Bump version to 0.9.4

Ok, I'll do a few more final platform tests and then I'll roll the 0.9.4
tarball baby for us. PLEASE DO NOT COMMIT ANYTHING UNTIL YOU SEE MY FINAL COMMITS TO `STATUS' INDICATING THAT WE'VE REACHED 0.9.5-dev.
1999-08-09 10:40:38 +00:00 · 1999-08-09 10:25:36 +00:00 · 1999-08-09 10:16:51 +00:00 · 1999-08-08 22:41:24 +00:00 · 1999-08-08 19:12:26 +00:00 · 1999-08-08 14:21:04 +00:00
382 changed files with 13621 additions and 7762 deletions
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,3 +1,6 @@
 Makefile.ssl
 MINFO
 makefile.one
+tmp
+out
+outinc
--- a/394
+++ b/394
@@ -2,13 +2,393 @@
 OpenSSL CHANGES
 _______________

+ Changes between 0.9.3a and 0.9.4  [09 Aug 1999]
+  
+  *) Install libRSAglue.a when OpenSSL is built with RSAref.
+     [Ralf S. Engelschall]

- Changes between 0.9.2b and 0.9.3  [XX May 1999]
-                                   [I suggest using the same format for the
-                                   date as in opensslv.h.  0.9.1c used
-                                   hyphens in the date, so I wrote
-                                   [23-Dec-1998] down below; but in later
-                                   versions, these hyphens are gone.]
+  *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
+     [Andrija Antonijevic <TheAntony2@bigfoot.com>]
+
+  *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
+     program.
+     [Steve Henson]
+
+  *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
+     DH parameters/keys (q is lost during that conversion, but the resulting
+     DH parameters contain its length).
+
+     For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
+     much faster than DH_generate_parameters (which creates parameters
+     where p = 2*q + 1), and also the smaller q makes DH computations
+     much more efficient (160-bit exponentiation instead of 1024-bit
+     exponentiation); so this provides a convenient way to support DHE
+     ciphersuites in SSL/TLS servers (see ssl/ssltest.c).  It is of
+     utter importance to use
+         SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+     or
+         SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+     when such DH parameters are used, because otherwise small subgroup
+     attacks may become possible!
+     [Bodo Moeller]
+
+  *) Avoid memory leak in i2d_DHparams.
+     [Bodo Moeller]
+
+  *) Allow the -k option to be used more than once in the enc program:
+     this allows the same encrypted message to be read by multiple recipients.
+     [Steve Henson]
+
+  *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
+     an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
+     it will always use the numerical form of the OID, even if it has a short
+     or long name.
+     [Steve Henson]
+
+  *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+     method only got called if p,q,dmp1,dmq1,iqmp components were present,
+     otherwise bn_mod_exp was called. In the case of hardware keys for example
+     no private key components need be present and it might store extra data
+     in the RSA structure, which cannot be accessed from bn_mod_exp. By setting
+     RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key
+     operations.
+     [Steve Henson]
+
+  *) Added support for SPARC Linux.
+     [Andy Polyakov]
+
+  *) pem_password_cb function type incompatibly changed from
+          typedef int pem_password_cb(char *buf, int size, int rwflag);
+     to
+          ....(char *buf, int size, int rwflag, void *userdata);
+     so that applications can pass data to their callbacks:
+     The PEM[_ASN1]_{read,write}... functions and macros now take an
+     additional void * argument, which is just handed through whenever
+     the password callback is called.
+     [Damien Miller <dmiller@ilogic.com.au>, with tiny changes by Bodo Moeller]
+
+     New function SSL_CTX_set_default_passwd_cb_userdata.
+
+     Compatibility note: As many C implementations push function arguments
+     onto the stack in reverse order, the new library version is likely to
+     interoperate with programs that have been compiled with the old
+     pem_password_cb definition (PEM_whatever takes some data that
+     happens to be on the stack as its last argument, and the callback
+     just ignores this garbage); but there is no guarantee whatsoever that
+     this will work.
+
+  *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
+     (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
+     problems not only on Windows, but also on some Unix platforms.
+     To avoid problematic command lines, these definitions are now in an
+     auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
+     for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
+     [Bodo Moeller]
+
+  *) MIPS III/IV assembler module is reimplemented.
+     [Andy Polyakov]
+
+  *) More DES library cleanups: remove references to srand/rand and
+     delete an unused file.
+     [Ulf M<>ller]
+
+  *) Add support for the the free Netwide assembler (NASM) under Win32,
+     since not many people have MASM (ml) and it can be hard to obtain.
+     This is currently experimental but it seems to work OK and pass all
+     the tests. Check out INSTALL.W32 for info.
+     [Steve Henson]
+
+  *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
+     without temporary keys kept an extra copy of the server key,
+     and connections with temporary keys did not free everything in case
+     of an error.
+     [Bodo Moeller]
+
+  *) New function RSA_check_key and new openssl rsa option -check
+     for verifying the consistency of RSA keys.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) Various changes to make Win32 compile work: 
+     1. Casts to avoid "loss of data" warnings in p5_crpt2.c
+     2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
+        comparison" warnings.
+     3. Add sk_<TYPE>_sort to DEF file generator and do make update.
+     [Steve Henson]
+
+  *) Add a debugging option to PKCS#5 v2 key generation function: when
+     you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
+     derived keys are printed to stderr.
+     [Steve Henson]
+
+  *) Copy the flags in ASN1_STRING_dup().
+     [Roman E. Pavlov <pre@mo.msk.ru>]
+
+  *) The x509 application mishandled signing requests containing DSA
+     keys when the signing key was also DSA and the parameters didn't match.
+
+     It was supposed to omit the parameters when they matched the signing key:
+     the verifying software was then supposed to automatically use the CA's
+     parameters if they were absent from the end user certificate.
+
+     Omitting parameters is no longer recommended. The test was also
+     the wrong way round! This was probably due to unusual behaviour in
+     EVP_cmp_parameters() which returns 1 if the parameters match. 
+     This meant that parameters were omitted when they *didn't* match and
+     the certificate was useless. Certificates signed with 'ca' didn't have
+     this bug.
+     [Steve Henson, reported by Doug Erickson <Doug.Erickson@Part.NET>]
+
+  *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
+     The interface is as follows:
+     Applications can use
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
+     "off" is now the default.
+     The library internally uses
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
+     to disable memory-checking temporarily.
+
+     Some inconsistent states that previously were possible (and were
+     even the default) are now avoided.
+
+     -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
+     with each memory chunk allocated; this is occasionally more helpful
+     than just having a counter.
+
+     -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.
+
+     -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future
+     extensions.
+     [Bodo Moeller]
+
+  *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
+     which largely parallels "options", but is for changing API behaviour,
+     whereas "options" are about protocol behaviour.
+     Initial "mode" flags are:
+
+     SSL_MODE_ENABLE_PARTIAL_WRITE   Allow SSL_write to report success when
+                                     a single record has been written.
+     SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER  Don't insist that SSL_write
+                                     retries use the same buffer location.
+                                     (But all of the contents must be
+                                     copied!)
+     [Bodo Moeller]
+
+  *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode
+     worked.
+
+  *) Fix problems with no-hmac etc.
+     [Ulf M<>ller, pointed out by Brian Wellington <bwelling@tislabs.com>]
+
+  *) New functions RSA_get_default_method(), RSA_set_method() and
+     RSA_get_method(). These allows replacement of RSA_METHODs without having
+     to mess around with the internals of an RSA structure.
+     [Steve Henson]
+
+  *) Fix memory leaks in DSA_do_sign and DSA_is_prime.
+     Also really enable memory leak checks in openssl.c and in some
+     test programs.
+     [Chad C. Mulligan, Bodo Moeller]
+
+  *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
+     up the length of negative integers. This has now been simplified to just
+     store the length when it is first determined and use it later, rather
+     than trying to keep track of where data is copied and updating it to
+     point to the end.
+     [Steve Henson, reported by Brien Wheeler
+      <bwheeler@authentica-security.com>]
+
+  *) Add a new function PKCS7_signatureVerify. This allows the verification
+     of a PKCS#7 signature but with the signing certificate passed to the
+     function itself. This contrasts with PKCS7_dataVerify which assumes the
+     certificate is present in the PKCS#7 structure. This isn't always the
+     case: certificates can be omitted from a PKCS#7 structure and be
+     distributed by "out of band" means (such as a certificate database).
+     [Steve Henson]
+
+  *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
+     function prototypes in pem.h, also change util/mkdef.pl to add the
+     necessary function names. 
+     [Steve Henson]
+
+  *) mk1mf.pl (used by Windows builds) did not properly read the
+     options set by Configure in the top level Makefile, and Configure
+     was not even able to write more than one option correctly.
+     Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
+     [Bodo Moeller]
+
+  *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
+     file to be loaded from a BIO or FILE pointer. The BIO version will
+     for example allow memory BIOs to contain config info.
+     [Steve Henson]
+
+  *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
+     Whoever hopes to achieve shared-library compatibility across versions
+     must use this, not the compile-time macro.
+     (Exercise 0.9.4: Which is the minimum library version required by
+     such programs?)
+     Note: All this applies only to multi-threaded programs, others don't
+     need locks.
+     [Bodo Moeller]
+
+  *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
+     through a BIO pair triggered the default case, i.e.
+     SSLerr(...,SSL_R_UNKNOWN_STATE).
+     [Bodo Moeller]
+
+  *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
+     can use the SSL library even if none of the specific BIOs is
+     appropriate.
+     [Bodo Moeller]
+
+  *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
+     for the encoded length.
+     [Jeon KyoungHo <khjeon@sds.samsung.co.kr>]
+
+  *) Add initial documentation of the X509V3 functions.
+     [Steve Henson]
+
+  *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and 
+     PEM_write_bio_PKCS8PrivateKey() that are equivalent to
+     PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
+     secure PKCS#8 private key format with a high iteration count.
+     [Steve Henson]
+
+  *) Fix determination of Perl interpreter: A perl or perl5
+     _directory_ in $PATH was also accepted as the interpreter.
+     [Ralf S. Engelschall]
+
+  *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
+     wrong with it but it was very old and did things like calling
+     PEM_ASN1_read() directly and used MD5 for the hash not to mention some
+     unusual formatting.
+     [Steve Henson]
+
+  *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
+     to use the new extension code.
+     [Steve Henson]
+
+  *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
+     with macros. This should make it easier to change their form, add extra
+     arguments etc. Fix a few PEM prototypes which didn't have cipher as a
+     constant.
+     [Steve Henson]
+
+  *) Add to configuration table a new entry that can specify an alternative
+     name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
+     according to Mark Crispin <MRC@Panda.COM>.
+     [Bodo Moeller]
+
+#if 0
+  *) DES CBC did not update the IV. Weird.
+     [Ben Laurie]
+#else
+     des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
+     Changing the behaviour of the former might break existing programs --
+     where IV updating is needed, des_ncbc_encrypt can be used.
+#endif
+
+  *) When bntest is run from "make test" it drives bc to check its
+     calculations, as well as internally checking them. If an internal check
+     fails, it needs to cause bc to give a non-zero result or make test carries
+     on without noticing the failure. Fixed.
+     [Ben Laurie]
+
+  *) DES library cleanups.
+     [Ulf M<>ller]
+
+  *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
+     used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
+     ciphers. NOTE: although the key derivation function has been verified
+     against some published test vectors it has not been extensively tested
+     yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
+     of v2.0.
+     [Steve Henson]
+
+  *) Instead of "mkdir -p", which is not fully portable, use new
+     Perl script "util/mkdir-p.pl".
+     [Bodo Moeller]
+
+  *) Rewrite the way password based encryption (PBE) is handled. It used to
+     assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
+     structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
+     but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
+     the 'parameter' field of the AlgorithmIdentifier is passed to the
+     underlying key generation function so it must do its own ASN1 parsing.
+     This has also changed the EVP_PBE_CipherInit() function which now has a
+     'parameter' argument instead of literal salt and iteration count values
+     and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
+     [Steve Henson]
+
+  *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
+     and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
+     Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
+     KEY" because this clashed with PKCS#8 unencrypted string. Since this
+     value was just used as a "magic string" and not used directly its
+     value doesn't matter.
+     [Steve Henson]
+
+  *) Introduce some semblance of const correctness to BN. Shame C doesn't
+     support mutable.
+     [Ben Laurie]
+
+  *) "linux-sparc64" configuration (ultrapenguin).
+     [Ray Miller <ray.miller@oucs.ox.ac.uk>]
+     "linux-sparc" configuration.
+     [Christian Forster <fo@hawo.stw.uni-erlangen.de>]
+
+  *) config now generates no-xxx options for missing ciphers.
+     [Ulf M<>ller]
+
+  *) Support the EBCDIC character set (work in progress).
+     File ebcdic.c not yet included because it has a different license.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Support BS2000/OSD-POSIX.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Make callbacks for key generation use void * instead of char *.
+     [Ben Laurie]
+
+  *) Make S/MIME samples compile (not yet tested).
+     [Ben Laurie]
+
+  *) Additional typesafe stacks.
+     [Ben Laurie]
+
+  *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).
+     [Bodo Moeller]
+
+
+ Changes between 0.9.3 and 0.9.3a  [29 May 1999]
+
+  *) New configuration variant "sco5-gcc".
+
+  *) Updated some demos.
+     [Sean O Riordain, Wade Scholine]
+
+  *) Add missing BIO_free at exit of pkcs12 application.
+     [Wu Zhigang]
+
+  *) Fix memory leak in conf.c.
+     [Steve Henson]
+
+  *) Updates for Win32 to assembler version of MD5.
+     [Steve Henson]
+
+  *) Set #! path to perl in apps/der_chop to where we found it
+     instead of using a fixed path.
+     [Bodo Moeller]
+
+  *) SHA library changes for irix64-mips4-cc.
+     [Andy Polyakov]
+
+  *) Improvements for VMS support.
+     [Richard Levitte]
+
+
+ Changes between 0.9.2b and 0.9.3  [24 May 1999]

  *) Bignum library bug fix. IRIX 6 passes "make test" now!
     This also avoids the problems with SC4.2 and unpatched SC5.  
@@ -352,7 +732,7 @@
     [Ulf M<>ller]

  *) Tweaks to Configure
-     Niels Poppe <niels@netbox.org>
+     [Niels Poppe <niels@netbox.org>]

  *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
     yet...
--- a/329
+++ b/329
@@ -91,104 +91,142 @@ my %table=(
 #"b2-is-ri-dp",	"$tcc:$tflags::$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",

 # Our development configs
-"purify",	"purify gcc:-g -DPURIFY -Wall:(unknown):-lsocket -lnsl::::",
-"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:(unknown):-lefence::::",
-"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe:(unknown):::::",
-"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe:(unknown):::::",
-"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe:(unknown):::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-bodo",	"gcc:-DL_ENDIAN -O3 -g -m486 -Wall:-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"dist",		"cc:-O:(unknown):::::",
+"purify",	"purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
+"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-bodo",	"gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG_ALL -g -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"dist",		"cc:-O::(unknown):::::",

 # Basic configs that should work on any box
-"gcc",		"gcc:-O3:(unknown)::BN_LLONG:::",
-"cc",		"cc:-O:(unknown):::::",
+"gcc",		"gcc:-O3::(unknown)::BN_LLONG:::",
+"cc",		"cc:-O::(unknown):::::",

-# Solaris setups
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
-"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::",
-"solaris-usparc-gcc","gcc:-O3 -fomit-frame-pointer -mcpu=ultrasparc -Wall -DB_ENDIAN -DULTRASPARC:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc.o:::asm/md5-sparcv8plus.o:",
-"solaris-usparc-oldgcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN -DULTRASPARC:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc.o:::asm/md5-sparcv8plus.o:",
-"debug-solaris-sparc-gcc","gcc:-O3 -g -mv8 -Wall -DB_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
-"debug-solaris-usparc-gcc","gcc:-O3 -g -mcpu=ultrasparc -Wall -DB_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc.o::",
+#### Solaris x86 setups
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",

+#### SPARC Solaris with GNU C setups
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
+# but keep the assembler modules.
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o:",
+####
+"debug-solaris-sparcv8-gcc","gcc:-DREF_CHECK -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
+"debug-solaris-sparcv9-gcc","gcc:-DREF_CHECK -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o::",
+
+#### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:::",
-# SC4 is ok, better than gcc even on bn as long as you tell it -xarch=v8
-# -fast slows things like DES down quite a lot
-"solaris-sparc-cc","cc:-xarch=v8 -xstrconst -xO5 -xdepend -Xa -DB_ENDIAN -DBN_DIV2W:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
-"solaris-usparc-cc","cc:-xtarget=ultra -xarch=v8plus -xstrconst -xO5 -xdepend -Xa -DB_ENDIAN -DULTRASPARC -DBN_DIV2W:-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
-"solaris64-usparc-cc","cc:-xtarget=ultra -xarch=v9 -xstrconst -xO5 -xdepend -Xa -DB_ENDIAN -DULTRASPARC:-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:::",
+# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
+# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
+# SC5.0 note: Compiler common patch 107357-01 or later is required!
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+
+#### SPARC Linux setups
+"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR::",
+# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+# assisted with debugging of following two configs.
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::::",
+# it's a real mess with -mcpu=ultrasparc option under Linux, but
+# -Wa,-Av8plus should do the trick no matter what.
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+# !!!Folowing can't be even tested yet!!!
+#    We have to wait till 64-bit glibc for SPARC is operational!!!
+#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",

 # Sunos configs, assuming sparc for the gcc one.
-##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST:(unknown)::DES_UNROLL:::",
-"sunos-gcc","gcc:-O3 -mv8:(unknown)::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",
+##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::",
+"sunos-gcc","gcc:-O3 -mv8::(unknown)::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",

-# SGI configurations.  If the box is rather old (r3000 cpu), you will
-# probably have to remove the '-mips2' flag.  I've only been using
-# IRIX 5.[23].
-# I've recently done 32 and 64 bit mips assember, it make this RSA
-# 3 times faster, use if at all possible.
-#"irix-gcc","gcc:-O2 -mips2::SIXTY_FOUR_BIT BN_LLONG RC4_INDEX RC4_CHAR:::",
-"irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN:(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN:(unknown)::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
-"irix-mips3-gcc","gcc:-mips3 -O2 -DTERMIOS -DB_ENDIAN:(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:::",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN:(unknown)::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:::",
-"debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:(unknown):::::",
-# This is the n64 mode build. (Untested!)
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS:(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT:::",
+#### IRIX 5.x configs
+# -mips2 flag is added by ./config when appropriate.
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
+#### IRIX 6.x configs
+# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
+# './Configure irix-[g]cc' manually.
+# -mips4 flag is added by ./config when appropriate.
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN::(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+# N64 ABI builds.
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN::(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",

 # HPUX 9.X config.
-# Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or gcc.
-"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z:(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3:(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
+# egcs.  gcc 2.8.1 is also broken.
+
+"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
+# please report your OS and compiler version to the bugs@openssl.org
+# mailing list.
+"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
+
+"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# If hpux-gcc fails, try this one:
+"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
+
 # HPUX 10.X config.  Supports threads.
-"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z:-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3:-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
+"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+
+"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# If hpux10-gcc fails, try this one:
+"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
+
 # HPUX 11.X from www.globus.org.
 # Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
-"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit:-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
-"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit:-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
+"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",

 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3:(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:::",
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings:(unknown)::SIXTY_FOUR_BIT_LONG:::",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings:(unknown)::SIXTY_FOUR_BIT_LONG:::",
-"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:::",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:::",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:::",
+"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",

 # assembler versions -- currently defunct:
-##"alpha-gcc","gcc:-O3:(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::",
-##"alpha-cc", "cc:-tune host -O4 -readonly_strings:(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
-##"alpha164-cc", "cc:-tune host -fast -readonly_strings:(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
-##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
+##"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::",
+##"alpha-cc", "cc:-tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+##"alpha164-cc", "cc:-tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",

 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall:-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall:(unknown)::BN_LLONG:::",
-"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall:(unknown)::::",
-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN:(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-x86",	"gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-#"FreeBSD",   "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486:(unknown)::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
-"nextstep",	"cc:-O3 -Wall:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::::",
+"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
+"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw:(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",

 # UnixWare 2.0
-"unixware-2.0","cc:-O -DFILIO_H:(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
-"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread:(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",

 # IBM's AIX.
-"aix-cc",   "cc:-O -DAIX -DB_ENDIAN:(unknown)::BN_LLONG RC4_CHAR:::",
-"aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN:(unknown)::BN_LLONG RC4_CHAR:::",
+"aix-cc",   "cc:-O -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+"aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",

 #
 # Cray T90 (SDSC)
@@ -201,7 +239,7 @@ my %table=(
 #'Taking the address of a bit field is not allowed. '
 #'An expression with bit field exists as the operand of "sizeof" '
 # (written by Wayne Schroeder <schroede@SDSC.EDU>)
-"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS:(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",

 #
 # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
@@ -211,51 +249,57 @@ my %table=(
 # for some st_addr stuff, and then sizeof and address-of fails
 # I could not use the ams/alpha.o option because the Cray assembler, 'cam'
 # did not like it.
-"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS:(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",

 # DGUX, 88100.
-"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer:(unknown)::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer:(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN:(unknown):-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",

 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
-"sco5-cc",  "cc::(unknown):-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
+"sco5-cc",  "cc:::(unknown):-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...

 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
-"ReliantUNIX","cc:-KPIC -g -DSNI -DTERMIOS -DB_ENDIAN:-Kthread:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
-"SINIX","cc:-O -DSNI:(unknown):-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
-"SINIX-N","/usr/ucb/cc:-O2 -misaligned:(unknown):-lucb:RC4_INDEX RC4_CHAR:::",
+"ReliantUNIX","cc:-KPIC -g -DSNI -DTERMIOS -DB_ENDIAN::-Kthread:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
+"SINIX","cc:-O -DSNI::(unknown):-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown):-lucb:RC4_INDEX RC4_CHAR:::",
+
+# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
+"BS2000-OSD","c89:-XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",

 # Windows NT, Microsoft Visual C++ 4.0

-"VC-NT","cl::(unknown)::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
-"VC-WIN32","cl::(unknown)::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
-"VC-WIN16","cl::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-W31-16","cl::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
-"VC-W31-32","cl::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-MSDOS","cl::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
+"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
+"VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",

 # Borland C++ 4.5
-"BC-32","bcc32::(unknown)::BN_LLONG DES_PTR RC4_INDEX:::",
-"BC-16","bcc::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX:::",
+"BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",

 # CygWin32
-"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:(unknown):BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
+# and its library files in util/pl/*)
+"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",

 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
-"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN:(unknown)::::::",
-"ultrix-gcc","gcc:-O3 -DL_ENDIAN:(unknown)::::::",
+"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown)::::::",
 # K&R C is no longer supported; you need gcc on old Ultrix installations
-##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN:(unknown)::::::",
+##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",

 # Some OpenBSD from Bob Beck <beck@obtuse.com>
-"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486:(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer:(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
-"OpenBSD-mips","gcc:-O2 -DL_ENDIAN:(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
+"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
+"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
+"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",

 );

@@ -305,7 +349,10 @@ my $options="";
 foreach (@ARGV)
 	{
 	if (/^no-asm$/)
-		{ $no_asm=1; }
+	 	{
+		$no_asm=1;
+		$flags .= "-DNO_ASM ";
+		}
 	elsif (/^no-threads$/)
 		{ $no_threads=1; }
 	elsif (/^threads$/)
@@ -317,6 +364,12 @@ foreach (@ARGV)
 		$algo =~ tr/[a-z]/[A-Z]/;
 		$flags .= "-DNO_$algo ";
 		$depflags .= "-DNO_$algo ";
+		if ($algo eq "DES")
+			{
+			$options .= " no-mdc2";
+			$flags .= "-DNO_MDC2 ";
+			$depflags .= "-DNO_MDC2 ";
+			}
 		}
 	elsif (/^386$/)
 		{ $processor=386; }
@@ -363,7 +416,20 @@ foreach (@ARGV)
 		die "target already defined - $target\n" if ($target ne "");
 		$target=$_;
 		}
-	$options .= $_ unless $_ eq $target;
+	unless ($_ eq $target) {
+		if ($options eq "") {
+			$options = $_;
+		} else {
+			$options .= " ".$_;
+		}
+	}
+}
+
+if ($target eq "TABLE") {
+	foreach $target (sort keys %table) {
+		print_table_entry($target);
+	}
+	exit 0;
 }

 &usage if (!defined($table{$target}));
@@ -382,7 +448,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;

 print "IsWindows=$IsWindows\n";

-(my $cc,my $cflags,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
 $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
 	split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
 $cflags="$flags$cflags" if ($flags ne "");
@@ -469,13 +535,13 @@ while (<IN>)
 	{
 	chop;
 	$sdirs = 1 if /^SDIRS=/;
-	$sdirs = 0 unless /\\$/;
 	if ($sdirs) {
 		my $dir;
 		foreach $dir (@skip) {
 			s/$dir//;
 			}
 		}
+	$sdirs = 0 unless /\\$/;
 	s/^VERSION=.*/VERSION=$version/;
 	s/^MAJOR=.*/MAJOR=$major/;
 	s/^MINOR=.*/MINOR=$minor/;
@@ -570,6 +636,11 @@ while (<IN>)
 	{
 	if	(/^#define\s+OPENSSLDIR/)
 		{ print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
+	elsif	(/^#define\s+OPENSSL_UNISTD/)
+		{
+		$unistd = "<unistd.h>" if $unistd eq "";
+		print OUT "#define OPENSSL_UNISTD $unistd\n";
+		}
 	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
 		{ printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
 	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
@@ -618,6 +689,7 @@ while (<IN>)
 close(IN);
 close(OUT);

+
 # Fix the date

 print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
@@ -640,16 +712,31 @@ print "BF_PTR used\n" if $bf_ptr == 1;
 print "BF_PTR2 used\n" if $bf_ptr == 2; 

 if($IsWindows) {
-	open (OUT,">crypto/date.h") || die "Can't open date.h";
-	printf OUT "#define DATE \"%s\"\n", scalar gmtime();
+	open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+	printf OUT <<EOF;
+#ifndef MK1MF_BUILD
+  /* auto-generated by Configure for crypto/cversion.c:
+   * for Unix builds, crypto/Makefile.ssl generates functional definitions;
+   * Windows builds (and other mk1mf builds) compile cversion.c with
+   * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
+  #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
+#endif
+EOF
 	close(OUT);
-	system "perl crypto/objects/obj_dat.pl <crypto/objects/objects.h >crypto/objects/obj_dat.h";
+
+	system "perl crypto/objects/obj_dat.pl <crypto\\objects\\objects.h >crypto\\objects\\obj_dat.h";
 } else {
 	(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?;
 	### (system 'make depend') == 0 or exit $? if $depflags ne "";
 	# Run "make depend" manually if you want to be able to delete
 	# the source code files of ciphers you left out.
 	&dofile("tools/c_rehash",$openssldir,'^DIR=',	'DIR=%s',);
+	if ( $perl =~ m@^/@) {
+	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+	} else {
+	    # No path for Perl known ...
+	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
+	}	    
 }

 my $pwd;
@@ -689,7 +776,7 @@ print <<\EOF if (!$no_threads && !$threads);

 The library could not be configured for supporting multi-threaded
 applications as the compiler options required on this system are not known.
-See file INSTALL for details.
+See file INSTALL for details if you need multi-threading.

 EOF

@@ -723,7 +810,7 @@ sub which
 	my $path;
 	foreach $path (split /:/, $ENV{PATH})
 		{
-		if (-x "$path/$name")
+		if (-f "$path/$name" and -x _)
 			{
 			return "$path/$name" unless ($name eq "perl" and
 			 system("$path/$name -e " . '\'exit($]<5.0);\''));
@@ -750,3 +837,33 @@ sub dofile
 	rename($f,"$ff.bak") || die "unable to rename $f\n" if -e $f;
 	rename("$ff.new",$f) || die "unable to rename $ff.new\n";
 	}
+
+sub print_table_entry
+	{
+	my $target = shift;
+
+	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
+	my $bn_obj,my $des_obj,my $bf_obj,
+	$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
+	split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
+			
+	print <<EOF
+
+*** $target
+\$cc           = $cc
+\$cflags       = $cflags
+\$unistd       = $unistd
+\$thread_cflag = $thread_cflag
+\$lflags       = $lflags
+\$bn_ops       = $bn_ops
+\$bn_obj       = $bn_obj
+\$des_obj      = $des_obj
+\$bf_obj       = $bf_obj
+\$md5_obj      = $md5_obj
+\$sha1_obj     = $sha1_obj
+\$cast_obj     = $cast_obj
+\$rc4_obj      = $rc4_obj
+\$rmd160_obj   = $rmd160_obj
+\$rc5_obj      = $rc5_obj
+EOF
+	}
--- a/8
+++ b/8
@@ -119,6 +119,14 @@
     Include the output of "./config -t" and the OpenSSL version
     number in your message.

+     [If you encounter assembler error messages, try the "no-asm"
+     configuration option as an immediate fix.  Note that on Solaris x86
+     (not on Sparcs!) you may have to install the GNU assembler to use
+     OpenSSL assembler code -- /usr/ccs/bin/as won't do.]
+
+     Compiling parts of OpenSSL with gcc and others with the system
+     compiler will result in unresolved symbols on some systems.
+
  3. After a successful build, the libraries should be tested. Run:

       $ make test
--- a/INSTALL.VMS
+++ b/INSTALL.VMS
@@ -83,6 +83,10 @@ Note 2: if you want to compile the crypto library only, please make sure
        you have at least done a @MAKEVMS DATE and a @MAKEVMS SOFTLINKS.
        A lot of things will break if you don't.

+Note 3: Alpha users will get a number of informational messages when
+        compiling the [.asm]vms.mar file in the BN (bignum) part of
+        the crypto library.  These can be safely ignored.
+
 Test:
 =====

@@ -106,6 +110,9 @@ Installation is easy, just do the following:
 subdirectories, libraries, header files, programs and startup command
 procedures.

+N.B.: INSTALL.COM builds a new directory structure, different from
+the directory tree where you have now build OpenSSL.
+
 In the [.VMS] subdirectory of the installation, you will find the
 following command procedures:

@@ -216,3 +223,23 @@ for further info.
 -- 
 Richard Levitte <richard@levitte.org>
 1999-03-09
+
+
+TODO:
+=====
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <openssl-users@openssl.org> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <richard@levitte.org>
+1999-05-24
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -13,6 +13,24 @@
  * Borland C
  * GNU C (Mingw32 or Cygwin32)

+ If you want to compile in the assembly language routines with Visual C++ then
+ you will need an assembler. This is worth doing because it will result in
+ faster code: for example it will typically result in a 2 times speedup in the
+ RSA routines. Currently the following assemblers are supported:
+
+  * Microsoft MASM (aka "ml")
+  * Free Netwide Assembler NASM.
+
+ MASM was I believe distributed in the past with VC++ and it is also part of
+ the MSDN SDKs. It is no longer distributed as part of VC++ and can be hard
+ to get hold of. It can be purchased: see Microsoft's site for details at:
+ http://www.microsoft.com/
+
+ NASM is freely available. Version 0.98 was used during testing: other versions
+ may also work. It is available from many places, see for example:
+ http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
+ The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
+
 If you are compiling from a tarball or a CVS snapshot then the Win32 files
 may well be not up to date. This may mean that some "tweaking" is required to
 get it all to work. See the trouble shooting section later on for if (when?)
@@ -21,10 +39,24 @@
 Visual C++
 ----------

- Firstly you should run Configure and build the Win32 Makefiles:
+ Firstly you should run Configure:

 > perl Configure VC-WIN32
- > ms\do_ms
+
+ Next you need to build the Makefiles and optionally the assembly language
+ files:
+
+ - If you are using MASM then run:
+
+   > ms\do_masm
+
+ - If you are using NASM then run:
+
+   > ms\do_nasm
+
+ - If you don't want to use the assembly language files at all then run:
+
+   > ms\do_ms

 If you get errors about things not having numbers assigned then check the
 troubleshooting section: you probably wont be able to compile it as it
@@ -42,10 +74,10 @@

 Tweaks:

- There are various changes you can make to the Win32 compile environment. If
- you have the MASM assembler 'ml' then you can try the assembly language code.
- To do this remove the 'no-asm' part from do_ms.bat. You can also add 'debug'
- here to make a debugging version of the library.
+ There are various changes you can make to the Win32 compile environment. By
+ default the library is not compiled with debugging symbols. If you add 'debug'
+ to the mk1mk.pl lines in the do_* batch file then debugging symbols will be
+ compiled in.

 The default Win32 environment is to leave out any Windows NT specific
 features.
@@ -108,7 +140,7 @@

 > perl util\mkdef.pl crypto ssl update

- then ms\do_ms should not give a warning any more. However the numbers that
+ then ms\do_XXX should not give a warning any more. However the numbers that
 get assigned by this technique may not match those that eventually get
 assigned in the CVS tree: so anything linked against this version of the
 library may need to be recompiled.
--- a/Makefile.org
+++ b/Makefile.org
@@ -179,7 +179,8 @@ all: Makefile.ssl
 	do \
 	(cd $$i && echo "making all in $$i..." && \
 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
-	done;
+	done
+	-@# cd perl; $(PERL) Makefile.PL; make

 sub_all:
 	@for i in $(DIRS) ;\
@@ -207,8 +208,7 @@ linux-shared:

 Makefile.ssl: Makefile.org
 	@echo "Makefile.ssl is older than Makefile.org."
-	@echo "Reconfigure the source tree (via 'perl Configure' or 'sh config')"
-	@echo "and update the error lists (via 'make errors'), please."
+	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
 	@false

 libclean:
@@ -243,7 +243,7 @@ files:

 links:
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
-	@-mkdir -p include/openssl 2>/dev/null
+	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
 	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
 	@for i in $(DIRS); do \
 	(cd $$i && echo "making links in $$i..." && \
@@ -271,7 +271,7 @@ tests: rehash
 depend:
 	@for i in $(DIRS) ;\
 	do \
-	(cd $$i && echo "making dependancies $$i..." && \
+	(cd $$i && echo "making dependencies $$i..." && \
 	$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
 	done;

@@ -292,9 +292,21 @@ tags:
 errors:
 	perl util/mkerr.pl -recurse -write

+util/libeay.num::
+	perl util/mkdef.pl crypto update
+
+util/ssleay.num::
+	perl util/mkdef.pl ssl update
+
+TABLE: Configure
+	(echo 'Output of `Configure TABLE'"':"; \
+	perl Configure TABLE) > TABLE
+
+update: depend errors util/libeay.num util/ssleay.num TABLE
+
 tar:
 	@tar --norecurse -cvf - \
-		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS | sort` |\
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\
@@ -311,13 +323,13 @@ dist_pem_h:
 	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)

 install: all
-	@-mkdir -p $(INSTALL_PREFIX)$(INSTALLTOP)/bin 2>/dev/null
-	@-mkdir -p $(INSTALL_PREFIX)$(INSTALLTOP)/lib 2>/dev/null
-	@-mkdir -p $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl 2>/dev/null
-	@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/misc 2>/dev/null
-	@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/certs 2>/dev/null
-	@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/private 2>/dev/null
-	@-mkdir -p $(INSTALL_PREFIX)$(OPENSSLDIR)/lib 2>/dev/null
+	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/private \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/lib
 	@for i in $(EXHEADER) ;\
 	do \
 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
--- a/11
+++ b/11
@@ -5,6 +5,17 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

+  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
+
+      o Transparent support for PKCS#8 format private keys: these are used
+        by several software packages and are more secure than the standard
+        form
+      o PKCS#5 v2.0 implementation
+      o Password callbacks have a new void * argument for application data
+      o Avoid various memory leaks
+      o New pipe-like BIO that allows using the SSL library when actual I/O
+        must be handled by the application (BIO pair)
+
  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
      o Lots of enhancements and cleanups to the Configuration mechanism
      o RSA OEAP related fixes
--- a/2
+++ b/2
@@ -1,5 +1,5 @@

- OpenSSL 0.9.2b 22-Mar-1999
+ OpenSSL 0.9.4  09 Aug 1999

 Copyright (c) 1998-1999 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/33
+++ b/33
@@ -1,23 +1,17 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/05/20 01:42:57 $
+  ______________                           $Date: 1999/08/09 10:25:36 $

  DEVELOPMENT STATE

-    o  OpenSSL 0.9.3:  Freezed... only bugfixes and cleanups allowed!
-                       Proposed release date: Mon May 24th, 1999
-                       Release manager: Ben Laurie <ben@openssl.org>
-                       !! Important: Any non-bugfix, non-cleanup
-                       !! and non-documentation commits should
-                       !! be approved by Ben, first.
-
+    o  OpenSSL 0.9.4:  Is rolled the next hour...
+    o  OpenSSL 0.9.3a: Released on May      29th, 1999
+    o  OpenSSL 0.9.3:  Released on May      25th, 1999
    o  OpenSSL 0.9.2b: Released on March    22th, 1999
    o  OpenSSL 0.9.1c: Released on December 23th, 1998

  RELEASE SHOWSTOPPERS

-    o BSD/OS: assembler functions must not have leading underscores
-
  AVAILABLE PATCHES

    o OCSP (titchenert@certco.com) 
@@ -27,8 +21,6 @@

    o Steve is currently working on (in no particular order):
        Proper (or at least usable) certificate chain verification.
-        Documentation on X509 V3 extension code.
-	PKCS #8 and PKCS#5 v2.0 support.
 	Private key, certificate and CRL API and implementation.
 	Checking and bugfixing PKCS#7 (S/MIME code).

@@ -62,20 +54,16 @@

  NEEDS PATCH

-    o  broken demos
    o  salzr@certco.com (Rich Salz): Bug in X509_name_print
       <29E0A6D39ABED111A36000A0C99609CA2C2BA4@macertco-srv1.ma.certco.com>
-    o  [ Compilation warnings: ctype-related int vs. char ]
-       => now casts (unsigned char), maybe those arrays should have
-          members of that type rather than plain char (i.e.
-          unsigned char *p; ....; if (isspace(*p)) ...; where it's now
-          char *p; ....; if (isspace((unsigned char)*p)) ...;)
    o  $(PERL) in */Makefile.ssl
    o  "Sign the certificate?" - "n" creates empty certificate file
-    o  dubious declaration of crypt() in des.h

  OPEN ISSUES

+    o internal_verify doesn't know about X509.v3 (basicConstraints
+      CA flag ...)
+
    o  The Makefile hierarchy and build mechanism is still not a round thing:

       1. The config vs. Configure scripts
@@ -129,9 +117,4 @@

  WISHES

-    o  Mats Nilsson <mats.nilsson@xware.se>:
-       "Add reference counting to all substructures of X509 etc. For instance,
-       X509_NAME lacks a reference counter, while EVP_PKEY has one.  I'm
-       making COM-wrappers for selected parts of SSLeay for a project of ours,
-       and has found this inconsistency in copy semantics annoying."
-
+    o 
--- a/1548
+++ b/1548
--- a/VMS/00README.1st
+++ b/VMS/00README.1st
@@ -1,63 +0,0 @@
-			OpenSSL 0.9.2c for VMS, README
-			written by Richard Levitte
-			<richard@levitte.org>
-
-
-For a more general overview of SSLeay, read README.
-If you just want to compile and install, read INSTALL.VMS
-
-
-A few notes:
-
-Things NOT done:
-================
-
-There are a bunch of directories that aren't touched on VMS so far.
-If anyone wants to add those capabilities, go right ahead.
-
-The directories not touched but that might be of interest in the
-future are:
-
-  [.DEMOS]
-  [.TOOLS]
-  [.UTIL]
-
-
-Things added by me:
-===================
-
-[.VMS]       a directory with VMS command procedures.  Right now,
-             there are a two of them, of which one is not finished.
-
-
-Things removed:
-===============
-
-In some other patch kits, there were things very OSU-httpd specific
-things.  I haven't included those, because they seem to belong more
-with the OSU source.
-
-I am, however, assembling those things in a separate package.
-
-
-TODO:
-=====
-
- Description files.
- Bug fixes (of course).
- A VMSINSTALlable version (way in the future, unless someone else hacks).
- shareable images (DLL for you Windows folks).
- other...  Please send me ideas.
-
-
-Report bugs and such:
-=====================
-
-I maintain a few mailinglists for bug reports and such on software that
-I develop/port/enhance/destroy.  Please look at http://www.free.lp.se/
-for further info.
-
-
-- 
-Richard Levitte <richard@levitte.org>
-1999-03-09
--- a/VMS/TODO
+++ b/VMS/TODO
@@ -0,0 +1,18 @@
+TODO:
+=====
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <openssl-users@openssl.org> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <richard@levitte.org>
+1999-05-24
--- a/VMS/install.com
+++ b/VMS/install.com
@@ -29,9 +29,15 @@ $	DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
 $
 $	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
 	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLINCLUDE:
 $	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
 	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
 $
+$	EXHEADER := vms_idhacks.h
+$
+$	COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG
+$
 $	OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
 $	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
 $	WRITE SF "$! Startup file for Openssl 0.9.2-RL 15-Mar-1999"
--- a/VMS/openssl_utils.com
+++ b/VMS/openssl_utils.com
@@ -24,6 +24,7 @@ $ DSA      :== $SSLEXE:OPENSSL DSA
 $ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
 $ X509     :== $SSLEXE:OPENSSL X509
 $ GENRSA   :== $SSLEXE:OPENSSL GENRSA
+$ GENDSA   :== $SSLEXE:OPENSSL GENDSA
 $ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
 $ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
 $ SPEED    :== $SSLEXE:OPENSSL SPEED
@@ -33,3 +34,5 @@ $ PKCS7    :== $SSLEXE:OPENSSL PKCS7
 $ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
 $ SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
 $ CIPHERS  :== $SSLEXE:OPENSSL CIPHERS
+$ NSEQ     :== $SSLEXE:OPENSSL NSEQ
+$ PKCS12   :== $SSLEXE:OPENSSL PKCS12
--- a/VMS/vms_idhacks.h
+++ b/VMS/vms_idhacks.h
@@ -0,0 +1,126 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_VMS_IDHACKS_H
+#define HEADER_VMS_IDHACKS_H
+
+#ifdef VMS
+
+/* Hack the names created with DECLARE_STACK_OF(PKCS7_SIGNER_INFO) */
+#define sk_PKCS7_SIGNER_INFO_new	sk_PKCS7_SIGINF_new
+#define sk_PKCS7_SIGNER_INFO_new_null	sk_PKCS7_SIGINF_new_null
+#define sk_PKCS7_SIGNER_INFO_free	sk_PKCS7_SIGINF_free
+#define sk_PKCS7_SIGNER_INFO_num	sk_PKCS7_SIGINF_num
+#define sk_PKCS7_SIGNER_INFO_value	sk_PKCS7_SIGINF_value
+#define sk_PKCS7_SIGNER_INFO_set	sk_PKCS7_SIGINF_set
+#define sk_PKCS7_SIGNER_INFO_zero	sk_PKCS7_SIGINF_zero
+#define sk_PKCS7_SIGNER_INFO_push	sk_PKCS7_SIGINF_push
+#define sk_PKCS7_SIGNER_INFO_unshift	sk_PKCS7_SIGINF_unshift
+#define sk_PKCS7_SIGNER_INFO_find	sk_PKCS7_SIGINF_find
+#define sk_PKCS7_SIGNER_INFO_delete	sk_PKCS7_SIGINF_delete
+#define sk_PKCS7_SIGNER_INFO_delete_ptr	sk_PKCS7_SIGINF_delete_ptr
+#define sk_PKCS7_SIGNER_INFO_insert	sk_PKCS7_SIGINF_insert
+#define sk_PKCS7_SIGNER_INFO_set_cmp_func	sk_PKCS7_SIGINF_set_cmp_func
+#define sk_PKCS7_SIGNER_INFO_dup	sk_PKCS7_SIGINF_dup
+#define sk_PKCS7_SIGNER_INFO_pop_free	sk_PKCS7_SIGINF_pop_free
+#define sk_PKCS7_SIGNER_INFO_shift	sk_PKCS7_SIGINF_shift
+#define sk_PKCS7_SIGNER_INFO_pop	sk_PKCS7_SIGINF_pop
+#define sk_PKCS7_SIGNER_INFO_sort	sk_PKCS7_SIGINF_sort
+
+/* Hack the names created with DECLARE_STACK_OF(PKCS7_RECIP_INFO) */
+#define sk_PKCS7_RECIP_INFO_new		sk_PKCS7_RECINF_new
+#define sk_PKCS7_RECIP_INFO_new_null	sk_PKCS7_RECINF_new_null
+#define sk_PKCS7_RECIP_INFO_free	sk_PKCS7_RECINF_free
+#define sk_PKCS7_RECIP_INFO_num		sk_PKCS7_RECINF_num
+#define sk_PKCS7_RECIP_INFO_value	sk_PKCS7_RECINF_value
+#define sk_PKCS7_RECIP_INFO_set		sk_PKCS7_RECINF_set
+#define sk_PKCS7_RECIP_INFO_zero	sk_PKCS7_RECINF_zero
+#define sk_PKCS7_RECIP_INFO_push	sk_PKCS7_RECINF_push
+#define sk_PKCS7_RECIP_INFO_unshift	sk_PKCS7_RECINF_unshift
+#define sk_PKCS7_RECIP_INFO_find	sk_PKCS7_RECINF_find
+#define sk_PKCS7_RECIP_INFO_delete	sk_PKCS7_RECINF_delete
+#define sk_PKCS7_RECIP_INFO_delete_ptr	sk_PKCS7_RECINF_delete_ptr
+#define sk_PKCS7_RECIP_INFO_insert	sk_PKCS7_RECINF_insert
+#define sk_PKCS7_RECIP_INFO_set_cmp_func	sk_PKCS7_RECINF_set_cmp_func
+#define sk_PKCS7_RECIP_INFO_dup		sk_PKCS7_RECINF_dup
+#define sk_PKCS7_RECIP_INFO_pop_free	sk_PKCS7_RECINF_pop_free
+#define sk_PKCS7_RECIP_INFO_shift	sk_PKCS7_RECINF_shift
+#define sk_PKCS7_RECIP_INFO_pop		sk_PKCS7_RECINF_pop
+#define sk_PKCS7_RECIP_INFO_sort	sk_PKCS7_RECINF_sort
+
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
+#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF
+#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF
+
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
+#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECGINF
+#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECGINF
+
+/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
+#define PEM_read_NETSCAPE_CERT_SEQUENCE		PEM_read_NS_CERT_SEQUENCE
+#define PEM_write_NETSCAPE_CERT_SEQUENCE	PEM_write_NS_CERT_SEQUENCE
+#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE	PEM_read_bio_NS_CERT_SEQUENCE
+#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_bio_NS_CERT_SEQUENCE
+#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_cb_bio_NS_CERT_SEQUENCE
+
+/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */
+#define PEM_read_PKCS8_PRIV_KEY_INFO		PEM_read_P8_PRIV_KEY_INFO
+#define PEM_write_PKCS8_PRIV_KEY_INFO		PEM_write_P8_PRIV_KEY_INFO
+#define PEM_read_bio_PKCS8_PRIV_KEY_INFO	PEM_read_bio_P8_PRIV_KEY_INFO
+#define PEM_write_bio_PKCS8_PRIV_KEY_INFO	PEM_write_bio_P8_PRIV_KEY_INFO
+#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO	PEM_write_cb_bio_P8_PRIV_KEY_INFO
+
+#endif /* defined VMS */
+
+#endif /* ! defined HEADER_VMS_IDHACKS_H */
--- a/apps/.cvsignore
+++ b/apps/.cvsignore
@@ -1,2 +1,4 @@
 openssl
 Makefile.save
+der_chop
+der_chop.bak
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -36,7 +36,8 @@ EXE= $(PROGRAM)
 E_EXE=	verify asn1pars req dgst dh enc gendh errstr ca crl \
 	rsa dsa dsaparam \
 	x509 genrsa gendsa s_server s_client speed \
-	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12
+	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+	pkcs8

 PROGS= $(PROGRAM).c

@@ -50,7 +51,7 @@ E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
 	rsa.o dsa.o dsaparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
-	ciphers.o nseq.o pkcs12.o
+	ciphers.o nseq.o pkcs12.o pkcs8.o

 #	pem_mail.o

@@ -59,7 +60,7 @@ E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
 	rsa.c dsa.c dsaparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
-	ciphers.c nseq.c
+	ciphers.c nseq.c pkcs12.c pkcs8.c

 #	pem_mail.c

@@ -145,8 +146,8 @@ progs.h:

 apps.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 apps.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-apps.o: ../include/openssl/e_os2.h ../include/openssl/opensslv.h
-apps.o: ../include/openssl/stack.h apps.h progs.h
+apps.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+apps.o: ../include/openssl/opensslv.h ../include/openssl/stack.h apps.h progs.h
 asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -208,11 +209,12 @@ ciphers.o: progs.h
 crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-crl.o: ../include/openssl/crypto.h ../include/openssl/des.h
-crl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-crl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-crl.o: ../include/openssl/err.h ../include/openssl/evp.h
-crl.o: ../include/openssl/idea.h ../include/openssl/md2.h
+crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+crl.o: ../include/openssl/des.h ../include/openssl/dh.h
+crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
 crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
@@ -440,6 +442,24 @@ openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs12.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs12.o: ../include/openssl/stack.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509_vfy.h apps.h progs.h
 pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -457,6 +477,24 @@ pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs8.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs8.o: ../include/openssl/stack.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509_vfy.h apps.h progs.h
 req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -671,11 +709,12 @@ version.o: ../include/openssl/sha.h ../include/openssl/stack.h apps.h progs.h
 x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-x509.o: ../include/openssl/crypto.h ../include/openssl/des.h
-x509.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-x509.o: ../include/openssl/err.h ../include/openssl/evp.h
-x509.o: ../include/openssl/idea.h ../include/openssl/md2.h
+x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+x509.o: ../include/openssl/des.h ../include/openssl/dh.h
+x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
 x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -247,8 +247,8 @@ int WIN32_rename(char *from, char *to)
 	ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
 	return(ret?0:-1);
 #else
-        unlink(to);
-        return MoveFile(from, to);
+	unlink(to);
+	return MoveFile(from, to);
 #endif
 	}
 #endif
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -122,10 +122,10 @@ extern BIO *bio_err;
 #endif

 typedef struct args_st
-        {
-        char **data;
+	{
+	char **data;
 	int count;
-        } ARGS;
+	} ARGS;

 int should_retry(int i);
 int args_from_file(char *file, int *argc, char **argv[]);
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -114,6 +114,7 @@
 #define ENV_RANDFILE		"RANDFILE"
 #define ENV_DEFAULT_DAYS 	"default_days"
 #define ENV_DEFAULT_STARTDATE 	"default_startdate"
+#define ENV_DEFAULT_ENDDATE 	"default_enddate"
 #define ENV_DEFAULT_CRL_DAYS 	"default_crl_days"
 #define ENV_DEFAULT_CRL_HOURS 	"default_crl_hours"
 #define ENV_DEFAULT_MD		"default_md"
@@ -173,7 +174,7 @@ extern int EF_ALIGNMENT;

 static int add_oid_section(LHASH *conf);
 static void lookup_fail(char *name,char *tag);
-static int MS_CALLBACK key_callback(char *buf,int len,int verify);
+static int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
 static unsigned long index_serial_hash(char **a);
 static int index_serial_cmp(char **a, char **b);
 static unsigned long index_name_hash(char **a);
@@ -182,23 +183,25 @@ static int index_name_cmp(char **a,char **b);
 static BIGNUM *load_serial(char *serialfile);
 static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-		   const EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,
-		   char *startdate,int days,int batch,char *ext_sect,
-		   LHASH *conf,int verbose);
+		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
+		   BIGNUM *serial, char *startdate,char *enddate, int days,
+		   int batch, char *ext_sect, LHASH *conf,int verbose);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-			const EVP_MD *dgst,STACK *policy,TXT_DB *db,
-			BIGNUM *serial,char *startdate,int days,int batch,
-			char *ext_sect, LHASH *conf,int verbose);
+			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
+			TXT_DB *db, BIGNUM *serial,char *startdate,
+			char *enddate, int days, int batch, char *ext_sect,
+			LHASH *conf,int verbose);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-			 const EVP_MD *dgst,STACK *policy,TXT_DB *db,
-			 BIGNUM *serial,char *startdate,int days,
-			 char *ext_sect,LHASH *conf,int verbose);
+			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
+			 TXT_DB *db, BIGNUM *serial,char *startdate,
+			 char *enddate, int days, char *ext_sect,LHASH *conf,
+				int verbose);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate,
-	int days, int batch, int verbose, X509_REQ *req, char *ext_sect,
-	LHASH *conf);
+	STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
+	char *startdate, char *enddate, int days, int batch, int verbose,
+	X509_REQ *req, char *ext_sect, LHASH *conf);
 static int do_revoke(X509 *x509, TXT_DB *db);
 static int check_time_format(char *str);
 static LHASH *conf;
@@ -238,6 +241,7 @@ int MAIN(int argc, char **argv)
 	char *crl_ext=NULL;
 	BIGNUM *serial=NULL;
 	char *startdate=NULL;
+	char *enddate=NULL;
 	int days=0;
 	int batch=0;
 	X509 *x509=NULL;
@@ -252,7 +256,7 @@ int MAIN(int argc, char **argv)
 	int i,j;
 	long l;
 	const EVP_MD *dgst=NULL;
-	STACK *attribs=NULL;
+	STACK_OF(CONF_VALUE) *attribs=NULL;
 	STACK *cert_sk=NULL;
 	BIO *hex=NULL;
 #undef BSIZE
@@ -295,6 +299,11 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			startdate= *(++argv);
 			}
+		else if (strcmp(*argv,"-enddate") == 0)
+			{
+			if (--argc < 1) goto bad;
+			enddate= *(++argv);
+			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -499,10 +508,10 @@ bad:
 		goto err;
 		}
 	if (key == NULL)
-		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL);
+		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
 	else
 		{
-		pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback);
+		pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,NULL);
 		memset(key,0,strlen(key));
 		}
 	if (pkey == NULL)
@@ -525,7 +534,7 @@ bad:
 		BIO_printf(bio_err,"trying to load CA certificate\n");
 		goto err;
 		}
-	x509=PEM_read_bio_X509(in,NULL,NULL);
+	x509=PEM_read_bio_X509(in,NULL,NULL,NULL);
 	if (x509 == NULL)
 		{
 		BIO_printf(bio_err,"unable to load CA certificate\n");
@@ -590,7 +599,7 @@ bad:
 		lookup_fail(section,ENV_DATABASE);
 		goto err;
 		}
-        if (BIO_read_filename(in,dbfile) <= 0)
+	if (BIO_read_filename(in,dbfile) <= 0)
 		{
 		perror(dbfile);
 		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
@@ -729,18 +738,25 @@ bad:

 		if (startdate == NULL)
 			{
-			startdate=(char *)CONF_get_string(conf,section,
+			startdate=CONF_get_string(conf,section,
 				ENV_DEFAULT_STARTDATE);
-			if (startdate == NULL)
-				startdate="today";
-			else
-				{
-				if (!ASN1_UTCTIME_set_string(NULL,startdate))
-					{
-					BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSS\n");
-					goto err;
-					}
-				}
+			}
+		if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
+			{
+			BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
+			goto err;
+			}
+		if (startdate == NULL) startdate="today";
+
+		if (enddate == NULL)
+			{
+			enddate=CONF_get_string(conf,section,
+				ENV_DEFAULT_ENDDATE);
+			}
+		if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
+			{
+			BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
+			goto err;
 			}

 		if (days == 0)
@@ -748,7 +764,7 @@ bad:
 			days=(int)CONF_get_number(conf,section,
 				ENV_DEFAULT_DAYS);
 			}
-		if (days == 0)
+		if (!enddate && (days == 0))
 			{
 			BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
 			goto err;
@@ -781,7 +797,8 @@ bad:
 			{
 			total++;
 			j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
-				serial,startdate,days,extensions,conf,verbose);
+				serial,startdate,enddate, days,extensions,conf,
+				verbose);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -804,7 +821,7 @@ bad:
 			{
 			total++;
 			j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
-				db,serial,startdate,days,batch,
+				db,serial,startdate,enddate,days,batch,
 				extensions,conf,verbose);
 			if (j < 0) goto err;
 			if (j > 0)
@@ -823,7 +840,7 @@ bad:
 			{
 			total++;
 			j=certify(&x,infile,pkey,x509,dgst,attribs,db,
-				serial,startdate,days,batch,
+				serial,startdate,enddate,days,batch,
 				extensions,conf,verbose);
 			if (j < 0) goto err;
 			if (j > 0)
@@ -842,7 +859,7 @@ bad:
 			{
 			total++;
 			j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
-				serial,startdate,days,batch,
+				serial,startdate,enddate,days,batch,
 				extensions,conf,verbose);
 			if (j < 0) goto err;
 			if (j > 0)
@@ -866,7 +883,7 @@ bad:
 			if (!batch)
 				{
 				BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
-				BIO_flush(bio_err);
+				(void)BIO_flush(bio_err);
 				buf[0][0]='\0';
 				fgets(buf[0],10,stdin);
 				if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
@@ -1067,21 +1084,21 @@ bad:
 					strlen(pp[DB_rev_date]));
 				/* strcpy(r->revocationDate,pp[DB_rev_date]);*/

-				BIO_reset(hex);
+				(void)BIO_reset(hex);
 				if (!BIO_puts(hex,pp[DB_serial]))
 					goto err;
 				if (!a2i_ASN1_INTEGER(hex,r->serialNumber,
 					buf[0],BSIZE)) goto err;

-				sk_push(ci->revoked,(char *)r);
+				sk_X509_REVOKED_push(ci->revoked,r);
 				}
 			}
 		/* sort the data so it will be written in serial
 		 * number order */
-		sk_find(ci->revoked,NULL);
-		for (i=0; i<sk_num(ci->revoked); i++)
+		sk_X509_REVOKED_sort(ci->revoked);
+		for (i=0; i<sk_X509_REVOKED_num(ci->revoked); i++)
 			{
-			r=(X509_REVOKED *)sk_value(ci->revoked,i);
+			r=sk_X509_REVOKED_value(ci->revoked,i);
 			r->sequence=i;
 			}

@@ -1126,65 +1143,65 @@ bad:
 	/*****************************************************************/
 	if (dorevoke)
 		{
-        	in=BIO_new(BIO_s_file());
-        	out=BIO_new(BIO_s_file());
-        	if ((in == NULL) || (out == NULL))
-                	{
-                	ERR_print_errors(bio_err);
-                	goto err;
-                	}
-        	if (infile == NULL) 
-                	{
-                	BIO_printf(bio_err,"no input files\n");
-                	goto err;
-                	}
+		in=BIO_new(BIO_s_file());
+		out=BIO_new(BIO_s_file());
+		if ((in == NULL) || (out == NULL))
+			{
+			ERR_print_errors(bio_err);
+			goto err;
+			}
+		if (infile == NULL) 
+			{
+			BIO_printf(bio_err,"no input files\n");
+			goto err;
+			}
 		else
 			{
-                	if (BIO_read_filename(in,infile) <= 0)
-                		{
-                        	perror(infile);
-                        	BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile);
-                        	goto err;
-                		}
-                	x509=PEM_read_bio_X509(in,NULL,NULL);
-                	if (x509 == NULL)
-                		{
-                        	BIO_printf(bio_err,"unable to load '%s' certificate\n",infile);
+			if (BIO_read_filename(in,infile) <= 0)
+				{
+				perror(infile);
+				BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile);
 				goto err;
-                		}
-                	j=do_revoke(x509,db);
+				}
+			x509=PEM_read_bio_X509(in,NULL,NULL,NULL);
+			if (x509 == NULL)
+				{
+				BIO_printf(bio_err,"unable to load '%s' certificate\n",infile);
+				goto err;
+				}
+			j=do_revoke(x509,db);

 			strncpy(buf[0],dbfile,BSIZE-4);
-                	strcat(buf[0],".new");
-                	if (BIO_write_filename(out,buf[0]) <= 0)
-                		{
-                        	perror(dbfile);
-                        	BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
-                        	goto err;
-                		}
-                	j=TXT_DB_write(out,db);
-                	if (j <= 0) goto err;
-                	BIO_free(in);
-                	BIO_free(out);
-                	in=NULL;
-                	out=NULL;
-                	strncpy(buf[1],dbfile,BSIZE-4);
-                	strcat(buf[1],".old");
-                	if (rename(dbfile,buf[1]) < 0)
-                		{
-                        	BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
-                        	perror("reason");
-                        	goto err;
-                		}
-	                if (rename(buf[0],dbfile) < 0)
-                		{
-                        	BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
-                        	perror("reason");
-                        	rename(buf[1],dbfile);
-                        	goto err;
-                		}
-                	BIO_printf(bio_err,"Data Base Updated\n"); 
-		        }
+			strcat(buf[0],".new");
+			if (BIO_write_filename(out,buf[0]) <= 0)
+				{
+				perror(dbfile);
+				BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+				goto err;
+				}
+			j=TXT_DB_write(out,db);
+			if (j <= 0) goto err;
+			BIO_free(in);
+			BIO_free(out);
+			in=NULL;
+			out=NULL;
+			strncpy(buf[1],dbfile,BSIZE-4);
+			strcat(buf[1],".old");
+			if (rename(dbfile,buf[1]) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
+				perror("reason");
+				goto err;
+				}
+			if (rename(buf[0],dbfile) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
+				perror("reason");
+				rename(buf[1],dbfile);
+				goto err;
+				}
+			BIO_printf(bio_err,"Data Base Updated\n"); 
+			}
 		}
 	/*****************************************************************/
 	ret=0;
@@ -1214,7 +1231,7 @@ static void lookup_fail(char *name, char *tag)
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}

-static int MS_CALLBACK key_callback(char *buf, int len, int verify)
+static int MS_CALLBACK key_callback(char *buf, int len, int verify, void *u)
 	{
 	int i;

@@ -1324,9 +1341,9 @@ err:
 	}

 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,
-	     char *startdate, int days, int batch, char *ext_sect, LHASH *lconf,
-		 int verbose)
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+	     BIGNUM *serial, char *startdate, char *enddate, int days,
+	     int batch, char *ext_sect, LHASH *lconf, int verbose)
 	{
 	X509_REQ *req=NULL;
 	BIO *in=NULL;
@@ -1340,7 +1357,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 		perror(infile);
 		goto err;
 		}
-	if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL)) == NULL)
+	if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL)
 		{
 		BIO_printf(bio_err,"Error reading certificate request in %s\n",
 			infile);
@@ -1373,7 +1390,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	else
 		BIO_printf(bio_err,"Signature ok\n");

-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, enddate,
 		days,batch,verbose,req,ext_sect,lconf);

 err:
@@ -1383,10 +1400,9 @@ err:
 	}

 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,
-	     char *startdate, int days, int batch, char *ext_sect, LHASH *lconf,
-		 int verbose)
-
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+	     BIGNUM *serial, char *startdate, char *enddate, int days,
+	     int batch, char *ext_sect, LHASH *lconf, int verbose)
 	{
 	X509 *req=NULL;
 	X509_REQ *rreq=NULL;
@@ -1401,7 +1417,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 		perror(infile);
 		goto err;
 		}
-	if ((req=PEM_read_bio_X509(in,NULL,NULL)) == NULL)
+	if ((req=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
 		{
 		BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile);
 		goto err;
@@ -1436,7 +1452,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
 		goto err;

-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,days,
 		batch,verbose,rreq,ext_sect,lconf);

 err:
@@ -1447,8 +1463,9 @@ err:
 	}

 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	     STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate, int days,
-	     int batch, int verbose, X509_REQ *req, char *ext_sect, LHASH *lconf)
+	     STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
+	     char *startdate, char *enddate, int days, int batch, int verbose,
+	     X509_REQ *req, char *ext_sect, LHASH *lconf)
 	{
 	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
 	ASN1_UTCTIME *tm,*tmptm;
@@ -1562,9 +1579,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	if (CAname == NULL) goto err;
 	str=str2=NULL;

-	for (i=0; i<sk_num(policy); i++)
+	for (i=0; i<sk_CONF_VALUE_num(policy); i++)
 		{
-		cv=(CONF_VALUE *)sk_value(policy,i); /* get the object id */
+		cv=sk_CONF_VALUE_value(policy,i); /* get the object id */
 		if ((j=OBJ_txt2nid(cv->name)) == NID_undef)
 			{
 			BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
@@ -1707,7 +1724,7 @@ again2:
 			p="Valid";
 		else
 			p="\ninvalid type, Data base error\n";
-		BIO_printf(bio_err,"Type          :%s\n",p);;
+		BIO_printf(bio_err,"Type	  :%s\n",p);;
 		if (rrow[DB_type][0] == 'R')
 			{
 			p=rrow[DB_exp_date]; if (p == NULL) p="undef";
@@ -1744,17 +1761,16 @@ again2:

 	BIO_printf(bio_err,"Certificate is to be certified until ");
 	if (strcmp(startdate,"today") == 0)
-		{
 		X509_gmtime_adj(X509_get_notBefore(ret),0);
+	else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+
+	if (enddate == NULL)
 		X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
-		}
-	else
-		{
-		/*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX*/
-		ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
-		}
+	else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
+
 	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
-	BIO_printf(bio_err," (%d days)\n",days);
+	if(days) BIO_printf(bio_err," (%d days)",days);
+	BIO_printf(bio_err, "\n");

 	if (!X509_set_subject_name(ret,subject)) goto err;

@@ -1791,7 +1807,7 @@ again2:
 	if (!batch)
 		{
 		BIO_printf(bio_err,"Sign the certificate? [y/n]:");
-		BIO_flush(bio_err);
+		(void)BIO_flush(bio_err);
 		buf[0]='\0';
 		fgets(buf,sizeof(buf)-1,stdin);
 		if (!((buf[0] == 'y') || (buf[0] == 'Y')))
@@ -1805,8 +1821,8 @@ again2:

 #ifndef NO_DSA
 	if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
-        pktmp=X509_get_pubkey(ret);
-        if (EVP_PKEY_missing_parameters(pktmp) &&
+	pktmp=X509_get_pubkey(ret);
+	if (EVP_PKEY_missing_parameters(pktmp) &&
 		!EVP_PKEY_missing_parameters(pkey))
 		EVP_PKEY_copy_parameters(pktmp,pkey);
 	EVP_PKEY_free(pktmp);
@@ -1904,10 +1920,11 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der)
 	}

 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,
-	     char *startdate, int days, char *ext_sect, LHASH *lconf, int verbose)
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+	     BIGNUM *serial, char *startdate, char *enddate, int days,
+	     char *ext_sect, LHASH *lconf, int verbose)
 	{
-	STACK *sk=NULL;
+	STACK_OF(CONF_VALUE) *sk=NULL;
 	LHASH *parms=NULL;
 	X509_REQ *req=NULL;
 	CONF_VALUE *cv=NULL;
@@ -1936,7 +1953,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 		}

 	sk=CONF_get_section(parms, "default");
-	if (sk_num(sk) == 0)
+	if (sk_CONF_VALUE_num(sk) == 0)
 		{
 		BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
 		CONF_free(parms);
@@ -1965,9 +1982,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,

 	for (i = 0; ; i++)
 		{
-		if ((int)sk_num(sk) <= i) break;
+		if (sk_CONF_VALUE_num(sk) <= i) break;

-		cv=(CONF_VALUE *)sk_value(sk,i);
+		cv=sk_CONF_VALUE_value(sk,i);
 		type=cv->name;
 		buf=cv->value;

@@ -2049,7 +2066,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,

 	X509_REQ_set_pubkey(req,pktmp);
 	EVP_PKEY_free(pktmp);
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,
 		   days,1,verbose,req,ext_sect,lconf);
 err:
 	if (req != NULL) X509_REQ_free(req);
@@ -2089,7 +2106,7 @@ static int check_time_format(char *str)
 static int add_oid_section(LHASH *hconf)
 {	
 	char *p;
-	STACK *sktmp;
+	STACK_OF(CONF_VALUE) *sktmp;
 	CONF_VALUE *cnf;
 	int i;
 	if(!(p=CONF_get_string(hconf,NULL,"oid_section"))) return 1;
@@ -2097,8 +2114,8 @@ static int add_oid_section(LHASH *hconf)
 		BIO_printf(bio_err, "problem loading oid section %s\n", p);
 		return 0;
 	}
-	for(i = 0; i < sk_num(sktmp); i++) {
-		cnf = (CONF_VALUE *)sk_value(sktmp, i);
+	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+		cnf = sk_CONF_VALUE_value(sktmp, i);
 		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
 			BIO_printf(bio_err, "problem creating object %s=%s\n",
 							 cnf->name, cnf->value);
@@ -2110,106 +2127,106 @@ static int add_oid_section(LHASH *hconf)

 static int do_revoke(X509 *x509, TXT_DB *db)
 {
-        ASN1_UTCTIME *tm=NULL;
-        char *row[DB_NUMBER],**rrow,**irow;
-        int ok=-1,i;
+	ASN1_UTCTIME *tm=NULL;
+	char *row[DB_NUMBER],**rrow,**irow;
+	int ok=-1,i;

-        for (i=0; i<DB_NUMBER; i++)
-                row[i]=NULL;
-        row[DB_name]=X509_NAME_oneline(x509->cert_info->subject,NULL,0);
-        row[DB_serial]=BN_bn2hex(ASN1_INTEGER_to_BN(x509->cert_info->serialNumber,NULL));
-        if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
-                {
-                BIO_printf(bio_err,"Malloc failure\n");
-                goto err;
-                }
-        rrow=TXT_DB_get_by_index(db,DB_name,row);
-        if (rrow == NULL)
-                {
-                BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
+	for (i=0; i<DB_NUMBER; i++)
+		row[i]=NULL;
+	row[DB_name]=X509_NAME_oneline(x509->cert_info->subject,NULL,0);
+	row[DB_serial]=BN_bn2hex(ASN1_INTEGER_to_BN(x509->cert_info->serialNumber,NULL));
+	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+		{
+		BIO_printf(bio_err,"Malloc failure\n");
+		goto err;
+		}
+	rrow=TXT_DB_get_by_index(db,DB_name,row);
+	if (rrow == NULL)
+		{
+		BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);

-                /* We now just add it to the database */
-                row[DB_type]=(char *)Malloc(2);
+		/* We now just add it to the database */
+		row[DB_type]=(char *)Malloc(2);

-                tm=X509_get_notAfter(x509);
-                row[DB_exp_date]=(char *)Malloc(tm->length+1);
-                memcpy(row[DB_exp_date],tm->data,tm->length);
-                row[DB_exp_date][tm->length]='\0';
+		tm=X509_get_notAfter(x509);
+		row[DB_exp_date]=(char *)Malloc(tm->length+1);
+		memcpy(row[DB_exp_date],tm->data,tm->length);
+		row[DB_exp_date][tm->length]='\0';

-                row[DB_rev_date]=NULL;
+		row[DB_rev_date]=NULL;

-                /* row[DB_serial] done already */
-                row[DB_file]=(char *)Malloc(8);
+		/* row[DB_serial] done already */
+		row[DB_file]=(char *)Malloc(8);

-                /* row[DB_name] done already */
+		/* row[DB_name] done already */

-                if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
-                        (row[DB_file] == NULL))
-                        {
-                        BIO_printf(bio_err,"Malloc failure\n");
-                        goto err;
-                        }
-                strcpy(row[DB_file],"unknown");
-                row[DB_type][0]='V';
-                row[DB_type][1]='\0';
+		if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+			(row[DB_file] == NULL))
+			{
+			BIO_printf(bio_err,"Malloc failure\n");
+			goto err;
+			}
+		strcpy(row[DB_file],"unknown");
+		row[DB_type][0]='V';
+		row[DB_type][1]='\0';

-                if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
-                        {
-                        BIO_printf(bio_err,"Malloc failure\n");
-                        goto err;
-                        }
+		if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+			{
+			BIO_printf(bio_err,"Malloc failure\n");
+			goto err;
+			}

-                for (i=0; i<DB_NUMBER; i++)
-                        {
-                        irow[i]=row[i];
-                        row[i]=NULL;
-                        }
-                irow[DB_NUMBER]=NULL;
+		for (i=0; i<DB_NUMBER; i++)
+			{
+			irow[i]=row[i];
+			row[i]=NULL;
+			}
+		irow[DB_NUMBER]=NULL;

-                if (!TXT_DB_insert(db,irow))
-                        {
-                        BIO_printf(bio_err,"failed to update database\n");
-                        BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
-                        goto err;
-                        }
+		if (!TXT_DB_insert(db,irow))
+			{
+			BIO_printf(bio_err,"failed to update database\n");
+			BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
+			goto err;
+			}

-                /* Revoke Certificate */
-                do_revoke(x509,db);
+		/* Revoke Certificate */
+		do_revoke(x509,db);

-                ok=1;
-                goto err;
+		ok=1;
+		goto err;

-                }
-        else if (index_serial_cmp(row,rrow))
-                {
-                BIO_printf(bio_err,"ERROR:no same serial number %s\n",
-                           row[DB_serial]);
-                goto err;
-                }
-        else if (rrow[DB_type][0]=='R')
-                {
-                BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
-                           row[DB_serial]);
-                goto err;
-                }
-        else
-                {
-                BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
-                tm=X509_gmtime_adj(tm,0);
-                rrow[DB_type][0]='R';
-                rrow[DB_type][1]='\0';
-                rrow[DB_rev_date]=(char *)Malloc(tm->length+1);
-                memcpy(rrow[DB_rev_date],tm->data,tm->length);
-                rrow[DB_rev_date][tm->length]='\0';
-                }
-        ok=1;
+		}
+	else if (index_serial_cmp(row,rrow))
+		{
+		BIO_printf(bio_err,"ERROR:no same serial number %s\n",
+			   row[DB_serial]);
+		goto err;
+		}
+	else if (rrow[DB_type][0]=='R')
+		{
+		BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
+			   row[DB_serial]);
+		goto err;
+		}
+	else
+		{
+		BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
+		tm=X509_gmtime_adj(tm,0);
+		rrow[DB_type][0]='R';
+		rrow[DB_type][1]='\0';
+		rrow[DB_rev_date]=(char *)Malloc(tm->length+1);
+		memcpy(rrow[DB_rev_date],tm->data,tm->length);
+		rrow[DB_rev_date][tm->length]='\0';
+		}
+	ok=1;
 err:
-        for (i=0; i<DB_NUMBER; i++)
-                {
-                if (row[i] != NULL) 
-                        Free(row[i]);
-                }
-        ASN1_UTCTIME_free(tm);
-        return(ok);
+	for (i=0; i<DB_NUMBER; i++)
+		{
+		if (row[i] != NULL) 
+			Free(row[i]);
+		}
+	ASN1_UTCTIME_free(tm);
+	return(ok);
 }

--- a/apps/crl.c
+++ b/apps/crl.c
@@ -280,7 +280,7 @@ static X509_CRL *load_crl(char *infile, int format)
 	if 	(format == FORMAT_ASN1)
 		x=d2i_X509_CRL_bio(in,NULL);
 	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509_CRL(in,NULL,NULL);
+		x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -92,7 +92,7 @@ int MAIN(int argc, char **argv)
 	PKCS7_SIGNED *p7s = NULL;
 	X509_CRL *crl=NULL;
 	STACK *certflst=NULL;
-	STACK *crl_stack=NULL;
+	STACK_OF(X509_CRL) *crl_stack=NULL;
 	STACK_OF(X509) *cert_stack=NULL;
 	int ret=1,nocrl=0;

@@ -193,7 +193,7 @@ bad:
 		if 	(informat == FORMAT_ASN1)
 			crl=d2i_X509_CRL_bio(in,NULL);
 		else if (informat == FORMAT_PEM)
-			crl=PEM_read_bio_X509_CRL(in,NULL,NULL);
+			crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
 		else	{
 			BIO_printf(bio_err,"bad input format specified for input crl\n");
 			goto end;
@@ -213,11 +213,11 @@ bad:
 	p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);

 	if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
-	if ((crl_stack=sk_new(NULL)) == NULL) goto end;
+	if ((crl_stack=sk_X509_CRL_new(NULL)) == NULL) goto end;
 	p7s->crl=crl_stack;
 	if (crl != NULL)
 		{
-		sk_push(crl_stack,(char *)crl);
+		sk_X509_CRL_push(crl_stack,crl);
 		crl=NULL; /* now part of p7 for Freeing */
 		}

@@ -304,7 +304,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
 		}

 	/* This loads from a file, a stack of x509/crl/pkey sets */
-	sk=PEM_X509_INFO_read_bio(in,NULL,NULL);
+	sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL);
 	if (sk == NULL) {
 		BIO_printf(bio_err,"error reading the file, %s\n",certfile);
 		goto end;
--- a/apps/der_chop.in
+++ b/apps/der_chop.in
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -83,7 +83,7 @@ int MAIN(int argc, char **argv)
 	BIO *bmd=NULL;
 	const char *name;
 #define PROG_NAME_SIZE  16
-        char pname[PROG_NAME_SIZE];
+	char pname[PROG_NAME_SIZE];
 	int separator=0;
 	int debug=0;

@@ -99,7 +99,7 @@ int MAIN(int argc, char **argv)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

 	/* first check the program name */
-        program_name(argv[0],pname,PROG_NAME_SIZE);
+	program_name(argv[0],pname,PROG_NAME_SIZE);

 	md=EVP_get_digestbyname(pname);

@@ -182,7 +182,7 @@ int MAIN(int argc, char **argv)
 				}
 			printf("%s(%s)= ",name,argv[i]);
 			do_fp(buf,inp,separator);
-			BIO_reset(bmd);
+			(void)BIO_reset(bmd);
 			}
 		}
 end:
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -194,7 +194,7 @@ bad:
 	if	(informat == FORMAT_ASN1)
 		dh=d2i_DHparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		dh=PEM_read_bio_DHparams(in,NULL,NULL);
+		dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified\n");
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -191,7 +191,7 @@ bad:
 	if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAPrivateKey_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL);
+		dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified for key\n");
@@ -235,7 +235,7 @@ bad:
 	if 	(outformat == FORMAT_ASN1)
 		i=i2d_DSAPrivateKey_bio(out,dsa);
 	else if (outformat == FORMAT_PEM)
-		i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL);
+		i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -220,7 +220,7 @@ bad:
 	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		dsa=PEM_read_bio_DSAparams(in,NULL,NULL);
+		dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified\n");
@@ -321,7 +321,7 @@ bad:
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DSAPrivateKey_bio(out,dsakey);
 		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL);
+			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
 		else	{
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
@@ -345,7 +345,7 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -94,7 +94,7 @@ int MAIN(int argc, char **argv)
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  16
-        char pname[PROG_NAME_SIZE];
+	char pname[PROG_NAME_SIZE];

 	apps_startup();

@@ -103,7 +103,7 @@ int MAIN(int argc, char **argv)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

 	/* first check the program name */
-        program_name(argv[0],pname,PROG_NAME_SIZE);
+	program_name(argv[0],pname,PROG_NAME_SIZE);
 	if (strcmp(pname,"base64") == 0)
 		base64=1;

--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -74,7 +74,7 @@
 #undef PROG
 #define PROG gendh_main

-static void MS_CALLBACK dh_cb(int p, int n, char *arg);
+static void MS_CALLBACK dh_cb(int p, int n, void *arg);
 static long dh_load_rand(char *names);
 int MAIN(int argc, char **argv)
 	{
@@ -164,7 +164,7 @@ bad:

 	BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
-	dh=DH_generate_parameters(num,g,dh_cb,(char *)bio_err);
+	dh=DH_generate_parameters(num,g,dh_cb,bio_err);
 		
 	if (dh == NULL) goto end;

@@ -184,7 +184,7 @@ end:
 	EXIT(ret);
 	}

-static void MS_CALLBACK dh_cb(int p, int n, char *arg)
+static void MS_CALLBACK dh_cb(int p, int n, void *arg)
 	{
 	char c='*';

@@ -193,7 +193,7 @@ static void MS_CALLBACK dh_cb(int p, int n, char *arg)
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -108,10 +108,6 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-") == 0)
 			goto bad;
-		else if (dsaparams == NULL)
-			{
-			dsaparams= *argv;
-			}
 #ifndef NO_DES
 		else if (strcmp(*argv,"-des") == 0)
 			enc=EVP_des_cbc();
@@ -122,6 +118,10 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
+		else if (**argv != '-' && dsaparams == NULL)
+			{
+			dsaparams = *argv;
+			}
 		else
 			goto bad;
 		argv++;
@@ -155,7 +155,7 @@ bad:
 		goto end;
 		}

-	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL)
+	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
 		{
 		BIO_printf(bio_err,"unable to load DSA parameter file\n");
 		goto end;
@@ -197,7 +197,7 @@ bad:
 	else
 		RAND_write_file(randfile);

-	if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL))
+	if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL))
 		goto end;
 	ret=0;
 end:
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -75,7 +75,7 @@
 #undef PROG
 #define PROG genrsa_main

-static void MS_CALLBACK genrsa_cb(int p, int n, char *arg);
+static void MS_CALLBACK genrsa_cb(int p, int n, void *arg);
 static long gr_load_rand(char *names);
 int MAIN(int argc, char **argv)
 	{
@@ -194,7 +194,7 @@ bad:

 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-	rsa=RSA_generate_key(num,f4,genrsa_cb,(char *)bio_err);
+	rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
 		
 	if (randfile == NULL)
 		BIO_printf(bio_err,"unable to write 'random state'\n");
@@ -215,7 +215,7 @@ bad:
 		l+=rsa->e->d[i];
 		}
 	BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
-	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL))
+	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL))
 		goto err;

 	ret=0;
@@ -227,7 +227,7 @@ err:
 	EXIT(ret);
 	}

-static void MS_CALLBACK genrsa_cb(int p, int n, char *arg)
+static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
 	{
 	char c='*';

@@ -236,7 +236,7 @@ static void MS_CALLBACK genrsa_cb(int p, int n, char *arg)
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -158,14 +158,14 @@ $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;ENC;GENDH;"+-
 	      "RSA;DSA;DSAPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;VERSION;SESS_ID;"+-
-	      "CIPHERS;NSEQ;PKCS12"
+	      "CIPHERS;NSEQ;PKCS12;PKCS8"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,ENC.OBJ,GENDH.OBJ,-
 	       ERRSTR.OBJ,CA.OBJ,-
 	       PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
 	       RSA.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
 	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
-	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ
+	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",OPENSSL,"
@@ -900,7 +900,8 @@ $     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
 $!
 $!    Use GNU C...
 $!
-$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
+$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -99,9 +99,9 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "Netscape certificate sequence utility\n");
 		BIO_printf (bio_err, "Usage nseq [options]\n");
 		BIO_printf (bio_err, "where options are\n");
-                BIO_printf (bio_err, "-in file  input file\n");
-                BIO_printf (bio_err, "-out file output file\n");
-                BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+		BIO_printf (bio_err, "-in file  input file\n");
+		BIO_printf (bio_err, "-out file output file\n");
+		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
 		EXIT(1);
 	}

@@ -123,11 +123,11 @@ int MAIN(int argc, char **argv)

 	if (toseq) {
 		seq = NETSCAPE_CERT_SEQUENCE_new();
-		seq->certs = sk_new(NULL);
-		while((x509 = PEM_read_bio_X509(in, NULL, NULL))) 
-					sk_push(seq->certs, (char *)x509);
+		seq->certs = sk_X509_new(NULL);
+		while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 
+		    sk_X509_push(seq->certs,x509);

-		if(!sk_num(seq->certs))
+		if(!sk_X509_num(seq->certs))
 		{
 			BIO_printf (bio_err, "Error reading certs file %s\n", infile);
 			ERR_print_errors(bio_err);
@@ -138,14 +138,14 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

-	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL))) {
+	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
 		BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
 		ERR_print_errors(bio_err);
 		goto end;
 	}

-	for(i = 0; i < sk_num(seq->certs); i++) {
-		x509 = (X509 *) sk_value(seq->certs, i);
+	for(i = 0; i < sk_X509_num(seq->certs); i++) {
+		x509 = sk_X509_value(seq->certs, i);
 		dump_cert_text(out, x509);
 		PEM_write_bio_X509(out, x509);
 	}
@@ -160,15 +160,15 @@ end:

 static int dump_cert_text(BIO *out, X509 *x)
 {
-        char buf[256];
-        X509_NAME_oneline(X509_get_subject_name(x),buf,256);
-        BIO_puts(out,"subject=");
-        BIO_puts(out,buf);
+	char buf[256];
+	X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+	BIO_puts(out,"subject=");
+	BIO_puts(out,buf);

-        X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
-        BIO_puts(out,"\nissuer= ");
-        BIO_puts(out,buf);
-        BIO_puts(out,"\n");
-        return 0;
+	X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+	BIO_puts(out,"\nissuer= ");
+	BIO_puts(out,buf);
+	BIO_puts(out,"\n");
+	return 0;
 }

--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -219,7 +219,7 @@ int main(int Argc, char *Argv[])
 			}
 		if (ret != 0)
 			BIO_printf(bio_err,"error in %s\n",argv[0]);
-		BIO_flush(bio_err);
+		(void)BIO_flush(bio_err);
 		}
 	BIO_printf(bio_err,"bad exit\n");
 	ret=1;
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -170,7 +170,7 @@ authorityKeyIdentifier=keyid,issuer:always
 #nsCaPolicyUrl
 #nsSslServerName

-[ v3_ca]
+[ v3_ca ]

 # Extensions for a typical CA

--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,4 +1,6 @@
 /* pkcs12.c */
+#if !defined(NO_DES) && !defined(NO_SHA1)
+
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
 */
@@ -76,15 +78,15 @@ EVP_CIPHER *enc;
 #define CLCERTS		0x8
 #define CACERTS		0x10

-int get_cert_chain(X509 *cert, STACK **chain);
+int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
 int dump_cert_text (BIO *out, X509 *x);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options);
 int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options);
 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options);
-int print_attribs(BIO *out, STACK *attrlst, char *name);
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
 int alg_print(BIO *x, X509_ALGOR *alg);
-int cert_load(BIO *in, STACK *sk);
+int cert_load(BIO *in, STACK_OF(X509) *sk);
 int MAIN(int argc, char **argv)
 {
    char *infile=NULL, *outfile=NULL, *keyname = NULL;	
@@ -238,42 +240,42 @@ int MAIN(int argc, char **argv)

    ERR_load_crypto_strings();

-    in = BIO_new (BIO_s_file());
-    out = BIO_new (BIO_s_file());
-
-    if (!infile) BIO_set_fp (in, stdin, BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename (in, infile) <= 0) {
+    if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
+    else in = BIO_new_file(infile, "rb");
+    if (!in) {
+	    BIO_printf(bio_err, "Error opening input file %s\n",
+						infile ? infile : "<stdin>");
 	    perror (infile);
 	    goto end;
-	}
-    }
+   }

   if (certfile) {
-    	certsin = BIO_new (BIO_s_file());
-        if (BIO_read_filename (certsin, certfile) <= 0) {
+    	if(!(certsin = BIO_new_file(certfile, "r"))) {
+	    BIO_printf(bio_err, "Can't open certificate file %s\n", certfile);
 	    perror (certfile);
 	    goto end;
 	}
    }

    if (keyname) {
-    	inkey = BIO_new (BIO_s_file());
-        if (BIO_read_filename (inkey, keyname) <= 0) {
+    	if(!(inkey = BIO_new_file(keyname, "r"))) {
+	    BIO_printf(bio_err, "Can't key certificate file %s\n", keyname);
 	    perror (keyname);
 	    goto end;
 	}
     }

-    if (!outfile) BIO_set_fp (out, stdout, BIO_NOCLOSE);
-    else {
-        if (BIO_write_filename (out, outfile) <= 0) {
-	    perror (outfile);
-	    goto end;
-	}
+    if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    else out = BIO_new_file(outfile, "wb");
+    if (!out) {
+	BIO_printf(bio_err, "Error opening output file %s\n",
+						outfile ? outfile : "<stdout>");
+	perror (outfile);
+	goto end;
    }
    if (twopass) {
-	if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert)) {
+	if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert))
+	{
    	    BIO_printf (bio_err, "Can't read Password\n");
    	    goto end;
       	}
@@ -285,22 +287,21 @@ if (export_cert) {
 	PKCS12_SAFEBAG *bag;
 	PKCS8_PRIV_KEY_INFO *p8;
 	PKCS7 *authsafe;
-	X509 *cert, *ucert = NULL;
-	STACK *certs;
+	X509 *cert = NULL, *ucert = NULL;
+	STACK_OF(X509) *certs;
 	char *catmp;
-	int i, pmatch = 0;
+	int i;
 	unsigned char keyid[EVP_MAX_MD_SIZE];
-	unsigned int keyidlen;
-	/* Get private key so we can match it to a certificate */
-	key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL);
-	if (!inkey) BIO_reset(in);
+	unsigned int keyidlen = 0;
+	key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, NULL);
+	if (!inkey) (void) BIO_reset(in);
 	if (!key) {
 		BIO_printf (bio_err, "Error loading private key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 	}

-	certs = sk_new(NULL);
+	certs = sk_X509_new(NULL);

 	/* Load in all certs in input file */
 	if(!cert_load(in, certs)) {
@@ -308,6 +309,19 @@ if (export_cert) {
 		ERR_print_errors(bio_err);
 		goto end;
 	}
+
+	for(i = 0; i < sk_X509_num(certs); i++) {
+		ucert = sk_X509_value(certs, i);
+		if(X509_check_private_key(ucert, key)) {
+			X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+			break;
+		}
+	}
+
+	if(!keyidlen) {
+		BIO_printf(bio_err, "No certificate matches private key\n");
+		goto end;
+	}
 	
 	bags = sk_new (NULL);

@@ -321,26 +335,10 @@ if (export_cert) {
 	    	BIO_free(certsin);
 	}

-	/* Find certificate (if any) matching private key */
-
-	for(i = 0; i < sk_num(certs); i++) {
-			cert = (X509 *)sk_value(certs, i);
-			if(X509_check_private_key(cert, key)) {
-				ucert = cert;
-				break;
-			}
-	}
-
-	if(!ucert) {
-		BIO_printf(bio_err, "No certificate matches private key\n");
-		goto end;
-	}
-
 	/* If chaining get chain from user cert */
 	if (chain) {
        	int vret;
-		STACK *chain2;
-			
+		STACK_OF(X509) *chain2;
 		vret = get_cert_chain (ucert, &chain2);
 		if (vret) {
 			BIO_printf (bio_err, "Error %s getting chain.\n",
@@ -348,22 +346,20 @@ if (export_cert) {
 			goto end;
 		}
 		/* Exclude verified certificate */
-		for (i = 1; i < sk_num (chain2) ; i++) 
-				 sk_push(certs, sk_value (chain2, i));
-		sk_free(chain2);
+		for (i = 1; i < sk_X509_num (chain2) ; i++) 
+				 sk_X509_push(certs, sk_X509_value (chain2, i));
+		sk_X509_free(chain2);
 			
    	}

 	/* We now have loads of certificates: include them all */
-	for(i = 0; i < sk_num(certs); i++) {
-		cert = (X509 *)sk_value(certs, i);
+	for(i = 0; i < sk_X509_num(certs); i++) {
+		cert = sk_X509_value(certs, i);
 		bag = M_PKCS12_x5092certbag(cert);
-		/* If it matches private key mark it */
+		/* If it matches private key set id */
 		if(cert == ucert) {
 			if(name) PKCS12_add_friendlyname(bag, name, -1);
-			X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
 			PKCS12_add_localkeyid(bag, keyid, keyidlen);
-			pmatch = 1;
 		} else if((catmp = sk_shift(canames))) 
 				PKCS12_add_friendlyname(bag, catmp, -1);
 		sk_push(bags, (char *)bag);
@@ -378,7 +374,7 @@ if (export_cert) {
        }
 	if (!twopass) strcpy(macpass, pass);
 	/* Turn certbags into encrypted authsafe */
-	authsafe = PKCS12_pack_p7encdata (cert_pbe, cpass, -1, NULL, 0,
+	authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
 								 iter, bags);
 	sk_pop_free(bags, PKCS12_SAFEBAG_free);

@@ -394,11 +390,11 @@ if (export_cert) {
 	p8 = EVP_PKEY2PKCS8 (key);
 	EVP_PKEY_free(key);
 	if(keytype) PKCS8_add_keyusage(p8, keytype);
-	bag = PKCS12_MAKE_SHKEYBAG (NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+	bag = PKCS12_MAKE_SHKEYBAG(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
 			cpass, -1, NULL, 0, iter, p8);
 	PKCS8_PRIV_KEY_INFO_free(p8);
        if (name) PKCS12_add_friendlyname (bag, name, -1);
-	if(pmatch) PKCS12_add_localkeyid (bag, keyid, keyidlen);
+	PKCS12_add_localkeyid (bag, keyid, keyidlen);
 	bags = sk_new(NULL);
 	sk_push (bags, (char *)bag);
 	/* Turn it into unencrypted safe bag */
@@ -452,6 +448,7 @@ if (export_cert) {
    PKCS12_free(p12);
    ret = 0;
    end:
+    BIO_free(out);
    EXIT(ret);
 }

@@ -530,7 +527,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		p8 = bag->value.keybag;
 		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
 		print_attribs (out, p8->attributes, "Key Attributes");
-		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL);
+		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, NULL);
 		EVP_PKEY_free(pkey);
 	break;

@@ -546,7 +543,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
 		print_attribs (out, p8->attributes, "Key Attributes");
 		PKCS8_PRIV_KEY_INFO_free(p8);
-		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL);
+		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, NULL);
 		EVP_PKEY_free(pkey);
 	break;

@@ -585,11 +582,11 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,

 /* Hope this is OK .... */

-int get_cert_chain (X509 *cert, STACK **chain)
+int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
 {
 	X509_STORE *store;
 	X509_STORE_CTX store_ctx;
-	STACK *chn;
+	STACK_OF(X509) *chn;
 	int i;
 	X509 *x;
 	store = X509_STORE_new ();
@@ -599,9 +596,9 @@ int get_cert_chain (X509 *cert, STACK **chain)
 		i = X509_STORE_CTX_get_error (&store_ctx);
 		goto err;
 	}
-	chn =  sk_dup(X509_STORE_CTX_get_chain (&store_ctx));
-	for (i = 0; i < sk_num(chn); i++) {
-		x = (X509 *)sk_value(chn, i);
+	chn =  sk_X509_dup(X509_STORE_CTX_get_chain (&store_ctx));
+	for (i = 0; i < sk_X509_num(chn); i++) {
+		x = sk_X509_value(chn, i);
 		CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
 	}
 	i = 0;
@@ -627,14 +624,14 @@ int alg_print (BIO *x, X509_ALGOR *alg)

 /* Load all certificates from a given file */

-int cert_load(BIO *in, STACK *sk)
+int cert_load(BIO *in, STACK_OF(X509) *sk)
 {
 	int ret;
 	X509 *cert;
 	ret = 0;
-	while((cert = PEM_read_bio_X509(in, NULL, NULL))) {
+	while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
 		ret = 1;
-		sk_push(sk, (char *)cert);
+		sk_X509_push(sk, cert);
 	}
 	if(ret) ERR_clear_error();
 	return ret;
@@ -642,7 +639,7 @@ int cert_load(BIO *in, STACK *sk)

 /* Generalised attribute print: handle PKCS#8 and bag attributes */

-int print_attribs (BIO *out, STACK *attrlst, char *name)
+int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
 {
 	X509_ATTRIBUTE *attr;
 	ASN1_TYPE *av;
@@ -652,13 +649,13 @@ int print_attribs (BIO *out, STACK *attrlst, char *name)
 		BIO_printf(out, "%s: <No Attributes>\n", name);
 		return 1;
 	}
-	if(!sk_num(attrlst)) {
+	if(!sk_X509_ATTRIBUTE_num(attrlst)) {
 		BIO_printf(out, "%s: <Empty Attributes>\n", name);
 		return 1;
 	}
 	BIO_printf(out, "%s\n", name);
-	for(i = 0; i < sk_num(attrlst); i++) {
-		attr = (X509_ATTRIBUTE *) sk_value(attrlst, i);
+	for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
+		attr = sk_X509_ATTRIBUTE_value(attrlst, i);
 		attr_nid = OBJ_obj2nid(attr->object);
 		BIO_printf(out, "    ");
 		if(attr_nid == NID_undef) {
@@ -702,3 +699,5 @@ void hex_prin(BIO *out, unsigned char *buf, int len)
 	int i;
 	for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
 }
+
+#endif
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -195,7 +195,7 @@ bad:
 	if	(informat == FORMAT_ASN1)
 		p7=d2i_PKCS7_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		p7=PEM_read_bio_PKCS7(in,NULL,NULL);
+		p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
@@ -222,7 +222,7 @@ bad:
 	if (print_certs)
 		{
 		STACK_OF(X509) *certs=NULL;
-		STACK *crls=NULL;
+		STACK_OF(X509_CRL) *crls=NULL;

 		i=OBJ_obj2nid(p7->type);
 		switch (i)
@@ -266,9 +266,9 @@ bad:
 			{
 			X509_CRL *crl;

-			for (i=0; i<sk_num(crls); i++)
+			for (i=0; i<sk_X509_CRL_num(crls); i++)
 				{
-				crl=(X509_CRL *)sk_value(crls,i);
+				crl=sk_X509_CRL_value(crls,i);

 				X509_NAME_oneline(crl->crl->issuer,buf,256);
 				BIO_puts(out,"issuer= ");
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -0,0 +1,274 @@
+/* pkcs8.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+
+#include "apps.h"
+#define PROG pkcs8_main
+
+
+int MAIN(int argc, char **argv)
+{
+	char **args, *infile = NULL, *outfile = NULL;
+	BIO *in = NULL, *out = NULL;
+	int topk8 = 0;
+	int pbe_nid = -1;
+	const EVP_CIPHER *cipher = NULL;
+	int iter = PKCS12_DEFAULT_ITER;
+	int informat, outformat;
+	int p8_broken = PKCS8_OK;
+	int nocrypt = 0;
+	X509_SIG *p8;
+	PKCS8_PRIV_KEY_INFO *p8inf;
+	EVP_PKEY *pkey;
+	char pass[50];
+	int badarg = 0;
+	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+	ERR_load_crypto_strings();
+	SSLeay_add_all_algorithms();
+	args = argv + 1;
+	while (!badarg && *args && *args[0] == '-') {
+		if (!strcmp(*args,"-v2")) {
+			if (args[1]) {
+				args++;
+				cipher=EVP_get_cipherbyname(*args);
+				if(!cipher) {
+					BIO_printf(bio_err,
+						 "Unknown cipher %s\n", *args);
+					badarg = 1;
+				}
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-inform")) {
+			if (args[1]) {
+				args++;
+				informat=str2fmt(*args);
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-outform")) {
+			if (args[1]) {
+				args++;
+				outformat=str2fmt(*args);
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-topk8")) topk8 = 1;
+		else if (!strcmp (*args, "-noiter")) iter = 1;
+		else if (!strcmp (*args, "-nocrypt")) nocrypt = 1;
+		else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;
+		else if (!strcmp (*args, "-in")) {
+			if (args[1]) {
+				args++;
+				infile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+			if (args[1]) {
+				args++;
+				outfile = *args;
+			} else badarg = 1;
+		} else badarg = 1;
+		args++;
+	}
+
+	if (badarg) {
+		BIO_printf (bio_err, "Usage pkcs8 [options]\n");
+		BIO_printf (bio_err, "where options are\n");
+		BIO_printf (bio_err, "-in file   input file\n");
+		BIO_printf (bio_err, "-inform X  input format (DER or PEM)\n");
+		BIO_printf (bio_err, "-outform X output format (DER or PEM)\n");
+		BIO_printf (bio_err, "-out file  output file\n");
+		BIO_printf (bio_err, "-topk8     output PKCS8 file\n");
+		BIO_printf (bio_err, "-nooct     use (broken) no octet form\n");
+		BIO_printf (bio_err, "-noiter    use 1 as iteration count\n");
+		BIO_printf (bio_err, "-nocrypt   use or expect unencrypted private key\n");
+		BIO_printf (bio_err, "-v2 alg    use PKCS#5 v2.0 and cipher \"alg\"\n");
+		return (1);
+	}
+
+	if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC;
+
+	if (infile) {
+		if (!(in = BIO_new_file (infile, "rb"))) {
+			BIO_printf (bio_err,
+				 "Can't open input file %s\n", infile);
+			return (1);
+		}
+	} else in = BIO_new_fp (stdin, BIO_NOCLOSE);
+
+	if (outfile) {
+		if (!(out = BIO_new_file (outfile, "wb"))) {
+			BIO_printf (bio_err,
+				 "Can't open output file %s\n", outfile);
+			return (1);
+		}
+	} else out = BIO_new_fp (stdout, BIO_NOCLOSE);
+
+	if (topk8) {
+		if (!(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL))) {
+			BIO_printf (bio_err, "Error reading key\n", outfile);
+			ERR_print_errors(bio_err);
+			return (1);
+		}
+		BIO_free(in);
+		if (!(p8inf = EVP_PKEY2PKCS8(pkey))) {
+			BIO_printf (bio_err, "Error converting key\n", outfile);
+			ERR_print_errors(bio_err);
+			return (1);
+		}
+		PKCS8_set_broken(p8inf, p8_broken);
+		if(nocrypt) {
+			if(outformat == FORMAT_PEM) 
+				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
+			else if(outformat == FORMAT_ASN1)
+				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
+			else {
+				BIO_printf(bio_err, "Bad format specified for key\n");
+				return (1);
+			}
+		} else {
+			EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+					pass, strlen(pass),
+					NULL, 0, iter, p8inf))) {
+				BIO_printf (bio_err, "Error encrypting key\n",
+								 outfile);
+				ERR_print_errors(bio_err);
+				return (1);
+			}
+			if(outformat == FORMAT_PEM) 
+				PEM_write_bio_PKCS8 (out, p8);
+			else if(outformat == FORMAT_ASN1)
+				i2d_PKCS8_bio(out, p8);
+			else {
+				BIO_printf(bio_err, "Bad format specified for key\n");
+				return (1);
+			}
+			X509_SIG_free(p8);
+		}
+		PKCS8_PRIV_KEY_INFO_free (p8inf);
+		EVP_PKEY_free(pkey);
+		BIO_free(out);
+		return (0);
+	}
+
+	if(nocrypt) {
+		if(informat == FORMAT_PEM) 
+			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
+		else if(informat == FORMAT_ASN1)
+			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
+		else {
+			BIO_printf(bio_err, "Bad format specified for key\n");
+			return (1);
+		}
+	} else {
+		if(informat == FORMAT_PEM) 
+			p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
+		else if(informat == FORMAT_ASN1)
+			p8 = d2i_PKCS8_bio(in, NULL);
+		else {
+			BIO_printf(bio_err, "Bad format specified for key\n");
+			return (1);
+		}
+
+		if (!p8) {
+			BIO_printf (bio_err, "Error reading key\n", outfile);
+			ERR_print_errors(bio_err);
+			return (1);
+		}
+		EVP_read_pw_string(pass, 50, "Enter Password:", 0);
+		p8inf = M_PKCS8_decrypt(p8, pass, strlen(pass));
+		X509_SIG_free(p8);
+	}
+
+	if (!p8inf) {
+		BIO_printf(bio_err, "Error decrypting key\n", outfile);
+		ERR_print_errors(bio_err);
+		return (1);
+	}
+
+	if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
+		BIO_printf(bio_err, "Error converting key\n", outfile);
+		ERR_print_errors(bio_err);
+		return (1);
+	}
+	
+	if (p8inf->broken) {
+		BIO_printf(bio_err, "Warning: broken key encoding: ");
+		switch (p8inf->broken) {
+			case PKCS8_NO_OCTET:
+			BIO_printf(bio_err, "No Octet String\n");
+			break;
+
+			default:
+			BIO_printf(bio_err, "Unknown broken type\n");
+			break;
+		}
+	}
+	
+	PKCS8_PRIV_KEY_INFO_free(p8inf);
+
+	PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL);
+
+	EVP_PKEY_free(pkey);
+	BIO_free(out);
+	BIO_free(in);
+
+	return (0);
+}
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -27,6 +27,7 @@ extern int sess_id_main(int argc,char *argv[]);
 extern int ciphers_main(int argc,char *argv[]);
 extern int nseq_main(int argc,char *argv[]);
 extern int pkcs12_main(int argc,char *argv[]);
+extern int pkcs8_main(int argc,char *argv[]);

 #ifdef SSLEAY_SRC  /* Defined only in openssl.c. */

@@ -85,11 +86,14 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
 	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
 	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
 	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
 #endif
 	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
+#if !defined(NO_DES) && !defined(NO_SHA1)
 	{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
+#endif
+	{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
 	{FUNC_TYPE_MD,"sha",dgst_main},
--- a/apps/req.c
+++ b/apps/req.c
@@ -113,7 +113,7 @@ static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
 				int max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int nid,int min,int max);
-static void MS_CALLBACK req_cb(int p,int n,char *arg);
+static void MS_CALLBACK req_cb(int p,int n,void *arg);
 static int req_fix_data(int nid,int *type,int len,int min,int max);
 static int check_end(char *str, char *end);
 static int add_oid_section(LHASH *conf);
@@ -242,11 +242,11 @@ int MAIN(int argc, char **argv)
 					perror(p);
 					goto end;
 					}
-				if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL)
+				if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
 					{
 					ERR_clear_error();
-					BIO_reset(in);
-					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL)) == NULL)
+					(void)BIO_reset(in);
+					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
 						{
 						BIO_printf(bio_err,"unable to load DSA parameters from file\n");
 						goto end;
@@ -455,7 +455,7 @@ bad:
 			rsa=d2i_RSAPrivateKey_bio(in,NULL);
 		else */
 		if (keyform == FORMAT_PEM)
-			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL);
+			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
 		else
 			{
 			BIO_printf(bio_err,"bad input format specified for X509 request\n");
@@ -513,7 +513,7 @@ bad:
 			{
 			if (!EVP_PKEY_assign_RSA(pkey,
 				RSA_generate_key(newkey,0x10001,
-					req_cb,(char *)bio_err)))
+					req_cb,bio_err)))
 				goto end;
 			}
 		else
@@ -560,7 +560,7 @@ bad:
 		i=0;
 loop:
 		if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
-			NULL,0,NULL))
+			NULL,0,NULL,NULL))
 			{
 			if ((ERR_GET_REASON(ERR_peek_error()) ==
 				PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
@@ -594,7 +594,7 @@ loop:
 		if	(informat == FORMAT_ASN1)
 			req=d2i_X509_REQ_bio(in,NULL);
 		else if (informat == FORMAT_PEM)
-			req=PEM_read_bio_X509_REQ(in,NULL,NULL);
+			req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
 		else
 			{
 			BIO_printf(bio_err,"bad input format specified for X509 request\n");
@@ -823,7 +823,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	char buf[100];
 	int nid,min,max;
 	char *type,*def,*tmp,*value,*tmp_attr;
-	STACK *sk,*attr=NULL;
+	STACK_OF(CONF_VALUE) *sk, *attr=NULL;
 	CONF_VALUE *v;
 	
 	tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
@@ -866,15 +866,15 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	/* setup version number */
 	if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */

-	if (sk_num(sk))
+	if (sk_CONF_VALUE_num(sk))
 		{
 		i= -1;
 start:		for (;;)
 			{
 			i++;
-			if ((int)sk_num(sk) <= i) break;
+			if (sk_CONF_VALUE_num(sk) <= i) break;

-			v=(CONF_VALUE *)sk_value(sk,i);
+			v=sk_CONF_VALUE_value(sk,i);
 			p=q=NULL;
 			type=v->name;
 			if(!check_end(type,"_min") || !check_end(type,"_max") ||
@@ -918,7 +918,7 @@ start:		for (;;)

 		if (attribs)
 			{
-			if ((attr != NULL) && (sk_num(attr) > 0))
+			if ((attr != NULL) && (sk_CONF_VALUE_num(attr) > 0))
 				{
 				BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
 				BIO_printf(bio_err,"to be sent with your certificate request\n");
@@ -928,10 +928,11 @@ start:		for (;;)
 start2:			for (;;)
 				{
 				i++;
-				if ((attr == NULL) || ((int)sk_num(attr) <= i))
+				if ((attr == NULL) ||
+					    (sk_CONF_VALUE_num(attr) <= i))
 					break;

-				v=(CONF_VALUE *)sk_value(attr,i);
+				v=sk_CONF_VALUE_value(attr,i);
 				type=v->name;
 				if ((nid=OBJ_txt2nid(type)) == NID_undef)
 					goto start2;
@@ -979,7 +980,7 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	MS_STATIC char buf[1024];

 	BIO_printf(bio_err,"%s [%s]:",text,def);
-	BIO_flush(bio_err);
+	(void)BIO_flush(bio_err);
 	if (value != NULL)
 		{
 		strcpy(buf,value);
@@ -1013,6 +1014,9 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
 	if (req_fix_data(nid,&j,i,min,max) == 0)
 		goto err;
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(buf, buf, i);
+#endif
 	if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf,
 		strlen(buf)))
 		== NULL) goto err;
@@ -1037,7 +1041,7 @@ static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,

 start:
 	BIO_printf(bio_err,"%s [%s]:",text,def);
-	BIO_flush(bio_err);
+	(void)BIO_flush(bio_err);
 	if (value != NULL)
 		{
 		strcpy(buf,value);
@@ -1111,7 +1115,7 @@ err:
 	return(0);
 	}

-static void MS_CALLBACK req_cb(int p, int n, char *arg)
+static void MS_CALLBACK req_cb(int p, int n, void *arg)
 	{
 	char c='*';

@@ -1120,7 +1124,7 @@ static void MS_CALLBACK req_cb(int p, int n, char *arg)
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
@@ -1173,7 +1177,7 @@ static int check_end(char *str, char *end)
 static int add_oid_section(LHASH *conf)
 {	
 	char *p;
-	STACK *sktmp;
+	STACK_OF(CONF_VALUE) *sktmp;
 	CONF_VALUE *cnf;
 	int i;
 	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
@@ -1181,8 +1185,8 @@ static int add_oid_section(LHASH *conf)
 		BIO_printf(bio_err, "problem loading oid section %s\n", p);
 		return 0;
 	}
-	for(i = 0; i < sk_num(sktmp); i++) {
-		cnf = (CONF_VALUE *)sk_value(sktmp, i);
+	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+		cnf = sk_CONF_VALUE_value(sktmp, i);
 		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
 			BIO_printf(bio_err, "problem creating object %s=%s\n",
 							 cnf->name, cnf->value);
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -81,6 +81,7 @@
 * -idea	- encrypt output if PEM format
 * -text	- print a text version
 * -modulus	- print the RSA key modulus
+ * -check	- verify key consistency
 */

 int MAIN(int argc, char **argv)
@@ -90,7 +91,7 @@ int MAIN(int argc, char **argv)
 	int i,badops=0;
 	const EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
-	int informat,outformat,text=0,noout=0;
+	int informat,outformat,text=0,check=0,noout=0;
 	char *infile,*outfile,*prog;
 	int modulus=0;

@@ -136,6 +137,8 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus=1;
+		else if (strcmp(*argv,"-check") == 0)
+			check=1;
 		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -163,6 +166,7 @@ bad:
 		BIO_printf(bio_err," -text         print the key in text\n");
 		BIO_printf(bio_err," -noout        don't print key out\n");
 		BIO_printf(bio_err," -modulus      print the RSA key modulus\n");
+		BIO_printf(bio_err," -check        verify key consistency\n");
 		goto end;
 		}

@@ -218,7 +222,7 @@ bad:
 		}
 #endif
 	else if (informat == FORMAT_PEM)
-		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL);
+		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified for key\n");
@@ -257,6 +261,33 @@ bad:
 		fprintf(stdout,"\n");
 		}

+	if (check)
+		{
+		int r = RSA_check_key(rsa);
+
+		if (r == 1)
+			BIO_printf(out,"RSA key ok\n");
+		else if (r == 0)
+			{
+			long e;
+
+			while ((e = ERR_peek_error()) != 0 &&
+				ERR_GET_LIB(e) == ERR_LIB_RSA &&
+				ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
+				ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
+				{
+				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
+				ERR_get_error(); /* remove e from error stack */
+				}
+			}
+		
+		if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		}
+		
 	if (noout) goto end;
 	BIO_printf(bio_err,"writing RSA private key\n");
 	if 	(outformat == FORMAT_ASN1)
@@ -281,7 +312,7 @@ bad:
 		}
 #endif
 	else if (outformat == FORMAT_PEM)
-		i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL);
+		i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -56,22 +56,26 @@
 * [including the GNU Public Licence.]
 */

+#ifdef APPS_CRLF
+# include <assert.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef NO_STDIO
+#define APPS_WIN16
+#endif
+
 /* With IPv6, it looks like Digital has mixed up the proper order of
   recursive header file inclusion, resulting in the compiler complaining
   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
   is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(__DECC) && !defined(__U_INT)
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
 #define __U_INT
 typedef unsigned int u_int;
 #endif

-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
 #define USE_SOCKETS
-#ifdef NO_STDIO
-#define APPS_WIN16
-#endif
 #include "apps.h"
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
@@ -137,6 +141,9 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
 #ifdef FIONBIO
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
+#endif
+#ifdef APPS_CRLF /* won't be #ifdef'd in next release */
+	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
 #endif
 	BIO_printf(bio_err," -quiet        - no s_client output\n");
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
@@ -164,6 +171,9 @@ int MAIN(int argc, char **argv)
 	char *cert_file=NULL,*key_file=NULL;
 	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
 	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
+#ifdef APPS_CRLF
+	int crlf=0;
+#endif
 	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
@@ -234,6 +244,10 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			cert_file= *(++argv);
 			}
+#ifdef APPS_CRLF
+		else if	(strcmp(*argv,"-crlf") == 0)
+			crlf=1;
+#endif
 		else if	(strcmp(*argv,"-quiet") == 0)
 			c_quiet=1;
 		else if	(strcmp(*argv,"-pause") == 0)
@@ -555,6 +569,9 @@ re_start:
 #ifndef WINDOWS
 		else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
 			{
+#ifdef CHARSET_EBCDIC
+			ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
+#endif
 			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);

 			if (i <= 0)
@@ -630,7 +647,32 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 #ifndef WINDOWS
 		else if (FD_ISSET(fileno(stdin),&readfds))
 			{
-			i=read(fileno(stdin),cbuf,BUFSIZZ);
+#ifdef APPS_CRLF
+			if (crlf)
+				{
+				int j, lf_num;
+
+				i=read(fileno(stdin),cbuf,BUFSIZZ/2);
+				lf_num = 0;
+				/* both loops are skipped when i <= 0 */
+				for (j = 0; j < i; j++)
+					if (cbuf[j] == '\n')
+						lf_num++;
+				for (j = i-1; j >= 0; j--)
+					{
+					cbuf[j+lf_num] = cbuf[j];
+					if (cbuf[j] == '\n')
+						{
+						lf_num--;
+						i++;
+						cbuf[j+lf_num] = '\r';
+						}
+					}
+				assert(lf_num == 0);
+				}
+			else
+#endif
+				i=read(fileno(stdin),cbuf,BUFSIZZ);

 			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
 				{
@@ -648,6 +690,9 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 				{
 				cbuf_len=i;
 				cbuf_off=0;
+#ifdef CHARSET_EBCDIC
+				ebcdic2ascii(cbuf, cbuf, i);
+#endif
 				}

 			write_ssl=1;
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -56,15 +56,9 @@
 * [including the GNU Public Licence.]
 */

-/* With IPv6, it looks like Digital has mixed up the proper order of
-   recursive header file inclusion, resulting in the compiler complaining
-   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
-   is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(__DECC) && !defined(__U_INT)
-#define __U_INT
-typedef unsigned int u_int;
+#ifdef APPS_CRLF
+# include <assert.h>
 #endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -73,6 +67,16 @@ typedef unsigned int u_int;
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
+
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
 #include <openssl/lhash.h>
 #include <openssl/bn.h>
 #define USE_SOCKETS
@@ -93,7 +97,7 @@ typedef unsigned int u_int;
 #endif

 #ifndef NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength);
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
 #endif
 static int sv_body(char *hostname, int s, unsigned char *context);
 static int www_body(char *hostname, int s, unsigned char *context);
@@ -108,11 +112,11 @@ static DH *get_dh512(void);
 /* static void s_server_init(void);*/

 #ifndef S_ISDIR
-#if defined(VMS) && !defined(__DECC)
-#define S_ISDIR(a)	(((a) & S_IFMT) == S_IFDIR)
-#else
-#define S_ISDIR(a)	(((a) & _S_IFMT) == _S_IFDIR)
-#endif
+# if defined(_S_IFMT) && defined(_S_IFDIR)
+#  define S_ISDIR(a)	(((a) & _S_IFMT) == _S_IFDIR)
+# else
+#  define S_ISDIR(a)	(((a) & S_IFMT) == S_IFDIR)
+# endif
 #endif

 #ifndef NO_DH
@@ -165,6 +169,9 @@ static char *s_dcert_file=NULL,*s_dkey_file=NULL;
 static int s_nbio=0;
 #endif
 static int s_nbio_test=0;
+#ifdef APPS_CRLF /* won't be #ifdef'd in next release */
+int s_crlf=0;
+#endif
 static SSL_CTX *ctx=NULL;
 static int www=0;

@@ -212,6 +219,9 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
 	BIO_printf(bio_err," -nbio_test    - test with the non-blocking test bio\n");
+#ifdef APPS_CRLF
+	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
+#endif
 	BIO_printf(bio_err," -debug        - Print more output\n");
 	BIO_printf(bio_err," -state        - Print the SSL states\n");
 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
@@ -226,6 +236,9 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
 	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
 	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
+#ifndef NO_DH
+	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
+#endif
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatability\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
@@ -235,6 +248,156 @@ static int local_argc=0;
 static char **local_argv;
 static int hack=0;

+#ifdef CHARSET_EBCDIC
+static int ebcdic_new(BIO *bi);
+static int ebcdic_free(BIO *a);
+static int ebcdic_read(BIO *b, char *out, int outl);
+static int ebcdic_write(BIO *b, char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
+static int ebcdic_gets(BIO *bp, char *buf, int size);
+static int ebcdic_puts(BIO *bp, char *str);
+
+#define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
+static BIO_METHOD methods_ebcdic=
+	{
+	BIO_TYPE_EBCDIC_FILTER,
+	"EBCDIC/ASCII filter",
+	ebcdic_write,
+	ebcdic_read,
+	ebcdic_puts,
+	ebcdic_gets,
+	ebcdic_ctrl,
+	ebcdic_new,
+	ebcdic_free,
+	};
+
+typedef struct
+{
+	size_t	alloced;
+	char	buff[1];
+} EBCDIC_OUTBUFF;
+
+BIO_METHOD *BIO_f_ebcdic_filter()
+{
+	return(&methods_ebcdic);
+}
+
+static int ebcdic_new(BIO *bi)
+{
+	EBCDIC_OUTBUFF *wbuf;
+
+	wbuf = (EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+	wbuf->alloced = 1024;
+	wbuf->buff[0] = '\0';
+
+	bi->ptr=(char *)wbuf;
+	bi->init=1;
+	bi->flags=0;
+	return(1);
+}
+
+static int ebcdic_free(BIO *a)
+{
+	if (a == NULL) return(0);
+	if (a->ptr != NULL)
+		Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+}
+	
+static int ebcdic_read(BIO *b, char *out, int outl)
+{
+	int ret=0;
+
+	if (out == NULL || outl == 0) return(0);
+	if (b->next_bio == NULL) return(0);
+
+	ret=BIO_read(b->next_bio,out,outl);
+	if (ret > 0)
+		ascii2ebcdic(out,out,ret);
+	return(ret);
+}
+
+static int ebcdic_write(BIO *b, char *in, int inl)
+{
+	EBCDIC_OUTBUFF *wbuf;
+	int ret=0;
+	int num;
+	unsigned char n;
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+	if (b->next_bio == NULL) return(0);
+
+	wbuf=(EBCDIC_OUTBUFF *)b->ptr;
+
+	if (inl > (num = wbuf->alloced))
+	{
+		num = num + num;  /* double the size */
+		if (num < inl)
+			num = inl;
+		Free((char*)wbuf);
+		wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num);
+
+		wbuf->alloced = num;
+		wbuf->buff[0] = '\0';
+
+		b->ptr=(char *)wbuf;
+	}
+
+	ebcdic2ascii(wbuf->buff, in, inl);
+
+	ret=BIO_write(b->next_bio, wbuf->buff, inl);
+
+	return(ret);
+}
+
+static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
+{
+	long ret;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+	{
+	case BIO_CTRL_DUP:
+		ret=0L;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	}
+	return(ret);
+}
+
+static int ebcdic_gets(BIO *bp, char *buf, int size)
+{
+	int i, ret;
+	if (bp->next_bio == NULL) return(0);
+/*	return(BIO_gets(bp->next_bio,buf,size));*/
+	for (i=0; i<size-1; ++i)
+	{
+		ret = ebcdic_read(bp,&buf[i],1);
+		if (ret <= 0)
+			break;
+		else if (buf[i] == '\n')
+		{
+			++i;
+			break;
+		}
+	}
+	if (i < size)
+		buf[i] = '\0';
+	return (ret < 0 && i == 0) ? ret : i;
+}
+
+static int ebcdic_puts(BIO *bp, char *str)
+{
+	if (bp->next_bio == NULL) return(0);
+	return ebcdic_write(bp, str, strlen(str));
+}
+#endif
+
 int MAIN(int argc, char *argv[])
 	{
 	short port=PORT;
@@ -243,7 +406,7 @@ int MAIN(int argc, char *argv[])
 	int badop=0,bugs=0;
 	int ret=1;
 	int off=0;
-	int no_tmp_rsa=0,nocert=0;
+	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
 #ifndef NO_DH
@@ -362,12 +525,18 @@ int MAIN(int argc, char *argv[])
 			{ hack=1; }
 		else if	(strcmp(*argv,"-state") == 0)
 			{ state=1; }
+#ifdef APPS_CRLF
+		else if	(strcmp(*argv,"-crlf") == 0)
+			{ s_crlf=1; }
+#endif
 		else if	(strcmp(*argv,"-quiet") == 0)
 			{ s_quiet=1; }
 		else if	(strcmp(*argv,"-bugs") == 0)
 			{ bugs=1; }
 		else if	(strcmp(*argv,"-no_tmp_rsa") == 0)
 			{ no_tmp_rsa=1; }
+		else if	(strcmp(*argv,"-no_dhe") == 0)
+			{ no_dhe=1; }
 		else if	(strcmp(*argv,"-www") == 0)
 			{ www=1; }
 		else if	(strcmp(*argv,"-WWW") == 0)
@@ -470,21 +639,24 @@ bad:
 		}

 #ifndef NO_DH
-	/* EAY EAY EAY evil hack */
-	dh=load_dh_param();
-	if (dh != NULL)
+	if (!no_dhe)
 		{
-		BIO_printf(bio_s_out,"Setting temp DH parameters\n");
-		}
-	else
-		{
-		BIO_printf(bio_s_out,"Using default temp DH parameters\n");
-		dh=get_dh512();
-		}
-	BIO_flush(bio_s_out);
+		/* EAY EAY EAY evil hack */
+		dh=load_dh_param();
+		if (dh != NULL)
+			{
+			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
+			}
+		else
+			{
+			BIO_printf(bio_s_out,"Using default temp DH parameters\n");
+			dh=get_dh512();
+			}
+		(void)BIO_flush(bio_s_out);

-	SSL_CTX_set_tmp_dh(ctx,dh);
-	DH_free(dh);
+		SSL_CTX_set_tmp_dh(ctx,dh);
+		DH_free(dh);
+		}
 #endif
 	
 	if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
@@ -641,7 +813,32 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		if (i <= 0) continue;
 		if (FD_ISSET(fileno(stdin),&readfds))
 			{
-			i=read(fileno(stdin),buf,bufsize);
+#ifdef APPS_CRLF
+			if (s_crlf)
+				{
+				int j, lf_num;
+
+				i=read(fileno(stdin), buf, bufsize/2);
+				lf_num = 0;
+				/* both loops are skipped when i <= 0 */
+				for (j = 0; j < i; j++)
+					if (buf[j] == '\n')
+						lf_num++;
+				for (j = i-1; j >= 0; j--)
+					{
+					buf[j+lf_num] = buf[j];
+					if (buf[j] == '\n')
+						{
+						lf_num--;
+						i++;
+						buf[j+lf_num] = '\r';
+						}
+					}
+				assert(lf_num == 0);
+				}
+			else
+#endif
+				i=read(fileno(stdin),buf,bufsize);
 			if (!s_quiet)
 				{
 				if ((i <= 0) || (buf[0] == 'Q'))
@@ -692,6 +889,9 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 					print_stats(bio_s_out,SSL_get_SSL_CTX(con));
 					}
 				}
+#ifdef CHARSET_EBCDIC
+			ebcdic2ascii(buf,buf,i);
+#endif
 			l=k=0;
 			for (;;)
 				{
@@ -750,6 +950,9 @@ again:
 				switch (SSL_get_error(con,i))
 					{
 				case SSL_ERROR_NONE:
+#ifdef CHARSET_EBCDIC
+					ascii2ebcdic(buf,buf,i);
+#endif
 					write(fileno(stdout),buf,
 						(unsigned int)i);
 					if (SSL_pending(con)) goto again;
@@ -863,7 +1066,7 @@ static DH *load_dh_param(void)

 	if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)
 		goto err;
-	ret=PEM_read_bio_DHparams(bio,NULL,NULL);
+	ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
 err:
 	if (bio != NULL) BIO_free(bio);
 	return(ret);
@@ -941,6 +1144,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
 	/* SSL_set_fd(con,s); */
 	BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
 	BIO_push(io,ssl_bio);
+#ifdef CHARSET_EBCDIC
+	io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io);
+#endif

 	if (s_debug)
 		{
@@ -1010,7 +1216,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			static char *space="                          ";

 			BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
-			BIO_puts(io,"<HTML><BODY BGCOLOR=ffffff>\n");
+			BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
 			BIO_puts(io,"<pre>\n");
 /*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
 			BIO_puts(io,"\n");
@@ -1082,7 +1288,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			BIO_puts(io,"</BODY></HTML>\r\n\r\n");
 			break;
 			}
-		else if ((www == 2) && (strncmp("GET ",buf,4) == 0))
+		else if ((www == 2) && (strncmp("GET /",buf,5) == 0))
 			{
 			BIO *file;
 			char *p,*e;
@@ -1235,7 +1441,7 @@ err:
 	}

 #ifndef NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export, int keylength)
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	{
 	static RSA *rsa_tmp=NULL;

@@ -1244,13 +1450,13 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export, int keylength)
 		if (!s_quiet)
 			{
 			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
-			BIO_flush(bio_err);
+			(void)BIO_flush(bio_err);
 			}
 		rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
 		if (!s_quiet)
 			{
 			BIO_printf(bio_err,"\n");
-			BIO_flush(bio_err);
+			(void)BIO_flush(bio_err);
 			}
 		}
 	return(rsa_tmp);
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -56,20 +56,21 @@
 * [including the GNU Public Licence.]
 */

-/* With IPv6, it looks like Digital has mixed up the proper order of
-   recursive header file inclusion, resulting in the compiler complaining
-   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
-   is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(__DECC) && !defined(__U_INT)
-#define __U_INT
-typedef unsigned int u_int;
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
 #include <signal.h>
+
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
 #define USE_SOCKETS
 #define NON_MAIN
 #include "apps.h"
@@ -494,7 +495,7 @@ int host_ip(char *str, unsigned char ip[4])
 	unsigned int in[4]; 
 	int i;

-	if (sscanf(str,"%d.%d.%d.%d",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
 		{
 		for (i=0; i<4; i++)
 			if (in[i] > 255)
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -289,7 +289,7 @@ static SSL_SESSION *load_sess_id(char *infile, int format)
 	if 	(format == FORMAT_ASN1)
 		x=d2i_SSL_SESSION_bio(in,NULL);
 	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_SSL_SESSION(in,NULL,NULL);
+		x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -123,9 +123,11 @@
 #endif
 #ifndef NO_MD5
 #include <openssl/md5.h>
-#include <openssl/hmac.h>
-#include <openssl/evp.h>
 #endif
+#ifndef NO_HMAC
+#include <openssl/hmac.h>
+#endif
+#include <openssl/evp.h>
 #ifndef NO_SHA
 #include <openssl/sha.h>
 #endif
@@ -239,7 +241,6 @@ static double Time_F(int s)
 int MAIN(int argc, char **argv)
 	{
 	unsigned char *buf=NULL,*buf2=NULL;
-	des_cblock *buf_as_des_cblock = NULL;
 	int ret=1;
 #define ALGOR_NUM	14
 #define SIZE_NUM	5
@@ -286,6 +287,7 @@ int MAIN(int argc, char **argv)
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
 	unsigned char iv[8];
 #ifndef NO_DES
+	des_cblock *buf_as_des_cblock = NULL;
 	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
 	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
 	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
@@ -361,7 +363,9 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
+#ifndef NO_DES
 	buf_as_des_cblock = (des_cblock *)buf;
+#endif
 	if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
@@ -754,7 +758,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif

-#ifndef NO_MD5
+#if !defined(NO_MD5) && !defined(NO_HMAC)
 	if (doit[D_HMAC])
 		{
 		HMAC_CTX hctx;
@@ -1130,7 +1134,7 @@ int MAIN(int argc, char **argv)
 			printf("%18ssign    verify    sign/s verify/s\n"," ");
 			j=0;
 			}
-		fprintf(stdout,"rsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
+		fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f",
 			rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
 			1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
 		fprintf(stdout,"\n");
@@ -1145,7 +1149,7 @@ int MAIN(int argc, char **argv)
 			printf("%18ssign    verify    sign/s verify/s\n"," ");
 			j=0;
 			}
-		fprintf(stdout,"dsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
+		fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f",
 			dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
 			1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
 		fprintf(stdout,"\n");
@@ -1172,11 +1176,11 @@ static void print_message(char *s, long num, int length)
 	{
 #ifdef SIGALRM
 	BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
-	BIO_flush(bio_err);
+	(void)BIO_flush(bio_err);
 	alarm(SECONDS);
 #else
 	BIO_printf(bio_err,"Doing %s %ld times on %d size blocks: ",s,num,length);
-	BIO_flush(bio_err);
+	(void)BIO_flush(bio_err);
 #endif
 #ifdef LINT
 	num=num;
@@ -1188,11 +1192,11 @@ static void pkey_print_message(char *str, char *str2, long num, int bits,
 	{
 #ifdef SIGALRM
 	BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
-	BIO_flush(bio_err);
+	(void)BIO_flush(bio_err);
 	alarm(RSA_SECONDS);
 #else
 	BIO_printf(bio_err,"Doing %ld %d bit %s %s's: ",num,bits,str,str2);
-	BIO_flush(bio_err);
+	(void)BIO_flush(bio_err);
 #endif
 #ifdef LINT
 	num=num;
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -171,7 +171,7 @@ static int check(X509_STORE *ctx, char *file)
 			}
 		}

-	x=PEM_read_bio_X509(in,NULL,NULL);
+	x=PEM_read_bio_X509(in,NULL,NULL,NULL);
 	if (x == NULL)
 		{
 		fprintf(stdout,"%s: unable to load certificate file\n",
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -85,7 +85,7 @@
 static char *x509_usage[]={
 "usage: x509 args\n",
 " -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
-" -outform arg    - output format - default PEM (one of DER, NET or PEM\n",
+" -outform arg    - output format - default PEM (one of DER, NET or PEM)\n",
 " -keyform arg    - private key format - default PEM\n",
 " -CAform arg     - CA format - default PEM\n",
 " -CAkeyform arg  - CA key format - default PEM\n",
@@ -377,7 +377,7 @@ bad:
 				goto end;
 				}
 			}
-		req=PEM_read_bio_X509_REQ(in,NULL,NULL);
+		req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
 		BIO_free(in);

 		if (req == NULL) { perror(infile); goto end; }
@@ -855,18 +855,6 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
 		goto end;

-	/* don't save DSA parameters in child if parent has them
-	 * and the parents and the childs are the same. */
-	upkey=X509_get_pubkey(x);
-	if (!EVP_PKEY_missing_parameters(pkey) &&
-		(EVP_PKEY_cmp_parameters(pkey,upkey) == 0))
-		{
-		EVP_PKEY_save_parameters(upkey,0);
-		/* Force a re-write */
-		X509_set_pubkey(x,upkey);
-		}
-	EVP_PKEY_free(upkey);
-
 	if(conf) {
 		X509V3_CTX ctx2;
 		X509_set_version(x,2); /* version 3 certificate */
@@ -960,7 +948,7 @@ static EVP_PKEY *load_key(char *file, int format)
 #endif
 		if (format == FORMAT_PEM)
 		{
-		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL);
+		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,NULL);
 		}
 	else
 		{
@@ -1043,7 +1031,7 @@ static X509 *load_cert(char *file, int format)
 		ah->data=NULL;
 		}
 	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509(cert,NULL,NULL);
+		x=PEM_read_bio_X509(cert,NULL,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad input format specified for input cert\n");
 		goto end;
--- a/189
+++ b/189
@@ -94,12 +94,16 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	esac
 	;;

-    IRIX:*)
-	echo "${MACHINE}-sgi-irix"; exit 0
+    IRIX:5.*)
+	echo "mips2-sgi-irix"; exit 0
+	;;
+
+    IRIX:6.*)
+	echo "mips3-sgi-irix"; exit 0
 	;;

    IRIX64:*)
-	echo "${MACHINE}-sgi-irix64"; exit 0
+	echo "mips4-sgi-irix64"; exit 0
 	;;

    Linux:[2-9].*)
@@ -114,32 +118,42 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-lynx-lynxos"; exit 0
 	;;

+    BSD/OS:4.*)  # BSD/OS always says 386
+	echo "i486-whatever-bsdi4"; exit 0
+	;;
+
    BSD/386:*:*:*486*|BSD/OS:*:*:*:*486*)
-	echo "i486-whatever-bsdi"; exit 0
+        case `/sbin/sysctl -n hw.model` in
+	    Pentium*)
+                echo "i586-whatever-bsdi"; exit 0
+                ;;
+            *)
+                echo "i386-whatever-bsdi"; exit 0
+                ;;
+            esac;
 	;;

    BSD/386:*|BSD/OS:*)
 	echo "${MACHINE}-whatever-bsdi"; exit 0
 	;;

-    FreeBSD:3*:*:*)
-	echo "${MACHINE}-whatever-freebsd3"; exit 0
-	;;
-
-    FreeBSD:*:*:*386*)
-        case `sysctl -n hw.model` in
-	    Pentium*)
-                echo "i586-whatever-freebsd"; exit 0
-                ;;
-            *)
-                echo "i386-whatever-freebsd"; exit 0
-                ;;
-            esac;
-	;;
-
    FreeBSD:*)
-	echo "${MACHINE}-whatever-freebsd"; exit 0
-	;;
+        VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
+        MACH=`sysctl -n hw.model`
+        ARCH='whatever'
+        case ${MACH} in
+           *386*       ) MACH="i386"     ;;
+           *486*       ) MACH="i486"     ;;
+           Pentium\ II*) MACH="i686"     ;;
+           Pentium*    ) MACH="i586"     ;;
+           Alpha*      ) MACH="alpha"    ;;
+           *           ) MACH="$MACHINE" ;;
+        esac
+        case ${MACH} in
+           i[0-9]86 ) ARCH="pc" ;;
+        esac
+        echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
+        ;;

    NetBSD:*:*:*386*)
        echo "`sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whateve\r-netbsd"; exit 0
@@ -205,6 +219,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-siemens-sysv4"; exit 0
 	;;

+    POSIX-BC*)
+	echo "${MACHINE}-siemens-sysv4"; exit 0   # Here, $MACHINE == "BS2000"
+	;;
+
    machten:*)
       echo "${MACHINE}-tenon-${SYSTEM}"; exit 0;
       ;;
@@ -235,6 +253,9 @@ fi
 # Now NeXT
 ISNEXT=`hostinfo 2>/dev/null`
 case "$ISNEXT" in
+    *'NeXT Mach 3.3'*)
+	echo "whatever-next-nextstep3.3"; exit 0
+	;;
    *NeXT*)
 	echo "whatever-next-nextstep"; exit 0
 	;;
@@ -278,21 +299,38 @@ done

 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
-GCCVER=`(gcc -v) 2>&1`
-if [ $? = "0" ]; then
+GCCVER=`(gcc --version) 2>/dev/null`
+if [ "$GCCVER" != "" ]; then
  CC=gcc
+  # then strip off whatever prefix Cygnus prepends the number with...
+  GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
+  # peak single digit before and after first dot, e.g. 2.95.1 gives 29
+  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
 else
  CC=cc
-  if [ "$SYSTEM" = "SunOS" ]
-  then
-   case `cc -V 2>&1` in
-    *4*) CC=cc;;
-    *5*) CC=cc;;
-    *) CC=sc3;;
-   esac
+fi
+
+if [ "$SYSTEM" = "SunOS" ]; then
+  # assume output is "blah-blah C x.x"
+  CCVER=`(cc -V 2>&1) 2>/dev/null | \
+  	egrep -e '^cc: .* C [0-9]\.[0-9]' | \
+	sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'`
+  CCVER=${CCVER:-0}
+  if [ $CCVER -gt 40 ]; then
+    CC=cc	# overrides gcc!!!
+    if [ $CCVER -eq 50 ]; then
+      echo "WARNING! Detected WorkShop C 5.0. Do make sure you have"
+      echo "         patch #107357-01 or later applied."
+      sleep 5
+    fi
+  elif [ "$CC" = "cc" -a $CCVER -gt 0 ]; then
+    CC=sc3
  fi
 fi

+GCCVER=${GCCVER:-0}
+CCVER=${CCVER:-0}
+
 # read the output of the embedded GuessOS 
 read GUESSOS

@@ -305,15 +343,67 @@ case "$GUESSOS" in
  alpha-*-linux2) OUT="alpha-gcc" ;;
  ppc-*-linux2) OUT="linux-ppc" ;;
  mips-*-linux?) OUT="linux-mips" ;;
+  mips2-sgi-irix)
+	CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=${CPU:-0}
+	if [ $CPU -ge 4000 ]; then
+		options="$options -mips2"
+	fi
+	OUT="irix-$CC"
+	;;
+  mips3-sgi-irix)
+	CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=${CPU:-0}
+	if [ $CPU -ge 5000 ]; then
+		options="$options -mips4"
+	else
+		options="$options -mips3"
+	fi
+	OUT="irix-mips3-$CC"
+	;;
+  mips4-sgi-irix64)
+	echo "WARNING! If you wish to build 64-bit library, then you have to"
+	echo "         invoke './Configre irix64-mips4-$CC' *manually*."
+	echo "         Type Ctrl-C if you don't want to continue."
+	read waste < /dev/tty
+	options="$options -mips4"
+	OUT="irix-mips3-$CC"
+	;;
+  sparc64-*-linux2)
+	#Before we can uncomment following lines we have to wait at least
+	#till 64-bit glibc for SPARC is operational:-(
+	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+	#echo "         Type Ctrl-C if you don't want to continue."
+	#read waste < /dev/tty
+	OUT="linux-sparcv9" ;;
+  sparc-*-linux2)
+	KARCH=`awk '/type/{print$3}' /proc/cpuinfo`
+	case ${KARCH:-sun4} in
+	sun4u*)	OUT="linux-sparcv9" ;;
+	sun4m)	OUT="linux-sparcv8" ;;
+	sun4d)	OUT="linux-sparcv8" ;;
+	*)	OUT="linux-sparcv7" ;;
+	esac ;;
  *-*-linux2) OUT="linux-elf" ;;
  *-*-linux1) OUT="linux-aout" ;;
-  sun4u-sun-solaris2) OUT="solaris-usparc-$CC" ;;
-  sun4*-sun-solaris2) OUT="solaris-sparc-$CC" ;;
+  sun4u*-sun-solaris2)
+	ISA64=`(isalist) 2>/dev/null | grep sparcv9`
+	if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
+		echo "WARNING! If you wish to build 64-bit library, then you have to"
+		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
+		echo "         Type Ctrl-C if you don't want to continue."
+		read waste < /dev/tty
+	fi
+	OUT="solaris-sparcv9-$CC" ;;
+  sun4m-sun-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4d-sun-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4*-sun-solaris2)	OUT="solaris-sparcv7-$CC" ;;
  *86*-sun-solaris2) OUT="solaris-x86-$CC" ;;
  *-*-sunos4) OUT="sunos-$CC" ;;
-  alpha*-*-freebsd3) OUT="FreeBSD-alpha" ;;
-  *-freebsd3) OUT="FreeBSD-elf" ;;
-  *-freebsd) OUT="FreeBSD" ;;
+  alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
+  *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
+  *-freebsd[1-2]*) OUT="FreeBSD" ;;
  *86*-*-netbsd) OUT="NetBSD-x86" ;;
  sun3*-*-netbsd) OUT="NetBSD-m68" ;;
  *-*-netbsd) OUT="NetBSD-sparc" ;;
@@ -321,8 +411,10 @@ case "$GUESSOS" in
  alpha*-*-openbsd) OUT="OpenBSD-alpha" ;;
  pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
  *-*-openbsd) OUT="OpenBSD" ;;
+  *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
  *-*-osf) OUT="alpha-cc" ;;
  *-*-unixware*) OUT="unixware-2.0" ;;
+  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
  # these are all covered by the catchall below
@@ -333,21 +425,32 @@ case "$GUESSOS" in
 esac

 # gcc < 2.8 does not support -mcpu=ultrasparc
-if [ "$OUT" = solaris-usparc-gcc ]
+if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
 then
- GCCVERMAJOR="`echo $GCCVER | sed 's/.*version \([^.]*\).*/\1/`"
- GCCVERMINOR="`echo $GCCVER | sed 's/.*version[^.]*\.\([^.]*\).*/\1/`"
- echo "gcc version $GCCVERMAJOR.$GCCVERMINOR.x"
- if [ $GCCVERMAJOR$GCCVERMINOR -lt 28 ]
- then
-  OUT=solaris-usparc-oldgcc
- fi
+  echo "WARNING! Do consider upgrading to gcc-2.8 or later."
+  sleep 5
+  OUT=solaris-sparcv9-gcc27
+fi
+if [ "$OUT" = "linux-sparcv9" -a $GCCVER -lt 28 ]
+then
+  echo "WARNING! Falling down to 'linux-sparcv8'."
+  echo "         Upgrade to gcc-2.8 or later."
+  sleep 5
+  OUT=linux-sparcv8
 fi

 case "$GUESSOS" in
  i386-*) options="$options 386" ;;
 esac

+for i in bf cast des dh dsa hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+do
+  if [ ! -d crypto/$i ]
+  then
+    options="$options no-$i"
+  fi
+done
+
 if [ -z "$OUT" ]; then
  OUT="$CC"
 fi
--- a/crypto/.cvsignore
+++ b/crypto/.cvsignore
@@ -1,4 +1,4 @@
 lib
-date.h
+buildinf.h
 opensslconf.h
 Makefile.save
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -20,7 +20,7 @@ AR=		ar r
 PEX_LIBS=
 EX_LIBS=
 
-CFLAGS= $(INCLUDE) $(CFLAG) -DCFLAGS="\"$(CC) $(CFLAG)\"" -DPLATFORM="\"$(PLATFORM)\""
+CFLAGS= $(INCLUDE) $(CFLAG)


 LIBS=
@@ -39,18 +39,23 @@ LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o tmdiff.o cpt_err.o

 SRC= $(LIBSRC)

-EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h
-HEADER=	cryptlib.h date.h $(EXHEADER)
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
+HEADER=	cryptlib.h buildinf.h $(EXHEADER)

 ALL=    $(GENERAL) $(SRC) $(HEADER)

 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)

-all: date.h lib subdirs
+all: buildinf.h lib subdirs

-date.h: ../Makefile.ssl
-	echo "#define DATE \"`date`\"" >date.h
+buildinf.h: ../Makefile.ssl
+	( echo "#ifndef MK1MF_BUILD"; \
+	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+	echo "  #define DATE \"`date`\""; \
+	echo "#endif" ) >buildinf.h

 subdirs:
 	@for i in $(SDIRS) ;\
@@ -106,7 +111,7 @@ install:
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making install in crypto/$$i..."; \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
 	done;

 lint:
@@ -117,7 +122,9 @@ lint:
 	done;

 depend:
+	if [ ! -e buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
 	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making depend in crypto/$$i..."; \
@@ -125,7 +132,7 @@ depend:
 	done;

 clean:
-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making clean in crypto/$$i..."; \
@@ -149,12 +156,12 @@ cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-cryptlib.o: ../include/openssl/stack.h cryptlib.h date.h
+cryptlib.o: ../include/openssl/stack.h cryptlib.h
 cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-cversion.o: ../include/openssl/stack.h cryptlib.h date.h
+cversion.o: ../include/openssl/stack.h buildinf.h cryptlib.h
 ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -137,40 +137,19 @@ a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_bool.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 a_bool.o: ../cryptlib.h
 a_bytes.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-a_bytes.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_bytes.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-a_bytes.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-a_bytes.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-a_bytes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_bytes.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-a_bytes.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-a_bytes.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_bytes.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-a_bytes.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_bytes.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_bytes.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-a_bytes.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bytes.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_bytes.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_bytes.o: ../../include/openssl/stack.h ../cryptlib.h
 a_d2i_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_d2i_fp.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-a_d2i_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_d2i_fp.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-a_d2i_fp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-a_d2i_fp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-a_d2i_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_d2i_fp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-a_d2i_fp.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-a_d2i_fp.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-a_d2i_fp.o: ../../include/openssl/opensslconf.h
-a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-a_d2i_fp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_d2i_fp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-a_d2i_fp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_d2i_fp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_d2i_fp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_d2i_fp.o: ../cryptlib.h
+a_d2i_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_d2i_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_d2i_fp.o: ../../include/openssl/stack.h ../cryptlib.h
 a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -181,30 +160,18 @@ a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 a_digest.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
 a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-a_digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-a_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_digest.o: ../cryptlib.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+a_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_digest.o: ../../include/openssl/stack.h ../cryptlib.h
 a_dup.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_dup.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-a_dup.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_dup.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-a_dup.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-a_dup.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-a_dup.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_dup.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-a_dup.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-a_dup.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_dup.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-a_dup.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_dup.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_dup.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-a_dup.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+a_dup.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_dup.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_dup.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_dup.o: ../../include/openssl/stack.h ../cryptlib.h
 a_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
@@ -220,40 +187,19 @@ a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 a_gentm.o: ../cryptlib.h
 a_hdr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_hdr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-a_hdr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_hdr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-a_hdr.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-a_hdr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-a_hdr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_hdr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-a_hdr.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-a_hdr.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_hdr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-a_hdr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_hdr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_hdr.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-a_hdr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+a_hdr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_hdr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_hdr.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_hdr.o: ../../include/openssl/stack.h ../cryptlib.h
 a_i2d_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-a_i2d_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_i2d_fp.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-a_i2d_fp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-a_i2d_fp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-a_i2d_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_i2d_fp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-a_i2d_fp.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-a_i2d_fp.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-a_i2d_fp.o: ../../include/openssl/opensslconf.h
-a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-a_i2d_fp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_i2d_fp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-a_i2d_fp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_i2d_fp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_i2d_fp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_i2d_fp.o: ../cryptlib.h
+a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_i2d_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_i2d_fp.o: ../../include/openssl/stack.h ../cryptlib.h
 a_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
@@ -262,21 +208,11 @@ a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 a_int.o: ../cryptlib.h
 a_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-a_meth.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-a_meth.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-a_meth.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_meth.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-a_meth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_meth.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-a_meth.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-a_meth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-a_meth.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_meth.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-a_meth.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_meth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_meth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 a_meth.o: ../cryptlib.h
 a_object.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_object.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -300,22 +236,12 @@ a_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 a_print.o: ../cryptlib.h
 a_set.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_set.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-a_set.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_set.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-a_set.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-a_set.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-a_set.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_set.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-a_set.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-a_set.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-a_set.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_set.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-a_set.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_set.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-a_set.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+a_set.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_set.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_set.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_set.o: ../../include/openssl/stack.h ../cryptlib.h
 a_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -341,22 +267,12 @@ a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_time.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 a_time.o: ../cryptlib.h
 a_type.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-a_type.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-a_type.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_type.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-a_type.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-a_type.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-a_type.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_type.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-a_type.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-a_type.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_type.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-a_type.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_type.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-a_type.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_type.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-a_type.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+a_type.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_type.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_type.o: ../../include/openssl/stack.h ../cryptlib.h
 a_utctm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_utctm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
@@ -399,40 +315,19 @@ asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bn.h
 asn1_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
 asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 asn1_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-asn1_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-asn1_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-asn1_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-asn1_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-asn1_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-asn1_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-asn1_lib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-asn1_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-asn1_lib.o: ../../include/openssl/opensslconf.h
-asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-asn1_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-asn1_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-asn1_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-asn1_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-asn1_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-asn1_lib.o: ../cryptlib.h
+asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn1_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+asn1_lib.o: ../../include/openssl/stack.h ../cryptlib.h
 asn1_par.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-asn1_par.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-asn1_par.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-asn1_par.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-asn1_par.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-asn1_par.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn1_par.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-asn1_par.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+asn1_par.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-asn1_par.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-asn1_par.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-asn1_par.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-asn1_par.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-asn1_par.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-asn1_par.o: ../cryptlib.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+asn1_par.o: ../../include/openssl/stack.h ../cryptlib.h
 asn_pack.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 asn_pack.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
@@ -441,40 +336,22 @@ asn_pack.o: ../../include/openssl/opensslconf.h
 asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 asn_pack.o: ../../include/openssl/stack.h ../cryptlib.h
 d2i_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_dhp.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-d2i_dhp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-d2i_dhp.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-d2i_dhp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-d2i_dhp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+d2i_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
 d2i_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_dhp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-d2i_dhp.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-d2i_dhp.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-d2i_dhp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-d2i_dhp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-d2i_dhp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-d2i_dhp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-d2i_dhp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-d2i_dhp.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-d2i_dhp.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+d2i_dhp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+d2i_dhp.o: ../../include/openssl/stack.h ../cryptlib.h
 d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-d2i_dsap.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-d2i_dsap.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-d2i_dsap.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-d2i_dsap.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-d2i_dsap.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_dsap.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-d2i_dsap.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-d2i_dsap.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/objects.h
 d2i_dsap.o: ../../include/openssl/opensslconf.h
-d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-d2i_dsap.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_dsap.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-d2i_dsap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_dsap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_dsap.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-d2i_dsap.o: ../cryptlib.h
+d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+d2i_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
 d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 d2i_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -485,13 +362,11 @@ d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 d2i_pr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
 d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_pr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-d2i_pr.o: ../cryptlib.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+d2i_pr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+d2i_pr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+d2i_pr.o: ../../include/openssl/stack.h ../cryptlib.h
 d2i_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 d2i_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -502,189 +377,91 @@ d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 d2i_pu.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
 d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_pu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-d2i_pu.o: ../cryptlib.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+d2i_pu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+d2i_pu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+d2i_pu.o: ../../include/openssl/stack.h ../cryptlib.h
 d2i_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-d2i_r_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-d2i_r_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-d2i_r_pr.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-d2i_r_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-d2i_r_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_r_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-d2i_r_pr.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-d2i_r_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+d2i_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_r_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
 d2i_r_pr.o: ../../include/openssl/opensslconf.h
-d2i_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-d2i_r_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_r_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-d2i_r_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_r_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_r_pr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+d2i_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+d2i_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 d2i_r_pr.o: ../cryptlib.h
 d2i_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-d2i_r_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-d2i_r_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-d2i_r_pu.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-d2i_r_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-d2i_r_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_r_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-d2i_r_pu.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-d2i_r_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+d2i_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_r_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
 d2i_r_pu.o: ../../include/openssl/opensslconf.h
-d2i_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-d2i_r_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_r_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-d2i_r_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_r_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_r_pu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+d2i_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+d2i_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 d2i_r_pu.o: ../cryptlib.h
 d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-d2i_s_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-d2i_s_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-d2i_s_pr.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-d2i_s_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-d2i_s_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_s_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-d2i_s_pr.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-d2i_s_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
 d2i_s_pr.o: ../../include/openssl/opensslconf.h
-d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-d2i_s_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_s_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-d2i_s_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_s_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_s_pr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-d2i_s_pr.o: ../cryptlib.h
+d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+d2i_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
 d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-d2i_s_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-d2i_s_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-d2i_s_pu.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-d2i_s_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-d2i_s_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_s_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-d2i_s_pu.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-d2i_s_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
 d2i_s_pu.o: ../../include/openssl/opensslconf.h
-d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-d2i_s_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_s_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-d2i_s_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_s_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-d2i_s_pu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-d2i_s_pu.o: ../cryptlib.h
+d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+d2i_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
 evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-evp_asn1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-evp_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-evp_asn1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-evp_asn1.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-evp_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-evp_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-evp_asn1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-evp_asn1.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-evp_asn1.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-evp_asn1.o: ../../include/openssl/opensslconf.h
-evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-evp_asn1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-evp_asn1.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-evp_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-evp_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_asn1.o: ../cryptlib.h
+evp_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+evp_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+evp_asn1.o: ../../include/openssl/stack.h ../cryptlib.h
 f_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-f_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-f_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-f_enum.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-f_enum.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-f_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-f_enum.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-f_enum.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-f_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-f_enum.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-f_enum.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-f_enum.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-f_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-f_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 f_enum.o: ../cryptlib.h
 f_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-f_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-f_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-f_int.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-f_int.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-f_int.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-f_int.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-f_int.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-f_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-f_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-f_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-f_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-f_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-f_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-f_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 f_int.o: ../cryptlib.h
 f_string.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-f_string.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-f_string.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-f_string.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-f_string.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-f_string.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-f_string.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-f_string.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-f_string.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-f_string.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-f_string.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-f_string.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-f_string.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-f_string.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-f_string.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-f_string.o: ../cryptlib.h
+f_string.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_string.o: ../../include/openssl/opensslconf.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+f_string.o: ../../include/openssl/stack.h ../cryptlib.h
 i2d_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_dhp.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-i2d_dhp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-i2d_dhp.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-i2d_dhp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-i2d_dhp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+i2d_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
 i2d_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_dhp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-i2d_dhp.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-i2d_dhp.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
 i2d_dhp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-i2d_dhp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-i2d_dhp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-i2d_dhp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-i2d_dhp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-i2d_dhp.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-i2d_dhp.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+i2d_dhp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_dhp.o: ../cryptlib.h
 i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-i2d_dsap.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-i2d_dsap.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-i2d_dsap.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-i2d_dsap.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-i2d_dsap.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_dsap.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-i2d_dsap.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-i2d_dsap.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
-i2d_dsap.o: ../../include/openssl/opensslconf.h
-i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-i2d_dsap.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_dsap.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-i2d_dsap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_dsap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_dsap.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-i2d_dsap.o: ../cryptlib.h
+i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+i2d_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
 i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 i2d_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -716,77 +493,41 @@ i2d_pu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 i2d_pu.o: ../../include/openssl/stack.h ../cryptlib.h
 i2d_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-i2d_r_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-i2d_r_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-i2d_r_pr.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-i2d_r_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-i2d_r_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_r_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-i2d_r_pr.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-i2d_r_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+i2d_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_r_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
 i2d_r_pr.o: ../../include/openssl/opensslconf.h
-i2d_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-i2d_r_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_r_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-i2d_r_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_r_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_r_pr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+i2d_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+i2d_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 i2d_r_pr.o: ../cryptlib.h
 i2d_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-i2d_r_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-i2d_r_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-i2d_r_pu.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-i2d_r_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-i2d_r_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_r_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-i2d_r_pu.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-i2d_r_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+i2d_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_r_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
 i2d_r_pu.o: ../../include/openssl/opensslconf.h
-i2d_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-i2d_r_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_r_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-i2d_r_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_r_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_r_pu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+i2d_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+i2d_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 i2d_r_pu.o: ../cryptlib.h
 i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-i2d_s_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-i2d_s_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-i2d_s_pr.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-i2d_s_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-i2d_s_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_s_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-i2d_s_pr.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-i2d_s_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
 i2d_s_pr.o: ../../include/openssl/opensslconf.h
-i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-i2d_s_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_s_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-i2d_s_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_s_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_s_pr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-i2d_s_pr.o: ../cryptlib.h
+i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+i2d_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
 i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
-i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-i2d_s_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-i2d_s_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-i2d_s_pu.o: ../../include/openssl/des.h ../../include/openssl/dh.h
-i2d_s_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-i2d_s_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_s_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-i2d_s_pu.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
-i2d_s_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
 i2d_s_pu.o: ../../include/openssl/opensslconf.h
-i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
-i2d_s_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_s_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-i2d_s_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_s_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-i2d_s_pu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-i2d_s_pu.o: ../cryptlib.h
+i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+i2d_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
 n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1050,11 +791,12 @@ p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-t_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-t_crl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_crl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_crl.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
@@ -1091,11 +833,12 @@ t_req.o: ../cryptlib.h
 t_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-t_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-t_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-t_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_x509.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
 t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -63,8 +63,8 @@

 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/x509.h>
 #include <openssl/buffer.h>
+#include <openssl/x509.h>

 int ASN1_digest(int (*i2d)(), EVP_MD *type, char *data, unsigned char *md,
 	     unsigned int *len)
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -65,6 +65,18 @@

 int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
 	{
+#ifdef CHARSET_EBCDIC
+	/* KLUDGE! We convert to ascii before writing DER */
+	int len;
+	char tmp[24];
+	ASN1_STRING tmpstr = *(ASN1_STRING *)a;
+
+	len = tmpstr.length;
+	ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+	tmpstr.data = tmp;
+
+	a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+#endif
 	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
 	}
@@ -82,6 +94,9 @@ ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
 		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR);
 		return(NULL);
 		}
+#ifdef CHARSET_EBCDIC
+	ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
 	if (!ASN1_GENERALIZEDTIME_check(ret))
 		{
 		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT);
@@ -202,5 +217,8 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
 	s->length=strlen(p);
 	s->type=V_ASN1_GENERALIZEDTIME;
+#ifdef CHARSET_EBCDIC_not
+	ebcdic2ascii(s->data, s->data, s->length);
+#endif
 	return(s);
 	}
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -125,13 +125,8 @@ int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)

 	ASN1_put_object(&p,0,ret,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
 	if (pad) *(p++)=pb;
-	if (a->length == 0)
-		*(p++)=0;
-	else if (t == V_ASN1_INTEGER)
-		{
-		memcpy(p,a->data,(unsigned int)a->length);
-		p+=a->length;
-		}
+	if (a->length == 0) *(p++)=0;
+	else if (t == V_ASN1_INTEGER) memcpy(p,a->data,(unsigned int)a->length);
 	else {
 		/* Begin at the end of the encoding */
 		n=a->data + a->length - 1;
@@ -148,10 +143,9 @@ int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 		i--;
 		/* Complement any octets left */
 		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
-		p += a->length;
 	}

-	*pp=p;
+	*pp+=r;
 	return(r);
 	}

@@ -159,7 +153,7 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
 	     long length)
 	{
 	ASN1_INTEGER *ret=NULL;
-	unsigned char *p,*to,*s;
+	unsigned char *p,*to,*s, *pend;
 	long len;
 	int inf,tag,xclass;
 	int i;
@@ -174,6 +168,7 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,

 	p= *pp;
 	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	pend = p + len;
 	if (inf & 0x80)
 		{
 		i=ASN1_R_BAD_OBJECT_HEADER;
@@ -220,13 +215,11 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
 		if(!i) {
 			*s = 1;
 			s[len] = 0;
-			p += len;
 			len++;
 		} else {
 			*(to--) = (*(p--) ^ 0xff) + 1;
 			i--;
 			for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
-			p += len;
 		}
 	} else {
 		ret->type=V_ASN1_INTEGER;
@@ -236,14 +229,13 @@ ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
 			len--;
 			}
 		memcpy(s,p,(int)len);
-		p+=len;
 	}

 	if (ret->data != NULL) Free((char *)ret->data);
 	ret->data=s;
 	ret->length=(int)len;
 	if (a != NULL) (*a)=ret;
-	*pp=p;
+	*pp=pend;
 	return(ret);
 err:
 	ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
--- a/crypto/asn1/a_meth.c
+++ b/crypto/asn1/a_meth.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/x509.h>
+#include <openssl/asn1.h>

 static  ASN1_METHOD ia5string_meth={
 	(int (*)())	i2d_ASN1_IA5STRING,
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -171,77 +171,9 @@ err:
 	}

 int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
-	{
-	int i,idx=0,n=0,len,nid;
-	unsigned long l;
-	unsigned char *p;
-	const char *s;
-	char tbuf[32];
-
-	if (buf_len <= 0) return(0);
-
-	if ((a == NULL) || (a->data == NULL))
-		{
-		buf[0]='\0';
-		return(0);
-		}
-
-	nid=OBJ_obj2nid(a);
-	if (nid == NID_undef)
-		{
-		len=a->length;
-		p=a->data;
-
-		idx=0;
-		l=0;
-		while (idx < a->length)
-			{
-			l|=(p[idx]&0x7f);
-			if (!(p[idx] & 0x80)) break;
-			l<<=7L;
-			idx++;
-			}
-		idx++;
-		i=(int)(l/40);
-		if (i > 2) i=2;
-		l-=(long)(i*40);
-
-		sprintf(tbuf,"%d.%ld",i,l);
-		i=strlen(tbuf);
-		strncpy(buf,tbuf,buf_len);
-		buf_len-=i;
-		buf+=i;
-		n+=i;
-
-		l=0;
-		for (; idx<len; idx++)
-			{
-			l|=p[idx]&0x7f;
-			if (!(p[idx] & 0x80))
-				{
-				sprintf(tbuf,".%ld",l);
-				i=strlen(tbuf);
-				if (buf_len > 0)
-					strncpy(buf,tbuf,buf_len);
-				buf_len-=i;
-				buf+=i;
-				n+=i;
-				l=0;
-				}
-			l<<=7L;
-			}
-		}
-	else
-		{
-		s=OBJ_nid2ln(nid);
-		if (s == NULL)
-			s=OBJ_nid2sn(nid);
-		strncpy(buf,s,buf_len);
-		n=strlen(s);
-		}
-	buf[buf_len-1]='\0';
-	return(n);
-	}
+{
+	return OBJ_obj2txt(buf, buf_len, a, 0);
+}

 int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
 	{
@@ -368,3 +300,5 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
 	return(OBJ_dup(&o));
 	}

+IMPLEMENT_STACK_OF(ASN1_OBJECT)
+IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -95,6 +95,7 @@ int ASN1_PRINTABLE_type(unsigned char *s, int len)
 	while ((*s) && (len-- != 0))
 		{
 		c= *(s++);
+#ifndef CHARSET_EBCDIC
 		if (!(	((c >= 'a') && (c <= 'z')) ||
 			((c >= 'A') && (c <= 'Z')) ||
 			(c == ' ') ||
@@ -108,6 +109,13 @@ int ASN1_PRINTABLE_type(unsigned char *s, int len)
 			ia5=1;
 		if (c&0x80)
 			t61=1;
+#else
+		if (!isalnum(c) && (c != ' ') &&
+		    strchr("'()+,-./:=?", c) == NULL)
+			ia5=1;
+		if (os_toascii[c] & 0x80)
+			t61=1;
+#endif
 		}
 	if (t61) return(V_ASN1_T61STRING);
 	if (ia5) return(V_ASN1_IA5STRING);
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -68,6 +68,21 @@

 int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
 	{
+#ifdef CHARSET_EBCDIC
+	/* KLUDGE! We convert to ascii before writing DER */
+	char tmp[24];
+	ASN1_STRING tmpstr;
+
+	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
+	    int len;
+
+	    tmpstr = *(ASN1_STRING *)a;
+	    len = tmpstr.length;
+	    ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+	    tmpstr.data = tmp;
+	    a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+	}
+#endif
 	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
 				return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 				     a->type ,V_ASN1_UNIVERSAL));
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -68,8 +68,20 @@

 int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
 	{
+#ifndef CHARSET_EBCDIC
 	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
+#else
+	/* KLUDGE! We convert to ascii before writing DER */
+	int len;
+	char tmp[24];
+	ASN1_STRING x = *(ASN1_STRING *)a;
+
+	len = x.length;
+	ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
+	x.data = tmp;
+	return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+#endif
 	}


@@ -85,6 +97,9 @@ ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
 		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR);
 		return(NULL);
 		}
+#ifdef CHARSET_EBCDIC
+	ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
 	if (!ASN1_UTCTIME_check(ret))
 		{
 		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
@@ -238,5 +253,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
 	s->length=strlen(p);
 	s->type=V_ASN1_UTCTIME;
+#ifdef CHARSET_EBCDIC_not
+	ebcdic2ascii(s->data, s->data, s->length);
+#endif
 	return(s);
 	}
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -497,6 +497,9 @@ int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
 ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 			long length);

+DECLARE_STACK_OF(ASN1_OBJECT)
+DECLARE_ASN1_SET_OF(ASN1_OBJECT)
+
 ASN1_STRING *	ASN1_STRING_new(void );
 void		ASN1_STRING_free(ASN1_STRING *a);
 ASN1_STRING *	ASN1_STRING_dup(ASN1_STRING *a);
@@ -681,8 +684,8 @@ STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
 						 void (*free_func)() ); 
 unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
 								 int *len );
-char *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
-ASN1_STRING *ASN1_pack_string(char *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
+void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
+ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);

 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -836,6 +839,7 @@ ASN1_STRING *ASN1_pack_string(char *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
 #define ASN1_F_PKCS12_MAC_DATA_NEW			 259
 #define ASN1_F_PKCS12_NEW				 260
 #define ASN1_F_PKCS12_SAFEBAG_NEW			 261
+#define ASN1_F_PKCS5_PBE2_SET				 281
 #define ASN1_F_PKCS7_DIGEST_NEW				 192
 #define ASN1_F_PKCS7_ENCRYPT_NEW			 193
 #define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194
@@ -890,6 +894,7 @@ ASN1_STRING *ASN1_pack_string(char *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
 #define ASN1_R_DECODING_ERROR				 111
 #define ASN1_R_ENCODE_ERROR				 156
 #define ASN1_R_ERROR_PARSING_SET_ELEMENT		 112
+#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 157
 #define ASN1_R_EXPECTING_AN_ENUMERATED			 154
 #define ASN1_R_EXPECTING_AN_INTEGER			 113
 #define ASN1_R_EXPECTING_AN_OBJECT			 114
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -209,6 +209,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0),	"PKCS12_MAC_DATA_new"},
 {ERR_PACK(0,ASN1_F_PKCS12_NEW,0),	"PKCS12_new"},
 {ERR_PACK(0,ASN1_F_PKCS12_SAFEBAG_NEW,0),	"PKCS12_SAFEBAG_new"},
+{ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),	"PKCS5_pbe2_set"},
 {ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0),	"PKCS7_DIGEST_new"},
 {ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),	"PKCS7_ENCRYPT_new"},
 {ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),	"PKCS7_ENC_CONTENT_new"},
@@ -266,6 +267,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},
 {ASN1_R_ENCODE_ERROR                     ,"encode error"},
 {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
+{ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
 {ASN1_R_EXPECTING_AN_ENUMERATED          ,"expecting an enumerated"},
 {ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
 {ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -315,6 +315,7 @@ ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
 		ASN1_STRING_free(ret);
 		return(NULL);
 		}
+	ret->flags = str->flags;
 	return(ret);
 	}

--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -64,8 +64,6 @@ extern "C" {
 #endif

 #include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>

 #ifndef ASN1_MAC_ERR_LIB
 #define ASN1_MAC_ERR_LIB	ERR_LIB_ASN1
@@ -163,6 +161,11 @@ err:\
 		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
 		{ M_ASN1_D2I_get_set(r,func,free_func); }

+#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
+	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+		{ M_ASN1_D2I_get_set_type(type,r,func,free_func); }
+
 #define M_ASN1_I2D_len_SET_opt(a,f) \
 	if ((a != NULL) && (sk_num(a) != 0)) \
 		M_ASN1_I2D_len_SET(a,f);
@@ -352,6 +355,10 @@ err:\
 #define M_ASN1_I2D_len_SET(a,f) \
 		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);

+#define M_ASN1_I2D_len_SET_type(type,a,f) \
+		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
+					    V_ASN1_UNIVERSAL,IS_SET);
+
 #define M_ASN1_I2D_len_SEQUENCE(a,f) \
 		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
 				  IS_SEQUENCE);
@@ -444,6 +451,8 @@ err:\

 #define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
 			V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_SET_type(type,a,f) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
 #define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
 			V_ASN1_CONTEXT_SPECIFIC,IS_SET)
 #define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/asn1.h>

 static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
 	int indent);
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
@@ -104,7 +104,7 @@ unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,

 /* Extract an ASN1 object from an ASN1_STRING */

-char *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)())
+void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)())
 {
 	unsigned char *p;
 	char *ret;
@@ -117,7 +117,7 @@ char *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)())

 /* Pack an ASN1 object into an ASN1_STRING */

-ASN1_STRING *ASN1_pack_string (char *obj, int (*i2d)(), ASN1_STRING **oct)
+ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct)
 {
 	unsigned char *p;
 	ASN1_STRING *octmp;
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -61,7 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/asn1.h>

 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -61,7 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/asn1.h>

 EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 	     long length)
--- a/crypto/asn1/f_enum.c
+++ b/crypto/asn1/f_enum.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/x509.h>
+#include <openssl/asn1.h>

 /* Based on a_int.c: equivalent ENUMERATED functions */

--- a/crypto/asn1/f_int.c
+++ b/crypto/asn1/f_int.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/x509.h>
+#include <openssl/asn1.h>

 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
 	{
@@ -117,9 +117,18 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)

 		for (j=0; j<i; j++)
 			{
+#ifndef CHARSET_EBCDIC
 			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
 				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
 				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+			/* This #ifdef is not strictly necessary, since
+			 * the characters A...F a...f 0...9 are contiguous
+			 * (yes, even in EBCDIC - but not the whole alphabet).
+			 * Nevertheless, isxdigit() is faster.
+			 */
+			if (!isxdigit(buf[j]))
+#endif
 				{
 				i=j;
 				break;
--- a/crypto/asn1/f_string.c
+++ b/crypto/asn1/f_string.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
-#include <openssl/x509.h>
+#include <openssl/asn1.h>

 int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
 	{
@@ -123,9 +123,18 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)

 		for (j=i-1; j>0; j--)
 			{
+#ifndef CHARSET_EBCDIC
 			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
 				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
 				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+			/* This #ifdef is not strictly necessary, since
+			 * the characters A...F a...f 0...9 are contiguous
+			 * (yes, even in EBCDIC - but not the whole alphabet).
+			 * Nevertheless, isxdigit() is faster.
+			 */
+			if (!isxdigit(buf[j]))
+#endif
 				{
 				i=j;
 				break;
--- a/crypto/asn1/i2d_dhp.c
+++ b/crypto/asn1/i2d_dhp.c
@@ -94,7 +94,12 @@ int i2d_DHparams(DH *a, unsigned char **pp)
 		}

 	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
-	if (pp == NULL) return(t);
+	if (pp == NULL)
+		{
+		if (num[2] != NULL)
+			BN_free(num[2]);
+		return(t);
+		}

 	p= *pp;
 	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
--- a/crypto/asn1/i2d_s_pu.c
+++ b/crypto/asn1/i2d_s_pu.c
@@ -123,6 +123,7 @@ int i2d_DSAPublicKey(DSA *a, unsigned char **pp)
 		}
 	Free((char *)bs.data);
 	*pp=p;
-	return(t);
+	if(all) return(t);
+	else return(tot);
 	}
 #endif
--- a/crypto/asn1/nsseq.c
+++ b/crypto/asn1/nsseq.c
@@ -70,14 +70,14 @@ int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp)
 	int v = 0;
 	M_ASN1_I2D_vars(a);
 	M_ASN1_I2D_len (a->type, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_len_EXP_SEQUENCE_opt(a->certs, i2d_X509, 0,
-							 V_ASN1_SEQUENCE, v);
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0,
+					     V_ASN1_SEQUENCE,v);

 	M_ASN1_I2D_seq_total();

 	M_ASN1_I2D_put (a->type, i2d_ASN1_OBJECT);
-	M_ASN1_I2D_put_EXP_SEQUENCE_opt(a->certs, i2d_X509, 0,
-							 V_ASN1_SEQUENCE, v);
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0,
+					     V_ASN1_SEQUENCE,v);

 	M_ASN1_I2D_finish();
 }
@@ -102,15 +102,17 @@ NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a,
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
 	M_ASN1_D2I_get (ret->type, d2i_ASN1_OBJECT);
-	M_ASN1_D2I_get_EXP_set_opt(ret->certs, d2i_X509, X509_free, 0,
-							 V_ASN1_SEQUENCE);
-	M_ASN1_D2I_Finish(a, NETSCAPE_CERT_SEQUENCE_free, ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE);
+	M_ASN1_D2I_get_EXP_set_opt_type(X509,ret->certs,d2i_X509,X509_free,0,
+					V_ASN1_SEQUENCE);
+	M_ASN1_D2I_Finish(a, NETSCAPE_CERT_SEQUENCE_free,
+			  ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE);
 }

 void NETSCAPE_CERT_SEQUENCE_free (NETSCAPE_CERT_SEQUENCE *a)
 {
 	if (a == NULL) return;
 	ASN1_OBJECT_free(a->type);
-	if(a->certs) sk_pop_free(a->certs, X509_free);
-	Free ((char *)a);
+	if(a->certs)
+	    sk_X509_pop_free(a->certs, X509_free);
+	Free (a);
 }
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -59,12 +59,11 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 #include <openssl/rand.h>

 /* PKCS#5 password based encryption structure */

-#define PKCS5_SALT_LEN	8
-
 int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp)
 {
 	M_ASN1_I2D_vars(a);
@@ -112,8 +111,6 @@ void PBEPARAM_free (PBEPARAM *a)
 X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
 	     int saltlen)
 {
-	unsigned char *pdata, *ptmp;
-	int plen;
 	PBEPARAM *pbe;
 	ASN1_OBJECT *al;
 	X509_ALGOR *algor;
@@ -123,6 +120,7 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
 		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
+	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
 	ASN1_INTEGER_set (pbe->iter, iter);
 	if (!saltlen) saltlen = PKCS5_SALT_LEN;
 	if (!(pbe->salt->data = Malloc (saltlen))) {
@@ -132,17 +130,6 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
 	pbe->salt->length = saltlen;
 	if (salt) memcpy (pbe->salt->data, salt, saltlen);
 	else RAND_bytes (pbe->salt->data, saltlen);
-	if (!(plen = i2d_PBEPARAM (pbe, NULL))) {
-		ASN1err(ASN1_F_ASN1_PBE_SET,ASN1_R_ENCODE_ERROR);
-		return NULL;
-	}
-	if (!(pdata = Malloc (plen))) {
-		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	ptmp = pdata;
-	i2d_PBEPARAM (pbe, &ptmp);
-	PBEPARAM_free (pbe);

 	if (!(astype = ASN1_TYPE_new())) {
 		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
@@ -150,12 +137,11 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
 	}

 	astype->type = V_ASN1_SEQUENCE;
-	if (!(astype->value.sequence=ASN1_STRING_new())) {
+	if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) {
 		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	ASN1_STRING_set (astype->value.sequence, pdata, plen);
-	Free (pdata);
+	PBEPARAM_free (pbe);
 	
 	al = OBJ_nid2obj(alg); /* never need to free al */
 	if (!(algor = X509_ALGOR_new())) {
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 #include <openssl/rand.h>

 /* PKCS#5 v2.0 password based encryption structures */
@@ -109,14 +110,14 @@ void PBE2PARAM_free (PBE2PARAM *a)
 int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp)
 {
 	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len (a->salt, i2d_ASN1_TYPE);
 	M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len (a->keylength, i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len (a->prf, i2d_X509_ALGOR);

 	M_ASN1_I2D_seq_total ();

-	M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_put (a->salt, i2d_ASN1_TYPE);
 	M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
 	M_ASN1_I2D_put (a->keylength, i2d_ASN1_INTEGER);
 	M_ASN1_I2D_put (a->prf, i2d_X509_ALGOR);
@@ -129,7 +130,7 @@ PBKDF2PARAM *PBKDF2PARAM_new(void)
 	PBKDF2PARAM *ret=NULL;
 	ASN1_CTX c;
 	M_ASN1_New_Malloc(ret, PBKDF2PARAM);
-	M_ASN1_New(ret->salt, ASN1_OCTET_STRING_new);
+	M_ASN1_New(ret->salt, ASN1_TYPE_new);
 	M_ASN1_New(ret->iter, ASN1_INTEGER_new);
 	ret->keylength = NULL;
 	ret->prf = NULL;
@@ -143,7 +144,7 @@ PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp,
 	M_ASN1_D2I_vars(a,PBKDF2PARAM *,PBKDF2PARAM_new);
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get (ret->salt, d2i_ASN1_TYPE);
 	M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
 	M_ASN1_D2I_get_opt (ret->keylength, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
 	M_ASN1_D2I_get_opt (ret->prf, d2i_X509_ALGOR, V_ASN1_SEQUENCE);
@@ -153,10 +154,121 @@ PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp,
 void PBKDF2PARAM_free (PBKDF2PARAM *a)
 {
 	if(a==NULL) return;
-	ASN1_OCTET_STRING_free(a->salt);
+	ASN1_TYPE_free(a->salt);
 	ASN1_INTEGER_free(a->iter);
 	ASN1_INTEGER_free(a->keylength);
 	X509_ALGOR_free(a->prf);
 	Free ((char *)a);
 }

+/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
+ * yes I know this is horrible!
+ */
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+				 unsigned char *salt, int saltlen)
+{
+	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
+	int alg_nid;
+	EVP_CIPHER_CTX ctx;
+	unsigned char iv[EVP_MAX_IV_LENGTH];
+	PBKDF2PARAM *kdf = NULL;
+	PBE2PARAM *pbe2 = NULL;
+	ASN1_OCTET_STRING *osalt = NULL;
+
+	if(!(pbe2 = PBE2PARAM_new())) goto merr;
+
+	/* Setup the AlgorithmIdentifier for the encryption scheme */
+	scheme = pbe2->encryption;
+
+	alg_nid = EVP_CIPHER_type(cipher);
+
+	scheme->algorithm = OBJ_nid2obj(alg_nid);
+	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
+
+	/* Create random IV */
+	RAND_bytes(iv, EVP_CIPHER_iv_length(cipher));
+
+	/* Dummy cipherinit to just setup the IV */
+	EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
+	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+		ASN1err(ASN1_F_PKCS5_PBE2_SET,
+					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+		goto err;
+	}
+	EVP_CIPHER_CTX_cleanup(&ctx);
+
+	if(!(kdf = PBKDF2PARAM_new())) goto merr;
+	if(!(osalt = ASN1_OCTET_STRING_new())) goto merr;
+
+	if (!saltlen) saltlen = PKCS5_SALT_LEN;
+	if (!(osalt->data = Malloc (saltlen))) goto merr;
+	osalt->length = saltlen;
+	if (salt) memcpy (osalt->data, salt, saltlen);
+	else RAND_bytes (osalt->data, saltlen);
+
+	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+	if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
+
+	/* Now include salt in kdf structure */
+	kdf->salt->value.octet_string = osalt;
+	kdf->salt->type = V_ASN1_OCTET_STRING;
+	osalt = NULL;
+
+	/* If its RC2 then we'd better setup the key length */
+
+	if(alg_nid == NID_rc2_cbc) {
+		if(!(kdf->keylength = ASN1_INTEGER_new())) goto merr;
+		if(!ASN1_INTEGER_set (kdf->keylength,
+				 EVP_CIPHER_key_length(cipher))) goto merr;
+	}
+
+	/* prf can stay NULL because we are using hmacWithSHA1 */
+
+	/* Now setup the PBE2PARAM keyfunc structure */
+
+	pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+	/* Encode PBKDF2PARAM into parameter of pbe2 */
+
+	if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
+
+	if(!ASN1_pack_string(kdf, i2d_PBKDF2PARAM,
+			 &pbe2->keyfunc->parameter->value.sequence)) goto merr;
+	pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
+
+	PBKDF2PARAM_free(kdf);
+	kdf = NULL;
+
+	/* Now set up top level AlgorithmIdentifier */
+
+	if(!(ret = X509_ALGOR_new())) goto merr;
+	if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
+
+	ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+	/* Encode PBE2PARAM into parameter */
+
+	if(!ASN1_pack_string(pbe2, i2d_PBE2PARAM,
+				 &ret->parameter->value.sequence)) goto merr;
+	ret->parameter->type = V_ASN1_SEQUENCE;
+
+	PBE2PARAM_free(pbe2);
+	pbe2 = NULL;
+
+	return ret;
+
+	merr:
+	ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
+
+	err:
+	PBE2PARAM_free(pbe2);
+	/* Note 'scheme' is freed as part of pbe2 */
+	ASN1_OCTET_STRING_free(osalt);
+	PBKDF2PARAM_free(kdf);
+	X509_ALGOR_free(kalg);
+	X509_ALGOR_free(ret);
+
+	return NULL;
+
+}
--- a/crypto/asn1/p7_evp.c
+++ b/crypto/asn1/p7_evp.c
@@ -66,13 +66,15 @@ int i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a, unsigned char **pp)
 	M_ASN1_I2D_vars(a);

 	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_len_SET_type(PKCS7_RECIP_INFO,a->recipientinfo,
+				i2d_PKCS7_RECIP_INFO);
 	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);

 	M_ASN1_I2D_seq_total();

 	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_put_SET_type(PKCS7_RECIP_INFO,a->recipientinfo,
+				i2d_PKCS7_RECIP_INFO);
 	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);

 	M_ASN1_I2D_finish();
@@ -86,8 +88,8 @@ PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a, unsigned char **pp,
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
 	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get_set(ret->recipientinfo,d2i_PKCS7_RECIP_INFO,
-		PKCS7_RECIP_INFO_free);
+	M_ASN1_D2I_get_set_type(PKCS7_RECIP_INFO,ret->recipientinfo,
+				d2i_PKCS7_RECIP_INFO,PKCS7_RECIP_INFO_free);
 	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);

 	M_ASN1_D2I_Finish(a,PKCS7_ENVELOPE_free,ASN1_F_D2I_PKCS7_ENVELOPE);
@@ -100,7 +102,7 @@ PKCS7_ENVELOPE *PKCS7_ENVELOPE_new(void)

 	M_ASN1_New_Malloc(ret,PKCS7_ENVELOPE);
 	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->recipientinfo,sk_new_null);
+	M_ASN1_New(ret->recipientinfo,sk_PKCS7_RECIP_INFO_new_null);
 	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_PKCS7_ENVELOPE_NEW);
@@ -110,7 +112,7 @@ void PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
-	sk_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
+	sk_PKCS7_RECIP_INFO_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
 	PKCS7_ENC_CONTENT_free(a->enc_data);
 	Free((char *)a);
 	}
--- a/crypto/asn1/p7_lib.c
+++ b/crypto/asn1/p7_lib.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
+#include <openssl/pkcs7.h>
 #include <openssl/objects.h>

 int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
--- a/crypto/asn1/p7_recip.c
+++ b/crypto/asn1/p7_recip.c
@@ -118,6 +118,8 @@ void PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a)
 	X509_ALGOR_free(a->key_enc_algor);
 	ASN1_OCTET_STRING_free(a->enc_key);
 	if (a->cert != NULL) X509_free(a->cert);
-	Free((char *)a);
+	Free(a);
 	}

+IMPLEMENT_STACK_OF(PKCS7_RECIP_INFO)
+IMPLEMENT_ASN1_SET_OF(PKCS7_RECIP_INFO)
--- a/crypto/asn1/p7_s_e.c
+++ b/crypto/asn1/p7_s_e.c
@@ -66,22 +66,26 @@ int i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a, unsigned char **pp)
 	M_ASN1_I2D_vars(a);

 	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
-	M_ASN1_I2D_len_SET(a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_len_SET_type(PKCS7_RECIP_INFO,a->recipientinfo,
+				i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_len_SET_type(X509_ALGOR,a->md_algs,i2d_X509_ALGOR);
 	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);
 	M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509,a->cert,i2d_X509,0);
-	M_ASN1_I2D_len_IMP_SET_opt(a->crl,i2d_X509_CRL,1);
-	M_ASN1_I2D_len_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
+	M_ASN1_I2D_len_IMP_SET_opt_type(X509_CRL,a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_len_SET_type(PKCS7_SIGNER_INFO,a->signer_info,
+				i2d_PKCS7_SIGNER_INFO);

 	M_ASN1_I2D_seq_total();

 	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
-	M_ASN1_I2D_put_SET(a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_put_SET_type(PKCS7_RECIP_INFO,a->recipientinfo,
+				i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_put_SET_type(X509_ALGOR,a->md_algs,i2d_X509_ALGOR);
 	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);
 	M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509,a->cert,i2d_X509,0);
-	M_ASN1_I2D_put_IMP_SET_opt(a->crl,i2d_X509_CRL,1);
-	M_ASN1_I2D_put_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
+	M_ASN1_I2D_put_IMP_SET_opt_type(X509_CRL,a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_put_SET_type(PKCS7_SIGNER_INFO,a->signer_info,
+				i2d_PKCS7_SIGNER_INFO);

 	M_ASN1_I2D_finish();
 	}
@@ -94,14 +98,16 @@ PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a,
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
 	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get_set(ret->recipientinfo,d2i_PKCS7_RECIP_INFO,
-		PKCS7_RECIP_INFO_free);
-	M_ASN1_D2I_get_set(ret->md_algs,d2i_X509_ALGOR,X509_ALGOR_free);
+	M_ASN1_D2I_get_set_type(PKCS7_RECIP_INFO,ret->recipientinfo,
+				d2i_PKCS7_RECIP_INFO,PKCS7_RECIP_INFO_free);
+	M_ASN1_D2I_get_set_type(X509_ALGOR,ret->md_algs,d2i_X509_ALGOR,
+				X509_ALGOR_free);
 	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);
 	M_ASN1_D2I_get_IMP_set_opt_type(X509,ret->cert,d2i_X509,X509_free,0);
-	M_ASN1_D2I_get_IMP_set_opt(ret->crl,d2i_X509_CRL,X509_CRL_free,1);
-	M_ASN1_D2I_get_set(ret->signer_info,d2i_PKCS7_SIGNER_INFO,
-		PKCS7_SIGNER_INFO_free);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_CRL,ret->crl,d2i_X509_CRL,
+					X509_CRL_free,1);
+	M_ASN1_D2I_get_set_type(PKCS7_SIGNER_INFO,ret->signer_info,
+				d2i_PKCS7_SIGNER_INFO,PKCS7_SIGNER_INFO_free);

 	M_ASN1_D2I_Finish(a,PKCS7_SIGN_ENVELOPE_free,
 		ASN1_F_D2I_PKCS7_SIGN_ENVELOPE);
@@ -114,12 +120,12 @@ PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new(void)

 	M_ASN1_New_Malloc(ret,PKCS7_SIGN_ENVELOPE);
 	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->recipientinfo,sk_new_null);
-	M_ASN1_New(ret->md_algs,sk_new_null);
+	M_ASN1_New(ret->recipientinfo,sk_PKCS7_RECIP_INFO_new_null);
+	M_ASN1_New(ret->md_algs,sk_X509_ALGOR_new_null);
 	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
 	ret->cert=NULL;
 	ret->crl=NULL;
-	M_ASN1_New(ret->signer_info,sk_new_null);
+	M_ASN1_New(ret->signer_info,sk_PKCS7_SIGNER_INFO_new_null);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_PKCS7_SIGN_ENVELOPE_NEW);
 	}
@@ -128,12 +134,12 @@ void PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
-	sk_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
-	sk_pop_free(a->md_algs,X509_ALGOR_free);
+	sk_PKCS7_RECIP_INFO_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
+	sk_X509_ALGOR_pop_free(a->md_algs,X509_ALGOR_free);
 	PKCS7_ENC_CONTENT_free(a->enc_data);
 	sk_X509_pop_free(a->cert,X509_free);
-	sk_pop_free(a->crl,X509_CRL_free);
-	sk_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
-	Free((char *)a);
+	sk_X509_CRL_pop_free(a->crl,X509_CRL_free);
+	sk_PKCS7_SIGNER_INFO_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
+	Free(a);
 	}

--- a/crypto/asn1/p7_signd.c
+++ b/crypto/asn1/p7_signd.c
@@ -66,20 +66,22 @@ int i2d_PKCS7_SIGNED(PKCS7_SIGNED *a, unsigned char **pp)
 	M_ASN1_I2D_vars(a);

 	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len_SET(a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_len_SET_type(X509_ALGOR,a->md_algs,i2d_X509_ALGOR);
 	M_ASN1_I2D_len(a->contents,i2d_PKCS7);
 	M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509,a->cert,i2d_X509,0);
-	M_ASN1_I2D_len_IMP_SET_opt(a->crl,i2d_X509_CRL,1);
-	M_ASN1_I2D_len_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
+	M_ASN1_I2D_len_IMP_SET_opt_type(X509_CRL,a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_len_SET_type(PKCS7_SIGNER_INFO,a->signer_info,
+				i2d_PKCS7_SIGNER_INFO);

 	M_ASN1_I2D_seq_total();

 	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put_SET(a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_put_SET_type(X509_ALGOR,a->md_algs,i2d_X509_ALGOR);
 	M_ASN1_I2D_put(a->contents,i2d_PKCS7);
 	M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509,a->cert,i2d_X509,0);
-	M_ASN1_I2D_put_IMP_SET_opt(a->crl,i2d_X509_CRL,1);
-	M_ASN1_I2D_put_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
+	M_ASN1_I2D_put_IMP_SET_opt_type(X509_CRL,a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_put_SET_type(PKCS7_SIGNER_INFO,a->signer_info,
+				i2d_PKCS7_SIGNER_INFO);

 	M_ASN1_I2D_finish();
 	}
@@ -92,12 +94,14 @@ PKCS7_SIGNED *d2i_PKCS7_SIGNED(PKCS7_SIGNED **a, unsigned char **pp,
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
 	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get_set(ret->md_algs,d2i_X509_ALGOR,X509_ALGOR_free);
+	M_ASN1_D2I_get_set_type(X509_ALGOR,ret->md_algs,d2i_X509_ALGOR,
+				X509_ALGOR_free);
 	M_ASN1_D2I_get(ret->contents,d2i_PKCS7);
 	M_ASN1_D2I_get_IMP_set_opt_type(X509,ret->cert,d2i_X509,X509_free,0);
-	M_ASN1_D2I_get_IMP_set_opt(ret->crl,d2i_X509_CRL,X509_CRL_free,1);
-	M_ASN1_D2I_get_set(ret->signer_info,d2i_PKCS7_SIGNER_INFO,
-		PKCS7_SIGNER_INFO_free);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_CRL,ret->crl,d2i_X509_CRL,
+					X509_CRL_free,1);
+	M_ASN1_D2I_get_set_type(PKCS7_SIGNER_INFO,ret->signer_info,
+				d2i_PKCS7_SIGNER_INFO,PKCS7_SIGNER_INFO_free);

 	M_ASN1_D2I_Finish(a,PKCS7_SIGNED_free,ASN1_F_D2I_PKCS7_SIGNED);
 	}
@@ -109,11 +113,11 @@ PKCS7_SIGNED *PKCS7_SIGNED_new(void)

 	M_ASN1_New_Malloc(ret,PKCS7_SIGNED);
 	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->md_algs,sk_new_null);
+	M_ASN1_New(ret->md_algs,sk_X509_ALGOR_new_null);
 	M_ASN1_New(ret->contents,PKCS7_new);
 	ret->cert=NULL;
 	ret->crl=NULL;
-	M_ASN1_New(ret->signer_info,sk_new_null);
+	M_ASN1_New(ret->signer_info,sk_PKCS7_SIGNER_INFO_new_null);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_PKCS7_SIGNED_NEW);
 	}
@@ -122,11 +126,10 @@ void PKCS7_SIGNED_free(PKCS7_SIGNED *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
-	sk_pop_free(a->md_algs,X509_ALGOR_free);
+	sk_X509_ALGOR_pop_free(a->md_algs,X509_ALGOR_free);
 	PKCS7_free(a->contents);
 	sk_X509_pop_free(a->cert,X509_free);
-	sk_pop_free(a->crl,X509_CRL_free);
-	sk_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
-	Free((char *)a);
+	sk_X509_CRL_pop_free(a->crl,X509_CRL_free);
+	sk_PKCS7_SIGNER_INFO_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
+	Free(a);
 	}
-
--- a/crypto/asn1/p7_signi.c
+++ b/crypto/asn1/p7_signi.c
@@ -68,20 +68,24 @@ int i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a, unsigned char **pp)
 	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
 	M_ASN1_I2D_len(a->digest_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_len_IMP_SET_opt(a->auth_attr,i2d_X509_ATTRIBUTE,0);
+	M_ASN1_I2D_len_IMP_SET_opt_type(X509_ATTRIBUTE,a->auth_attr,
+					i2d_X509_ATTRIBUTE,0);
 	M_ASN1_I2D_len(a->digest_enc_alg,i2d_X509_ALGOR);
 	M_ASN1_I2D_len(a->enc_digest,i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len_IMP_SET_opt(a->unauth_attr,i2d_X509_ATTRIBUTE,1);
+	M_ASN1_I2D_len_IMP_SET_opt_type(X509_ATTRIBUTE,a->unauth_attr,
+					i2d_X509_ATTRIBUTE,1);

 	M_ASN1_I2D_seq_total();

 	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_put(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
 	M_ASN1_I2D_put(a->digest_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_put_IMP_SET_opt(a->auth_attr,i2d_X509_ATTRIBUTE,0);
+	M_ASN1_I2D_put_IMP_SET_opt_type(X509_ATTRIBUTE,a->auth_attr,
+					i2d_X509_ATTRIBUTE,0);
 	M_ASN1_I2D_put(a->digest_enc_alg,i2d_X509_ALGOR);
 	M_ASN1_I2D_put(a->enc_digest,i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put_IMP_SET_opt(a->unauth_attr,i2d_X509_ATTRIBUTE,1);
+	M_ASN1_I2D_put_IMP_SET_opt_type(X509_ATTRIBUTE,a->unauth_attr,
+					i2d_X509_ATTRIBUTE,1);

 	M_ASN1_I2D_finish();
 	}
@@ -96,12 +100,14 @@ PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a,
 	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
 	M_ASN1_D2I_get(ret->issuer_and_serial,d2i_PKCS7_ISSUER_AND_SERIAL);
 	M_ASN1_D2I_get(ret->digest_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get_IMP_set_opt(ret->auth_attr,d2i_X509_ATTRIBUTE,
-		X509_ATTRIBUTE_free,0);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE,ret->auth_attr,
+					d2i_X509_ATTRIBUTE,X509_ATTRIBUTE_free,
+					0);
 	M_ASN1_D2I_get(ret->digest_enc_alg,d2i_X509_ALGOR);
 	M_ASN1_D2I_get(ret->enc_digest,d2i_ASN1_OCTET_STRING);
-	M_ASN1_D2I_get_IMP_set_opt(ret->unauth_attr,d2i_X509_ATTRIBUTE,
-		X509_ATTRIBUTE_free,1);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE,ret->unauth_attr,
+					d2i_X509_ATTRIBUTE,
+					X509_ATTRIBUTE_free,1);

 	M_ASN1_D2I_Finish(a,PKCS7_SIGNER_INFO_free,
 		ASN1_F_D2I_PKCS7_SIGNER_INFO);
@@ -131,12 +137,14 @@ void PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a)
 	ASN1_INTEGER_free(a->version);
 	PKCS7_ISSUER_AND_SERIAL_free(a->issuer_and_serial);
 	X509_ALGOR_free(a->digest_alg);
-	sk_pop_free(a->auth_attr,X509_ATTRIBUTE_free);
+	sk_X509_ATTRIBUTE_pop_free(a->auth_attr,X509_ATTRIBUTE_free);
 	X509_ALGOR_free(a->digest_enc_alg);
 	ASN1_OCTET_STRING_free(a->enc_digest);
-	sk_pop_free(a->unauth_attr,X509_ATTRIBUTE_free);
+	sk_X509_ATTRIBUTE_pop_free(a->unauth_attr,X509_ATTRIBUTE_free);
 	if (a->pkey != NULL)
 		EVP_PKEY_free(a->pkey);
 	Free((char *)a);
 	}

+IMPLEMENT_STACK_OF(PKCS7_SIGNER_INFO)
+IMPLEMENT_ASN1_SET_OF(PKCS7_SIGNER_INFO)
--- a/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>

 int i2d_PKCS8_PRIV_KEY_INFO (PKCS8_PRIV_KEY_INFO *a, unsigned char **pp)
 {
@@ -68,14 +69,16 @@ int i2d_PKCS8_PRIV_KEY_INFO (PKCS8_PRIV_KEY_INFO *a, unsigned char **pp)
 	M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len (a->pkeyalg, i2d_X509_ALGOR);
 	M_ASN1_I2D_len (a->pkey, i2d_ASN1_TYPE);
-	M_ASN1_I2D_len_IMP_SET_opt (a->attributes, i2d_X509_ATTRIBUTE, 0);
+	M_ASN1_I2D_len_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes,
+					 i2d_X509_ATTRIBUTE, 0);
 	
 	M_ASN1_I2D_seq_total ();

 	M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
 	M_ASN1_I2D_put (a->pkeyalg, i2d_X509_ALGOR);
 	M_ASN1_I2D_put (a->pkey, i2d_ASN1_TYPE);
-	M_ASN1_I2D_put_IMP_SET_opt (a->attributes, i2d_X509_ATTRIBUTE, 0);
+	M_ASN1_I2D_put_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes,
+					 i2d_X509_ATTRIBUTE, 0);

 	M_ASN1_I2D_finish();
 }
@@ -103,8 +106,9 @@ PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
 	M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
 	M_ASN1_D2I_get (ret->pkeyalg, d2i_X509_ALGOR);
 	M_ASN1_D2I_get (ret->pkey, d2i_ASN1_TYPE);
-	M_ASN1_D2I_get_IMP_set_opt(ret->attributes, d2i_X509_ATTRIBUTE,
-						 X509_ATTRIBUTE_free, 0);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE, ret->attributes,
+					d2i_X509_ATTRIBUTE,
+					X509_ATTRIBUTE_free, 0);
 	if (ASN1_TYPE_get(ret->pkey) == V_ASN1_SEQUENCE) 
 						ret->broken = PKCS8_NO_OCTET;
 	M_ASN1_D2I_Finish(a, PKCS8_PRIV_KEY_INFO_free, ASN1_F_D2I_PKCS8_PRIV_KEY_INFO);
@@ -120,6 +124,6 @@ void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a)
 		memset (a->pkey->value.octet_string->data,
 				 0, a->pkey->value.octet_string->length);
 	ASN1_TYPE_free (a->pkey);
-	sk_pop_free (a->attributes, X509_ATTRIBUTE_free);
-	Free ((char *)a);
+	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
+	Free (a);
 }
--- a/crypto/asn1/t_crl.c
+++ b/crypto/asn1/t_crl.c
@@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 {
 	char buf[256];
 	unsigned char *s;
-	STACK *rev;
+	STACK_OF(X509_REVOKED) *rev;
 	X509_REVOKED *r;
 	long l;
 	int i, j, n;
@@ -117,11 +117,12 @@ int X509_CRL_print(BIO *out, X509_CRL *x)

 	rev = X509_CRL_get_REVOKED(x);

-	if(sk_num(rev)) BIO_printf(out, "Revoked Certificates:\n");
+	if(sk_X509_REVOKED_num(rev))
+	    BIO_printf(out, "Revoked Certificates:\n");
 	else BIO_printf(out, "No Revoked Certificates.\n");

-	for(i = 0; i < sk_num(rev); i++) {
-		r = (X509_REVOKED *) sk_value(rev, i);
+	for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
+		r = sk_X509_REVOKED_value(rev, i);
 		BIO_printf(out,"    Serial Number: ");
 		i2a_ASN1_INTEGER(out,r->serialNumber);
 		BIO_printf(out,"\n        Revocation Date: ","");
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -158,6 +158,7 @@ int X509_print(BIO *bp, X509 *x)
 	if (pkey == NULL)
 		{
 		BIO_printf(bp,"%12sUnable to load Public Key\n","");
+		ERR_print_errors(bp);
 		}
 	else
 #ifndef NO_RSA
@@ -357,6 +358,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 	c=s;
 	for (;;)
 		{
+#ifndef CHARSET_EBCDIC
 		if (	((*s == '/') &&
 				((s[1] >= 'A') && (s[1] <= 'Z') && (
 					(s[2] == '=') ||
@@ -364,6 +366,15 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 					(s[3] == '='))
 				 ))) ||
 			(*s == '\0'))
+#else
+		if (	((*s == '/') &&
+				(isupper(s[1]) && (
+					(s[2] == '=') ||
+					(isupper(s[2]) &&
+					(s[3] == '='))
+				 ))) ||
+			(*s == '\0'))
+#endif
 			{
 			if ((l <= 0) && !first)
 				{
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>

 int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp)
 	{
@@ -113,3 +114,5 @@ void X509_ALGOR_free(X509_ALGOR *a)
 	Free((char *)a);
 	}

+IMPLEMENT_STACK_OF(X509_ALGOR)
+IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
--- a/crypto/asn1/x_attrib.c
+++ b/crypto/asn1/x_attrib.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>

 /* sequence */
 int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **pp)
--- a/crypto/asn1/x_cinf.c
+++ b/crypto/asn1/x_cinf.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>

 int i2d_X509_CINF(X509_CINF *a, unsigned char **pp)
 	{
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -100,11 +100,13 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 	{
 	int v1=0;
 	long l=0;
+	int (*old_cmp)(X509_REVOKED **,X509_REVOKED **);
 	M_ASN1_I2D_vars(a);
+	
+	old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
+	sk_X509_REVOKED_sort(a->revoked);
+	sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);

-	if (sk_num(a->revoked) != 0)
-		qsort((char *)a->revoked->data,sk_num(a->revoked),
-			sizeof(X509_REVOKED *),(int (*)(const void *,const void *))X509_REVOKED_seq_cmp);
 	if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0))
 		{
 		M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
@@ -114,7 +116,8 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME);
 	if (a->nextUpdate != NULL)
 		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
-	M_ASN1_I2D_len_SEQUENCE_opt(a->revoked,i2d_X509_REVOKED);
+	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
+					 i2d_X509_REVOKED);
 	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
 					     i2d_X509_EXTENSION,0,
 					     V_ASN1_SEQUENCE,v1);
@@ -130,7 +133,8 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 	M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_UTCTIME);
 	if (a->nextUpdate != NULL)
 		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_UTCTIME); }
-	M_ASN1_I2D_put_SEQUENCE_opt(a->revoked,i2d_X509_REVOKED);
+	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
+					 i2d_X509_REVOKED);
 	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
 					     i2d_X509_EXTENSION,0,
 					     V_ASN1_SEQUENCE,v1);
@@ -172,16 +176,17 @@ X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, unsigned char **pp,
 							V_ASN1_GENERALIZEDTIME);
 	if (ret->revoked != NULL)
 		{
-		while (sk_num(ret->revoked))
-			X509_REVOKED_free((X509_REVOKED *)sk_pop(ret->revoked));
+		while (sk_X509_REVOKED_num(ret->revoked))
+			X509_REVOKED_free(sk_X509_REVOKED_pop(ret->revoked));
 		}
-	M_ASN1_D2I_get_seq_opt(ret->revoked,d2i_X509_REVOKED,X509_REVOKED_free);
+	M_ASN1_D2I_get_seq_opt_type(X509_REVOKED,ret->revoked,d2i_X509_REVOKED,
+				    X509_REVOKED_free);

 	if (ret->revoked != NULL)
 		{
-		for (i=0; i<sk_num(ret->revoked); i++)
+		for (i=0; i<sk_X509_REVOKED_num(ret->revoked); i++)
 			{
-			((X509_REVOKED *)sk_value(ret->revoked,i))->sequence=i;
+			sk_X509_REVOKED_value(ret->revoked,i)->sequence=i;
 			}
 		}

@@ -258,9 +263,9 @@ X509_CRL_INFO *X509_CRL_INFO_new(void)
 	M_ASN1_New(ret->issuer,X509_NAME_new);
 	M_ASN1_New(ret->lastUpdate,ASN1_UTCTIME_new);
 	ret->nextUpdate=NULL;
-	M_ASN1_New(ret->revoked,sk_new_null);
+	M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
 	M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null);
-	ret->revoked->comp=(int (*)())X509_REVOKED_cmp;
+	sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
 	}
@@ -297,7 +302,7 @@ void X509_CRL_INFO_free(X509_CRL_INFO *a)
 	ASN1_UTCTIME_free(a->lastUpdate);
 	if (a->nextUpdate)
 		ASN1_UTCTIME_free(a->nextUpdate);
-	sk_pop_free(a->revoked,X509_REVOKED_free);
+	sk_X509_REVOKED_pop_free(a->revoked,X509_REVOKED_free);
 	sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
 	Free(a);
 	}
@@ -338,3 +343,8 @@ static int X509_REVOKED_seq_cmp(X509_REVOKED **a, X509_REVOKED **b)
 	{
 	return((*a)->sequence-(*b)->sequence);
 	}
+
+IMPLEMENT_STACK_OF(X509_REVOKED)
+IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
+IMPLEMENT_STACK_OF(X509_CRL)
+IMPLEMENT_ASN1_SET_OF(X509_CRL)
--- a/crypto/asn1/x_exten.c
+++ b/crypto/asn1/x_exten.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>

 int i2d_X509_EXTENSION(X509_EXTENSION *a, unsigned char **pp)
 	{
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>

 static int i2d_X509_NAME_entries(X509_NAME *a);
 int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a, unsigned char **pp)
--- a/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
@@ -61,6 +61,7 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>

 /* need to implement */
 int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>

 int i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **pp)
 	{
--- a/crypto/asn1/x_sig.c
+++ b/crypto/asn1/x_sig.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>

 int i2d_X509_SIG(X509_SIG *a, unsigned char **pp)
 	{
--- a/crypto/asn1/x_val.c
+++ b/crypto/asn1/x_val.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>

 int i2d_X509_VAL(X509_VAL *a, unsigned char **pp)
 	{
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>

 static ASN1_METHOD meth={
 	(int (*)())  i2d_X509,
--- a/crypto/bf/Makefile.ssl
+++ b/crypto/bf/Makefile.ssl
@@ -100,7 +100,7 @@ dclean:
 	mv -f Makefile.new $(MAKEFILE)

 clean:
-	rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff

 # DO NOT DELETE THIS LINE -- make depend depends on it.

--- a/crypto/bf/asm/bf-686.pl
+++ b/crypto/bf/asm/bf-686.pl
@@ -1,5 +1,4 @@
 #!/usr/local/bin/perl
-#!/usr/local/bin/perl

 push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
--- a/crypto/bf/bf_locl.h
+++ b/crypto/bf/bf_locl.h
@@ -56,8 +56,8 @@
 * [including the GNU Public Licence.]
 */

-#ifndef _HEADER_BF_LOCL_H
-#define _HEADER_BF_LOCL_H
+#ifndef HEADER_BF_LOCL_H
+#define HEADER_BF_LOCL_H
 #include <openssl/opensslconf.h> /* BF_PTR, BF_PTR2 */

 #undef c2l
--- a/Show More
+++ b/Show More