead\n");
 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-	BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
+	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
-	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
+	BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
 	BIO_printf(bio_err," -key arg      - Private key file to use, in cert file if\n");
 	BIO_printf(bio_err,"                 not specified but cert file is.\n");
 	BIO_printf(bio_err," -keyform arg  - key format (PEM or DER) PEM default\n");
 	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
 	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
 #ifdef WATT32
 	BIO_printf(bio_err," -wdebug       - WATT-32 tcp debugging\n");
 #endif
 	BIO_printf(bio_err," -msg          - Show protocol messages\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
@@ -216,8 +209,6 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");    
 	BIO_printf(bio_err," -mtu          - set the MTU\n");
 	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");
@@ -226,7 +217,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
 	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
 	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
-	BIO_printf(bio_err,"                 only \"smtp\", \"pop3\", \"imap\", and \"ftp\" are supported.\n");
+	BIO_printf(bio_err,"                 only \"smtp\" and \"pop3\" are supported.\n");
 #ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 #endif
@@ -234,15 +225,6 @@ static void sc_usage(void)
 	}
 enum
 {
 	PROTO_OFF	= 0,
 	PROTO_SMTP,
 	PROTO_POP3,
 	PROTO_IMAP,
 	PROTO_FTP
 };
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
@@ -259,26 +241,17 @@ int MAIN(int argc, char **argv)
 	int full_log=1;
 	char *host=SSL_HOST_NAME;
 	char *cert_file=NULL,*key_file=NULL;
 	int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
 	char *passarg = NULL, *pass = NULL;
 	X509 *cert = NULL;
 	EVP_PKEY *key = NULL;
 	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
 	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
 	int crlf=0;
 	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
-	int starttls_proto = PROTO_OFF;
+	int starttls_proto = 0;
 	int prexit = 0, vflags = 0;
 	SSL_METHOD *meth=NULL;
 #ifdef sock_type
 #undef sock_type
 #endif
 	int sock_type=SOCK_STREAM;
 	BIO *sbio;
 	char *inrand=NULL;
 	int mbuf_len=0;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
@@ -287,11 +260,6 @@ int MAIN(int argc, char **argv)
 	struct timeval tv;
 #endif
 	struct sockaddr peer;
 	int peerlen = sizeof(peer);
 	int enable_timeouts = 0 ;
 	long mtu = 0;
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_client_method();
 #elif !defined(OPENSSL_NO_SSL3)
@@ -361,11 +329,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			cert_file= *(++argv);
 			}
 		else if	(strcmp(*argv,"-certform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			cert_format = str2fmt(*(++argv));
 			}
 		else if	(strcmp(*argv,"-crl_check") == 0)
 			vflags |= X509_V_FLAG_CRL_CHECK;
 		else if	(strcmp(*argv,"-crl_check_all") == 0)
@@ -385,10 +348,6 @@ int MAIN(int argc, char **argv)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
 #ifdef WATT32
 		else if (strcmp(*argv,"-wdebug") == 0)
 			dbug_init();
 #endif
 		else if	(strcmp(*argv,"-msg") == 0)
 			c_msg=1;
 		else if	(strcmp(*argv,"-showcerts") == 0)
@@ -408,33 +367,9 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
 #ifndef OPENSSL_NO_DTLS1
 		else if	(strcmp(*argv,"-dtls1") == 0)
 			{
 			meth=DTLSv1_client_method();
 			sock_type=SOCK_DGRAM;
 			}
 		else if (strcmp(*argv,"-timeout") == 0)
 			enable_timeouts=1;
 		else if (strcmp(*argv,"-mtu") == 0)
 			{
 			if (--argc < 1) goto bad;
 			mtu = atol(*(++argv));
 			}
 #endif
 		else if (strcmp(*argv,"-bugs") == 0)
 			bugs=1;
 		else if	(strcmp(*argv,"-keyform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			key_format = str2fmt(*(++argv));
 			}
 		else if	(strcmp(*argv,"-pass") == 0)
 			{
 			if (--argc < 1) goto bad;
 			passarg = *(++argv);
 			}
 		else if	(strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -476,13 +411,9 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			++argv;
 			if (strcmp(*argv,"smtp") == 0)
-				starttls_proto = PROTO_SMTP;
+				starttls_proto = 1;
 			else if (strcmp(*argv,"pop3") == 0)
-				starttls_proto = PROTO_POP3;
+				starttls_proto = 2;
 			else if (strcmp(*argv,"imap") == 0)
 				starttls_proto = PROTO_IMAP;
 			else if (strcmp(*argv,"ftp") == 0)
 				starttls_proto = PROTO_FTP;
 			else
 				goto bad;
 			}
@@ -520,42 +451,6 @@ bad:
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine_id, 1);
 #endif
 	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
 		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 		}
 	if (key_file == NULL)
 		key_file = cert_file;
 	if (key_file)
 		{
 		key = load_key(bio_err, key_file, key_format, 0, pass, e,
 			       "client certificate private key file");
 		if (!key)
 			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	if (cert_file)
 		{
 		cert = load_cert(bio_err,cert_file,cert_format,
 				NULL, e, "client certificate file");
 		if (!cert)
 			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
 		&& !RAND_status())
@@ -590,10 +485,6 @@ bad:
 		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
 	else
 		SSL_CTX_set_options(ctx,off);
 	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
 	 * Setting read ahead solves this problem.
 	 */
 	if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 	if (cipher != NULL)
@@ -608,7 +499,7 @@ bad:
 #endif
 	SSL_CTX_set_verify(ctx,verify,verify_callback);
-	if (!set_cert_key_stuff(ctx,cert,key))
+	if (!set_cert_stuff(ctx,cert_file,key_file))
 		goto end;
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
@@ -633,7 +524,7 @@ bad:
 re_start:
-	if (init_client(&s,host,port,sock_type) == 0)
+	if (init_client(&s,host,port) == 0)
 		{
 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
 		SHUTDOWN(s);
@@ -654,46 +545,7 @@ re_start:
 		}
 #endif                                              
 	if (c_Pause & 0x01) con->debug=1;
-
+	sbio=BIO_new_socket(s,BIO_NOCLOSE);
 	if ( SSL_version(con) == DTLS1_VERSION)
 		{
 		struct timeval timeout;
 		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
 		if (getsockname(s, &peer, (void *)&peerlen) < 0)
 			{
 			BIO_printf(bio_err, "getsockname:errno=%d\n",
 				get_last_socket_error());
 			SHUTDOWN(s);
 			goto end;
 			}
 		(void)BIO_ctrl_set_connected(sbio, 1, &peer);
 		if ( enable_timeouts)
 			{
 			timeout.tv_sec = 0;
 			timeout.tv_usec = DGRAM_RCV_TIMEOUT;
 			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
 			timeout.tv_sec = 0;
 			timeout.tv_usec = DGRAM_SND_TIMEOUT;
 			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
 			}
 		if ( mtu > 0)
 			{
 			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
 			SSL_set_mtu(con, mtu);
 			}
 		else
 			/* want to do MTU discovery */
 			BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
 		}
 	else
 		sbio=BIO_new_socket(s,BIO_NOCLOSE);
 	if (nbio_test)
 		{
@@ -706,8 +558,8 @@ re_start:
 	if (c_debug)
 		{
 		con->debug=1;
-		BIO_set_callback(sbio,bio_dump_callback);
+		BIO_set_callback(sbio,bio_dump_cb);
-		BIO_set_callback_arg(sbio,(char *)bio_c_out);
+		BIO_set_callback_arg(sbio,bio_c_out);
 		}
 	if (c_msg)
 		{
@@ -733,93 +585,18 @@ re_start:
 	sbuf_off=0;
 	/* This is an ugly hack that does a lot of assumptions */
-	/* We do have to handle multi-line responses which may come
+	if (starttls_proto == 1)
 	   in a single packet or not. We therefore have to use
 	   BIO_gets() which does need a buffering BIO. So during
 	   the initial chitchat we do push a buffering BIO into the
 	   chain that is removed again later on to not disturb the
 	   rest of the s_client operation. */
 	if (starttls_proto == PROTO_SMTP)
 		{
-		int foundit=0;
+		BIO_read(sbio,mbuf,BUFSIZZ);
 		BIO *fbio = BIO_new(BIO_f_buffer());
 		BIO_push(fbio, sbio);
 		/* wait for multi-line response to end from SMTP */
 		do
 			{
 			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
 			}
 		while (mbuf_len>3 && mbuf[3]=='-');
 		/* STARTTLS command requires EHLO... */
 		BIO_printf(fbio,"EHLO openssl.client.net\r\n");
 		(void)BIO_flush(fbio);
 		/* wait for multi-line response to end EHLO SMTP response */
 		do
 			{
 			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
 			if (strstr(mbuf,"STARTTLS"))
 				foundit=1;
 			}
 		while (mbuf_len>3 && mbuf[3]=='-');
 		(void)BIO_flush(fbio);
 		BIO_pop(fbio);
 		BIO_free(fbio);
 		if (!foundit)
 			BIO_printf(bio_err,
 				   "didn't found starttls in server response,"
 				   " try anyway...\n");
 		BIO_printf(sbio,"STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
-	else if (starttls_proto == PROTO_POP3)
+	if (starttls_proto == 2)
 		{
 		BIO_read(sbio,mbuf,BUFSIZZ);
 		BIO_printf(sbio,"STLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
 	else if (starttls_proto == PROTO_IMAP)
 		{
 		int foundit=0;
 		BIO *fbio = BIO_new(BIO_f_buffer());
 		BIO_push(fbio, sbio);
 		BIO_gets(fbio,mbuf,BUFSIZZ);
 		/* STARTTLS command requires CAPABILITY... */
 		BIO_printf(fbio,". CAPABILITY\r\n");
 		(void)BIO_flush(fbio);
 		/* wait for multi-line CAPABILITY response */
 		do
 			{
 			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
 			if (strstr(mbuf,"STARTTLS"))
 				foundit=1;
 			}
 		while (mbuf_len>3 && mbuf[0]!='.');
 		(void)BIO_flush(fbio);
 		BIO_pop(fbio);
 		BIO_free(fbio);
 		if (!foundit)
 			BIO_printf(bio_err,
 				   "didn't found STARTTLS in server response,"
 				   " try anyway...\n");
 		BIO_printf(sbio,". STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
 	else if (starttls_proto == PROTO_FTP)
 		{
 		BIO *fbio = BIO_new(BIO_f_buffer());
 		BIO_push(fbio, sbio);
 		/* wait for multi-line response to end from FTP */
 		do
 			{
 			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
 			}
 		while (mbuf_len>3 && mbuf[3]=='-');
 		(void)BIO_flush(fbio);
 		BIO_pop(fbio);
 		BIO_free(fbio);
 		BIO_printf(sbio,"AUTH TLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
 	for (;;)
 		{
@@ -844,7 +621,7 @@ re_start:
 					{
 					BIO_printf(bio_err,"%s",mbuf);
 					/* We don't need to know any more */
-					starttls_proto = PROTO_OFF;
+					starttls_proto = 0;
 					}
 				if (reconnect)
@@ -913,16 +690,6 @@ re_start:
 				} else 	i=select(width,(void *)&readfds,(void *)&writefds,
 					 NULL,NULL);
 			}
 #elif defined(OPENSSL_SYS_NETWARE)
 			if(!write_tty) {
 				if(read_tty) {
 					tv.tv_sec = 1;
 					tv.tv_usec = 0;
 					i=select(width,(void *)&readfds,(void *)&writefds,
 						NULL,&tv);
 				} else 	i=select(width,(void *)&readfds,(void *)&writefds,
 					NULL,NULL);
 			}
 #else
 			i=select(width,(void *)&readfds,(void *)&writefds,
 				 NULL,NULL);
@@ -1155,12 +922,6 @@ end:
 	if (con != NULL) SSL_free(con);
 	if (con2 != NULL) SSL_free(con2);
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (cert)
 		X509_free(cert);
 	if (key)
 		EVP_PKEY_free(key);
 	if (pass)
 		OPENSSL_free(pass);
 	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
 	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
 	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
@@ -1178,16 +939,14 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 	{
 	X509 *peer=NULL;
 	char *p;
-	static const char *space="                ";
+	static char *space="                ";
 	char buf[BUFSIZ];
 	STACK_OF(X509) *sk;
 	STACK_OF(X509_NAME) *sk2;
 	SSL_CIPHER *c;
 	X509_NAME *xn;
 	int j,i;
 #ifndef OPENSSL_NO_COMP
 	const COMP_METHOD *comp, *expansion;
 #endif
 	if (full)
 		{
@@ -1290,19 +1049,17 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 							 EVP_PKEY_bits(pktmp));
 		EVP_PKEY_free(pktmp);
 	}
 #ifndef OPENSSL_NO_COMP
 	comp=SSL_get_current_compression(s);
 	expansion=SSL_get_current_expansion(s);
 	BIO_printf(bio,"Compression: %s\n",
 		comp ? SSL_COMP_get_name(comp) : "NONE");
 	BIO_printf(bio,"Expansion: %s\n",
 		expansion ? SSL_COMP_get_name(expansion) : "NONE");
 #endif
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)
 		X509_free(peer);
 	/* flush, or debugging output gets mixed with http response */
-	(void)BIO_flush(bio);
+	BIO_flush(bio);
 	}
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -153,14 +153,7 @@ typedef unsigned int u_int;
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #include "s_apps.h"
 #include "timeouts.h"
 #ifdef OPENSSL_SYS_WINCE
 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
@@ -187,7 +180,7 @@ static void print_stats(BIO *bp,SSL_CTX *ctx);
 static int generate_session_id(const SSL *ssl, unsigned char *id,
 				unsigned int *id_len);
 #ifndef OPENSSL_NO_DH
-static DH *load_dh_param(const char *dhfile);
+static DH *load_dh_param(char *dhfile);
 static DH *get_dh512(void);
 #endif
@@ -246,7 +239,7 @@ extern int verify_depth;
 static char *cipher=NULL;
 static int s_server_verify=SSL_VERIFY_NONE;
 static int s_server_session_id_context = 1; /* anything will do */
-static const char *s_cert_file=TEST_CERT,*s_key_file=NULL;
+static char *s_cert_file=TEST_CERT,*s_key_file=NULL;
 static char *s_dcert_file=NULL,*s_dkey_file=NULL;
 #ifdef FIONBIO
 static int s_nbio=0;
@@ -267,14 +260,6 @@ static char *engine_id=NULL;
 #endif
 static const char *session_id_prefix=NULL;
 static int enable_timeouts = 0;
 #ifdef mtu
 #undef mtu
 #endif
 static long mtu;
 static int cert_chain = 0;
 #ifdef MONOLITH
 static void s_server_init(void)
 	{
@@ -311,18 +296,12 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -context arg  - set session ID context\n");
 	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
-	BIO_printf(bio_err," -cert arg     - certificate file to use\n");
+	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
 	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);
-	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
+	BIO_printf(bio_err," -key arg      - Private Key file to use, PEM format assumed, in cert file if\n");
 	BIO_printf(bio_err," -key arg      - Private Key file to use, in cert file if\n");
 	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT);
 	BIO_printf(bio_err," -keyform arg  - key format (PEM, DER or ENGINE) PEM default\n");
 	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
 	BIO_printf(bio_err," -dcert arg    - second certificate file to use (usually for DSA)\n");
 	BIO_printf(bio_err," -dcertform x  - second certificate format (PEM or DER) PEM default\n");
 	BIO_printf(bio_err," -dkey arg     - second private key file to use (usually for DSA)\n");
 	BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
 	BIO_printf(bio_err," -dpass arg    - second private key file pass phrase source\n");
 	BIO_printf(bio_err," -dhparam arg  - DH parameter file to use, in cert file if not specified\n");
 	BIO_printf(bio_err,"                 or a default set of parameters is used\n");
 #ifndef OPENSSL_NO_ECDH
@@ -348,10 +327,6 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
 	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
 	BIO_printf(bio_err," -dtls1        - Just talk DTLSv1\n");
 	BIO_printf(bio_err," -timeout      - Enable timeouts\n");
 	BIO_printf(bio_err," -mtu          - Set MTU\n");
 	BIO_printf(bio_err," -chain        - Read a certificate chain\n");
 	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
 	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
 	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
@@ -534,31 +509,19 @@ int MAIN(int argc, char *argv[])
 	int vflags = 0;
 	short port=PORT;
 	char *CApath=NULL,*CAfile=NULL;
-	unsigned char *context = NULL;
+	char *context = NULL;
 	char *dhfile = NULL;
 #ifndef OPENSSL_NO_ECDH
 	char *named_curve = NULL;
 #endif
 	int badop=0,bugs=0;
 	int ret=1;
 	int off=0;
 	int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
 #ifdef sock_type
 #undef sock_type
 #endif
    int sock_type=SOCK_STREAM;
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e=NULL;
 #endif
 	char *inrand=NULL;
 	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
 	char *passarg = NULL, *pass = NULL;
 	char *dpassarg = NULL, *dpass = NULL;
 	int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
 	X509 *s_cert = NULL, *s_dcert = NULL;
 	EVP_PKEY *s_key = NULL, *s_dkey = NULL;
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_server_method();
@@ -618,33 +581,18 @@ int MAIN(int argc, char *argv[])
 		else if	(strcmp(*argv,"-context") == 0)
 			{
 			if (--argc < 1) goto bad;
-			context= (unsigned char *)*(++argv);
+			context= *(++argv);
 			}
 		else if	(strcmp(*argv,"-cert") == 0)
 			{
 			if (--argc < 1) goto bad;
 			s_cert_file= *(++argv);
 			}
 		else if	(strcmp(*argv,"-certform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			s_cert_format = str2fmt(*(++argv));
 			}
 		else if	(strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
 			s_key_file= *(++argv);
 			}
 		else if	(strcmp(*argv,"-keyform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			s_key_format = str2fmt(*(++argv));
 			}
 		else if	(strcmp(*argv,"-pass") == 0)
 			{
 			if (--argc < 1) goto bad;
 			passarg = *(++argv);
 			}
 		else if	(strcmp(*argv,"-dhparam") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -657,26 +605,11 @@ int MAIN(int argc, char *argv[])
 			named_curve = *(++argv);
 			}
 #endif
 		else if	(strcmp(*argv,"-dcertform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			s_dcert_format = str2fmt(*(++argv));
 			}
 		else if	(strcmp(*argv,"-dcert") == 0)
 			{
 			if (--argc < 1) goto bad;
 			s_dcert_file= *(++argv);
 			}
 		else if	(strcmp(*argv,"-dkeyform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			s_dkey_format = str2fmt(*(++argv));
 			}
 		else if	(strcmp(*argv,"-dpass") == 0)
 			{
 			if (--argc < 1) goto bad;
 			dpassarg = *(++argv);
 			}
 		else if	(strcmp(*argv,"-dkey") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -765,22 +698,6 @@ int MAIN(int argc, char *argv[])
 #ifndef OPENSSL_NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			{ meth=TLSv1_server_method(); }
 #endif
 #ifndef OPENSSL_NO_DTLS1
 		else if	(strcmp(*argv,"-dtls1") == 0)
 			{ 
 			meth=DTLSv1_server_method();
 			sock_type = SOCK_DGRAM;
 			}
 		else if (strcmp(*argv,"-timeout") == 0)
 			enable_timeouts = 1;
 		else if (strcmp(*argv,"-mtu") == 0)
 			{
 			if (--argc < 1) goto bad;
 			mtu = atol(*(++argv));
 			}
 		else if (strcmp(*argv, "-chain") == 0)
 			cert_chain = 1;
 #endif
 		else if (strcmp(*argv, "-id_prefix") == 0)
 			{
@@ -822,62 +739,6 @@ bad:
        e = setup_engine(bio_err, engine_id, 1);
 #endif
 	if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))
 		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 		}
 	if (s_key_file == NULL)
 		s_key_file = s_cert_file;
 	if (nocert == 0)
 		{
 		s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
 		       "server certificate private key file");
 		if (!s_key)
 			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
 			NULL, e, "server certificate file");
 		if (!s_cert)
 			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	if (s_dcert_file)
 		{
 		if (s_dkey_file == NULL)
 			s_dkey_file = s_dcert_file;
 		s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
 				0, dpass, e,
 			       "second certificate private key file");
 		if (!s_dkey)
 			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format,
 				NULL, e, "second server certificate file");
 		if (!s_dcert)
 			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
 		&& !RAND_status())
 		{
@@ -936,10 +797,6 @@ bad:
 	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
 	SSL_CTX_set_options(ctx,off);
 	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
 	 * Setting read ahead solves this problem.
 	 */
 	if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
@@ -998,6 +855,13 @@ bad:
 		{
 		EC_KEY *ecdh=NULL;
 		ecdh = EC_KEY_new();
 		if (ecdh == NULL)
 			{
 			BIO_printf(bio_err,"Could not create ECDH struct.\n");
 			goto end;
 			}
 		if (named_curve)
 			{
 			int nid = OBJ_sn2nid(named_curve);
@@ -1008,8 +872,9 @@ bad:
 					named_curve);
 				goto end;
 				}
-			ecdh = EC_KEY_new_by_curve_name(nid);
+
-			if (ecdh == NULL)
+			ecdh->group = EC_GROUP_new_by_nid(nid);
 			if (ecdh->group == NULL)
 				{
 				BIO_printf(bio_err, "unable to create curve (%s)\n", 
 					named_curve);
@@ -1017,15 +882,15 @@ bad:
 				}
 			}
-		if (ecdh != NULL)
+		if (ecdh->group != NULL)
 			{
 			BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
 			}
 		else
 			{
 			BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
-			ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);
+			ecdh->group=EC_GROUP_new_by_nid(NID_sect163r2);
-			if (ecdh == NULL) 
+			if (ecdh->group == NULL) 
 				{
 				BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
 				goto end;
@@ -1038,11 +903,11 @@ bad:
 		}
 #endif
-	if (!set_cert_key_stuff(ctx,s_cert,s_key))
+	if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
 		goto end;
-	if (s_dcert != NULL)
+	if (s_dcert_file != NULL)
 		{
-		if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
+		if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file))
 			goto end;
 		}
@@ -1086,28 +951,16 @@ bad:
 	BIO_printf(bio_s_out,"ACCEPT\n");
 	if (www)
-		do_server(port,sock_type,&accept_socket,www_body, context);
+		do_server(port,&accept_socket,www_body, context);
 	else
-		do_server(port,sock_type,&accept_socket,sv_body, context);
+		do_server(port,&accept_socket,sv_body, context);
 	print_stats(bio_s_out,ctx);
 	ret=0;
 end:
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (s_cert)
 		X509_free(s_cert);
 	if (s_dcert)
 		X509_free(s_dcert);
 	if (s_key)
 		EVP_PKEY_free(s_key);
 	if (s_dkey)
 		EVP_PKEY_free(s_dkey);
 	if (pass)
 		OPENSSL_free(pass);
 	if (dpass)
 		OPENSSL_free(dpass);
 	if (bio_s_out != NULL)
 		{
-        BIO_free(bio_s_out);
+		BIO_free(bio_s_out);
 		bio_s_out=NULL;
 		}
 	apps_shutdown();
@@ -1186,39 +1039,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 	}
 	SSL_clear(con);
-	if (SSL_version(con) == DTLS1_VERSION)
+	sbio=BIO_new_socket(s,BIO_NOCLOSE);
 		{
 		struct timeval timeout;
 		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
 		if ( enable_timeouts)
 			{
 			timeout.tv_sec = 0;
 			timeout.tv_usec = DGRAM_RCV_TIMEOUT;
 			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
 			timeout.tv_sec = 0;
 			timeout.tv_usec = DGRAM_SND_TIMEOUT;
 			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
 			}
 		if ( mtu > 0)
 			{
 			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
 			SSL_set_mtu(con, mtu);
 			}
 		else
 			/* want to do MTU discovery */
 			BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
        /* turn on cookie exchange */
        SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
 		}
 	else
 		sbio=BIO_new_socket(s,BIO_NOCLOSE);
 	if (s_nbio_test)
 		{
 		BIO *test;
@@ -1233,8 +1054,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 	if (s_debug)
 		{
 		con->debug=1;
-		BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
+		BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
-		BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
+		BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
 		}
 	if (s_msg)
 		{
@@ -1324,8 +1145,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 				if ((i <= 0) || (buf[0] == 'q'))
 					{
 					BIO_printf(bio_s_out,"DONE\n");
-					if (SSL_version(con) != DTLS1_VERSION)
+					SHUTDOWN(s);
                        SHUTDOWN(s);
 	/*				close_accept_socket();
 					ret= -11;*/
 					goto err;
@@ -1354,7 +1174,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 					}
 				if (buf[0] == 'P')
 					{
-					static const char *str="Lets print some clear text\n";
+					static char *str="Lets print some clear text\n";
 					BIO_write(SSL_get_wbio(con),str,strlen(str));
 					}
 				if (buf[0] == 'S')
@@ -1538,7 +1358,7 @@ static int init_ssl_connection(SSL *con)
 	}
 #ifndef OPENSSL_NO_DH
-static DH *load_dh_param(const char *dhfile)
+static DH *load_dh_param(char *dhfile)
 	{
 	DH *ret=NULL;
 	BIO *bio;
@@ -1637,8 +1457,8 @@ static int www_body(char *hostname, int s, unsigned char *context)
 	if (s_debug)
 		{
 		con->debug=1;
-		BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
+		BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
-		BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
+		BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
 		}
 	if (s_msg)
 		{
@@ -1706,7 +1526,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			char *p;
 			X509 *peer;
 			STACK_OF(SSL_CIPHER) *sk;
-			static const char *space="                          ";
+			static char *space="                          ";
 			BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
 			BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
@@ -1786,7 +1606,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			{
 			BIO *file;
 			char *p,*e;
-			static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+			static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
 			/* skip the '/' */
 			p= &(buf[5]);
@@ -1962,20 +1782,17 @@ err:
 #ifndef OPENSSL_NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	{
 	BIGNUM *bn = NULL;
 	static RSA *rsa_tmp=NULL;
-	if (!rsa_tmp && ((bn = BN_new()) == NULL))
+	if (rsa_tmp == NULL)
 		BIO_printf(bio_err,"Allocation error in generating RSA key\n");
 	if (!rsa_tmp && bn)
 		{
 		if (!s_quiet)
 			{
 			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
 			(void)BIO_flush(bio_err);
 			}
-		if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
+		if(((rsa_tmp = RSA_new()) == NULL) || !RSA_generate_key_ex(
-				!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
+					rsa_tmp, keylength,RSA_F4,NULL))
 			{
 			if(rsa_tmp) RSA_free(rsa_tmp);
 			rsa_tmp = NULL;
@@ -1985,7 +1802,6 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 			BIO_printf(bio_err,"\n");
 			(void)BIO_flush(bio_err);
 			}
 		BN_free(bn);
 		}
 	return(rsa_tmp);
 	}
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -87,18 +87,14 @@ typedef unsigned int u_int;
 #ifndef OPENSSL_NO_SOCK
 #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
 #include "netdb.h"
 #endif
 static struct hostent *GetHostByName(char *name);
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
 static void ssl_sock_cleanup(void);
 #endif
 static int ssl_sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
+static int init_client_ip(int *sock,unsigned char ip[4], int port);
-static int init_server(int *sock, int port, int type);
+static int init_server(int *sock, int port);
-static int init_server_long(int *sock, int port,char *ip, int type);
+static int init_server_long(int *sock, int port,char *ip);
 static int do_accept(int acc_sock, int *sock, char **host);
 static int host_ip(char *str, unsigned char ip[4]);
@@ -108,7 +104,7 @@ static int host_ip(char *str, unsigned char ip[4]);
 #define SOCKET_PROTOCOL	IPPROTO_TCP
 #endif
-#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+#ifdef OPENSSL_SYS_NETWARE
 static int wsa_init_done=0;
 #endif
@@ -160,7 +156,7 @@ static void ssl_sock_cleanup(void)
 		WSACleanup();
 		}
 	}
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+#elif defined(OPENSSL_SYS_NETWARE)
 static void sock_cleanup(void)
    {
    if (wsa_init_done)
@@ -176,6 +172,7 @@ static int ssl_sock_init(void)
 #ifdef WATT32
 	extern int _watt_do_exit;
 	_watt_do_exit = 0;
 	dbug_init();
 	if (sock_init())
 		return (0);
 #elif defined(OPENSSL_SYS_WINDOWS)
@@ -203,7 +200,7 @@ static int ssl_sock_init(void)
 		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
 #endif /* OPENSSL_SYS_WIN16 */
 		}
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+#elif defined(OPENSSL_SYS_NETWARE)
   WORD wVerReq;
   WSADATA wsaData;
   int err;
@@ -228,7 +225,7 @@ static int ssl_sock_init(void)
 	return(1);
 	}
-int init_client(int *sock, char *host, int port, int type)
+int init_client(int *sock, char *host, int port)
 	{
 	unsigned char ip[4];
 	short p=0;
@@ -238,10 +235,10 @@ int init_client(int *sock, char *host, int port, int type)
 		return(0);
 		}
 	if (p != 0) port=p;
-	return(init_client_ip(sock,ip,port,type));
+	return(init_client_ip(sock,ip,port));
 	}
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
@@ -259,20 +256,13 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 		((unsigned long)ip[3]);
 	them.sin_addr.s_addr=htonl(addr);
-	if (type == SOCK_STREAM)
+	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	else /* ( type == SOCK_DGRAM) */
 		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 #ifndef OPENSSL_SYS_MPE
-	if (type == SOCK_STREAM)
+	i=0;
-		{
+	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-		i=0;
+	if (i < 0) { perror("keepalive"); return(0); }
 		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 		if (i < 0) { perror("keepalive"); return(0); }
 		}
 #endif
 	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
@@ -281,36 +271,30 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 	return(1);
 	}
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+int do_server(int port, int *ret, int (*cb)(), char *context)
 	{
 	int sock;
-	char *name = NULL;
+	char *name;
 	int accept_socket;
 	int i;
-	if (!init_server(&accept_socket,port,type)) return(0);
+	if (!init_server(&accept_socket,port)) return(0);
 	if (ret != NULL)
 		{
 		*ret=accept_socket;
 		/* return(1);*/
 		}
-  	for (;;)
+	for (;;)
-  		{
+		{
-		if (type==SOCK_STREAM)
+		if (do_accept(accept_socket,&sock,&name) == 0)
 			{
-			if (do_accept(accept_socket,&sock,&name) == 0)
+			SHUTDOWN(accept_socket);
-				{
+			return(0);
 				SHUTDOWN(accept_socket);
 				return(0);
 				}
 			}
 		else
 			sock = accept_socket;
 		i=(*cb)(name,sock, context);
 		if (name != NULL) OPENSSL_free(name);
-		if (type==SOCK_STREAM)
+		SHUTDOWN2(sock);
 			SHUTDOWN2(sock);
 		if (i < 0)
 			{
 			SHUTDOWN2(accept_socket);
@@ -319,7 +303,7 @@ int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, uns
 		}
 	}
-static int init_server_long(int *sock, int port, char *ip, int type)
+static int init_server_long(int *sock, int port, char *ip)
 	{
 	int ret=0;
 	struct sockaddr_in server;
@@ -339,11 +323,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
 #else
 		memcpy(&server.sin_addr,ip,4);
 #endif
-	
+	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 		if (type == SOCK_STREAM)
 			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 		else /* type == SOCK_DGRAM */
 			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
 	if (s == INVALID_SOCKET) goto err;
 #if defined SOL_SOCKET && defined SO_REUSEADDR
@@ -361,7 +341,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
 		goto err;
 		}
 	/* Make it 128 for linux */
-	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
+	if (listen(s,128) == -1) goto err;
 	i=0;
 	*sock=s;
 	ret=1;
@@ -373,9 +353,9 @@ err:
 	return(ret);
 	}
-static int init_server(int *sock, int port, int type)
+static int init_server(int *sock, int port)
 	{
-	return(init_server_long(sock, port, NULL, type));
+	return(init_server_long(sock, port, NULL));
 	}
 static int do_accept(int acc_sock, int *sock, char **host)
@@ -402,7 +382,7 @@ redoit:
 	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -69,7 +69,7 @@
 #undef PROG
 #define PROG	sess_id_main
-static const char *sess_id_usage[]={
+static char *sess_id_usage[]={
 "usage: sess_id args\n",
 "\n",
 " -inform arg     - input format - default PEM (DER or PEM)\n",
@@ -95,7 +95,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL,*context=NULL;
 	int cert=0,noout=0,text=0;
-	const char **pp;
+	char **pp;
 	apps_startup();
@@ -241,7 +241,7 @@ bad:
 	if (!noout && !cert)
 		{
 		if 	(outformat == FORMAT_ASN1)
-			i=i2d_SSL_SESSION_bio(out,x);
+			i=(int)i2d_SSL_SESSION_bio(out,x);
 		else if (outformat == FORMAT_PEM)
 			i=PEM_write_bio_SSL_SESSION(out,x);
 		else	{
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -3,7 +3,7 @@
 * project.
 */
 /* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -64,13 +64,10 @@
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/x509v3.h>
 #undef PROG
 #define PROG smime_main
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int smime_cb(int ok, X509_STORE_CTX *ctx);
 #define SMIME_OP	0x10
 #define SMIME_ENCRYPT	(1 | SMIME_OP)
@@ -82,12 +79,12 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx);
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
-	{
+{
 	ENGINE *e = NULL;
 	int operation = 0;
 	int ret = 0;
 	char **args;
-	const char *inmode = "r", *outmode = "w";
+	char *inmode = "r", *outmode = "w";
 	char *infile = NULL, *outfile = NULL;
 	char *signerfile = NULL, *recipfile = NULL;
 	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
@@ -99,7 +96,7 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *encerts = NULL, *other = NULL;
 	BIO *in = NULL, *out = NULL, *indata = NULL;
 	int badarg = 0;
-	int flags = PKCS7_DETACHED;
+	int flags = PKCS7_DETACHED, store_flags = 0;
 	char *to = NULL, *from = NULL, *subject = NULL;
 	char *CAfile = NULL, *CApath = NULL;
 	char *passargin = NULL, *passin = NULL;
@@ -111,44 +108,30 @@ int MAIN(int argc, char **argv)
 	char *engine=NULL;
 #endif
 	X509_VERIFY_PARAM *vpm = NULL;
 	args = argv + 1;
 	ret = 1;
 	apps_startup();
 	if (bio_err == NULL)
 		{
 		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
 		}
 	if (!load_config(bio_err, NULL))
 		goto end;
-	while (!badarg && *args && *args[0] == '-')
+	while (!badarg && *args && *args[0] == '-') {
-		{
+		if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
-		if (!strcmp (*args, "-encrypt"))
+		else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
-			operation = SMIME_ENCRYPT;
+		else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
-		else if (!strcmp (*args, "-decrypt"))
+		else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
-			operation = SMIME_DECRYPT;
+		else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
 		else if (!strcmp (*args, "-sign"))
 			operation = SMIME_SIGN;
 		else if (!strcmp (*args, "-verify"))
 			operation = SMIME_VERIFY;
 		else if (!strcmp (*args, "-pk7out"))
 			operation = SMIME_PK7OUT;
 #ifndef OPENSSL_NO_DES
 		else if (!strcmp (*args, "-des3")) 
 				cipher = EVP_des_ede3_cbc();
 		else if (!strcmp (*args, "-des")) 
 				cipher = EVP_des_cbc();
 #endif
 #ifndef OPENSSL_NO_SEED
 		else if (!strcmp (*args, "-seed")) 
 				cipher = EVP_seed_cbc();
 #endif
 #ifndef OPENSSL_NO_RC2
 		else if (!strcmp (*args, "-rc2-40")) 
 				cipher = EVP_rc2_40_cbc();
@@ -164,14 +147,6 @@ int MAIN(int argc, char **argv)
 				cipher = EVP_aes_192_cbc();
 		else if (!strcmp(*args,"-aes256"))
 				cipher = EVP_aes_256_cbc();
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		else if (!strcmp(*args,"-camellia128"))
 				cipher = EVP_camellia_128_cbc();
 		else if (!strcmp(*args,"-camellia192"))
 				cipher = EVP_camellia_192_cbc();
 		else if (!strcmp(*args,"-camellia256"))
 				cipher = EVP_camellia_256_cbc();
 #endif
 		else if (!strcmp (*args, "-text")) 
 				flags |= PKCS7_TEXT;
@@ -197,225 +172,127 @@ int MAIN(int argc, char **argv)
 				flags |= PKCS7_NOOLDMIMETYPE;
 		else if (!strcmp (*args, "-crlfeol"))
 				flags |= PKCS7_CRLFEOL;
-		else if (!strcmp(*args,"-rand"))
+		else if (!strcmp (*args, "-crl_check"))
-			{
+				store_flags |= X509_V_FLAG_CRL_CHECK;
-			if (args[1])
+		else if (!strcmp (*args, "-crl_check_all"))
-				{
+				store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
 		else if (!strcmp(*args,"-rand")) {
 			if (args[1]) {
 				args++;
 				inrand = *args;
-				}
+			} else badarg = 1;
 			else
 				badarg = 1;
 			need_rand = 1;
 			}
 #ifndef OPENSSL_NO_ENGINE
-		else if (!strcmp(*args,"-engine"))
+		} else if (!strcmp(*args,"-engine")) {
-			{
+			if (args[1]) {
 			if (args[1])
 				{
 				args++;
 				engine = *args;
-				}
+			} else badarg = 1;
 			else badarg = 1;
 			}
 #endif
-		else if (!strcmp(*args,"-passin"))
+		} else if (!strcmp(*args,"-passin")) {
-			{
+			if (args[1]) {
 			if (args[1])
 				{
 				args++;
 				passargin = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-to")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-to"))
 			{
 			if (args[1])
 				{
 				args++;
 				to = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-from")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-from"))
 			{
 			if (args[1])
 				{
 				args++;
 				from = *args;
-				}
+			} else badarg = 1;
-			else badarg = 1;
+		} else if (!strcmp (*args, "-subject")) {
-			}
+			if (args[1]) {
 		else if (!strcmp (*args, "-subject"))
 			{
 			if (args[1])
 				{
 				args++;
 				subject = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-signer")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-signer"))
 			{
 			if (args[1])
 				{
 				args++;
 				signerfile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-recip")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-recip"))
 			{
 			if (args[1])
 				{
 				args++;
 				recipfile = *args;
-				}
+			} else badarg = 1;
-			else badarg = 1;
+		} else if (!strcmp (*args, "-inkey")) {
-			}
+			if (args[1]) {
 		else if (!strcmp (*args, "-inkey"))
 			{
 			if (args[1])
 				{
 				args++;
 				keyfile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-keyform")) {
-				badarg = 1;
+			if (args[1]) {
 		}
 		else if (!strcmp (*args, "-keyform"))
 			{
 			if (args[1])
 				{
 				args++;
 				keyform = str2fmt(*args);
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-certfile")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-certfile"))
 			{
 			if (args[1])
 				{
 				args++;
 				certfile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-CAfile")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-CAfile"))
 			{
 			if (args[1])
 				{
 				args++;
 				CAfile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-CApath")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-CApath"))
 			{
 			if (args[1])
 				{
 				args++;
 				CApath = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-in")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-in"))
 			{
 			if (args[1])
 				{
 				args++;
 				infile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-inform")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-inform"))
 			{
 			if (args[1])
 				{
 				args++;
 				informat = str2fmt(*args);
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-outform")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-outform"))
 			{
 			if (args[1])
 				{
 				args++;
 				outformat = str2fmt(*args);
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-out")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-out"))
 			{
 			if (args[1])
 				{
 				args++;
 				outfile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-content")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-content"))
 			{
 			if (args[1])
 				{
 				args++;
 				contfile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else badarg = 1;
 				badarg = 1;
 			}
 		else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
 			continue;
 		else
 			badarg = 1;
 		args++;
-		}
+	}
-
+	if(operation == SMIME_SIGN) {
-	if (operation == SMIME_SIGN)
+		if(!signerfile) {
 		{
 		if (!signerfile)
 			{
 			BIO_printf(bio_err, "No signer certificate specified\n");
 			badarg = 1;
-			}
+		}
 		need_rand = 1;
-		}
+	} else if(operation == SMIME_DECRYPT) {
-	else if (operation == SMIME_DECRYPT)
+		if(!recipfile) {
-		{
+			BIO_printf(bio_err, "No recipient certificate and key specified\n");
 		if (!recipfile && !keyfile)
 			{
 			BIO_printf(bio_err, "No recipient certificate or key specified\n");
 			badarg = 1;
 			}
 		}
-	else if (operation == SMIME_ENCRYPT)
+	} else if(operation == SMIME_ENCRYPT) {
-		{
+		if(!*args) {
 		if (!*args)
 			{
 			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
 			badarg = 1;
 			}
 		need_rand = 1;
 		}
-	else if (!operation)
+		need_rand = 1;
-		badarg = 1;
+	} else if(!operation) badarg = 1;
-	if (badarg)
+	if (badarg) {
 		{
 		BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
 		BIO_printf (bio_err, "where options are\n");
 		BIO_printf (bio_err, "-encrypt       encrypt message\n");
@@ -427,9 +304,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
 		BIO_printf (bio_err, "-des           encrypt with DES\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf (bio_err, "-seed          encrypt with SEED\n");
 #endif
 #ifndef OPENSSL_NO_RC2
 		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
 		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
@@ -438,10 +312,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
 		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
 		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
 		BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
 		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
@@ -477,155 +347,121 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,  "               the random number generator\n");
 		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
 		goto end;
-		}
+	}
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
-	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
-		}
+	}
-	if (need_rand)
+	if (need_rand) {
 		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));
-		}
+	}
 	ret = 2;
-	if (operation != SMIME_SIGN)
+	if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
 		flags &= ~PKCS7_DETACHED;
-	if (operation & SMIME_OP)
+	if(operation & SMIME_OP) {
-		{
+		if(flags & PKCS7_BINARY) inmode = "rb";
-		if (flags & PKCS7_BINARY)
+		if(outformat == FORMAT_ASN1) outmode = "wb";
-			inmode = "rb";
+	} else {
-		if (outformat == FORMAT_ASN1)
+		if(flags & PKCS7_BINARY) outmode = "wb";
-			outmode = "wb";
+		if(informat == FORMAT_ASN1) inmode = "rb";
-		}
+	}
 	else
 		{
 		if (flags & PKCS7_BINARY)
 			outmode = "wb";
 		if (informat == FORMAT_ASN1)
 			inmode = "rb";
 		}
-	if (operation == SMIME_ENCRYPT)
+	if(operation == SMIME_ENCRYPT) {
-		{
+		if (!cipher) {
 		if (!cipher)
 			{
 #ifndef OPENSSL_NO_RC2			
 			cipher = EVP_rc2_40_cbc();
 #else
 			BIO_printf(bio_err, "No cipher selected\n");
 			goto end;
 #endif
-			}
+		}
 		encerts = sk_X509_new_null();
-		while (*args)
+		while (*args) {
-			{
+			if(!(cert = load_cert(bio_err,*args,FORMAT_PEM,
-			if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
+				NULL, e, "recipient certificate file"))) {
 				NULL, e, "recipient certificate file")))
 				{
 #if 0				/* An appropriate message is already printed */
 				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
 #endif
 				goto end;
-				}
+			}
 			sk_X509_push(encerts, cert);
 			cert = NULL;
 			args++;
 			}
 		}
 	}
-	if (signerfile && (operation == SMIME_SIGN))
+	if(signerfile && (operation == SMIME_SIGN)) {
-		{
+		if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
-		if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
+			e, "signer certificate"))) {
 			e, "signer certificate")))
 			{
 #if 0			/* An appropri message has already been printed */
 			BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
 #endif
 			goto end;
 			}
 		}
 	}
-	if (certfile)
+	if(certfile) {
-		{
+		if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
-		if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
+			e, "certificate file"))) {
 			e, "certificate file")))
 			{
 #if 0			/* An appropriate message has already been printed */
 			BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
 #endif
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	}
-	if (recipfile && (operation == SMIME_DECRYPT))
+	if(recipfile && (operation == SMIME_DECRYPT)) {
-		{
+		if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
-		if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
+			e, "recipient certificate file"))) {
 			e, "recipient certificate file")))
 			{
 #if 0			/* An appropriate message has alrady been printed */
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
 #endif
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	}
-	if (operation == SMIME_DECRYPT)
+	if(operation == SMIME_DECRYPT) {
-		{
+		if(!keyfile) keyfile = recipfile;
-		if (!keyfile)
+	} else if(operation == SMIME_SIGN) {
-			keyfile = recipfile;
+		if(!keyfile) keyfile = signerfile;
-		}
+	} else keyfile = NULL;
 	else if (operation == SMIME_SIGN)
 		{
 		if (!keyfile)
 			keyfile = signerfile;
 		}
 	else keyfile = NULL;
-	if (keyfile)
+	if(keyfile) {
 		{
 		key = load_key(bio_err, keyfile, keyform, 0, passin, e,
 			       "signing key file");
-		if (!key)
+		if (!key) {
 			goto end;
-		}
+                }
 	}
-	if (infile)
+	if (infile) {
-		{
+		if (!(in = BIO_new_file(infile, inmode))) {
 		if (!(in = BIO_new_file(infile, inmode)))
 			{
 			BIO_printf (bio_err,
 				 "Can't open input file %s\n", infile);
 			goto end;
 			}
 		}
-	else
+	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
 		in = BIO_new_fp(stdin, BIO_NOCLOSE);
-	if (outfile)
+	if (outfile) {
-		{
+		if (!(out = BIO_new_file(outfile, outmode))) {
 		if (!(out = BIO_new_file(outfile, outmode)))
 			{
 			BIO_printf (bio_err,
 				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
 		}
-	else
+	} else {
 		{
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@@ -633,127 +469,106 @@ int MAIN(int argc, char **argv)
 		    out = BIO_push(tmpbio, out);
 		}
 #endif
-		}
+	}
-	if (operation == SMIME_VERIFY)
+	if(operation == SMIME_VERIFY) {
-		{
+		if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;
-		if (!(store = setup_verify(bio_err, CAfile, CApath)))
+		X509_STORE_set_flags(store, store_flags);
-			goto end;
+	}
 		X509_STORE_set_verify_cb_func(store, smime_cb);
 		if (vpm)
 			X509_STORE_set1_param(store, vpm);
 		}
 	ret = 3;
-	if (operation == SMIME_ENCRYPT)
+	if(operation == SMIME_ENCRYPT) {
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
-	else if (operation == SMIME_SIGN)
+	} else if(operation == SMIME_SIGN) {
 		{
 		/* If detached data and SMIME output enable partial
 		 * signing.
 		 */
 		if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
 			flags |= PKCS7_STREAM;
 		p7 = PKCS7_sign(signer, key, other, in, flags);
 		/* Don't need to rewind for partial signing */
 		if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0)) {
 		  BIO_printf(bio_err, "Can't rewind input file\n");
 		  goto end;
 		}
-	else
+	} else {
-		{
+		if(informat == FORMAT_SMIME) 
 		if (informat == FORMAT_SMIME) 
 			p7 = SMIME_read_PKCS7(in, &indata);
-		else if (informat == FORMAT_PEM) 
+		else if(informat == FORMAT_PEM) 
 			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
-		else if (informat == FORMAT_ASN1) 
+		else if(informat == FORMAT_ASN1) 
 			p7 = d2i_PKCS7_bio(in, NULL);
-		else
+		else {
 			{
 			BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
 			goto end;
-			}
+		}
-		if (!p7)
+		if(!p7) {
 			{
 			BIO_printf(bio_err, "Error reading S/MIME message\n");
 			goto end;
-			}
+		}
-		if (contfile)
+		if(contfile) {
 			{
 			BIO_free(indata);
-			if (!(indata = BIO_new_file(contfile, "rb")))
+			if(!(indata = BIO_new_file(contfile, "rb"))) {
 				{
 				BIO_printf(bio_err, "Can't read content file %s\n", contfile);
 				goto end;
 				}
 			}
 		}
 	}
-	if (!p7)
+	if(!p7) {
 		{
 		BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
 		goto end;
-		}
+	}
 	ret = 4;
-	if (operation == SMIME_DECRYPT)
+	if(operation == SMIME_DECRYPT) {
-		{
+		if(!PKCS7_decrypt(p7, key, recip, out, flags)) {
 		if (!PKCS7_decrypt(p7, key, recip, out, flags))
 			{
 			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
 			goto end;
 			}
 		}
-	else if (operation == SMIME_VERIFY)
+	} else if(operation == SMIME_VERIFY) {
 		{
 		STACK_OF(X509) *signers;
-		if (PKCS7_verify(p7, other, store, indata, out, flags))
+		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
 			BIO_printf(bio_err, "Verification successful\n");
-		else
+		} else {
 			{
 			BIO_printf(bio_err, "Verification failure\n");
 			goto end;
-			}
+		}
 		signers = PKCS7_get0_signers(p7, other, flags);
-		if (!save_certs(signerfile, signers))
+		if(!save_certs(signerfile, signers)) {
 			{
 			BIO_printf(bio_err, "Error writing signers to %s\n",
 								signerfile);
 			ret = 5;
 			goto end;
 			}
 		sk_X509_free(signers);
 		}
-	else if (operation == SMIME_PK7OUT)
+		sk_X509_free(signers);
 	} else if(operation == SMIME_PK7OUT) {
 		PEM_write_bio_PKCS7(out, p7);
-	else
+	} else {
-		{
+		if(to) BIO_printf(out, "To: %s\n", to);
-		if (to)
+		if(from) BIO_printf(out, "From: %s\n", from);
-			BIO_printf(out, "To: %s\n", to);
+		if(subject) BIO_printf(out, "Subject: %s\n", subject);
-		if (from)
+		if(outformat == FORMAT_SMIME) 
 			BIO_printf(out, "From: %s\n", from);
 		if (subject)
 			BIO_printf(out, "Subject: %s\n", subject);
 		if (outformat == FORMAT_SMIME) 
 			SMIME_write_PKCS7(out, p7, in, flags);
-		else if (outformat == FORMAT_PEM) 
+		else if(outformat == FORMAT_PEM) 
 			PEM_write_bio_PKCS7(out,p7);
-		else if (outformat == FORMAT_ASN1) 
+		else if(outformat == FORMAT_ASN1) 
 			i2d_PKCS7_bio(out,p7);
-		else
+		else {
 			{
 			BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
 			goto end;
 			}
 		}
 	}
 	ret = 0;
 end:
 	if (need_rand)
 		app_RAND_write_file(NULL, bio_err);
-	if (ret) ERR_print_errors(bio_err);
+	if(ret) ERR_print_errors(bio_err);
 	sk_X509_pop_free(encerts, X509_free);
 	sk_X509_pop_free(other, X509_free);
 	if (vpm)
 		X509_VERIFY_PARAM_free(vpm);
 	X509_STORE_free(store);
 	X509_free(cert);
 	X509_free(recip);
@@ -763,39 +578,20 @@ end:
 	BIO_free(in);
 	BIO_free(indata);
 	BIO_free_all(out);
-	if (passin) OPENSSL_free(passin);
+	if(passin) OPENSSL_free(passin);
 	return (ret);
 }
 static int save_certs(char *signerfile, STACK_OF(X509) *signers)
-	{
+{
 	int i;
 	BIO *tmp;
-	if (!signerfile)
+	if(!signerfile) return 1;
 		return 1;
 	tmp = BIO_new_file(signerfile, "w");
-	if (!tmp) return 0;
+	if(!tmp) return 0;
 	for(i = 0; i < sk_X509_num(signers); i++)
 		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
 	BIO_free(tmp);
 	return 1;
-	}
+}
 /* Minimal callback just to output policy info (if any) */
 static int smime_cb(int ok, X509_STORE_CTX *ctx)
 	{
 	int error;
 	error = X509_STORE_CTX_get_error(ctx);
 	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
 		&& ((error != X509_V_OK) || (ok != 2)))
 		return ok;
 	policies_print(NULL, ctx);
 	return ok;
 	}
--- a/apps/speed.c
+++ b/apps/speed.c
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -87,8 +87,7 @@ int MAIN(int argc, char **argv)
 	int verify=0,noout=0,pubkey=0;
 	char *infile = NULL,*outfile = NULL,*prog;
 	char *passargin = NULL, *passin = NULL;
-	const char *spkac = "SPKAC", *spksect = "default";
+	char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
 	char *spkstr = NULL;
 	char *challenge = NULL, *keyfile = NULL;
 	CONF *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
@@ -201,7 +200,7 @@ bad:
 		}
 		spki = NETSCAPE_SPKI_new();
 		if(challenge) ASN1_STRING_set(spki->spkac->challenge,
-						 challenge, (int)strlen(challenge));
+						 challenge, strlen(challenge));
 		NETSCAPE_SPKI_set_pubkey(spki, pkey);
 		NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
 		spkstr = NETSCAPE_SPKI_b64_encode(spki);
--- a/apps/timeouts.h
+++ b/apps/timeouts.h
@@ -1,67 +0,0 @@
 /* apps/timeouts.h */
 /* 
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
 */
 /* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #ifndef INCLUDED_TIMEOUTS_H
 #define INCLUDED_TIMEOUTS_H
 /* numbers in us */
 #define DGRAM_RCV_TIMEOUT         250000
 #define DGRAM_SND_TIMEOUT         250000
 #endif /* ! INCLUDED_TIMEOUTS_H */
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -79,14 +79,13 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
-	int i,ret=1, badarg = 0;
+	int i,ret=1;
 	int purpose = -1;
 	char *CApath=NULL,*CAfile=NULL;
 	char *untfile = NULL, *trustfile = NULL;
 	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
 	X509_VERIFY_PARAM *vpm = NULL;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif
@@ -122,12 +121,18 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				CAfile= *(++argv);
 				}
-			else if (args_verify(&argv, &argc, &badarg, bio_err,
+			else if (strcmp(*argv,"-purpose") == 0)
 									&vpm))
 				{
-				if (badarg)
+				X509_PURPOSE *xptmp;
 				if (argc-- < 1) goto end;
 				i = X509_PURPOSE_get_by_sname(*(++argv));
 				if(i < 0)
 					{
 					BIO_printf(bio_err, "unrecognized purpose\n");
 					goto end;
-				continue;
+					}
 				xptmp = X509_PURPOSE_get0(i);
 				purpose = X509_PURPOSE_get_id(xptmp);
 				}
 			else if (strcmp(*argv,"-untrusted") == 0)
 				{
@@ -148,6 +153,14 @@ int MAIN(int argc, char **argv)
 #endif
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
 			else if (strcmp(*argv,"-ignore_critical") == 0)
 				vflags |= X509_V_FLAG_IGNORE_CRITICAL;
 			else if (strcmp(*argv,"-issuer_checks") == 0)
 				vflags |= X509_V_FLAG_CB_ISSUER_CHECK;
 			else if (strcmp(*argv,"-crl_check") == 0)
 				vflags |= X509_V_FLAG_CRL_CHECK;
 			else if (strcmp(*argv,"-crl_check_all") == 0)
 				vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
 			else if (strcmp(*argv,"-verbose") == 0)
 				v_verbose=1;
 			else if (argv[0][0] == '-')
@@ -165,9 +178,6 @@ int MAIN(int argc, char **argv)
        e = setup_engine(bio_err, engine, 0);
 #endif
 	if (vpm)
 		X509_STORE_set1_param(cert_ctx, vpm);
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
 	if (CAfile) {
@@ -228,7 +238,6 @@ end:
 								X509_PURPOSE_get0_name(ptmp));
 		}
 	}
 	if (vpm) X509_VERIFY_PARAM_free(vpm);
 	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
 	sk_X509_pop_free(untrusted, X509_free);
 	sk_X509_pop_free(trusted, X509_free);
@@ -330,13 +339,10 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 	if (!ok)
 		{
-		if (ctx->current_cert)
+		X509_NAME_oneline(
 			{
 			X509_NAME_oneline(
 				X509_get_subject_name(ctx->current_cert),buf,
 				sizeof buf);
-			printf("%s\n",buf);
+		printf("%s\n",buf);
 			}
 		printf("error %d at %d depth lookup:%s\n",ctx->error,
 			ctx->error_depth,
 			X509_verify_cert_error_string(ctx->error));
@@ -348,21 +354,13 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
 		/* Continue after extension errors too */
 		if (ctx->error == X509_V_ERR_INVALID_CA) ok=1;
 		if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1;
 		if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
 		if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
 		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
 		if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
 		if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
 		if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
 		if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)
 			policies_print(NULL, ctx);
 		return ok;
 		}
 	if ((ctx->error == X509_V_OK) && (ok == 2))
 		policies_print(NULL, ctx);
 	if (!v_verbose)
 		ERR_clear_error();
 	return(ok);
--- a/apps/version.c
+++ b/apps/version.c
@@ -115,7 +115,6 @@
 #include "apps.h"
 #include <openssl/evp.h>
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_MD2
 # include <openssl/md2.h>
 #endif
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -73,12 +73,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 #undef PROG
 #define PROG x509_main
@@ -87,7 +81,7 @@
 #define	POSTFIX	".srl"
 #define DEF_DAYS	30
-static const char *x509_usage[]={
+static char *x509_usage[]={
 "usage: x509 args\n",
 " -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
 " -outform arg    - output format - default PEM (one of DER, NET or PEM)\n",
@@ -176,19 +170,18 @@ int MAIN(int argc, char **argv)
 	char *CAkeyfile=NULL,*CAserial=NULL;
 	char *alias=NULL;
 	int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
 	int next_serial=0;
 	int subject_hash=0,issuer_hash=0,ocspid=0;
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
 	int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
 	int pprint = 0;
-	const char **pp;
+	char **pp;
 	X509_STORE *ctx=NULL;
 	X509_REQ *rq=NULL;
 	int fingerprint=0;
 	char buf[256];
-	const EVP_MD *md_alg,*digest=EVP_sha1();
+	const EVP_MD *md_alg,*digest=EVP_md5();
 	CONF *extconf = NULL;
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
@@ -380,8 +373,6 @@ int MAIN(int argc, char **argv)
 			email= ++num;
 		else if (strcmp(*argv,"-serial") == 0)
 			serial= ++num;
 		else if (strcmp(*argv,"-next_serial") == 0)
 			next_serial= ++num;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus= ++num;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -605,19 +596,12 @@ bad:
 		if ((x=X509_new()) == NULL) goto end;
 		ci=x->cert_info;
-		if (sno == NULL)
+		if (sno)
 			{
-			sno = ASN1_INTEGER_new();
+			if (!X509_set_serialNumber(x, sno))
 			if (!sno || !rand_serial(NULL, sno))
 				goto end;
 			if (!X509_set_serialNumber(x, sno)) 
 				goto end;
 			ASN1_INTEGER_free(sno);
 			sno = NULL;
 			}
-		else if (!X509_set_serialNumber(x, sno)) 
+		else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
 			goto end;
 		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
 		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
@@ -638,7 +622,7 @@ bad:
 		if (xca == NULL) goto end;
 		}
-	if (!noout || text || next_serial)
+	if (!noout || text)
 		{
 		OBJ_create("2.99999.3",
 			"SET.ex3","SET x509v3 extension 3");
@@ -709,28 +693,9 @@ bad:
 			else if (serial == i)
 				{
 				BIO_printf(STDout,"serial=");
-				i2a_ASN1_INTEGER(STDout,
+				i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
 					X509_get_serialNumber(x));
 				BIO_printf(STDout,"\n");
 				}
 			else if (next_serial == i)
 				{
 				BIGNUM *bnser;
 				ASN1_INTEGER *ser;
 				ser = X509_get_serialNumber(x);
 				bnser = ASN1_INTEGER_to_BN(ser, NULL);
 				if (!bnser)
 					goto end;
 				if (!BN_add_word(bnser, 1))
 					goto end;
 				ser = BN_to_ASN1_INTEGER(bnser, NULL);
 				if (!ser)
 					goto end;
 				BN_free(bnser);
 				i2a_ASN1_INTEGER(out, ser);
 				ASN1_INTEGER_free(ser);
 				BIO_puts(out, "\n");
 				}
 			else if (email == i) 
 				{
 				int j;
@@ -1003,9 +968,9 @@ bad:
 	if (checkend)
 		{
-		time_t tcheck=time(NULL) + checkoffset;
+		time_t tnow=time(NULL);
-		if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0)
+		if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
 			{
 			BIO_printf(out,"Certificate will expire\n");
 			ret=1;
@@ -1042,7 +1007,8 @@ bad:
 		ah.data=(char *)x;
 		ah.meth=X509_asn1_meth();
-		i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah);
+		/* no macro for this one yet */
 		i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah);
 		}
 	else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
--- a/bugs/VC16.bug
+++ b/bugs/VC16.bug
@@ -0,0 +1,18 @@
 Microsoft (R) C/C++ Optimizing Compiler Version 8.00c
 Compile with /O2 chokes the compiler on these files
 crypto\md\md5_dgst.c		warning '@(#)reg86.c:1.26', line 1110
 crypto\des\ofb64ede.c		warning '@(#)grammar.c:1.147', line 168
 crypto\des\ofb64enc.c		warning '@(#)grammar.c:1.147', line 168
 crypto\des\qud_cksm.c		warning '@(#)grammar.c:1.147', line 168
 crypto\rc2\rc2ofb64.c		warning '@(#)grammar.c:1.147', line 168
 crypto\objects\obj_dat.c	warning	'@(#)grammar.c:1.147', line 168
 				fatal	'@(#)grammar.c:1.147', line 168
 crypto\objects\obj_lib.c	warning	'@(#)grammar.c:1.147', line 168
 				fatal	'@(#)grammar.c:1.147', line 168
 ssl\ssl_auth.c			warning	'@(#)grammar.c:1.147', line 168
 				fatal	'@(#)grammar.c:1.147', line 168
 Turning on /G3 with build flags that worked fine for /G2 came up with
 divide by zero errors in 'normal' code in speed.c :-(
--- a/certs/ICE-CA.pem
+++ b/certs/ICE-CA.pem
@@ -0,0 +1,59 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
        Validity
            Not Before: Apr  2 17:35:53 1997 GMT
            Not After : Apr  2 17:35:53 1998 GMT
        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
        Subject Public Key Info:
            Public Key Algorithm: rsa
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
                    8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
                    44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
                    e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
                    49:11:a5:c9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                0.........z.."p......e..
            X509v3 Subject Key Identifier: 
                ..~r..:..B.44fu......3
            X509v3 Key Usage: critical
                ....
            X509v3 Certificate Policies: critical
                0.0...*...
            X509v3 Subject Alternative Name: 
                0!..secude-support@darmstadt.gmd.de
            X509v3 Issuer Alternative Name: 
                0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
            X509v3 Basic Constraints: critical
                0....
            X509v3 CRL Distribution Points: 
                0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
    Signature Algorithm: md5WithRSAEncryption
        17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
        69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
        98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
        88:73:cd:60:28:79:a3:fc:48:7a
 -----BEGIN CERTIFICATE-----
 MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
 cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
 QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
 A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
 aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
 AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
 BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
 IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
 NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
 MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
 VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
 LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
 /zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
 aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
 7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
 -----END CERTIFICATE-----
--- a/certs/ICE-root.pem
+++ b/certs/ICE-root.pem
@@ -0,0 +1,48 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
        Validity
            Not Before: Apr  2 17:33:36 1997 GMT
            Not After : Apr  2 17:33:36 1998 GMT
        Subject: O=European ICE-TEL project, OU=V3-Certification Authority
        Subject Public Key Info:
            Public Key Algorithm: rsa
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
                    82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
                    13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
                    9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
                    e7:c7:9f:41:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                ........z.."p......e..
            X509v3 Key Usage: critical
                ....
            X509v3 Subject Alternative Name: 
                0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
            X509v3 Basic Constraints: critical
                0....
    Signature Algorithm: md5WithRSAEncryption
        76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
        03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
        f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
        7e:22:9f:25:06:60:bd:79:30:3d
 -----BEGIN CERTIFICATE-----
 MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
 cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
 QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
 A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
 aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
 EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
 0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
 ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
 dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
 LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
 iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
 fiKfJQZgvXkwPQ==
 -----END CERTIFICATE-----
--- a/certs/ICE-user.pem
+++ b/certs/ICE-user.pem
@@ -0,0 +1,63 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
        Validity
            Not Before: Apr  2 17:35:59 1997 GMT
            Not After : Apr  2 17:35:59 1998 GMT
        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
        Subject Public Key Info:
            Public Key Algorithm: rsa
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
                    de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
                    31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
                    b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
                    be:3e:a4:61:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                0...~r..:..B.44fu......3
            X509v3 Subject Key Identifier: 
                ...... .*...1.*.......
            X509v3 Key Usage: critical
                ....
            X509v3 Certificate Policies: critical
                0.0...*...0.......
            X509v3 Subject Alternative Name: 
                0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
            X509v3 Issuer Alternative Name: 
                0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
 ..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
            X509v3 Basic Constraints: critical
                0.
            X509v3 CRL Distribution Points: 
                0.0.......gmdca@gmd.de
    Signature Algorithm: md5WithRSAEncryption
        69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
        4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
        c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
        9a:f7:6f:63:9b:94:99:83:d6:a4
 -----BEGIN CERTIFICATE-----
 MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
 cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
 QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
 OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
 Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
 EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
 qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
 BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
 nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
 A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
 HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
 YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
 dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
 VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
 ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
 Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
 ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
 DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
 -----END CERTIFICATE-----
--- a/certs/ICE.crl
+++ b/certs/ICE.crl
@@ -0,0 +1,9 @@
 -----BEGIN X509 CRL-----
 MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
 VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
 NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
 WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
 i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
 KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
 mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
 -----END X509 CRL-----
--- a/certs/expired/RegTP-4R.pem
+++ b/certs/expired/RegTP-4R.pem
--- a/certs/aol1.pem
+++ b/certs/aol1.pem
@@ -1,22 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
 MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
 bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2
 MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
 ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
 Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk
 hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym
 1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW
 OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb
 2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko
 O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
 AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU
 AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
 BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
 Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb
 LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir
 oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C
 MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds
 sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
 -----END CERTIFICATE-----
--- a/certs/aol2.pem
+++ b/certs/aol2.pem
@@ -1,33 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
 MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
 bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2
 MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
 ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
 Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
 ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC
 206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci
 KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2
 JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9
 BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e
 Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B
 PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
 Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq
 Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
 o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3
 +L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj
 YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj
 FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE
 AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn
 xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2
 LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
 obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8
 CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe
 IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA
 DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F
 AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX
 Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb
 AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl
 Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
 RY8mkaKO/qk=
 -----END CERTIFICATE-----
--- a/certs/aoltw1.pem
+++ b/certs/aoltw1.pem
@@ -1,23 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
 HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
 IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
 aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAwMFoXDTM3MTEyMDE1
 MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
 SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
 IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw
 DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U
 0pPlLYnKhHw/EEMbjIt8hFj4JHxIzyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItI
 TuLCxFlpMGK2MKKMCxGZYTVtfu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAf
 RC+iYkGzuxgh28pxPIzstrkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqF
 zQ6axOAAsNUl6twr5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqh
 BC4aMqiaILGcLCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEA
 AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jY
 PXy+XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/
 BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNMeUWn
 9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7CegCgTXT
 Ct8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77BfWgDrvq2g+EQF
 Z7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oTLW4jYYehY0KswsuX
 n2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCzvhGbRWeDhhmH05i9CBoW
 H1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmwX7A5KGgOc90lmt4S
 -----END CERTIFICATE-----
--- a/certs/aoltw2.pem
+++ b/certs/aoltw2.pem
@@ -1,34 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
 HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
 IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
 aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAwMFoXDTM3MDkyODIz
 NDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
 SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
 IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw
 DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ
 7ouZzU9AhqS2TcnZsdw8TQ2FTBVsRotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilb
 m2BPJoPRYxJWSXakFsKlnUWsi4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOY
 xFSMFkpBd4aVdQxHAWZg/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZ
 YYCLqJV+FNwSbKTQ2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbq
 JS5Gr42whTg0ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fx
 I2rSAG2X+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETz
 kxmlJ85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh
 EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNoKk/S
 Btc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJKg71ZDIM
 gtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1ExMVCgyhwn2RAu
 rda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
 FE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaAFE9pbQN+nZ8HGEO8txBO
 1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAO/Ouyugu
 h4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0cnAxa8cZmIDJgt43d15Ui47y6mdP
 yXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRFASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q
 7C+qPBR7V8F+GBRn7iTGvboVsNIYvbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKT
 RuidDV29rs4prWPVVRaAMCf/drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/
 ClTluUI8JPu3B5wwn3la5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyB
 M5kYJRF3p+v9WAksmWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQ
 my8YJPamTQr5O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xO
 AU++CrYD062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT
 9Y41xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H
 hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOLZ8/5
 fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg=
 -----END CERTIFICATE-----
--- a/certs/argena.pem
+++ b/certs/argena.pem
@@ -1,39 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIG0zCCBbugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBzDELMAkGA1UEBhMCQVQx
 EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTE6MDgGA1UEChMxQVJH
 RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEl
 MCMGA1UECxMcQS1DRVJUIENlcnRpZmljYXRpb24gU2VydmljZTEYMBYGA1UEAxMP
 QS1DRVJUIEFEVkFOQ0VEMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGEtY2VydC5hdDAe
 Fw0wNDEwMjMxNDE0MTRaFw0xMTEwMjMxNDE0MTRaMIHMMQswCQYDVQQGEwJBVDEQ
 MA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQKEzFBUkdF
 IERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0aW9uMSUw
 IwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYDVQQDEw9B
 LUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0LmF0MIIB
 IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3euXIy+mnf6BYKbK+QH5k679
 tUFqeT8jlZxMew8eNiHuw9KoxWBzL6KksK+5uK7Gatw+sbAYntEGE80P+Jg1hADM
 e+Fr5V0bc6QS3gkVtfUCW/RIvfMM39oxvmqJmOgPnJU7H6+nmLtsq61tv9kVJi/2
 4Y5wXW3odet72sF57EoG6s78w0BUVLNcMngS9bZZzmdG3/d6JbkGgoNF/8DcgCBJ
 W/t0JrcIzyppXIOVtUzzOrrU86zuUgT3Rtkl5kjG7DEHpFb9H0fTOY1v8+gRoaO6
 2gA0PCiysgVZjwgVeYe3KAg11nznyleDv198uK3Dc1oXIGYjJx2FpKWUvAuAEwID
 AQABo4ICvDCCArgwHQYDVR0OBBYEFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYMIH5BgNV
 HSMEgfEwge6AFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYoYHSpIHPMIHMMQswCQYDVQQG
 EwJBVDEQMA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQK
 EzFBUkdFIERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0
 aW9uMSUwIwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYD
 VQQDEw9BLUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0
 LmF0ggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMEcGA1UdJQRAMD4G
 CCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcD
 CAYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAP8wUQYDVR0gBEowSDBGBggq
 KAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRwOi8vd3d3LmEtY2VydC5hdC9jZXJ0
 aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgBhvhCAQgELhYsaHR0cDovL3d3dy5h
 LWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5Lmh0bWwwGQYDVR0RBBIwEIEOaW5m
 b0BhLWNlcnQuYXQwLwYDVR0SBCgwJoEOaW5mb0BhLWNlcnQuYXSGFGh0dHA6Ly93
 d3cuYS1jZXJ0LmF0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHBzOi8vc2VjdXJlLmEt
 Y2VydC5hdC9jZ2ktYmluL2EtY2VydC1hZHZhbmNlZC5jZ2kwDQYJKoZIhvcNAQEF
 BQADggEBACX1IvgfdG2rvfv35O48vSEvcVaEdlN8USFBHWz3JRAozgzvaBtwHkjK
 Zwt5l/BWOtjbvHfRjDt7ijlBEcxOOrNC1ffyMHwHrXpvff6YpQ5wnxmIYEQcURiG
 HMqruEX0WkuDNgSKwefsgXs27eeBauHgNGVcTYH1rmHu/ZyLpLxOyJQ2PCzA1DzW
 3rWkIX92ogJ7lTRdWrbxwUL1XGinxnnaQ74+/y0pI9JNEv7ic2tpkweRMpkedaLW
 msC1+orfKTebsg69aMaCx7o6jNONRmR/7TVaPf8/k6g52cHZ9YWjQvup22b5rWxG
 J5r5LZ4vCPmF4+T4lutjUYAa/lGuQTg=
 -----END CERTIFICATE-----
--- a/certs/argeng.pem
+++ b/certs/argeng.pem
@@ -1,23 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDwzCCAyygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCQVQx
 EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAGA1UEChM5QXJn
 ZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBmdWVyIERhdGVu
 c2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVuLmF0MB4XDTAx
 MDIxMjExMzAzMFoXDTA5MDIxMjExMzAzMFowgZgxCzAJBgNVBAYTAkFUMRAwDgYD
 VQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExQjBABgNVBAoTOUFyZ2UgRGF0
 ZW4gT2VzdGVycmVpY2hpc2NoZSBHZXNlbGxzY2hhZnQgZnVlciBEYXRlbnNjaHV0
 ejEiMCAGCSqGSIb3DQEJARYTYS1jZXJ0QGFyZ2VkYXRlbi5hdDCBnzANBgkqhkiG
 9w0BAQEFAAOBjQAwgYkCgYEAwgsHqoNtmmrJ86+e1I4hOVBaL4kokqKN2IPOIL+1
 XwY8vfOOUfPEdhWpaC0ldt7VYrksgDiUccgH0FROANWK2GkfKMDzjjXHysR04uEb
 Om7Kqjqn0nproOGkFG+QvBZgs+Ws+HXNFJA6V76fU4+JXq4452LSK4Lr5YcBquu3
 NJECAwEAAaOCARkwggEVMB0GA1UdDgQWBBQ0j59zH/G31zRjgK1y2P//tSAWZjCB
 xQYDVR0jBIG9MIG6gBQ0j59zH/G31zRjgK1y2P//tSAWZqGBnqSBmzCBmDELMAkG
 A1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAG
 A1UEChM5QXJnZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBm
 dWVyIERhdGVuc2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVu
 LmF0ggEAMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE
 AwICBDANBgkqhkiG9w0BAQQFAAOBgQBFuJYncqMYB6gXQS3eDOI90BEHfFTKy/dV
 AV+K7QdAYikWmqgBheRdPKddJdccPy/Zl/p3ZT7GhDyC5f3wZjcuu8AJ27BNwbCA
 x54dgxgCNcyPm79nY8MRtEdEpoRGdSsFKJemz6hpXM++MWFciyrRWIIA44XB0Gv3
 US0spjsDPQ==
 -----END CERTIFICATE-----
--- a/certs/demo/ca-cert.pem
+++ b/certs/demo/ca-cert.pem
--- a/certs/demo/dsa-ca.pem
+++ b/certs/demo/dsa-ca.pem
--- a/certs/demo/dsa-pca.pem
+++ b/certs/demo/dsa-pca.pem
--- a/certs/eng1.pem
+++ b/certs/eng1.pem
@@ -1,23 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
 CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9CYW5rRW5n
 aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
 aW9uMRMwEQYDVQQDEwpiYW5rZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBiYW5r
 ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
 CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
 BAoTD0JhbmtFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
 b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmJhbmtlbmdpbmUxIDAeBgkqhkiG9w0B
 CQEWEWNhQGJhbmtlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
 CgKCAQEA14LoTUAl1/hEy+Kh1kLHiBdW2zD3V4IhM7xxTVKsYsIH56nr69ATTIxU
 P36eRzeZ137qt1AxHFjDCidk3m1Ul6l59ProPexdslLLM2npM3f2cteg+toyiYiS
 EJKjyzIu1xF1j9qzGkymSY/4DsXLZNk9FaczxMk/Ooc6Os1M3AverL4VG4rYIb6f
 eR32cIKJ9Q1fGuyKk7ipq1XQfPW8a8TgZdbHbe7U9Gk3iasGMHHvpR9Ep3mGbgdT
 uQ98SBEuIwe1BUCGg/MXpVy48MNXfAMotBgGw4pl9yqSjMni2FB+E9Q9DHFs2RgX
 MqzKuo8zcPxKx2kZ6Arj8+27dw2clQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
 CSqGSIb3DQEBBQUAA4IBAQBauupHX9EhpC/r57d6b5kkeWvognxIP9//TO4iw3qb
 zIXEkPXmJmwVzlzoKJWqiya+aw19SP0+G6CzsFOBo/9ehmz+hZ8bhYX4MjlWzX5u
 Tnkhz172j9fOBUmrTVPkcRIs6zjCD5PQAGoBPP1/Zdy2N36lZ0U7lg07Opirj/yJ
 PSJeM2j0fwIFAroiVckvdT0BVwB6S/cPaAQGPghbbr1YGSmYrMriSv825ILJUfxz
 rJYunGR9FiY9Ob7+jwJwiZMS4CxSPktutxr/3hOvr1+ALS7IcVakhhA3PuZAJbdH
 FRclR9qMM8aBnBZmf+Uv3K3uhT+UBzzY654U9Yi1JYnA
 -----END CERTIFICATE-----
--- a/certs/eng2.pem
+++ b/certs/eng2.pem
@@ -1,23 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
 CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9DZXJ0RW5n
 aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
 aW9uMRMwEQYDVQQDEwpjZXJ0ZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBjZXJ0
 ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
 CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
 BAoTD0NlcnRFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
 b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmNlcnRlbmdpbmUxIDAeBgkqhkiG9w0B
 CQEWEWNhQGNlcnRlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
 CgKCAQEA7aTXURShaeVt9u/dP3Q2dVib3jTCZvEyc6yfpGgaYWewXWuP4HOSfI4h
 GZblbpl+dzJc6RjhR+pguIRtbT5FJB8SJGjRqoujBEOQOxtVtc2fjM9Dqh0iOvMW
 WS6buxHG55GVrHAQaO5HXEScKQBa9ZyNmpSXPTEBrDMej1OAGOkc524/TZrgFPF4
 AiJLLkxCcP8NuzUKlW3WzNMSSoCtjkUKy4wjSLlAWCFM0T9Df6/+Z8ZUQTzHoKCD
 ncH5Qnynd7DlOwKQ2JwwxRhYGiGVTUN0GUq7qA11kW3+vnbFesKQXoF6o2PVx9s2
 YXviI2NXXUjZ0pVnsnFCc45Pm8XojwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
 CSqGSIb3DQEBBQUAA4IBAQBP/aHOKJ00Akzc9HWM1X30hlWZFBaQi4pqD4Uhk8+p
 KzzwFP5DRLBOz8TYBbtdXrS6hxVMr2sqWmhVkuyepWhHZazKGyHY/y0FbOXsewAV
 1QxxSyx7ve89pCKv4/w0rQcP916iHc8Y/TCpmz7eITa3GId+8H/XTaBi8GBp9X9O
 w8m25FmEB1NT+eJwefvfdKowjy4tSorKdW/eJspxNuTSRGmUy8G71W5dYvgpAlx6
 mdnHyzxEGvRYNNI2bS0ifXgbEFNWqSas9q34ea5KOpkJu8T/KyXfSb6rPOsBSb0t
 wMowwGtCVH2C4Lw/8zo0EjhMpTOsPaub408PrZ+NQ2bl
 -----END CERTIFICATE-----
--- a/certs/eng3.pem
+++ b/certs/eng3.pem
@@ -1,34 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIF3TCCA8WgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
 CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9Gb3J0RW5n
 aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
 aW9uMRMwEQYDVQQDEwpmb3J0ZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBmb3J0
 ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
 CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
 BAoTD0ZvcnRFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
 b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmZvcnRlbmdpbmUxIDAeBgkqhkiG9w0B
 CQEWEWNhQGZvcnRlbmdpbmUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
 CgKCAgEAyr7GbpwDxx1v3EYbo0gcO+ligEhlDqG2e7u/AbWGoVAqc8+q6auUJUtz
 4i7oh0yNadu1o9kpXW+znkgO0zlrgjGskqqMO1ooppzTJdFy/P8gR6x1Iuv3kWtX
 OuzwPPEjv09LWlhyJsN+oU4ztTVf07I0Q9zYupcoDQ58XKRheI9KdDB2DYSmxywA
 WSLQwIeG0Qa7gvokeQlpkgkEC7viEecJ3752KXBJHnh7As51mxnlpmG6sDy67Eli
 HDw5tHETRqbtnscGBjskGQBqR5xt7+QnnthZrN8HJHDoa9zgGephwizhkL44lXLF
 YK9W5XhFbblw2c+mAcHkokRiwD7CPeIoyD2a/Jcw3n5hegKTlNhd4BFGVF6JR7gF
 OFk2QfHXit5uthsij9Xhl7WAgQUqLgggD9MphqPf4nY66OZUJV9ZsmB+Qfp8UizB
 0WAOegactKVyRqHtRa+KIEXQXNtZgjcmMk9CYkP0nIbKtgKXaH6+9VMHNOryCnFE
 7pSsuPUkypncFWCHGSeiFO3w4w4J4csltxBADQzxfRu5KZnlToQN7bVpI/Q31tVX
 E5bjrJcq6Oj/OTqZ3ID+OqbkUdAg0ggjRKcTgxnLHd/AbMzJ6PsclDDf7cLs0WSl
 xMxQR/z5bNST1rNtT9rsiv2TOhfvCBxO9AOjBioO8PLO032HTNECAwEAAaMQMA4w
 DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAVyBpPWfT2VOyvVpslGKx
 8h0+CWP8cilygGRtZJ5dAJzc//1REAHdvK+TgZ4Foz3dqHhXI+RNN0FpzuWaYMjW
 ZTS0kAmcOQuGY1Oo4PGlPHI21pNz29oFDTJr0ZmLBJ4JKVsE2soJg55jdk9MZHA7
 K//7HH9RsmrWZOE5DZDlrxp6+naixhMwnlPKKisIy9GNZUPqGdUWABMdB/BUVVNl
 NU5TtWpIXUClMd8a+eoKcItBeYXowkHOBpinPkDX3clFDIUfWiw0Ro08s8SrrFqR
 8Szwbrj52Xv1RM56oGqCjnkvJctxihODV7NcpxoAFjIZokDom0q6zPrrTUsLFQov
 Plovc3w5hmALiDMshaTvE1nm3Psn4yQ+FlRE8epTZrQiIGypZkZC6lcz0mYawueW
 cThYWGFhVG4ktQzOjjNRsNxopW+W7cF1zQTxiWUDnxIKSj7gtdQ2jiubxEEhfVag
 r8DMtAccNVTZVURpGi56TptOOuotrTqqC+2GviW4hlxvdvmuQN0OlXlUwzz2Trxc
 FamNnuA54lZw/8arLtxsFmHrcnPw53+1spumLD0S5UkxHNu40h6LIVpZz3H+0rLz
 uFofTfiyMjcfK2AyHQTgUCbsrvgNuLDQUbyFGVchdFUkhztX3DhEVnxnnrpY4BVj
 QdTqWIvw7lGlSuDCjxEQAOc=
 -----END CERTIFICATE-----
--- a/certs/eng4.pem
+++ b/certs/eng4.pem
@@ -1,23 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
 CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9NYWlsRW5n
 aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
 aW9uMRMwEQYDVQQDEwptYWlsZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBtYWls
 ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
 CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
 BAoTD01haWxFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
 b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCm1haWxlbmdpbmUxIDAeBgkqhkiG9w0B
 CQEWEWNhQG1haWxlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
 CgKCAQEAqXmfsU+lx+NFmn6tN17RTOyaddHqLnr/3rzEDIyT9TN+tF9TG7jmK7lJ
 Jrj5arQ3nTFaLF8JuND2U1z/cLPw6/TX+1tE3v3CNUDSjaisyUDiUyp3TE8hMMMz
 zfZQn0JsGgNhhWxqyzjhRQGtKL4+xtn8VsF/8zGgZYke7nlmVKz/FslDFTnNoodL
 BAEGiu9JQS9qqpbSs20NdZ6LXPL2A4iTjnsNFBW3jIMVIn/JVVyaycU7ue2oFviD
 vLNpkVZcR7A+jjIdIumOc5VSF0y7y74cQC5YwkR2mLK7UBYDK6NCY3ta/C4M8NsM
 0FpmvRl0+A1ivZtVwqI98dxDtp7HeQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
 CSqGSIb3DQEBBQUAA4IBAQAjfNn5BCzxylBDakFQGWKE/P43PRibMOEzfd7+DzbY
 WIekoz3i00DwoH3b6j4gwlDJRAOq4dF6/Pt/uBOHDo/op+ef+9ErmKPd+ehXN9h3
 7QbccTgz7DtVwA4iRlDRLru+JuXzT+OsCHuFZMOLJ+KD2JAGh3W68JjdcLkrlcpt
 AU0wc5aOHPPfEBdIah8y8QtNzXRVzoBt8zzvgCARkXxTS2u/9QaXR1hML0JtDgQS
 SdZ6Kd8SN6yzqxD+buYD5sOfJmjBF/n3lqFHNMHnnGXy2TAXZtIAWzffU3A0cGPB
 N6FZ026a86HbF1X4k+xszhbJu/ikczyuWnCJIg3fTYSD
 -----END CERTIFICATE-----
--- a/certs/eng5.pem
+++ b/certs/eng5.pem
@@ -1,23 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIID6TCCAtGgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBrjELMAkGA1UEBhMCQ0Ex
 CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRowGAYDVQQKExFUcmFkZXJF
 bmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRGl2
 aXNpb24xFTATBgNVBAMTDHRyYWRlcmVuZ2luZTEiMCAGCSqGSIb3DQEJARYTY2FA
 dHJhZGVyZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBa
 MIGuMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8x
 GjAYBgNVBAoTEVRyYWRlckVuZ2luZSBJbmMuMSkwJwYDVQQLEyBDZXJ0aWZpY2F0
 aW9uIEF1dGhvcml0eSBEaXZpc2lvbjEVMBMGA1UEAxMMdHJhZGVyZW5naW5lMSIw
 IAYJKoZIhvcNAQkBFhNjYUB0cmFkZXJlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0B
 AQEFAAOCAQ8AMIIBCgKCAQEAzyX5QE+5SN+zgNn1v3zp9HmP4hQOWW8WuEVItZVP
 9bt/xj5NeJd1kyPL/SqnF2qHcL3o/74r0Ga55aKHniwKYgQTlp5ELGfQ568QQeN9
 xNIHtUXeStI9zCNZyZC+4YqObdMR/ivKA/WsLfUVMl2lV5JzJJz1BOE0gKEYiEyz
 gIq5oLzkP/mOXoHRvWSZD2D0eHYIO7ovV2epVFK7g7p+dC4QoeIUEli+GF/Myg88
 dV/qmi+Sybck2RLPXa8Nh27/ETVQ7kE1Eafmx7EyCqIhG+5lwJAy3HwHUBwAYuzj
 iuZz5lD8aQmr8SKuvy3eOH9SVN5wh3YBlrNGwTStkESVLwIDAQABoxAwDjAMBgNV
 HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAWOPAUhZd3x9EQiFJcuxFTMd9q
 axgcriCzJsM6D96sYGko9xTeLhX/lr1bliVYI5AlupoLXAdMzGHJkOgaTirKjQXr
 F9nymDdUWKe3TmwGob5016nQlH7qRKvGO3hka0rOGRK2U/2JT/4Qp8iH/DFi6cyM
 uP0q8n64SAkxZXLzUuFQXqf7U/SNjzb9XJQEIAdjp7eYd3Qb4jDsDcX0FrKMF1aV
 r0dCDnS7am7WTXPYCDGdSkPgEHEtLYIYH3lZp5sKdVZ9wl4F0WNFkRWRUr7AXPjw
 50uLmUNmKCd8JZLMGA1TRNSTi7U9EcrWt0OkMWm74T2WVnAgNsDv2WrWsGfj
 -----END CERTIFICATE-----
--- a/certs/expired/factory.pem
+++ b/certs/expired/factory.pem
--- a/certs/demo/nortelCA.pem
+++ b/certs/demo/nortelCA.pem
--- a/Show More
+++ b/Show More