Merge the version changes from 0.9.6-stable.

The tag for this branch will be OpenSSL-engine-0_9_6d
Merge in recent changes from 0.9.6-stable.
2002-05-09 23:12:12 +00:00 · 2002-05-09 21:55:50 +00:00 · 2002-05-09 19:38:34 +00:00 · 2002-05-08 15:54:01 +00:00 · 2002-04-21 17:54:04 +00:00 · 2002-04-18 09:26:24 +00:00
389 changed files with 13626 additions and 4117 deletions
--- a/150
+++ b/150
@@ -2,152 +2,6 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.6g and 0.9.6h  [21 Dec 2002]
-
-  *) New function OPENSSL_cleanse(), which is used to cleanse a section of
-     memory from it's contents.  This is done with a counter that will
-     place alternating values in each byte.  This can be used to solve
-     two issues: 1) the removal of calls to memset() by highly optimizing
-     compilers, and 2) cleansing with other values than 0, since those can
-     be read through on certain media, for example a swap space on disk.
-     [Geoff Thorpe]
-
-  *) Bugfix: client side session caching did not work with external caching,
-     because the session->cipher setting was not restored when reloading
-     from the external cache. This problem was masked, when
-     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
-     (Found by Steve Haslam <steve@araqnid.ddts.net>.)
-     [Lutz Jaenicke]
-
-  *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
-     length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
-     [Zeev Lieber <zeev-l@yahoo.com>]
-
-  *) Undo an undocumented change introduced in 0.9.6e which caused
-     repeated calls to OpenSSL_add_all_ciphers() and 
-     OpenSSL_add_all_digests() to be ignored, even after calling
-     EVP_cleanup().
-     [Richard Levitte]
-
-  *) Change the default configuration reader to deal with last line not
-     being properly terminated.
-     [Richard Levitte]
-
-  *) Change X509_NAME_cmp() so it applies the special rules on handling
-     DN values that are of type PrintableString, as well as RDNs of type
-     emailAddress where the value has the type ia5String.
-     [stefank@valicert.com via Richard Levitte]
-
-  *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
-     the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
-     doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
-     the bitwise-OR of the two for use by the majority of applications
-     wanting this behaviour, and update the docs. The documented
-     behaviour and actual behaviour were inconsistent and had been
-     changing anyway, so this is more a bug-fix than a behavioural
-     change.
-     [Geoff Thorpe, diagnosed by Nadav Har'El]
-
-  *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
-     (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
-     [Bodo Moeller]
-
-  *) Fix initialization code race conditions in
-        SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),
-        SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),
-        SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),
-        TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),
-        ssl2_get_cipher_by_char(),
-        ssl3_get_cipher_by_char().
-     [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
-
-  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
-     the cached sessions are flushed, as the remove_cb() might use ex_data
-     contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
-     (see [openssl.org #212]).
-     [Geoff Thorpe, Lutz Jaenicke]
-
-  *) Fix typo in OBJ_txt2obj which incorrectly passed the content
-     length, instead of the encoding length to d2i_ASN1_OBJECT.
-     [Steve Henson]
-
- Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
-
-  *) [In 0.9.6g-engine release:]
-     Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
-     [Lynn Gazis <lgazis@rainbow.com>]
-
- Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
-
-  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
-     and get fix the header length calculation.
-     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
-	Alon Kantor <alonk@checkpoint.com> (and others),
-	Steve Henson]
-
-  *) Use proper error handling instead of 'assertions' in buffer
-     overflow checks added in 0.9.6e.  This prevents DoS (the
-     assertions could call abort()).
-     [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
-
- Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
-
-  *) Add various sanity checks to asn1_get_length() to reject
-     the ASN1 length bytes if they exceed sizeof(long), will appear
-     negative or the content length exceeds the length of the
-     supplied buffer.
-     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
-
-  *) Fix cipher selection routines: ciphers without encryption had no flags
-     for the cipher strength set and where therefore not handled correctly
-     by the selection routines (PR #130).
-     [Lutz Jaenicke]
-
-  *) Fix EVP_dsa_sha macro.
-     [Nils Larsch]
-
-  *) New option
-          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
-     that was added in OpenSSL 0.9.6d.
-
-     As the countermeasure turned out to be incompatible with some
-     broken SSL implementations, the new option is part of SSL_OP_ALL.
-     SSL_OP_ALL is usually employed when compatibility with weird SSL
-     implementations is desired (e.g. '-bugs' option to 's_client' and
-     's_server'), so the new option is automatically set in many
-     applications.
-     [Bodo Moeller]
-
-  *) Changes in security patch:
-
-     Changes marked "(CHATS)" were sponsored by the Defense Advanced
-     Research Projects Agency (DARPA) and Air Force Research Laboratory,
-     Air Force Materiel Command, USAF, under agreement number
-     F30602-01-2-0537.
-
-  *) Add various sanity checks to asn1_get_length() to reject
-     the ASN1 length bytes if they exceed sizeof(long), will appear
-     negative or the content length exceeds the length of the
-     supplied buffer. (CAN-2002-0659)
-     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
-
-  *) Assertions for various potential buffer overflows, not known to
-     happen in practice.
-     [Ben Laurie (CHATS)]
-
-  *) Various temporary buffers to hold ASCII versions of integers were
-     too small for 64 bit platforms. (CAN-2002-0655)
-     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
-
-  *) Remote buffer overflow in SSL3 protocol - an attacker could
-     supply an oversized session ID to a client. (CAN-2002-0656)
-     [Ben Laurie (CHATS)]
-
-  *) Remote buffer overflow in SSL2 protocol - an attacker could
-     supply an oversized client master key. (CAN-2002-0656)
-     [Ben Laurie (CHATS)]
-
 Changes between 0.9.6c and 0.9.6d  [9 May 2002]

  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
@@ -234,8 +88,8 @@
     value is 0.
     [Richard Levitte]

-  *) [In 0.9.6d-engine release:]
-     Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+  *) [In 0.9.6c-engine release:]
+     Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]

  *) Add the configuration target linux-s390x.
--- a/93
+++ b/93
@@ -10,7 +10,7 @@ use strict;

 # see INSTALL for instructions.

-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--test-sanity] os/compiler[:flags]\n";

 # Options:
 #
@@ -23,6 +23,12 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               default).  This needn't be set in advance, you can
 #               just as well use "make INSTALL_PREFIX=/whatever install".
 #
+# no-hw-xxx     do not compile support for specific crypto hardware.
+#               Generic OpenSSL-style methods relating to this support
+#               are always compiled but return NULL if the hardware
+#               support isn't compiled.
+# no-hw         do not compile support for any crypto hardware.
+#
 # --test-sanity Make a number of sanity checks on the data in this file.
 #               This is a debugging tool for OpenSSL developers.
 #
@@ -31,6 +37,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
 # [no-]shared	[don't] try to create shared libraries when supported.
+#               IT IS NOT RECOMMENDED TO USE "shared"!  Since this is a
+#               development branch, the positions of the ENGINE symbols
+#               in the transfer vector are constantly moving, so binary
+#               backward compatibility can't be guaranteed in any way.
 # no-asm        do not use assembler
 # no-dso        do not compile in any native shared-library methods. This
 #               will ensure that all methods just return NULL.
@@ -122,7 +132,7 @@ my %table=(
 "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
 "dist",		"cc:-O::(unknown):::::",

 # Basic configs that should work on any (32 and less bit) box
@@ -144,7 +154,6 @@ my %table=(
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
 "solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -170,10 +179,10 @@ my %table=(
 "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # !!!Folowing can't be even tested yet!!!
 #    We have to wait till 64-bit glibc for SPARC is operational!!!
 #"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
@@ -229,7 +238,6 @@ my %table=(
 "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
@@ -337,15 +345,15 @@ my %table=(
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
 "linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
-"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
-"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -395,7 +403,7 @@ my %table=(
 "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
 "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
-"aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",

 #
 # Cray T90 and similar (SDSC)
@@ -437,7 +445,7 @@ my %table=(
 "sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 "sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
-"sco5-gcc-shared","gcc:-O3 -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
+"sco5-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...

 # Sinix/ReliantUNIX RM400
 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
@@ -472,12 +480,9 @@ my %table=(
 # and its library files in util/pl/*)
 "Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",

-# UWIN 
-"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-
 # Cygwin
 "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",

 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
@@ -493,10 +498,7 @@ my %table=(

 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-
-##### A/UX
-"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",

 ##### Sony NEWS-OS 4.x
 "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
@@ -504,9 +506,6 @@ my %table=(
 ##### VxWorks for various targets
 "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",

-##### Compaq Non-Stop Kernel (Tandem)
-"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown)::THIRTY_TWO_BIT:::",
-
 );

 my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
@@ -583,7 +582,6 @@ my $libs;
 my $target;
 my $options;
 my $symlink;
-my $make_depend=0;

 my @argvcopy=@ARGV;
 my $argvstring="";
@@ -618,6 +616,18 @@ PROCESS_ARGS:
 			$flags .= "-DNO_ASM ";
 			$openssl_other_defines .= "#define NO_ASM\n";
 			}
+		elsif (/^no-hw-(.+)$/)
+			{
+			my $hw=$1;
+			$hw =~ tr/[a-z]/[A-Z]/;
+			$flags .= "-DNO_HW_$hw ";
+			$openssl_other_defines .= "#define NO_HW_$hw\n";
+			}
+		elsif (/^no-hw$/)
+			{
+			$flags .= "-DNO_HW ";
+			$openssl_other_defines .= "#define NO_HW\n";
+			}
 		elsif (/^no-dso$/)
 			{ $no_dso=1; }
 		elsif (/^no-threads$/)
@@ -626,7 +636,7 @@ PROCESS_ARGS:
 			{ $threads=1; }
 		elsif (/^no-shared$/)
 			{ $no_shared=1; }
-		elsif (/^shared$/ || /^-shared$/ || /^--shared$/)
+		elsif (/^shared$/)
 			{ $no_shared=0; }
 		elsif (/^no-symlinks$/)
 			{ $symlink=0; }
@@ -911,10 +921,6 @@ if ($rmd160_obj =~ /\.o$/)
 	$cflags.=" -DRMD160_ASM";
 	}

-# "Stringify" the C flags string.  This permits it to be made part of a string
-# and works as well on command lines.
-$cflags =~ s/([\\\"])/\\\1/g;
-
 my $version = "unknown";
 my $major = "unknown";
 my $minor = "unknown";
@@ -997,21 +1003,13 @@ while (<IN>)
 	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
 		{
 		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
-		}
-	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
-		{
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/
 		}
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
 		{
 		my $sotmp = $1;
 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
 		}
-	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
-		{
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
-		}
 	s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
 	print OUT $_."\n";
 	}
@@ -1195,13 +1193,11 @@ if($IsWindows) {
 EOF
 	close(OUT);
 } else {
-	my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
-	my $make_targets = "";
-	$make_targets .= " links" if $symlink;
-	$make_targets .= " depend" if $depflags ne "" && $make_depend;
-	$make_targets .= " gentests" if $symlink;
-	(system $make_command.$make_targets) == 0 or exit $?
-		if $make_targets ne "";
+	(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
+		if $symlink;
+	### (system 'make depend') == 0 or exit $? if $depflags ne "";
+	# Run "make depend" manually if you want to be able to delete
+	# the source code files of ciphers you left out.
 	if ( $perl =~ m@^/@) {
 	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
 	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
@@ -1211,15 +1207,6 @@ EOF
 	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
 	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
-	}
-	if ($depflags ne "" && !$make_depend) {
-		print <<EOF;
-
-Since you've disabled at least one algorithm, you need to do the following
-before building:
-
-	make depend
-EOF
 	}	    
 }

--- a/85
+++ b/85
@@ -9,7 +9,6 @@ OpenSSL  -  Frequently Asked Questions
 * Where can I get a compiled version of OpenSSL?
 * Why aren't tools like 'autoconf' and 'libtool' used?
 * What is an 'engine' version?
-* How do I check the authenticity of the OpenSSL distribution?

 [LEGAL] Legal questions

@@ -36,12 +35,9 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the linker complain about undefined symbols?
 * Why does the OpenSSL test fail with "bc: command not found"?
 * Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL test fail with "bc: stack empty"?
 * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 * Why does the OpenSSL compilation fail on Win32 with VC++?
-* What is special about OpenSSL on Redhat?
-* Why does the OpenSSL test suite fail on MacOS X?

 [PROG] Questions about programming with OpenSSL

@@ -63,7 +59,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6h was released on 5 December 2002.
+OpenSSL 0.9.6d was released on 9 May, 2002.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -134,19 +130,6 @@ hardware. This was realized in a special release '0.9.6-engine'. With
 version 0.9.7 (not yet released) the changes were merged into the main
 development line, so that the special release is no longer necessary.

-* How do I check the authenticity of the OpenSSL distribution?
-
-We provide MD5 digests and ASC signatures of each tarball.
-Use MD5 to check that a tarball from a mirror site is identical:
-
-   md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
-
-You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server). Then
-just do:
-
-   pgp TARBALL.asc
-
 [LEGAL] =======================================================================

 * Do I need patent licenses to use OpenSSL?
@@ -232,13 +215,8 @@ For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
 installing the SUNski package from Sun patch 105710-01 (Sparc) which
 adds a /dev/random device and make sure it gets used, usually through
 $RANDFILE.  There are probably similar patches for the other Solaris
-versions.  An official statement from Sun with respect to /dev/random
-support can be found at
-  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
-However, be warned that /dev/random is usually a blocking device, which
-may have some effects on OpenSSL.
-A third party /dev/random solution for Solaris is available at
-  http://www.cosy.sbg.ac.at/~andi/
+versions.  However, be warned that /dev/random is usually a blocking
+device, which may have some effects on OpenSSL.


 * Why do I get an "unable to write 'random state'" error message?
@@ -409,17 +387,6 @@ and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
 for download instructions) can be safely used, for example.


-* Why does the OpenSSL test fail with "bc: stack empty"?
-
-On some DG/ux versions, bc seems to have a too small stack for calculations
-that the OpenSSL bntest throws at it.  This gets triggered when you run the
-test suite (using "make test").  The message returned is "bc: stack empty".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
-for download instructions) can be safely used, for example.
-
-
 * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?

 On some Alpha installations running Tru64 Unix and Compaq C, the compilation
@@ -484,52 +451,6 @@ under 'Program Files').  This needs to be done prior to running NMAKE,
 and the changes are only valid for the current DOS session.


-* What is special about OpenSSL on Redhat?
-
-Red Hat Linux (release 7.0 and later) include a preinstalled limited
-version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
-is disabled in this version. The same may apply to other Linux distributions.
-Users may therefore wish to install more or all of the features left out.
-
-To do this you MUST ensure that you do not overwrite the openssl that is in
-/usr/bin on your Red Hat machine. Several packages depend on this file,
-including sendmail and ssh. /usr/local/bin is a good alternative choice. The
-libraries that come with Red Hat 7.0 onwards have different names and so are
-not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
-/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
-/lib/libcrypto.so.2 respectively).
-
-Please note that we have been advised by Red Hat attempting to recompile the
-openssl rpm with all the cryptography enabled will not work. All other
-packages depend on the original Red Hat supplied openssl package. It is also
-worth noting that due to the way Red Hat supplies its packages, updates to
-openssl on each distribution never change the package version, only the
-build number. For example, on Red Hat 7.1, the latest openssl package has
-version number 0.9.6 and build number 9 even though it contains all the
-relevant updates in packages up to and including 0.9.6b.
-
-A possible way around this is to persuade Red Hat to produce a non-US
-version of Red Hat Linux.
-
-FYI: Patent numbers and expiry dates of US patents:
-MDC-2: 4,908,861 13/03/2007
-IDEA:  5,214,703 25/05/2010
-RC5:   5,724,428 03/03/2015
-
-
-* Why does the OpenSSL test suite fail on MacOS X?
-
-If the failure happens when running 'make test' and the RC4 test fails,
-it's very probable that you have OpenSSL 0.9.6b delivered with the
-operating system (you can find out by running '/usr/bin/openssl version')
-and that you were trying to build OpenSSL 0.9.6d.  The problem is that
-the loader ('ld') in MacOS X has a misfeature that's quite difficult to
-go around and has linked the programs "openssl" and the test programs
-with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
-libraries you just built.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
 [PROG] ========================================================================

 * Is OpenSSL thread-safe?
--- a/27
+++ b/27
@@ -57,7 +57,10 @@

  shared        In addition to the usual static libraries, create shared
                libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.
+                shared libraries" below.  THIS IS NOT RECOMMENDED!  Since
+                this is a development branch, the positions of the ENGINE
+                symbols in the transfer vector are constantly moving, so
+                binary backward compatibility can't be guaranteed in any way.

  no-asm        Do not use assembler code.

@@ -128,11 +131,8 @@
     the failure that aren't problems in OpenSSL itself (like missing
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
-     message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/rt2.html and will be forwarded to a public
-     mailing list). Include the output of "make report" in your message.
-     Please check out the request tracker. Maybe the bug was already
-     reported or has already been fixed.
+     message will be forwarded to a public mailing list).  Include the
+     output of "make report" in your message.

     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]
@@ -150,8 +150,7 @@
     try removing any compiler optimization flags from the CFLAGS line
     in Makefile.ssl and run "make clean; make". Please send a bug
     report to <openssl-bugs@openssl.org>, including the output of
-     "make report" in order to be added to the request tracker at
-     http://www.openssl.org/rt2.html.
+     "make report".

  4. If everything tests ok, install OpenSSL with

@@ -285,15 +284,3 @@
 targets for shared library creation, like linux-shared.  Those targets
 can currently be used on their own just as well, but this is expected
 to change in future versions of OpenSSL.
-
- Note on random number generation
- --------------------------------
-
- Availability of cryptographically secure random numbers is required for
- secret key generation. OpenSSL provides several options to seed the
- internal PRNG. If not properly seeded, the internal PRNG will refuse
- to deliver random bytes and a "PRNG not seeded error" will occur.
- On systems without /dev/urandom (or similar) device, it may be necessary
- to install additional support software to obtain random seed.
- Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
- and the FAQ for more information.
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -82,8 +82,7 @@
 There are various changes you can make to the Win32 compile environment. By
 default the library is not compiled with debugging symbols. If you add 'debug'
 to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
- compiled in. Note that mk1mf.pl expects the platform to be the last argument
- on the command line, so 'debug' must appear before that, as all other options.
+ compiled in.

 The default Win32 environment is to leave out any Windows NT specific
 features.
@@ -95,18 +94,6 @@
 You can also build a static version of the library using the Makefile
 ms\nt.mak

- Borland C++ builder 5
- ---------------------
-
- * Configure for building with Borland Builder:
-   > perl Configure BC-32
-
- * Create the appropriate makefile
-   > ms\do_nasm
-
- * Build
-   > make -f ms\bcb.mak
-
 Borland C++ builder 3 and 4
 ---------------------------

--- a/MacOS/GetHTTPS.src/MacSocket.cpp
+++ b/MacOS/GetHTTPS.src/MacSocket.cpp
@@ -1287,7 +1287,7 @@ EXITPOINT:

 //	Send some bytes

-int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength)
+int MacSocket_send(const int inSocketNum,void *inBuff,int inBuffLength)
 {
 OSErr			errCode = noErr;
 int				bytesSent = 0;
@@ -1604,4 +1604,4 @@ EPInfo* epi = (EPInfo*) context;
 		}
 	}
 }
-*/
+*/
--- a/MacOS/GetHTTPS.src/MacSocket.h
+++ b/MacOS/GetHTTPS.src/MacSocket.h
@@ -62,7 +62,7 @@ int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const B

 //	Call this to send data on a socket

-int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength);
+int MacSocket_send(const int inSocketNum,void *inBuff,int inBuffLength);


 //	If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close
--- a/Makefile.org
+++ b/Makefile.org
@@ -162,7 +162,7 @@ SHLIBDIRS= crypto ssl
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso \
+	bn rsa dsa dh dso engine \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

@@ -247,8 +247,7 @@ link-shared:
 		for i in $(SHLIBDIRS); do \
 			prev=lib$$i$(SHLIB_EXT); \
 			for j in $${tmp:-x}; do \
-				( set -x; \
-				rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
+				( set -x; ln -f -s $$prev lib$$i$$j ); \
 				prev=lib$$i$$j; \
 			done; \
 		done; \
@@ -270,7 +269,9 @@ do_gnu-shared:
 	done

 DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
-	my_ld=`${CC} -print-prog-name=ld 2>&1` && \
+	collect2=`gcc -print-prog-name=collect2 2>&1` && \
+	[ -n "$$collect2" ] && \
+	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
 	[ -n "$$my_ld" ] && \
 	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1

@@ -419,7 +420,6 @@ do_hpux-shared:
 		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
 	libs="$$libs -L. -l$$i"; \
 	done

@@ -430,7 +430,6 @@ do_hpux64-shared:
 		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
 	libs="$$libs -L. -l$$i"; \
 	done

@@ -527,10 +526,6 @@ links:
 	fi; \
 	done;

-gentests:
-	@(cd test && echo "generating dummy tests (if needed)..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
-
 dclean:
 	rm -f *.bak
 	@for i in $(DIRS) ;\
@@ -550,7 +545,7 @@ test:   tests

 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' EXE_EXT='${EXE_EXT}' tests );
 	@apps/openssl version -a

 report:
@@ -561,7 +556,7 @@ depend:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
+		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
 	fi; \
 	done;

@@ -606,29 +601,20 @@ TABLE: Configure

 update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE

-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
 tar:
-	find . -type d -print | xargs chmod 755
-	find . -type f -print | xargs chmod a+r
-	find . -type f -perm -0100 -print | xargs chmod a+x
-	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
-	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+	@$(TAR) $(TARFLAGS) -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
 	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\
 	gzip --best >../$(TARFILE).gz; \
-	rm -f ../$(TARFILE).list; \
 	ls -l ../$(TARFILE).gz

 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+	@$(MAKE) tar

 dist_pem_h:
 	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
@@ -657,10 +643,9 @@ install: all install_docs
 	do \
 		if [ -f "$$i" ]; then \
 		(       echo installing $$i; \
-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-			mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 		fi; \
 	done
 	@if [ -n "$(SHARED_LIBS)" ]; then \
@@ -670,24 +655,20 @@ install: all install_docs
 			if [ -f "$$i" -o -f "$$i.a" ]; then \
 			(       echo installing $$i; \
 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
 					c=`echo $$i | sed 's/^lib/cyg/'`; \
-					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-					mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
-					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 				fi ); \
 			fi; \
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			set $(MAKE); \
-			$$1 -f $$here/Makefile link-shared ); \
+			make -f $$here/Makefile link-shared ); \
 	fi

 install_docs:
@@ -696,25 +677,22 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
-	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
-	for i in doc/apps/*.pod; do \
+	@for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$$pod2man \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`") \
+		(cd `dirname $$i`; \
+		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+			 --release=$(VERSION) `basename $$i`) \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
-	done; \
-	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+	done
+	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$$pod2man \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`") \
+		(cd `dirname $$i`; \
+		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`) \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done

--- a/29
+++ b/29
@@ -5,33 +5,6 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
-
-      o New configuration targets for Tandem OSS and A/UX.
-      o New OIDs for Microsoft attributes.
-      o Better handling of SSL session caching.
-      o Better comparison of distinguished names.
-      o Better handling of shared libraries in a mixed GNU/non-GNU environment.
-      o Support assembler code with Borland C.
-      o Fixes for length problems.
-      o Fixes for uninitialised variables.
-      o Fixes for memory leaks, some unusual crashes and some race conditions.
-      o Fixes for smaller building problems.
-      o Updates of manuals, FAQ and other instructive documents.
-
-  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
-
-      o Important building fixes on Unix.
-
-  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
-
-      o Various important bugfixes.
-
-  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
-
-      o Important security related bugfixes.
-      o Various SSL/TLS library bugfixes.
-
  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:

      o Various SSL/TLS library bugfixes.
@@ -83,7 +56,7 @@
      o Bug fixes for Win32, HP/UX and Irix.
      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
        memory checking routines.
-      o Bug fixes for RSA operations in threaded environments.
+      o Bug fixes for RSA operations in threaded enviroments.
      o Bug fixes in misc. openssl applications.
      o Remove a few potential memory leaks.
      o Add tighter checks of BIGNUM routines.
--- a/58
+++ b/58
@@ -1,58 +0,0 @@
-* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
-[NOTE: This is currently undergoing tests, and may be removed soon]
-
-This is really a misfeature in ld, which seems to look for .dylib libraries
-along the whole library path before it bothers looking for .a libraries.  This
-means that -L switches won't matter unless OpenSSL is built with shared
-library support.
-
-The workaround may be to change the following lines in apps/Makefile.ssl and
-test/Makefile.ssl:
-
-  LIBCRYPTO=-L.. -lcrypto
-  LIBSSL=-L.. -lssl
-
-to:
-
-  LIBCRYPTO=../libcrypto.a
-  LIBSSL=../libssl.a
-
-It's possible that something similar is needed for shared library support
-as well.  That hasn't been well tested yet.
-
-
-Another solution that many seem to recommend is to move the libraries
-/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
-directory, build and install OpenSSL and anything that depends on your
-build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
-original places.  Note that the version numbers on those two libraries
-may differ on your machine.
-
-
-As long as Apple doesn't fix the problem with ld, this problem building
-OpenSSL will remain as is.
-
-
-* Parallell make leads to errors
-
-While running tests, running a parallell make is a bad idea.  Many test
-scripts use the same name for output and input files, which means different
-will interfere with each other and lead to test failure.
-
-The solution is simple for now: don't run parallell make when testing.
-
-
-* Bugs in gcc 3.0 triggered
-
-According to a problem report, there are bugs in gcc 3.0 that are
-triggered by some of the code in OpenSSL, more specifically in
-PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
-
-	header+=11;
-	if (*header != '4') return(0); header++;
-	if (*header != ',') return(0); header++;
-
-What happens is that gcc might optimize a little too agressively, and
-you end up with an extra incrementation when *header != '4'.
-
-We recommend that you upgrade gcc to as high a 3.x version as you can.
--- a/19
+++ b/19
@@ -1,5 +1,5 @@

- OpenSSL 0.9.6h  5 Dec 2002
+ OpenSSL 0.9.6d [engine] 9 May 2002

 Copyright (c) 1998-2002 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -122,13 +122,6 @@
 lists the functions; you will probably have to look at the code to work out
 how to use them. Look at the example programs.

- PROBLEMS
- --------
-
- For some platforms, there are some known problems that may affect the user
- or application author.  We try to collect those in doc/PROBLEMS, with current
- thoughts on how they should be solved in a future of OpenSSL.
-
 SUPPORT 
 -------

@@ -153,13 +146,11 @@
    - Problem Description (steps that will reproduce the problem, if known)
    - Stack Traceback (if the application dumps core)

- Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/rt2.html) by mail to:
+ Report the bug to the OpenSSL project at:

    openssl-bugs@openssl.org

- Note that mail to openssl-bugs@openssl.org is recorded in the publicly
- readable request tracker database and is forwarded to a public
+ Note that mail to openssl-bugs@openssl.org is forwarded to a public
 mailing list. Confidential mail may be sent to openssl-security@openssl.org
 (PGP key available from the key servers).

@@ -173,9 +164,7 @@
 textual explanation of what your patch does.

 Note: For legal reasons, contributions from the US can be accepted only
- if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
- see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
- and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
+ if a copy of the patch is sent to crypt@bxa.doc.gov

 The preferred format for changes is "diff -u" output. You might
 generate it like this:
--- a/10
+++ b/10
@@ -1,15 +1,11 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/12/05 21:40:43 $
+  ______________                           $Date: 2002/05/08 15:53:53 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.7:  Under development...
-    o  OpenSSL 0.9.6h: Released on December   5th, 2002
-    o  OpenSSL 0.9.6g: Released on August     9th, 2002
-    o  OpenSSL 0.9.6f: Released on August     8th, 2002
-    o  OpenSSL 0.9.6e: Released on July      30th, 2002
-    o  OpenSSL 0.9.6d: Released on May        9th, 2002
+    o  OpenSSL 0.9.6d: Feature freeze, beta1 April 17th, 2002
    o  OpenSSL 0.9.6c: Released on December  21st, 2001
    o  OpenSSL 0.9.6b: Released on July       9th, 2001
    o  OpenSSL 0.9.6a: Released on April      5th, 2001
@@ -24,8 +20,6 @@

  RELEASE SHOWSTOPPERS

-    o none
-
  AVAILABLE PATCHES

    o 
--- a/172
+++ b/172
@@ -1,4 +1,3 @@
-Output of `Configure TABLE':

 *** BC-16
 $cc           = bcc
@@ -71,7 +70,7 @@ $ranlib       =

 *** Cygwin
 $cc           = gcc
-$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall
+$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall
 $unistd       = 
 $thread_cflag = 
 $lflags       = 
@@ -621,29 +620,6 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 

-*** UWIN
-$cc           = cc
-$cflags       = -DTERMIOS -DL_ENDIAN -O -Wall
-$unistd       = 
-$thread_cflag = 
-$lflags       = 
-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = win32
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-
 *** VC-MSDOS
 $cc           = cl
 $cflags       = 
@@ -853,7 +829,7 @@ $ranlib       =

 *** aix43-gcc
 $cc           = gcc
-$cflags       = -O1 -DAIX -DB_ENDIAN
+$cflags       = -O3 -DAIX -DB_ENDIAN
 $unistd       = 
 $thread_cflag = (unknown)
 $lflags       = 
@@ -989,29 +965,6 @@ $shared_ldflag =
 $shared_extension = .so
 $ranlib       = 

-*** aux3-gcc
-$cc           = gcc
-$cflags       = -O2 -DTERMIO
-$unistd       = 
-$thread_cflag = (unknown)
-$lflags       = -lbsd
-$bn_ops       = RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-
 *** bsdi-elf-gcc
 $cc           = gcc
 $cflags       = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
@@ -1129,7 +1082,7 @@ $ranlib       =

 *** darwin-ppc-cc
 $cc           = cc
-$cflags       = -O3 -D_DARWIN -DB_ENDIAN -fno-common
+$cflags       = -O3 -D_DARWIN -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $lflags       = 
@@ -1146,8 +1099,8 @@ $rc5_obj      =
 $dso_scheme   = 
 $shared_target= darwin-shared
 $shared_cflag = -fPIC
-$shared_ldflag = 
-$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
+$shared_ldflag = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
+$shared_extension = 
 $ranlib       = 

 *** debug
@@ -1267,7 +1220,7 @@ $ranlib       =

 *** debug-levitte-linux-elf
 $cc           = gcc
-$cflags       = -DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe
+$cflags       = -DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $lflags       = -ldl
@@ -1282,10 +1235,10 @@ $rc4_obj      =
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
+$shared_target= 
+$shared_cflag = 
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = 
 $ranlib       = 

 *** debug-linux-elf
@@ -1307,8 +1260,8 @@ $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
-$shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = 
 $ranlib       = 

 *** debug-linux-elf-noefence
@@ -1955,29 +1908,6 @@ $shared_ldflag =
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 

-*** hpux64-parisc-gcc
-$cc           = gcc
-$cflags       = -DB_ENDIAN -DMD32_XARRAY
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= hpux64-shared
-$shared_cflag = -fpic
-$shared_ldflag = 
-$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-
 *** hpux64-parisc2-cc
 $cc           = cc
 $cflags       = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
@@ -2440,10 +2370,10 @@ $ranlib       =

 *** linux-s390
 $cc           = gcc
-$cflags       = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall
+$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
-$lflags       = -ldl
+$lflags       = 
 $bn_ops       = BN_LLONG
 $bn_obj       = 
 $des_obj      = 
@@ -2454,11 +2384,11 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR),$(SHLIB_MINOR)
+$shared_extension = 
 $ranlib       = 

 *** linux-s390x
@@ -2466,7 +2396,7 @@ $cc           = gcc
 $cflags       = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
-$lflags       = -ldl
+$lflags       = 
 $bn_ops       = SIXTY_FOUR_BIT_LONG
 $bn_obj       = 
 $des_obj      = 
@@ -2477,7 +2407,7 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = dlfcn
+$dso_scheme   = 
 $shared_target= linux-shared
 $shared_cflag = -fPIC
 $shared_ldflag = 
@@ -2512,7 +2442,7 @@ $cc           = gcc
 $cflags       = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
-$lflags       = -ldl
+$lflags       = 
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8.o
 $des_obj      = 
@@ -2523,11 +2453,11 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = 
 $ranlib       = 

 *** linux-sparcv9
@@ -2535,7 +2465,7 @@ $cc           = gcc
 $cflags       = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
-$lflags       = -ldl
+$lflags       = 
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $bn_obj       = asm/sparcv8plus.o
 $des_obj      = 
@@ -2549,8 +2479,8 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
-$shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_ldflag = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = 
 $ranlib       = 

 *** ncr-scde
@@ -2854,7 +2784,7 @@ $ranlib       =

 *** sco5-gcc-shared
 $cc           = gcc
-$cflags       = -O3 -fomit-frame-pointer
+$cflags       = -O3 -DFILIO_H -fomit-frame-pointer
 $unistd       = 
 $thread_cflag = 
 $lflags       = -lsocket -lresolv -lnsl
@@ -3128,29 +3058,6 @@ $shared_ldflag = -xarch=v9
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = /usr/ccs/bin/ar rs

-*** solaris64-sparcv9-gcc31
-$cc           = gcc
-$cflags       = -mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$lflags       = -lsocket -lnsl -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = asm/md5-sparcv9.o
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-
 *** sunos-gcc
 $cc           = gcc
 $cflags       = -O3 -mv8 -Dssize_t=int
@@ -3174,29 +3081,6 @@ $shared_ldflag =
 $shared_extension = 
 $ranlib       = 

-*** tandem-c89
-$cc           = c89
-$cflags       = -Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN
-$unistd       = 
-$thread_cflag = (unknown)
-$lflags       = 
-$bn_ops       = THIRTY_TWO_BIT
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-
 *** ultrix-cc
 $cc           = cc
 $cflags       = -std1 -O -Olimit 1000 -DL_ENDIAN
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -13,7 +13,7 @@ OPENSSLDIR=	/usr/local/ssl
 MAKE=		make -f Makefile.ssl
 MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
-PERL=		perl
+PERL=/usr/local/bin/perl
 RM=		rm -f

 PEX_LIBS=
@@ -117,7 +117,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -128,10 +128,10 @@ clean:
 	rm -f req

 $(DLIBSSL):
-	(cd ..; $(MAKE) DIRS=ssl all)
+	(cd ../ssl; $(MAKE))

 $(DLIBCRYPTO):
-	(cd ..; $(MAKE) DIRS=crypto all)
+	(cd ../crypto; $(MAKE))

 $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(PROGRAM)
@@ -209,14 +209,15 @@ ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
 ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-ca.o: ../include/openssl/err.h ../include/openssl/evp.h
-ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/engine.h ../include/openssl/err.h
+ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ca.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ca.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -292,14 +293,15 @@ dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
 dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dgst.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -312,14 +314,15 @@ dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
 dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-dh.o: ../include/openssl/err.h ../include/openssl/evp.h
-dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dh.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+dh.o: ../include/openssl/engine.h ../include/openssl/err.h
+dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 dh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -331,14 +334,15 @@ dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-dsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -371,20 +375,21 @@ enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 enc.o: ../include/openssl/des.h ../include/openssl/dh.h
 enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
-enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
-enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+enc.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
+enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enc.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+enc.o: ../include/openssl/x509_vfy.h apps.h
 errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -414,34 +419,36 @@ gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
 gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-gendh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
-gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
-gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendh.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+gendh.o: ../include/openssl/md2.h ../include/openssl/md4.h
+gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h apps.h
 gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-gendsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+gendsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -454,14 +461,15 @@ genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-genrsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+genrsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+genrsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -536,15 +544,16 @@ pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
-pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
-pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs12.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+pkcs12.o: ../include/openssl/md2.h ../include/openssl/md4.h
+pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs12.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -556,14 +565,15 @@ pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
-pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
-pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+pkcs7.o: ../include/openssl/md2.h ../include/openssl/md4.h
+pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -576,15 +586,16 @@ pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
 pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
-pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
-pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs8.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+pkcs8.o: ../include/openssl/md2.h ../include/openssl/md4.h
+pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+pkcs8.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
 pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
@@ -596,33 +607,35 @@ rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rand.o: ../include/openssl/des.h ../include/openssl/dh.h
 rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rand.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
-rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
-rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+rand.o: ../include/openssl/err.h ../include/openssl/evp.h
+rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+rand.o: ../include/openssl/x509_vfy.h apps.h
 req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 req.o: ../include/openssl/des.h ../include/openssl/dh.h
 req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-req.o: ../include/openssl/evp.h ../include/openssl/idea.h
-req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-req.o: ../include/openssl/md4.h ../include/openssl/md5.h
-req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+req.o: ../include/openssl/err.h ../include/openssl/evp.h
+req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+req.o: ../include/openssl/md2.h ../include/openssl/md4.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -635,14 +648,15 @@ rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
 rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
-rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
-rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+rsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -655,14 +669,15 @@ rsautl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
 rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-rsautl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
-rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
-rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsautl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
+rsautl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+rsautl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rsautl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 rsautl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 rsautl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -699,23 +714,23 @@ s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_client.o: s_apps.h
+s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_client.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_client.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_client.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_client.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
 s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -723,23 +738,23 @@ s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_server.o: s_apps.h
+s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_server.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_server.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_server.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_server.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
 s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -815,14 +830,15 @@ smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 smime.o: ../include/openssl/des.h ../include/openssl/dh.h
 smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-smime.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
-smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
-smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+smime.o: ../include/openssl/err.h ../include/openssl/evp.h
+smime.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+smime.o: ../include/openssl/md2.h ../include/openssl/md4.h
+smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+smime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -835,34 +851,36 @@ speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 speed.o: ../include/openssl/des.h ../include/openssl/dh.h
 speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-speed.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
-speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
-speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
+speed.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
+speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+speed.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
+speed.o: ./testrsa.h apps.h
 spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
 spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
-spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
-spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
+spkac.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+spkac.o: ../include/openssl/md2.h ../include/openssl/md4.h
+spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -875,14 +893,15 @@ verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 verify.o: ../include/openssl/des.h ../include/openssl/dh.h
 verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
-verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
-verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+verify.o: ../include/openssl/err.h ../include/openssl/evp.h
+verify.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+verify.o: ../include/openssl/md2.h ../include/openssl/md4.h
+verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+verify.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
@@ -913,14 +932,15 @@ x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
 x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 x509.o: ../include/openssl/des.h ../include/openssl/dh.h
 x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
-x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
-x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
-x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+x509.o: ../include/openssl/err.h ../include/openssl/evp.h
+x509.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+x509.o: ../include/openssl/md2.h ../include/openssl/md4.h
+x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+x509.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -170,6 +170,8 @@ int str2fmt(char *s)
 		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
 		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
 		return(FORMAT_PKCS12);
+	else if ((*s == 'E') || (*s == 'e'))
+		return(FORMAT_ENGINE);
 	else
 		return(FORMAT_UNDEF);
 	}
@@ -228,16 +230,9 @@ void program_name(char *in, char *out, int size)

 	q=strrchr(p,'.');
 	if (q == NULL)
-		q = p + strlen(p);
-	strncpy(out,p,size-1);
-	if (q-p >= size)
-		{
-		out[size-1]='\0';
-		}
-	else
-		{
-		out[q-p]='\0';
-		}
+		q = in+size;
+	strncpy(out,p,q-p);
+	out[q-p]='\0';
 	}
 #else
 void program_name(char *in, char *out, int size)
@@ -762,7 +757,7 @@ int set_name_ex(unsigned long *flags, const char *arg)

 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 {
-	char *buf;
+	char buf[256];
 	char mline = 0;
 	int indent = 0;
 	if(title) BIO_puts(out, title);
@@ -771,10 +766,9 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 		indent = 4;
 	}
 	if(lflags == XN_FLAG_COMPAT) {
-		buf = X509_NAME_oneline(nm, 0, 0);
-		BIO_puts(out, buf);
+		X509_NAME_oneline(nm,buf,256);
+		BIO_puts(out,buf);
 		BIO_puts(out, "\n");
-		OPENSSL_free(buf);
 	} else {
 		if(mline) BIO_puts(out, "\n");
 		X509_NAME_print_ex(out, nm, indent, lflags);
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -92,10 +92,8 @@ int WIN32_rename(char *oldname,char *newname);
 #define MAIN(a,v)	main(a,v)

 #ifndef NON_MAIN
-LHASH *config=NULL;
 BIO *bio_err=NULL;
 #else
-extern LHASH *config;
 extern BIO *bio_err;
 #endif

@@ -164,6 +162,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 #define FORMAT_NETSCAPE 4
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
+/* Since this is currently inofficial, let's give it a high number */
+#define FORMAT_ENGINE   127

 #define NETSCAPE_CERT_HDR	"certificate"

--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -181,7 +181,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
+		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   length of section in file\n");
@@ -192,6 +192,7 @@ bad:
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
+		BIO_printf(bio_err," -out filename output DER encoding to file\n");
 		goto end;
 		}

@@ -328,6 +329,6 @@ end:
 	if (at != NULL) ASN1_TYPE_free(at);
 	if (osk != NULL) sk_free(osk);
 	OBJ_cleanup();
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

--- a/apps/ca.c
+++ b/apps/ca.c
@@ -74,6 +74,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #ifndef W_OK
 #  ifdef VMS
@@ -167,6 +168,7 @@ static char *ca_usage[]={
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
+" -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };

@@ -216,6 +218,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	char *key=NULL,*passargin=NULL;
 	int total=0;
 	int total_done=0;
@@ -268,6 +271,7 @@ int MAIN(int argc, char **argv)
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
 	char *randfile=NULL;
+	char *engine = NULL;

 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -419,6 +423,11 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			crl_ext= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else
 			{
 bad:
@@ -439,6 +448,24 @@ bad:

 	ERR_load_crypto_strings();

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto err;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto err;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	/*****************************************************************/
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
 	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
@@ -543,7 +570,7 @@ bad:
 		goto err;
 		}
 		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
-		if(key) OPENSSL_cleanse(key,strlen(key));
+		if(key) memset(key,0,strlen(key));
 	if (pkey == NULL)
 		{
 		BIO_printf(bio_err,"unable to load CA private key\n");
@@ -606,14 +633,12 @@ bad:
 	       that to access().  However, time's too short to do that just
 	       now.
            */
-#ifndef VXWORKS
 		if (access(outdir,R_OK|W_OK|X_OK) != 0)
 			{
 			BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
 			perror(outdir);
 			goto err;
 			}
-#endif

 		if (stat(outdir,&sb) != 0)
 			{
@@ -831,14 +856,9 @@ bad:
 			}
 		if (verbose)
 			{
-			if (BN_is_zero(serial))
-				BIO_printf(bio_err,"next serial number is 00\n");
-			else
-				{
-				if ((f=BN_bn2hex(serial)) == NULL) goto err;
-				BIO_printf(bio_err,"next serial number is %s\n",f);
-				OPENSSL_free(f);
-				}
+			if ((f=BN_bn2hex(serial)) == NULL) goto err;
+			BIO_printf(bio_err,"next serial number is %s\n",f);
+			OPENSSL_free(f);
 			}

 		if ((attribs=CONF_get_section(conf,policy)) == NULL)
@@ -1115,7 +1135,7 @@ bad:
 			}
 		if ((crldays == 0) && (crlhours == 0))
 			{
-			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
+			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
 			goto err;
 			}

@@ -1282,7 +1302,7 @@ err:
 	X509_CRL_free(crl);
 	CONF_free(conf);
 	OBJ_cleanup();
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 static void lookup_fail(char *name, char *tag)
@@ -1347,7 +1367,7 @@ static BIGNUM *load_serial(char *serialfile)
 	ret=ASN1_INTEGER_to_BN(ai,NULL);
 	if (ret == NULL)
 		{
-		BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
+		BIO_printf(bio_err,"error converting number from bin to BIGNUM");
 		goto err;
 		}
 err:
@@ -1735,10 +1755,7 @@ again2:
 		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");

 	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
-	if (BN_is_zero(serial))
-		row[DB_serial]=BUF_strdup("00");
-	else
-		row[DB_serial]=BN_bn2hex(serial);
+	row[DB_serial]=BN_bn2hex(serial);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
@@ -2152,10 +2169,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
 		row[i]=NULL;
 	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
 	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
-	if (BN_is_zero(bn))
-		row[DB_serial]=BUF_strdup("00");
-	else
-		row[DB_serial]=BN_bn2hex(bn);
+	row[DB_serial]=BN_bn2hex(bn);
 	BN_free(bn);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -202,6 +202,6 @@ end:
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (ssl != NULL) SSL_free(ssl);
 	if (STDout != NULL) BIO_free_all(STDout);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

--- a/apps/crl.c
+++ b/apps/crl.c
@@ -364,7 +364,7 @@ end:
 		X509_STORE_CTX_cleanup(&ctx);
 		X509_STORE_free(store);
 	}
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 static X509_CRL *load_crl(char *infile, int format)
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -166,7 +166,7 @@ bad:
 		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
 		BIO_printf(bio_err,"                (can be used more than once)\n");
 		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
-		OPENSSL_EXIT(1);
+		EXIT(1);
 		}

 	ERR_load_crypto_strings();
@@ -278,7 +278,7 @@ end:
 	if (p7 != NULL) PKCS7_free(p7);
 	if (crl != NULL) X509_CRL_free(crl);

-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 /*
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -66,6 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -80,6 +81,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	unsigned char *buf=NULL;
 	int i,err=0;
 	const EVP_MD *md=NULL,*m;
@@ -97,6 +99,7 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
+	char *engine=NULL;

 	apps_startup();

@@ -154,6 +157,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			sigfile=*(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) break;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-hex") == 0)
 			out_bin = 0;
 		else if (strcmp(*argv,"-binary") == 0)
@@ -190,6 +198,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
+		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");

 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
@@ -209,6 +218,24 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)
@@ -327,7 +354,7 @@ int MAIN(int argc, char **argv)
 end:
 	if (buf != NULL)
 		{
-		OPENSSL_cleanse(buf,BUFSIZE);
+		memset(buf,0,BUFSIZE);
 		OPENSSL_free(buf);
 		}
 	if (in != NULL) BIO_free(in);
@@ -335,7 +362,7 @@ end:
 	EVP_PKEY_free(sigkey);
 	if(sigbuf) OPENSSL_free(sigbuf);
 	if (bmd != NULL) BIO_free(bmd);
-	OPENSSL_EXIT(err);
+	EXIT(err);
 	}

 void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -69,6 +69,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #undef PROG
 #define PROG	dh_main
@@ -87,11 +88,12 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog;
+	char *infile,*outfile,*prog,*engine;

 	apps_startup();

@@ -99,6 +101,7 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

+	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -129,6 +132,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -160,11 +168,30 @@ bad:
 		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		goto end;
 		}

 	ERR_load_crypto_strings();

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -319,6 +346,6 @@ end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}
 #endif
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -121,6 +121,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #ifndef NO_DSA
 #include <openssl/dsa.h>
@@ -148,6 +149,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 #ifndef NO_DSA
@@ -156,7 +158,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
-	char *inrand=NULL;
+	char *inrand=NULL,*engine=NULL;
 	int num = 0, g = 0;

 	apps_startup();
@@ -195,6 +197,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -240,6 +247,7 @@ bad:
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
@@ -249,6 +257,24 @@ bad:

 	ERR_load_crypto_strings();

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if (g && !num)
 		num = DEFBITS;

@@ -506,7 +532,7 @@ end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -68,6 +68,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #undef PROG
 #define PROG	dsa_main
@@ -87,6 +88,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
@@ -94,7 +96,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog;
+	char *infile,*outfile,*prog,*engine;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	int modulus=0;
@@ -105,6 +107,7 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

+	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -145,6 +148,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -176,6 +184,7 @@ bad:
 		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef NO_IDEA
@@ -189,6 +198,24 @@ bad:

 	ERR_load_crypto_strings();

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
@@ -293,6 +320,6 @@ end:
 	if(dsa != NULL) DSA_free(dsa);
 	if(passin) OPENSSL_free(passin);
 	if(passout) OPENSSL_free(passout);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}
 #endif
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -357,7 +357,7 @@ end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free_all(out);
 	if (dsa != NULL) DSA_free(dsa);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -70,6 +70,7 @@
 #include <openssl/md5.h>
 #endif
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 int set_hex(char *in,unsigned char *out,int size);
 #undef SIZE
@@ -84,6 +85,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	static const char magic[]="Salted__";
 	char mbuf[8];	/* should be 1 smaller than magic */
 	char *strbuf=NULL;
@@ -101,6 +103,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
 	char pname[PROG_NAME_SIZE+1];
+	char *engine = NULL;

 	apps_startup();

@@ -141,6 +144,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
@@ -241,6 +249,7 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");

 			BIO_printf(bio_err,"Cipher Types\n");
 			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
@@ -314,6 +323,24 @@ bad:
 		argv++;
 		}

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -506,9 +533,9 @@ bad:
 			 * bug picked up by
 			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
 			if (str == strbuf)
-				OPENSSL_cleanse(str,SIZE);
+				memset(str,0,SIZE);
 			else
-				OPENSSL_cleanse(str,strlen(str));
+				memset(str,0,strlen(str));
 			}
 		if ((hiv != NULL) && !set_hex(hiv,iv,8))
 			{
@@ -604,7 +631,7 @@ end:
 	if (benc != NULL) BIO_free(benc);
 	if (b64 != NULL) BIO_free(b64);
 	if(pass) OPENSSL_free(pass);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 int set_hex(char *in, unsigned char *out, int size)
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -121,5 +121,5 @@ int MAIN(int argc, char **argv)
 			ret++;
 			}
 		}
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -70,6 +70,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #define DEFBITS	512
 #undef PROG
@@ -81,11 +82,13 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
 	char *inrand=NULL;
+	char *engine=NULL;
 	BIO *out=NULL;

 	apps_startup();
@@ -110,6 +113,11 @@ int MAIN(int argc, char **argv)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -125,15 +133,34 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2    use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5    use 5 as the generator value\n");
+		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
+	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
+		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
+		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 		
+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -184,7 +211,7 @@ end:
 		ERR_print_errors(bio_err);
 	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 static void MS_CALLBACK dh_cb(int p, int n, void *arg)
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -68,6 +68,7 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #define DEFBITS	512
 #undef PROG
@@ -77,6 +78,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
@@ -84,6 +86,7 @@ int MAIN(int argc, char **argv)
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
 	EVP_CIPHER *enc=NULL;
+	char *engine=NULL;

 	apps_startup();

@@ -106,6 +109,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -145,6 +153,7 @@ bad:
 #ifndef NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
+		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
@@ -153,6 +162,24 @@ bad:
 		goto end;
 		}

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
@@ -220,6 +247,6 @@ end:
 	if (out != NULL) BIO_free_all(out);
 	if (dsa != NULL) DSA_free(dsa);
 	if(passout) OPENSSL_free(passout);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}
 #endif
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -69,6 +69,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #define DEFBITS	512
 #undef PROG
@@ -80,6 +81,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
@@ -88,6 +90,7 @@ int MAIN(int argc, char **argv)
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
+	char *engine=NULL;
 	char *inrand=NULL;
 	BIO *out=NULL;

@@ -116,6 +119,11 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -154,6 +162,7 @@ bad:
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
@@ -167,6 +176,24 @@ bad:
 		goto err;
 	}

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto err;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto err;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -186,7 +213,8 @@ bad:
 			}
 		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
@@ -224,7 +252,7 @@ err:
 	if(passout) OPENSSL_free(passout);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -1077,7 +1077,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $!
 $! Show user the result
 $!
-$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
+$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC
 $!
 $! Special Threads For OpenVMS v7.1 Or Later
 $!
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -102,7 +102,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-in file  input file\n");
 		BIO_printf (bio_err, "-out file output file\n");
 		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
-		OPENSSL_EXIT(1);
+		EXIT(1);
 	}

 	if (infile) {
@@ -162,6 +162,6 @@ end:
 	BIO_free_all(out);
 	NETSCAPE_CERT_SEQUENCE_free(seq);

-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 }

--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -77,11 +77,11 @@ static unsigned long MS_CALLBACK hash(FUNCTION *a);
 static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
+LHASH *config=NULL;
 char *default_config_file=NULL;

 /* Make sure there is only one when MONOLITH is defined */
 #ifdef MONOLITH
-LHASH *config=NULL;
 BIO *bio_err=NULL;
 #endif

@@ -215,7 +215,7 @@ end:
 		BIO_free(bio_err);
 		bio_err=NULL;
 		}
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 #define LIST_STANDARD_COMMANDS "list-standard-commands"
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -284,7 +284,7 @@ err:
 		BIO_free(in);
 	if (out)
 		BIO_free_all(out);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}


@@ -498,6 +498,6 @@ err:
 int MAIN(int argc, char **argv)
 	{
 	fputs("Program not available.\n", stderr)
-	OPENSSL_EXIT(1);
+	EXIT(1);
 	}
 #endif
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -66,6 +66,7 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
+#include <openssl/engine.h>

 #define PROG pkcs12_main

@@ -92,6 +93,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 {
+    ENGINE *e = NULL;
    char *infile=NULL, *outfile=NULL, *keyname = NULL;	
    char *certfile=NULL;
    BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
@@ -118,6 +120,7 @@ int MAIN(int argc, char **argv)
    char *passin = NULL, *passout = NULL;
    char *inrand = NULL;
    char *CApath = NULL, *CAfile = NULL;
+    char *engine=NULL;

    apps_startup();

@@ -236,6 +239,11 @@ int MAIN(int argc, char **argv)
 			args++;	
 			CAfile = *args;
 		    } else badarg = 1;
+		} else if (!strcmp(*args,"-engine")) {
+		    if (args[1]) {
+			args++;	
+			engine = *args;
+		    } else badarg = 1;
 		} else badarg = 1;

 	} else badarg = 1;
@@ -279,12 +287,27 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
+	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
    	goto end;
    }

+    if (engine != NULL) {
+	if((e = ENGINE_by_id(engine)) == NULL) {
+	    BIO_printf(bio_err,"invalid engine \"%s\"\n", engine);
+	    goto end;
+	}
+	if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+	    BIO_printf(bio_err,"can't use that engine\n");
+	    goto end;
+	}
+	BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+	/* Free our "structural" reference. */
+	ENGINE_free(e);
+    }
+
    if(passarg) {
 	if(export_cert) passargout = passarg;
 	else passargin = passarg;
@@ -480,10 +503,9 @@ int MAIN(int argc, char **argv)
 		    /* Exclude verified certificate */
 		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
 			sk_X509_push(certs, sk_X509_value (chain2, i));
-		    /* Free first certificate */
-		    X509_free(sk_X509_value(chain2, 0));
-		    sk_X509_free(chain2);
-		} else {
+		}
+		sk_X509_free(chain2);
+		if (vret) {
 			BIO_printf (bio_err, "Error %s getting chain.\n",
 					X509_verify_cert_error_string(vret));
 			goto export_end;
@@ -510,6 +532,8 @@ int MAIN(int argc, char **argv)
 	}
 	sk_X509_pop_free(certs, X509_free);
 	certs = NULL;
+	/* ucert is part of certs so it is already freed */
+	ucert = NULL;

 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
@@ -597,6 +621,7 @@ int MAIN(int argc, char **argv)
 	if (certs) sk_X509_pop_free(certs, X509_free);
 	if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
 	if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	if (ucert) X509_free(ucert);

 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
@@ -666,7 +691,7 @@ int MAIN(int argc, char **argv)
    if (canames) sk_free(canames);
    if(passin) OPENSSL_free(passin);
    if(passout) OPENSSL_free(passout);
-    OPENSSL_EXIT(ret);
+    EXIT(ret);
 }

 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -67,6 +67,7 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #undef PROG
 #define PROG	pkcs7_main
@@ -82,13 +83,15 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat;
 	char *infile,*outfile,*prog;
 	int print_certs=0,text=0,noout=0;
-	int ret=1;
+	int ret=0;
+	char *engine=NULL;

 	apps_startup();

@@ -132,6 +135,11 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -154,11 +162,30 @@ bad:
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
-		OPENSSL_EXIT(1);
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
+		EXIT(1);
 		}

 	ERR_load_crypto_strings();

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -289,5 +316,5 @@ end:
 	if (p7 != NULL) PKCS7_free(p7);
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free_all(out);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -62,6 +62,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
+#include <openssl/engine.h>

 #include "apps.h"
 #define PROG pkcs8_main
@@ -70,6 +71,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 {
+	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
 	BIO *in = NULL, *out = NULL;
@@ -85,9 +87,13 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey;
 	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
 	int badarg = 0;
+	char *engine=NULL;
+
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
+
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
@@ -138,6 +144,11 @@ int MAIN(int argc, char **argv)
 			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
+		else if (strcmp(*args,"-engine") == 0)
+			{
+			if (!args[1]) goto bad;
+			engine= *(++args);
+			}
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
@@ -170,9 +181,28 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
 		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
 		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		return (1);
 	}

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			return (1);
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			return (1);
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		return (1);
@@ -236,8 +266,7 @@ int MAIN(int argc, char **argv)
 			if(passout) p8pass = passout;
 			else {
 				p8pass = pass;
-				if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1))
-					return (1);
+				EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
 			}
 			app_RAND_load_file(NULL, bio_err, 0);
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -9,6 +9,7 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/engine.h>

 #undef PROG
 #define PROG rand_main
@@ -23,6 +24,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
@@ -30,6 +32,7 @@ int MAIN(int argc, char **argv)
 	int base64 = 0;
 	BIO *out = NULL;
 	int num = -1;
+	char *engine=NULL;

 	apps_startup();

@@ -48,6 +51,13 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
+		if (strcmp(argv[i], "-engine") == 0)
+			{
+			if ((argv[i+1] != NULL) && (engine == NULL))
+				engine = argv[++i];
+			else
+				badopt = 1;
+			}
 		else if (strcmp(argv[i], "-rand") == 0)
 			{
 			if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -84,12 +94,31 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_printf(bio_err, "Usage: rand [options] num\n");
 		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, "-out file            - write to file\n");
-		BIO_printf(bio_err, "-rand file%cfile%c...  - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err, "-base64              - encode output\n");
+		BIO_printf(bio_err, "-out file             - write to file\n");
+		BIO_printf(bio_err," -engine e             - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err, "-base64               - encode output\n");
 		goto err;
 		}

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto err;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto err;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@@ -144,5 +173,5 @@ err:
 	ERR_print_errors(bio_err);
 	if (out)
 		BIO_free_all(out);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}
--- a/apps/req.c
+++ b/apps/req.c
@@ -73,6 +73,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #define SECTION		"req"

@@ -140,6 +141,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 #ifndef NO_DSA
 	DSA *dsa_params=NULL;
 #endif
@@ -152,6 +154,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0,newhdr=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+	char *engine=NULL;
 	char *extensions = NULL;
 	char *req_exts = NULL;
 	EVP_CIPHER *cipher=NULL;
@@ -195,6 +198,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -375,6 +383,7 @@ bad:
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
+		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," -key file	use the private key contained in file\n");
 		BIO_printf(bio_err," -keyform arg   key file format\n");
 		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
@@ -422,7 +431,7 @@ bad:

 	if (template != NULL)
 		{
-		long errline = -1;
+		long errline;

 		BIO_printf(bio_err,"Using configuration from %s\n",template);
 		req_conf=CONF_load(NULL,template,&errline);
@@ -521,24 +530,55 @@ bad:
 	if ((in == NULL) || (out == NULL))
 		goto end;

-	if (keyfile != NULL)
+	if (engine != NULL)
 		{
-		if (BIO_read_filename(in,keyfile) <= 0)
+		if((e = ENGINE_by_id(engine)) == NULL)
 			{
-			perror(keyfile);
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
 			goto end;
 			}
-
-		if (keyform == FORMAT_ASN1)
-			pkey=d2i_PrivateKey_bio(in,NULL);
-		else if (keyform == FORMAT_PEM)
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
 			{
-			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
+	if (keyfile != NULL)
+		{
+		if (keyform == FORMAT_ENGINE)
+			{
+			if (!e)
+				{
+				BIO_printf(bio_err,"no engine specified\n");
+				goto end;
+				}
+			pkey = ENGINE_load_private_key(e, keyfile, NULL);
 			}
 		else
 			{
-			BIO_printf(bio_err,"bad input format specified for X509 request\n");
-			goto end;
+			if (BIO_read_filename(in,keyfile) <= 0)
+				{
+				perror(keyfile);
+				goto end;
+				}
+
+			if (keyform == FORMAT_ASN1)
+				pkey=d2i_PrivateKey_bio(in,NULL);
+			else if (keyform == FORMAT_PEM)
+				{
+				pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
+					passin);
+				}
+			else
+				{
+				BIO_printf(bio_err,"bad input format specified for X509 request\n");
+				goto end;
+				}
 			}

 		if (pkey == NULL)
@@ -909,7 +949,7 @@ end:
 #ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
-	OPENSSL_EXIT(ex);
+	EXIT(ex);
 	}

 static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -68,6 +68,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #undef PROG
 #define PROG	rsa_main
@@ -90,6 +91,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *eng = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0, sgckey=0;
@@ -100,6 +102,7 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
+	char *engine=NULL;
 	int modulus=0;

 	apps_startup();
@@ -148,6 +151,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-sgckey") == 0)
 			sgckey=1;
 		else if (strcmp(*argv,"-pubin") == 0)
@@ -195,11 +203,30 @@ bad:
 		BIO_printf(bio_err," -check          verify key consistency\n");
 		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		goto end;
 		}

 	ERR_load_crypto_strings();

+	if (engine != NULL)
+		{
+		if((eng = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(eng, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(eng);
+		}
+
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
@@ -389,7 +416,7 @@ end:
 	if(rsa != NULL) RSA_free(rsa);
 	if(passin) OPENSSL_free(passin);
 	if(passout) OPENSSL_free(passout);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}
 #else /* !NO_RSA */

--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -62,6 +62,7 @@
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #define RSA_SIGN 	1
 #define RSA_VERIFY 	2
@@ -82,6 +83,7 @@ int MAIN(int argc, char **);

 int MAIN(int argc, char **argv)
 {
+	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
 	char *keyfile = NULL;
@@ -95,6 +97,7 @@ int MAIN(int argc, char **argv)
 	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
 	int rsa_inlen, rsa_outlen = 0;
 	int keysize;
+	char *engine=NULL;

 	int ret = 1;

@@ -117,6 +120,9 @@ int MAIN(int argc, char **argv)
 		} else if(!strcmp(*argv, "-inkey")) {
 			if (--argc < 1) badarg = 1;
 			keyfile = *(++argv);
+		} else if(!strcmp(*argv, "-engine")) {
+			if (--argc < 1) badarg = 1;
+			engine = *(++argv);
 		} else if(!strcmp(*argv, "-pubin")) {
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
@@ -151,6 +157,24 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
 	
@@ -280,6 +304,7 @@ static void usage()
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
 	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
+	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
 	BIO_printf(bio_err, "-raw            use no padding\n");
 	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -80,6 +80,7 @@ typedef unsigned int u_int;
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/rand.h>
+#include <openssl/engine.h>
 #include "s_apps.h"

 #ifdef WINDOWS
@@ -154,7 +155,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-
+	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}

 int MAIN(int, char **);
@@ -182,6 +183,8 @@ int MAIN(int argc, char **argv)
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
 	char *inrand=NULL;
+	char *engine_id=NULL;
+	ENGINE *e=NULL;
 #ifdef WINDOWS
 	struct timeval tv;
 #endif
@@ -324,6 +327,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
+		else if	(strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine_id = *(++argv);
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -364,6 +372,30 @@ bad:

 	OpenSSL_add_ssl_algorithms();
 	SSL_load_error_strings();
+
+	if (engine_id != NULL)
+		{
+		if((e = ENGINE_by_id(engine_id)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		if (c_debug)
+			{
+			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+				0, bio_err, 0);
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
+		ENGINE_free(e);
+		}
+
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -768,14 +800,14 @@ end:
 	if (con != NULL) SSL_free(con);
 	if (con2 != NULL) SSL_free(con2);
 	if (ctx != NULL) SSL_CTX_free(ctx);
-	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
-	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
+	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
+	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
 	if (bio_c_out != NULL)
 		{
 		BIO_free(bio_c_out);
 		bio_c_out=NULL;
 		}
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}


--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -84,6 +84,7 @@ typedef unsigned int u_int;
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
+#include <openssl/engine.h>
 #include "s_apps.h"

 #ifdef WINDOWS
@@ -177,6 +178,7 @@ static int s_debug=0;
 static int s_quiet=0;

 static int hack=0;
+static char *engine_id=NULL;

 #ifdef MONOLITH
 static void s_server_init(void)
@@ -199,6 +201,7 @@ static void s_server_init(void)
 	s_debug=0;
 	s_quiet=0;
 	hack=0;
+	engine_id=NULL;
 	}
 #endif

@@ -244,6 +247,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}

 static int local_argc=0;
@@ -253,10 +257,10 @@ static char **local_argv;
 static int ebcdic_new(BIO *bi);
 static int ebcdic_free(BIO *a);
 static int ebcdic_read(BIO *b, char *out, int outl);
-static int ebcdic_write(BIO *b, const char *in, int inl);
-static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
+static int ebcdic_write(BIO *b, char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
 static int ebcdic_gets(BIO *bp, char *buf, int size);
-static int ebcdic_puts(BIO *bp, const char *str);
+static int ebcdic_puts(BIO *bp, char *str);

 #define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
 static BIO_METHOD methods_ebcdic=
@@ -321,7 +325,7 @@ static int ebcdic_read(BIO *b, char *out, int outl)
 	return(ret);
 }

-static int ebcdic_write(BIO *b, const char *in, int inl)
+static int ebcdic_write(BIO *b, char *in, int inl)
 {
 	EBCDIC_OUTBUFF *wbuf;
 	int ret=0;
@@ -354,7 +358,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
 	return(ret);
 }

-static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
 {
 	long ret;

@@ -373,7 +377,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)

 static int ebcdic_gets(BIO *bp, char *buf, int size)
 {
-	int i, ret=0;
+	int i, ret;
 	if (bp->next_bio == NULL) return(0);
 /*	return(BIO_gets(bp->next_bio,buf,size));*/
 	for (i=0; i<size-1; ++i)
@@ -392,7 +396,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size)
 	return (ret < 0 && i == 0) ? ret : i;
 }

-static int ebcdic_puts(BIO *bp, const char *str)
+static int ebcdic_puts(BIO *bp, char *str)
 {
 	if (bp->next_bio == NULL) return(0);
 	return ebcdic_write(bp, str, strlen(str));
@@ -414,6 +418,8 @@ int MAIN(int argc, char *argv[])
 	int state=0;
 	SSL_METHOD *meth=NULL;
 	char *inrand=NULL;
+	char *engine=NULL;
+	ENGINE *e=NULL;
 #ifndef NO_DH
 	DH *dh=NULL;
 #endif
@@ -573,6 +579,11 @@ int MAIN(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine = *(++argv);
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -624,6 +635,29 @@ bad:
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		if (s_debug)
+			{
+			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+				0, bio_err, 0);
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		ENGINE_free(e);
+		}
+
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -741,7 +775,7 @@ end:
 		BIO_free(bio_s_out);
 		bio_s_out=NULL;
 		}
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
@@ -1043,7 +1077,7 @@ err:
 	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
 	if (buf != NULL)
 		{
-		OPENSSL_cleanse(buf,bufsize);
+		memset(buf,0,bufsize);
 		OPENSSL_free(buf);
 		}
 	if (ret >= 0)
@@ -1250,7 +1284,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			else
 				{
 				BIO_printf(bio_s_out,"read R BLOCK\n");
-#if !defined(MSDOS) && !defined(VXWORKS)
+#ifndef MSDOS
 				sleep(1);
 #endif
 				continue;
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -116,11 +116,6 @@
 #include <sys/param.h>
 #endif

-#ifdef VXWORKS
-#include <tickLib.h>
-#undef SIGALRM
-#endif
-
 /* The following if from times(3) man page.  It may need to be changed
 */
 #ifndef HZ
@@ -466,7 +461,7 @@ int MAIN(int argc, char **argv)

 	if (tm_cipher == NULL ) {
 		fprintf( stderr, "No CIPHER specified\n" );
-/*		OPENSSL_EXIT(1); */
+/*		EXIT(1); */
 	}

 	if (!(perform & 1)) goto next;
@@ -633,7 +628,7 @@ end:
 		SSL_CTX_free(tm_ctx);
 		tm_ctx=NULL;
 		}
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 /***********************************************************************
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -272,7 +272,7 @@ bad:
 end:
 	if (out != NULL) BIO_free_all(out);
 	if (x != NULL) SSL_SESSION_free(x);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 static SSL_SESSION *load_sess_id(char *infile, int format)
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -64,6 +64,7 @@
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
+#include <openssl/engine.h>

 #undef PROG
 #define PROG smime_main
@@ -81,6 +82,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 {
+	ENGINE *e = NULL;
 	int operation = 0;
 	int ret = 0;
 	char **args;
@@ -103,8 +105,9 @@ int MAIN(int argc, char **argv)
 	char *inrand = NULL;
 	int need_rand = 0;
 	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
-	args = argv + 1;
+	char *engine=NULL;

+	args = argv + 1;
 	ret = 1;

 	while (!badarg && *args && *args[0] == '-') {
@@ -153,6 +156,11 @@ int MAIN(int argc, char **argv)
 				inrand = *args;
 			} else badarg = 1;
 			need_rand = 1;
+		} else if (!strcmp(*args,"-engine")) {
+			if (args[1]) {
+				args++;
+				engine = *args;
+			} else badarg = 1;
 		} else if (!strcmp(*args,"-passin")) {
 			if (args[1]) {
 				args++;
@@ -290,6 +298,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
 		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
@@ -298,6 +307,24 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -81,6 +81,7 @@
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
+#include <openssl/engine.h>

 #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN)
 # define USE_TOD
@@ -327,6 +328,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e;
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
 #define ALGOR_NUM	15
@@ -489,6 +491,37 @@ int MAIN(int argc, char **argv)
 		{
 		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
 			usertime = 0;
+		else
+		if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
+			{
+			argc--;
+			argv++;
+			if(argc == 0)
+				{
+				BIO_printf(bio_err,"no engine given\n");
+				goto end;
+				}
+			if((e = ENGINE_by_id(*argv)) == NULL)
+				{
+				BIO_printf(bio_err,"invalid engine \"%s\"\n",
+					*argv);
+				goto end;
+				}
+			if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+				{
+				BIO_printf(bio_err,"can't use that engine\n");
+				goto end;
+				}
+			BIO_printf(bio_err,"engine \"%s\" set.\n", *argv);
+			/* Free our "structural" reference. */
+			ENGINE_free(e);
+			/* It will be increased again further down.  We just
+			   don't want speed to confuse an engine with an
+			   algorithm, especially when none is given (which
+			   means all of them should be run) */
+			j--;
+			}
+		else
 #ifndef NO_MD2
 		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
 		else
@@ -536,7 +569,7 @@ int MAIN(int argc, char **argv)
 #ifdef RSAref
 			if (strcmp(*argv,"rsaref") == 0) 
 			{
-			RSA_set_default_method(RSA_PKCS1_RSAref());
+			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
 			j--;
 			}
 		else
@@ -544,7 +577,7 @@ int MAIN(int argc, char **argv)
 #ifndef RSA_NULL
 			if (strcmp(*argv,"openssl") == 0) 
 			{
-			RSA_set_default_method(RSA_PKCS1_SSLeay());
+			RSA_set_default_openssl_method(RSA_PKCS1_SSLeay());
 			j--;
 			}
 		else
@@ -689,11 +722,12 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"\n");
 #endif

-#if defined(TIMES) || defined(USE_TOD)
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"Available options:\n");
+#ifdef TIMES
 			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
+			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 			goto end;
 			}
 		argc--;
@@ -1400,6 +1434,7 @@ int MAIN(int argc, char **argv)
 #endif
 	mret=0;
 end:
+	ERR_print_errors(bio_err);
 	if (buf != NULL) OPENSSL_free(buf);
 	if (buf2 != NULL) OPENSSL_free(buf2);
 #ifndef NO_RSA
@@ -1412,7 +1447,7 @@ end:
 		if (dsa_key[i] != NULL)
 			DSA_free(dsa_key[i]);
 #endif
-	OPENSSL_EXIT(mret);
+	EXIT(mret);
 	}

 static void print_message(char *s, long num, int length)
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -69,6 +69,7 @@
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #undef PROG
 #define PROG	spkac_main
@@ -81,6 +82,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int i,badops=0, ret = 1;
 	BIO *in = NULL,*out = NULL, *key = NULL;
 	int verify=0,noout=0,pubkey=0;
@@ -91,6 +93,7 @@ int MAIN(int argc, char **argv)
 	LHASH *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
 	EVP_PKEY *pkey = NULL;
+	char *engine=NULL;

 	apps_startup();

@@ -136,6 +139,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -161,6 +169,7 @@ bad:
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
+		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 		goto end;
 		}

@@ -170,6 +179,24 @@ bad:
 		goto end;
 	}

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if(keyfile) {
 		if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r");
 		else key = BIO_new_fp(stdin, BIO_NOCLOSE);
@@ -288,5 +315,5 @@ end:
 	BIO_free(key);
 	EVP_PKEY_free(pkey);
 	if(passin) OPENSSL_free(passin);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -65,6 +65,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #undef PROG
 #define PROG	verify_main
@@ -78,6 +79,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int i,ret=1;
 	int purpose = -1;
 	char *CApath=NULL,*CAfile=NULL;
@@ -85,6 +87,7 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
+	char *engine=NULL;

 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
@@ -137,6 +140,11 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				trustfile= *(++argv);
 				}
+			else if (strcmp(*argv,"-engine") == 0)
+				{
+				if (--argc < 1) goto end;
+				engine= *(++argv);
+				}
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
 			else if (strcmp(*argv,"-issuer_checks") == 0)
@@ -154,6 +162,24 @@ int MAIN(int argc, char **argv)
 			break;
 		}

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
 	if (CAfile) {
@@ -201,7 +227,7 @@ int MAIN(int argc, char **argv)
 	ret=0;
 end:
 	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-engine e] cert1 cert2 ...\n");
 		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;
@@ -213,7 +239,7 @@ end:
 	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
 	sk_X509_pop_free(untrusted, X509_free);
 	sk_X509_pop_free(trusted, X509_free);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
--- a/apps/version.c
+++ b/apps/version.c
@@ -128,5 +128,5 @@ int MAIN(int argc, char **argv)
 		}
 	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
 end:
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -73,6 +73,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>

 #undef PROG
 #define PROG x509_main
@@ -121,7 +122,7 @@ static char *x509_usage[]={
 " -CAkey arg      - set the CA key, must be PEM format\n",
 "                   missing, it is assumed to be in the CA file.\n",
 " -CAcreateserial - create serial number file if it does not exist\n",
-" -CAserial arg   - serial file\n",
+" -CAserial       - serial file\n",
 " -text           - print the certificate in text form\n",
 " -C              - print out C code forms\n",
 " -md2/-md5/-sha1/-mdc2 - digest to use\n",
@@ -129,6 +130,7 @@ static char *x509_usage[]={
 " -extensions     - section from config file with X509V3 extensions to add\n",
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
+" -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };

@@ -145,6 +147,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	X509_REQ *req=NULL;
 	X509 *x=NULL,*xca=NULL;
@@ -175,6 +178,7 @@ int MAIN(int argc, char **argv)
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
 	unsigned long nmflag = 0;
+	char *engine=NULL;

 	reqfile=0;

@@ -233,7 +237,7 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-CAkeyform") == 0)
 			{
 			if (--argc < 1) goto bad;
-			CAkeyformat=str2fmt(*(++argv));
+			CAformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
@@ -337,6 +341,11 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-C") == 0)
 			C= ++num;
 		else if (strcmp(*argv,"-email") == 0)
@@ -420,6 +429,24 @@ bad:
 		goto end;
 		}

+	if (engine != NULL)
+		{
+		if((e = ENGINE_by_id(engine)) == NULL)
+			{
+			BIO_printf(bio_err,"invalid engine \"%s\"\n",
+				engine);
+			goto end;
+			}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(bio_err,"can't use that engine\n");
+			goto end;
+			}
+		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+
 	if (need_rand)
 		app_RAND_load_file(NULL, bio_err, 0);

@@ -447,7 +474,7 @@ bad:

 	if (extfile)
 		{
-		long errorline = -1;
+		long errorline;
 		X509V3_CTX ctx2;
 		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
 			{
@@ -961,7 +988,7 @@ end:
 	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
 	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
 	if (passin) OPENSSL_free(passin);
-	OPENSSL_EXIT(ret);
+	EXIT(ret);
 	}

 static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
--- a/80
+++ b/80
@@ -317,10 +317,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
    *CRAY*)
       echo "j90-cray-unicos"; exit 0;
       ;;
-
-    NONSTOP_KERNEL*)
-       echo "nsr-tandem-nsk"; exit 0;
-       ;;
 esac

 #
@@ -385,33 +381,17 @@ done

 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
-GCCVER=`(gcc -dumpversion) 2>/dev/null`
+GCCVER=`(gcc --version) 2>/dev/null`
 if [ "$GCCVER" != "" ]; then
  CC=gcc
-  # then strip off whatever prefix egcs prepends the number with...
-  # Hopefully, this will work for any future prefixes as well.
-  GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
-  # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
-  # does give us what we want though, so we use that.  We just just the
-  # major and minor version numbers.
+  # then strip off whatever prefix Cygnus prepends the number with...
+  GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
  # peak single digit before and after first dot, e.g. 2.95.1 gives 29
  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
 else
  CC=cc
 fi
-GCCVER=${GCCVER:-0}
-if [ "$SYSTEM" = "HP-UX" ];then
-  # By default gcc is a ILP32 compiler (with long long == 64).
-  GCC_BITS="32"
-  if [ $GCCVER -ge 30 ]; then
-    # PA64 support only came in with gcc 3.0.x.
-    # We look for the preprocessor symbol __LP64__ indicating
-    # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
-    if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
-      GCC_BITS="64"
-    fi
-  fi
-fi
+
 if [ "$SYSTEM" = "SunOS" ]; then
  # check for WorkShop C, expected output is "cc: blah-blah C x.x"
  CCVER=`(cc -V 2>&1) 2>/dev/null | \
@@ -477,8 +457,7 @@ case "$GUESSOS" in
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
 	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
 	echo "         Type return if you want to continue, Ctrl-C to abort."
-	# Do not stop if /dev/tty is unavailable
-	(read waste < /dev/tty) || true
+	read waste < /dev/tty
        CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
        CPU=${CPU:-0}
        if [ $CPU -ge 5000 ]; then
@@ -518,10 +497,6 @@ EOF
 	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
 	rm dummy dummy.c
 	;;
-  ppc64-*-linux2)
-	#Use the standard target for PPC architecture until we create a
-	#special one for the 64bit architecture.
-	OUT="linux-ppc" ;;
  ppc-*-linux2) OUT="linux-ppc" ;;
  m68k-*-linux*) OUT="linux-m68k" ;;
  ia64-*-linux?) OUT="linux-ia64" ;;
@@ -533,8 +508,7 @@ EOF
 	#echo "WARNING! If you wish to build 64-bit library, then you have to"
 	#echo "         invoke './Configure linux64-sparcv9' *manually*."
 	#echo "         Type return if you want to continue, Ctrl-C to abort."
-	# Do not stop if /dev/tty is unavailable
-	#(read waste < /dev/tty) || true
+	#read waste < /dev/tty
 	OUT="linux-sparcv9" ;;
  sparc-*-linux2)
 	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
@@ -575,8 +549,7 @@ EOF
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
 		echo "         Type return if you want to continue, Ctrl-C to abort."
-		# Do not stop if /dev/tty is unavailable
-		(read waste < /dev/tty) || true
+		read waste < /dev/tty
 	fi
 	OUT="solaris-sparcv9-$CC" ;;
  sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
@@ -616,18 +589,8 @@ EOF
  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
-  *-hpux1*)
-	if [ $CC = "gcc" ];
-	then
-	  if [ $GCC_BITS = "64" ]; then
-	    OUT="hpux64-parisc-gcc"
-	  else
-	    OUT="hpux-parisc-gcc"
-	  fi
-	else
-	  OUT="hpux-parisc-$CC"
-	fi
-	options="$options -D_REENTRANT" ;;
+  *-hpux1*)	OUT="hpux-parisc-$CC"
+		options="$options -D_REENTRANT" ;;
  *-hpux)	OUT="hpux-parisc-$CC" ;;
  # these are all covered by the catchall below
  # *-aix) OUT="aix-$CC" ;;
@@ -637,15 +600,30 @@ EOF
  *-*-cygwin) OUT="Cygwin" ;;
  t3e-cray-unicosmk) OUT="cray-t3e" ;;
  j90-cray-unicos) OUT="cray-j90" ;;
-  nsr-tandem-nsk) OUT="tandem-c89" ;;
  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac

+# NB: This atalla support has been superceded by the ENGINE support
+# That contains its own header and definitions anyway. Support can
+# be enabled or disabled on any supported platform without external
+# headers, eg. by adding the "hw-atalla" switch to ./config or
+# perl Configure
+#
 # See whether we can compile Atalla support
-if [ -f /usr/include/atasi.h ]
-then
-  options="$options -DATALLA"
-fi
+#if [ -f /usr/include/atasi.h ]
+#then
+#  options="$options -DATALLA"
+#fi
+
+#get some basic shared lib support (behnke@trustcenter.de)
+case "$OUT" in
+   solaris-*-gcc)
+	if  [ "$SHARED" = "true" ] 
+	 then
+	  options="$options -DPIC -fPIC"
+        fi
+     ;;
+esac

 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -27,15 +27,15 @@ LIBS=

 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso \
+	bn rsa dsa dh dso engine \
 	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

 GENERAL=Makefile README crypto-lib.com install.com

 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
-LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o

 SRC= $(LIBSRC)

@@ -51,11 +51,11 @@ all: buildinf.h lib subdirs

 buildinf.h: ../Makefile.ssl
 	( echo "#ifndef MK1MF_BUILD"; \
-	echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
-	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
-	echo '  #define PLATFORM "$(PLATFORM)"'; \
+	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+	echo "  #define PLATFORM \"$(PLATFORM)\""; \
 	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
-	echo '#endif' ) >buildinf.h
+	echo "#endif" ) >buildinf.h

 testapps:
 	if echo ${SDIRS} | fgrep ' des '; \
@@ -129,12 +129,12 @@ lint:

 depend:
 	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
-	$(MAKEDEPEND) -- $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
 	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i; echo "making depend in crypto/$$i..."; \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
 	done;

 clean:
@@ -185,9 +185,6 @@ mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
 mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-mem_clr.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
-mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-mem_clr.o: ../include/openssl/symhacks.h
 mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
 mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -104,7 +104,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -89,6 +89,8 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	if (a == NULL) return(0);

 	len=a->length;
+	ret=1+len;
+	if (pp == NULL) return(ret);

 	if (len > 0)
 		{
@@ -116,10 +118,6 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 		}
 	else
 		bits=0;
-
-	ret=1+len;
-	if (pp == NULL) return(ret);
-
 	p= *pp;

 	*(p++)=(unsigned char)bits;
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -205,18 +205,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 	else ret->type=V_ASN1_ENUMERATED;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	if (ret->length < len+4)
-		{
-		unsigned char *new_data=
-			OPENSSL_realloc(ret->data, len+4);
-		if (!new_data)
-			{
-			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		ret->data=new_data;
-		}
-
+	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -451,16 +451,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	if (ret->length < len+4)
-		{
-		unsigned char *new_data= OPENSSL_realloc(ret->data, len+4);
-		if (!new_data)
-			{
-			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		ret->data=new_data;
-		}
+	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:
--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -116,7 +116,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
 		}

        pStart  = p; /* Catch the beg of Setblobs*/
-        if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
+        rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
 we will store the SET blobs */

        for (i=0; i<sk_num(a); i++)
@@ -133,7 +133,7 @@ SetBlob
 /* Now we have to sort the blobs. I am using a simple algo.
    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-        if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
+        pTempMem = OPENSSL_malloc(totSize);

 /* Copy to temp mem */
        p = pTempMem;
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -199,10 +199,10 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
 	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 err:
-	OPENSSL_cleanse(&ctx,sizeof(ctx));
+	memset(&ctx,0,sizeof(ctx));
 	if (buf_in != NULL)
-		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
 	if (buf_out != NULL)
-		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
 	return(outl);
 	}
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -519,7 +519,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
 {
 	ASN1_STRING stmp, *str = &stmp;
 	int mbflag, type, ret;
-	if(!in) return -1;
+	if(!*out || !in) return -1;
 	type = in->type;
 	if((type < 0) || (type > 30)) return -1;
 	mbflag = tag2nbyte[type];
@@ -528,6 +528,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
 	stmp.data = NULL;
 	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
 	if(ret < 0) return ret;
-	*out = stmp.data;
+	if(out) *out = stmp.data;
 	return stmp.length;
 }
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -246,8 +246,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 		ts=(struct tm *)localtime(&t);
 		}
 #endif
-	if (ts == NULL)
-		return(NULL);
 	p=(char *)s->data;
 	if ((p == NULL) || (s->length < 14))
 		{
@@ -272,9 +270,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	{
 	struct tm *tm;
-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
-	struct tm data;
-#endif
 	int offset;
 	int year;

@@ -292,8 +287,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 	t -= offset*60; /* FIXME: may overflow in extreme cases */

 #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
-	gmtime_r(&t, &data);
-	tm = &data;
+	{ struct tm data; gmtime_r(&t, &data); tm = &data; }
 #else
 	tm = gmtime(&t);
 #endif
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -100,7 +100,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	EVP_VerifyInit(&ctx,type);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);

-	OPENSSL_cleanse(buf_in,(unsigned int)inl);
+	memset(buf_in,0,(unsigned int)inl);
 	OPENSSL_free(buf_in);

 	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -57,7 +57,6 @@
 */

 #include <stdio.h>
-#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
@@ -125,13 +124,15 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
 		(int)(omax+ *pp));

 #endif
-	if (*plength > (omax - (p - *pp)))
+#if 0
+	if ((p+ *plength) > (omax+ *pp))
 		{
 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
 		/* Set this so that even if things are not long enough
 		 * the values are set correctly */
 		ret|=0x80;
 		}
+#endif
 	*pp=p;
 	return(ret|inf);
 err:
@@ -142,7 +143,7 @@ err:
 static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 	{
 	unsigned char *p= *pp;
-	unsigned long ret=0;
+	long ret=0;
 	int i;

 	if (max-- < 1) return(0);
@@ -158,8 +159,6 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		i= *p&0x7f;
 		if (*(p++) & 0x80)
 			{
-			if (i > sizeof(long))
-				return 0;
 			if (max-- == 0) return(0);
 			while (i-- > 0)
 				{
@@ -171,10 +170,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 		else
 			ret=i;
 		}
-	if (ret > LONG_MAX)
-		return 0;
 	*pp=p;
-	*rl=(long)ret;
+	*rl=ret;
 	return(1);
 	}

@@ -410,7 +407,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)

 void asn1_add_error(unsigned char *address, int offset)
 	{
-	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
+	char buf1[16],buf2[16];

 	sprintf(buf1,"%lu",(unsigned long)address);
 	sprintf(buf2,"%d",offset);
--- a/crypto/asn1/d2i_dhp.c
+++ b/crypto/asn1/d2i_dhp.c
@@ -87,7 +87,6 @@ DH *d2i_DHparams(DH **a, unsigned char **pp, long length)
 		}

 	M_ASN1_BIT_STRING_free(bs);
-	bs = NULL;

 	M_ASN1_D2I_Finish_2(a);

--- a/crypto/asn1/d2i_dsap.c
+++ b/crypto/asn1/d2i_dsap.c
@@ -84,7 +84,6 @@ DSA *d2i_DSAparams(DSA **a, unsigned char **pp, long length)
 	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;

 	M_ASN1_BIT_STRING_free(bs);
-	bs = NULL;

 	M_ASN1_D2I_Finish_2(a);

--- a/crypto/asn1/d2i_r_pr.c
+++ b/crypto/asn1/d2i_r_pr.c
@@ -108,7 +108,6 @@ RSA *d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length)
 		goto err_bn;

 	M_ASN1_INTEGER_free(bs);
-	bs = NULL;

 	M_ASN1_D2I_Finish_2(a);
 err_bn:
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -181,7 +181,7 @@ int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	}
 		
 	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-	OPENSSL_cleanse(buf,256);
+	memset(buf,0,256);

 	EVP_CIPHER_CTX_init(&ctx);
 	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
@@ -292,7 +292,7 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
 	}
 		
 	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-	OPENSSL_cleanse(buf,256);
+	memset(buf,0,256);

 	EVP_CIPHER_CTX_init(&ctx);
 	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
--- a/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
@@ -119,8 +119,8 @@ void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a)
 	X509_ALGOR_free(a->pkeyalg);
 	/* Clear sensitive data */
 	if (a->pkey->value.octet_string)
-		OPENSSL_cleanse(a->pkey->value.octet_string->data,
-				a->pkey->value.octet_string->length);
+		memset (a->pkey->value.octet_string->data,
+				 0, a->pkey->value.octet_string->length);
 	ASN1_TYPE_free (a->pkey);
 	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
 	OPENSSL_free (a);
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -96,34 +96,10 @@ int RSA_print(BIO *bp, RSA *x, int off)
 	char str[128];
 	const char *s;
 	unsigned char *m=NULL;
-	int ret=0;
-	size_t buf_len=0, i;
+	int i,ret=0;

-	if (x->n)
-		buf_len = (size_t)BN_num_bytes(x->n);
-	if (x->e)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
-			buf_len = i;
-	if (x->d)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
-			buf_len = i;
-	if (x->p)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
-			buf_len = i;
-	if (x->q)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-			buf_len = i;
-	if (x->dmp1)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
-			buf_len = i;
-	if (x->dmq1)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
-			buf_len = i;
-	if (x->iqmp)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
-			buf_len = i;
-
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+	i=RSA_size(x);
+	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
 	if (m == NULL)
 		{
 		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
@@ -185,25 +161,22 @@ int DSA_print(BIO *bp, DSA *x, int off)
 	{
 	char str[128];
 	unsigned char *m=NULL;
-	int ret=0;
-	size_t buf_len=0,i;
+	int i,ret=0;
+	BIGNUM *bn=NULL;

-	if (x->p)
-		buf_len = (size_t)BN_num_bytes(x->p);
-	if (x->q)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-			buf_len = i;
-	if (x->g)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-			buf_len = i;
-	if (x->priv_key)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
-			buf_len = i;
-	if (x->pub_key)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
-			buf_len = i;
-
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+	if (x->p != NULL)
+		bn=x->p;
+	else if (x->priv_key != NULL)
+		bn=x->priv_key;
+	else if (x->pub_key != NULL)
+		bn=x->pub_key;
+		
+	/* larger than needed but what the hell :-) */
+	if (bn != NULL)
+		i=BN_num_bytes(bn)*2;
+	else
+		i=256;
+	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
 	if (m == NULL)
 		{
 		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
@@ -308,15 +281,10 @@ int DHparams_print_fp(FILE *fp, DH *x)
 int DHparams_print(BIO *bp, DH *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,ret=0;
-	size_t buf_len=0, i;
+	int reason=ERR_R_BUF_LIB,i,ret=0;

-	if (x->p)
-		buf_len = (size_t)BN_num_bytes(x->p);
-	if (x->g)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-			buf_len = i;
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+	i=BN_num_bytes(x->p);
+	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
 	if (m == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
@@ -366,18 +334,10 @@ int DSAparams_print_fp(FILE *fp, DSA *x)
 int DSAparams_print(BIO *bp, DSA *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,ret=0;
-	size_t buf_len=0, i;
+	int reason=ERR_R_BUF_LIB,i,ret=0;

-	if (x->p)
-		buf_len = (size_t)BN_num_bytes(x->p);
-	if (x->q)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-			buf_len = i;
-	if (x->g)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-			buf_len = i;
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+	i=BN_num_bytes(x->p);
+	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
 	if (m == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -156,7 +156,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		dsa->write_params=0;
 		ASN1_TYPE_free(a->parameter);
 		i=i2d_DSAparams(dsa,NULL);
-		if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
+		p=(unsigned char *)OPENSSL_malloc(i);
 		pp=p;
 		i2d_DSAparams(dsa,&pp);
 		a->parameter=ASN1_TYPE_new();
--- a/crypto/bf/Makefile.ssl
+++ b/crypto/bf/Makefile.ssl
@@ -96,7 +96,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- a/crypto/bf/bftest.c
+++ b/crypto/bf/bftest.c
@@ -63,8 +63,6 @@
 #include <string.h>
 #include <stdlib.h>

-#include "../e_os.h"
-
 #ifdef NO_BF
 int main(int argc, char *argv[])
 {
@@ -277,7 +275,7 @@ int main(int argc, char *argv[])
 	else
 		ret=test();

-	EXIT(ret);
+	exit(ret);
 	return(0);
 	}

--- a/crypto/bio/Makefile.ssl
+++ b/crypto/bio/Makefile.ssl
@@ -78,7 +78,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -56,13 +56,6 @@
 * [including the GNU Public Licence.]
 */

-/* disable assert() unless BIO_DEBUG has been defined */
-#ifndef BIO_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
 /* 
 * Stolen from tjh's ssl/ssl_trc.c stuff.
 */
@@ -109,7 +102,7 @@
 * o ...                                       (for OpenSSL)
 */

-#ifdef HAVE_LONG_DOUBLE
+#if HAVE_LONG_DOUBLE
 #define LDOUBLE long double
 #else
 #define LDOUBLE double
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -104,7 +104,7 @@ static int nbiof_new(BIO *bi)
 	{
 	NBIO_TEST *nt;

-	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
+	nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
 	nt->lrn= -1;
 	nt->lwn= -1;
 	bi->ptr=(char *)nt;
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -7,18 +7,9 @@
 * for which no specific BIO method is available.
 * See ssl/ssltest.c for some hints on how this can be used. */

-/* BIO_DEBUG implies BIO_PAIR_DEBUG */
-#ifdef BIO_DEBUG
-# ifndef BIO_PAIR_DEBUG
-#  define BIO_PAIR_DEBUG
-# endif
-#endif
-
-/* disable assert() unless BIO_PAIR_DEBUG has been defined */
 #ifndef BIO_PAIR_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
 #endif

 #include <assert.h>
--- a/crypto/bn/Makefile.ssl
+++ b/crypto/bn/Makefile.ssl
@@ -159,7 +159,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -155,7 +155,7 @@ extern "C" {
 #define BN_BYTES	4
 #define BN_BITS2	32
 #define BN_BITS4	16
-#if defined(_MSC_VER) || defined(__BORLANDC__)
+#ifdef WIN32
 /* VC++ doesn't like the LL suffix */
 #define BN_MASK		(0xffffffffffffffffL)
 #else
@@ -413,7 +413,7 @@ int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
 			  BN_CTX *ctx);
 int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
 void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
 BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);

 BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -190,10 +190,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,

 	/* First we normalise the numbers */
 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
+	BN_lshift(sdiv,divisor,norm_shift);
 	sdiv->neg=0;
 	norm_shift+=BN_BITS2;
-	if (!(BN_lshift(snum,num,norm_shift))) goto err;
+	BN_lshift(snum,num,norm_shift);
 	snum->neg=0;
 	div_n=sdiv->top;
 	num_n=snum->top;
@@ -315,7 +315,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 		tmp->top=j;

 		j=wnum.top;
-		if (!BN_sub(&wnum,&wnum,tmp)) goto err;
+		BN_sub(&wnum,&wnum,tmp);

 		snum->top=snum->top+wnum.top-j;

@@ -323,7 +323,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 			{
 			q--;
 			j=wnum.top;
-			if (!BN_add(&wnum,&wnum,sdiv)) goto err;
+			BN_add(&wnum,&wnum,sdiv);
 			snum->top+=wnum.top-j;
 			}
 		*(resp--)=q;
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -113,13 +113,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#ifdef ATALLA
-# include <alloca.h>
-# include <atasi.h>
-# include <assert.h>
-# include <dlfcn.h>
-#endif
-

 #define TABLE_SIZE	32

@@ -183,174 +176,6 @@ err:
 	}


-#ifdef ATALLA
-
-/*
- * This routine will dynamically check for the existance of an Atalla AXL-200
- * SSL accelerator module.  If one is found, the variable
- * asi_accelerator_present is set to 1 and the function pointers
- * ptr_ASI_xxxxxx above will be initialized to corresponding ASI API calls.
- */
-typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
-					    unsigned int *ret_buf);
-typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
-typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
-				     unsigned char *output,
-				     unsigned char *input,
-				     unsigned int modulus_len);
-
-static tfnASI_GetHardwareConfig *ptr_ASI_GetHardwareConfig;
-static tfnASI_RSAPrivateKeyOpFn *ptr_ASI_RSAPrivateKeyOpFn;
-static tfnASI_GetPerformanceStatistics *ptr_ASI_GetPerformanceStatistics;
-static int asi_accelerator_present;
-static int tried_atalla;
-
-void atalla_initialize_accelerator_handle(void)
-	{
-	void *dl_handle;
-	int status;
-	unsigned int config_buf[1024]; 
-	static int tested;
-
-	if(tested)
-		return;
-
-	tested=1;
-
-	bzero((void *)config_buf, 1024);
-
-	/*
-	 * Check to see if the library is present on the system
-	 */
-	dl_handle = dlopen("atasi.so", RTLD_NOW);
-	if (dl_handle == (void *) NULL)
-		{
-/*		printf("atasi.so library is not present on the system\n");
-		printf("No HW acceleration available\n");*/
-		return;
-	        }
-
-	/*
-	 * The library is present.  Now we'll check to insure that the
-	 * LDM is up and running. First we'll get the address of the
-	 * function in the atasi library that we need to see if the
-	 * LDM is operating.
-	 */
-
-	ptr_ASI_GetHardwareConfig =
-	  (tfnASI_GetHardwareConfig *)dlsym(dl_handle,"ASI_GetHardwareConfig");
-
-	if (ptr_ASI_GetHardwareConfig)
-		{
-		/*
-		 * We found the call, now we'll get our config
-		 * status.  If we get a non 0 result, the LDM is not
-		 * running and we cannot use the Atalla ASI *
-		 * library.
-		 */
-		status = (*ptr_ASI_GetHardwareConfig)(0L, config_buf);
-		if (status != 0)
-			{
-			printf("atasi.so library is present but not initialized\n");
-			printf("No HW acceleration available\n");
-			return;
-			}    
-	        }
-	else
-		{
-/*		printf("We found the library, but not the function. Very Strange!\n");*/
-		return ;
-	      	}
-
-	/* 
-	 * It looks like we have acceleration capabilities.  Load up the
-	 * pointers to our ASI API calls.
-	 */
-	ptr_ASI_RSAPrivateKeyOpFn=
-	  (tfnASI_RSAPrivateKeyOpFn *)dlsym(dl_handle, "ASI_RSAPrivateKeyOpFn");
-	if (ptr_ASI_RSAPrivateKeyOpFn == NULL)
-		{
-/*		printf("We found the library, but no RSA function. Very Strange!\n");*/
-		return;
-	        }
-
-	ptr_ASI_GetPerformanceStatistics =
-	  (tfnASI_GetPerformanceStatistics *)dlsym(dl_handle, "ASI_GetPerformanceStatistics");
-	if (ptr_ASI_GetPerformanceStatistics == NULL)
-		{
-/*		printf("We found the library, but no stat function. Very Strange!\n");*/
-		return;
-	      }
-
-	/*
-	 * Indicate that acceleration is available
-	 */
-	asi_accelerator_present = 1;
-
-/*	printf("This system has acceleration!\n");*/
-
-	return;
-	}
-
-/* make sure this only gets called once when bn_mod_exp calls bn_mod_exp_mont */
-int BN_mod_exp_atalla(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m)
-	{
-	unsigned char *abin;
-	unsigned char *pbin;
-	unsigned char *mbin;
-	unsigned char *rbin;
-	int an,pn,mn,ret;
-	RSAPrivateKey keydata;
-
-	atalla_initialize_accelerator_handle();
-	if(!asi_accelerator_present)
-		return 0;
-
-
-/* We should be able to run without size testing */
-# define ASIZE	128
-	an=BN_num_bytes(a);
-	pn=BN_num_bytes(p);
-	mn=BN_num_bytes(m);
-
-	if(an <= ASIZE && pn <= ASIZE && mn <= ASIZE)
-	    {
-	    int size=mn;
-
-	    assert(an <= mn);
-	    abin=alloca(size);
-	    memset(abin,'\0',mn);
-	    BN_bn2bin(a,abin+size-an);
-
-	    pbin=alloca(pn);
-	    BN_bn2bin(p,pbin);
-
-	    mbin=alloca(size);
-	    memset(mbin,'\0',mn);
-	    BN_bn2bin(m,mbin+size-mn);
-
-	    rbin=alloca(size);
-
-	    memset(&keydata,'\0',sizeof keydata);
-	    keydata.privateExponent.data=pbin;
-	    keydata.privateExponent.len=pn;
-	    keydata.modulus.data=mbin;
-	    keydata.modulus.len=size;
-
-	    ret=(*ptr_ASI_RSAPrivateKeyOpFn)(&keydata,rbin,abin,keydata.modulus.len);
-/*fprintf(stderr,"!%s\n",BN_bn2hex(a));*/
-	    if(!ret)
-	        {
-		BN_bin2bn(rbin,keydata.modulus.len,r);
-/*fprintf(stderr,"?%s\n",BN_bn2hex(r));*/
-		return 1;
-	        }
-	    }
-	return 0;
-        }
-#endif /* def ATALLA */
-
-
 int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	       BN_CTX *ctx)
 	{
@@ -360,13 +185,6 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	bn_check_top(p);
 	bn_check_top(m);

-#ifdef ATALLA
-	if(BN_mod_exp_atalla(r,a,p,m))
-	    return 1;
-/* If it fails, try the other methods (but don't try atalla again) */
-	tried_atalla=1;
-#endif
-
 #ifdef MONT_MUL_MOD
 	/* I have finally been able to take out this pre-condition of
 	 * the top bit being set.  It was caused by an error in BN_div
@@ -392,10 +210,6 @@ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 		{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
 #endif

-#ifdef ATALLA
-	tried_atalla=0;
-#endif
-
 	return(ret);
 	}

@@ -525,12 +339,6 @@ int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
 	bn_check_top(p);
 	bn_check_top(m);

-#ifdef ATALLA
-	if(!tried_atalla && BN_mod_exp_atalla(rr,a,p,m))
-	    return 1;
-/* If it fails, try the other methods */
-#endif
-
 	if (!(m->d[0] & 1))
 		{
 		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -693,19 +501,6 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
 	t = BN_CTX_get(ctx);
 	if (d == NULL || r == NULL || t == NULL) goto err;

-#ifdef ATALLA
-	if (!tried_atalla)
-		{
-		BN_set_word(t, a);
-		if (BN_mod_exp_atalla(rr, t, p, m))
-			{
-			BN_CTX_end(ctx);
-			return 1;
-			}
-		}
-/* If it fails, try the other methods */
-#endif
-
 	if (in_mont != NULL)
 		mont=in_mont;
 	else
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -168,8 +168,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
 		R=in;
 	if (R == NULL) goto err;

-	if (!BN_zero(X)) goto err;
-	if (!BN_one(Y)) goto err;
+	BN_zero(X);
+	BN_one(Y);
 	if (BN_copy(A,a) == NULL) goto err;
 	if (BN_copy(B,n) == NULL) goto err;
 	sign=1;
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a)
 	if (a == NULL) return;
 	if (a->d != NULL)
 		{
-		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
+		memset(a->d,0,a->dmax*sizeof(a->d[0]));
 		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
 			OPENSSL_free(a->d);
 		}
 	i=BN_get_flags(a,BN_FLG_MALLOCED);
-	OPENSSL_cleanse(a,sizeof(BIGNUM));
+	memset(a,0,sizeof(BIGNUM));
 	if (i)
 		OPENSSL_free(a);
 	}
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -224,7 +224,7 @@ int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,

 	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
 	if (!BN_add(t2,a,t1)) goto err;
-	if (!BN_rshift(ret,t2,mont->ri)) goto err;
+	BN_rshift(ret,t2,mont->ri);
 #endif /* MONT_WORD */

 	if (BN_ucmp(ret, &(mont->N)) >= 0)
@@ -284,8 +284,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 		BN_ULONG buf[2];

 		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-		if (!(BN_zero(R))) goto err;
-		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */
+		BN_zero(R);
+		BN_set_bit(R,BN_BITS2);			/* R */

 		buf[0]=mod->d[0]; /* tmod = N mod word size */
 		buf[1]=0;
@@ -296,44 +296,36 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 							/* Ri = R^-1 mod N*/
 		if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
 			goto err;
-		/* R*Ri */
-		if (!(BN_lshift(&Ri,&Ri,BN_BITS2))) goto err;
+		BN_lshift(&Ri,&Ri,BN_BITS2);		/* R*Ri */
 		if (!BN_is_zero(&Ri))
-			{
-		   	if (!BN_sub_word(&Ri,1)) goto err;
-			}
+			BN_sub_word(&Ri,1);
 		else /* if N mod word size == 1 */
-		   	/* Ri-- (mod word size) */
-			{
-			if (!BN_set_word(&Ri,BN_MASK2)) goto err;
-			}
-		/* Ni = (R*Ri-1)/N, keep only least significant word: */
-                if (!(BN_div(&Ri,NULL,&Ri,&tmod,ctx))) goto err;
+			BN_set_word(&Ri,BN_MASK2);  /* Ri-- (mod word size) */
+		BN_div(&Ri,NULL,&Ri,&tmod,ctx);	/* Ni = (R*Ri-1)/N,
+		                                 * keep only least significant word: */
 		mont->n0=Ri.d[0];
 		BN_free(&Ri);
 		}
 #else /* !MONT_WORD */
 		{ /* bignum version */
 		mont->ri=BN_num_bits(mod);
-		if (!(BN_zero(R))) goto err;
-		/* R = 2^ri */
-		if (!(BN_set_bit(R,mont->ri))) goto err;
+		BN_zero(R);
+		BN_set_bit(R,mont->ri);			/* R = 2^ri */
 							/* Ri = R^-1 mod N*/
 		if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL)
 			goto err;
-		/* R*Ri */
-		if (!(BN_lshift(&Ri,&Ri,mont->ri))) goto err;
-		if (!(BN_sub_word(&Ri,1))) goto err;
+		BN_lshift(&Ri,&Ri,mont->ri);		/* R*Ri */
+		BN_sub_word(&Ri,1);
 							/* Ni = (R*Ri-1) / N */
-		if (!(BN_div(&(mont->Ni),NULL,&Ri,mod,ctx))) goto err;
+		BN_div(&(mont->Ni),NULL,&Ri,mod,ctx);
 		BN_free(&Ri);
 		}
 #endif

 	/* setup RR for conversions */
-	if (!(BN_zero(&(mont->RR)))) goto err;
-	if (!(BN_set_bit(&(mont->RR),mont->ri*2))) goto err;
-	if (!(BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx))) goto err;
+	BN_zero(&(mont->RR));
+	BN_set_bit(&(mont->RR),mont->ri*2);
+	BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx);

 	return(1);
 err:
@@ -344,9 +336,9 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 	{
 	if (to == from) return(to);

-	if (!(BN_copy(&(to->RR),&(from->RR)))) return NULL;
-	if (!(BN_copy(&(to->N),&(from->N)))) return NULL;
-	if (!(BN_copy(&(to->Ni),&(from->Ni)))) return NULL;
+	BN_copy(&(to->RR),&(from->RR));
+	BN_copy(&(to->N),&(from->N));
+	BN_copy(&(to->Ni),&(from->Ni));
 	to->ri=from->ri;
 	to->n0=from->n0;
 	return(to);
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -634,7 +634,7 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)

 	if ((al == 0) || (bl == 0))
 		{
-		if (!BN_zero(r)) goto err;
+		BN_zero(r);
 		return(1);
 		}
 	top=al+bl;
@@ -677,14 +677,14 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 		{
 		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
 			{
-			if (bn_wexpand(b,al) == NULL) goto err;
+			bn_wexpand(b,al);
 			b->d[bl]=0;
 			bl++;
 			i--;
 			}
 		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
 			{
-			if (bn_wexpand(a,bl) == NULL) goto err;
+			bn_wexpand(a,bl);
 			a->d[al]=0;
 			al++;
 			i++;
@@ -699,16 +699,16 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 			t = BN_CTX_get(ctx);
 			if (al == j) /* exact multiple */
 				{
-				if (bn_wexpand(t,k*2) == NULL) goto err;
-				if (bn_wexpand(rr,k*2) == NULL) goto err;
+				bn_wexpand(t,k*2);
+				bn_wexpand(rr,k*2);
 				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
 				}
 			else
 				{
-				if (bn_wexpand(a,k) == NULL ) goto err;
-				if (bn_wexpand(b,k) == NULL ) goto err;
-				if (bn_wexpand(t,k*4) == NULL ) goto err;
-				if (bn_wexpand(rr,k*4) == NULL ) goto err;
+				bn_wexpand(a,k);
+				bn_wexpand(b,k);
+				bn_wexpand(t,k*4);
+				bn_wexpand(rr,k*4);
 				for (i=a->top; i<k; i++)
 					a->d[i]=0;
 				for (i=b->top; i<k; i++)
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 err:
 	if (buf != NULL)
 		{
-		OPENSSL_cleanse(buf,bytes);
+		memset(buf,0,bytes);
 		OPENSSL_free(buf);
 		}
 	return(ret);
--- a/crypto/bn/bn_word.c
+++ b/crypto/bn/bn_word.c
@@ -123,10 +123,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
 	i=0;
 	for (;;)
 		{
-		if (i >= a->top)
-			l=w;
-		else
-			l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+		l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
 		a->d[i]=l;
 		if (w > l)
 			w=1;
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -139,10 +139,10 @@ int main(int argc, char *argv[])


 	ctx=BN_CTX_new();
-	if (ctx == NULL) EXIT(1);
+	if (ctx == NULL) exit(1);

 	out=BIO_new(BIO_s_file());
-	if (out == NULL) EXIT(1);
+	if (out == NULL) exit(1);
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -152,7 +152,7 @@ int main(int argc, char *argv[])
 		if (!BIO_write_filename(out,outfile))
 			{
 			perror(outfile);
-			EXIT(1);
+			exit(1);
 			}
 		}

@@ -228,14 +228,14 @@ int main(int argc, char *argv[])
 	BIO_free(out);

 /**/
-	EXIT(0);
+	exit(0);
 err:
 	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
 	                      * the failure, see test_bn in test/Makefile.ssl*/
 	BIO_flush(out);
 	ERR_load_crypto_strings();
 	ERR_print_errors_fp(stderr);
-	EXIT(1);
+	exit(1);
 	return(1);
 	}

@@ -746,7 +746,7 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 			while ((l=ERR_get_error()))
 				fprintf(stderr,"ERROR:%s\n",
 					ERR_error_string(l,NULL));
-			EXIT(1);
+			exit(1);
 			}
 		if (bp != NULL)
 			{
--- a/crypto/bn/exptest.c
+++ b/crypto/bn/exptest.c
@@ -59,9 +59,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-
-#include "../e_os.h"
-
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
@@ -89,7 +86,7 @@ int main(int argc, char *argv[])
 	ERR_load_BN_strings();

 	ctx=BN_CTX_new();
-	if (ctx == NULL) EXIT(1);
+	if (ctx == NULL) exit(1);
 	r_mont=BN_new();
 	r_recp=BN_new();
 	r_simple=BN_new();
@@ -102,7 +99,7 @@ int main(int argc, char *argv[])

 	out=BIO_new(BIO_s_file());

-	if (out == NULL) EXIT(1);
+	if (out == NULL) exit(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);

 	for (i=0; i<200; i++)
@@ -127,7 +124,7 @@ int main(int argc, char *argv[])
 			{
 			printf("BN_mod_exp_mont() problems\n");
 			ERR_print_errors(out);
-			EXIT(1);
+			exit(1);
 			}

 		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
@@ -135,7 +132,7 @@ int main(int argc, char *argv[])
 			{
 			printf("BN_mod_exp_recp() problems\n");
 			ERR_print_errors(out);
-			EXIT(1);
+			exit(1);
 			}

 		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
@@ -143,7 +140,7 @@ int main(int argc, char *argv[])
 			{
 			printf("BN_mod_exp_simple() problems\n");
 			ERR_print_errors(out);
-			EXIT(1);
+			exit(1);
 			}

 		if (BN_cmp(r_simple, r_mont) == 0
@@ -166,7 +163,7 @@ int main(int argc, char *argv[])
 			printf("\nrecp     =");	BN_print(out,r_recp);
 			printf("\nmont     ="); BN_print(out,r_mont);
 			printf("\n");
-			EXIT(1);
+			exit(1);
 			}
 		}
 	BN_free(r_mont);
@@ -180,11 +177,11 @@ int main(int argc, char *argv[])
 	CRYPTO_mem_leaks(out);
 	BIO_free(out);
 	printf(" done\n");
-	EXIT(0);
+	exit(0);
 err:
 	ERR_load_crypto_strings();
 	ERR_print_errors(out);
-	EXIT(1);
+	exit(1);
 	return(1);
 	}

--- a/crypto/buffer/Makefile.ssl
+++ b/crypto/buffer/Makefile.ssl
@@ -68,7 +68,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- a/crypto/cast/Makefile.ssl
+++ b/crypto/cast/Makefile.ssl
@@ -97,7 +97,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- a/crypto/cast/casttest.c
+++ b/crypto/cast/casttest.c
@@ -60,8 +60,6 @@
 #include <string.h>
 #include <stdlib.h>

-#include "../e_os.h"
-
 #ifdef NO_CAST
 int main(int argc, char *argv[])
 {
@@ -226,7 +224,7 @@ int main(int argc, char *argv[])
      }
 #endif

-    EXIT(err);
+    exit(err);
    return(err);
    }
 #endif
--- a/crypto/comp/Makefile.ssl
+++ b/crypto/comp/Makefile.ssl
@@ -71,7 +71,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
--- a/crypto/conf/Makefile.ssl
+++ b/crypto/conf/Makefile.ssl
@@ -69,7 +69,7 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

 depend:
-	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -88,12 +88,10 @@ conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 conf_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 conf_def.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
-conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-conf_def.o: ../cryptlib.h conf_def.h
+conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+conf_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_def.o: ../../include/openssl/symhacks.h conf_def.h
 conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
 conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
 conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -67,7 +67,6 @@
 #include "conf_def.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
-#include "cryptlib.h"

 static char *eat_ws(CONF *conf, char *p);
 static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -181,12 +180,12 @@ static int def_destroy_data(CONF *conf)
 static int def_load(CONF *conf, BIO *in, long *line)
 	{
 #define BUFSIZE	512
+	char btmp[16];
 	int bufnum=0,i,ii;
 	BUF_MEM *buff=NULL;
 	char *s,*p,*end;
 	int again,n;
 	long eline=0;
-	char btmp[DECIMAL_SIZE(eline)+1];
 	CONF_VALUE *v=NULL,*tv;
 	CONF_VALUE *sv=NULL;
 	char *section=NULL,*buf;
@@ -224,9 +223,9 @@ static int def_load(CONF *conf, BIO *in, long *line)
 	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;

 	bufnum=0;
-	again=0;
 	for (;;)
 		{
+		again=0;
 		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
 			{
 			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
@@ -237,8 +236,7 @@ static int def_load(CONF *conf, BIO *in, long *line)
 		BIO_gets(in, p, BUFSIZE-1);
 		p[BUFSIZE-1]='\0';
 		ii=i=strlen(p);
-		if (i == 0 && !again) break;
-		again=0;
+		if (i == 0) break;
 		while (i > 0)
 			{
 			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
@@ -248,7 +246,7 @@ static int def_load(CONF *conf, BIO *in, long *line)
 			}
 		/* we removed some trailing stuff so there is a new
 		 * line on the end. */
-		if (ii && i == ii)
+		if (i == ii)
 			again=1; /* long line */
 		else
 			{
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -89,7 +89,6 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"ssl_session",
 	"ssl_sess_cert",
 	"ssl",
-	/* "ssl_method", */
 	"rand",
 	"rand2",
 	"debug_malloc",
@@ -102,7 +101,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"debug_malloc2",
 	"dso",
 	"dynlock",
-#if CRYPTO_NUM_LOCKS != 29
+	"engine",
+#if CRYPTO_NUM_LOCKS != 30
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
 	};
@@ -231,7 +231,7 @@ void CRYPTO_destroy_dynlockid(int i)
 	if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
 		{
 		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-		return;
+ 		return;
 		}
 	pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
 	if (pointer != NULL)
@@ -400,16 +400,15 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
 #endif
 	if (type < 0)
 		{
-		int i = -type - 1;
 		struct CRYPTO_dynlock_value *pointer
-			= CRYPTO_get_dynlock_value(i);
+			= CRYPTO_get_dynlock_value(type);

 		if (pointer && dynlock_lock_callback)
 			{
 			dynlock_lock_callback(mode, pointer, file, line);
 			}

-		CRYPTO_destroy_dynlockid(i);
+		CRYPTO_destroy_dynlockid(type);
 		}
 	else
 		if (locking_callback != NULL)
@@ -460,7 +459,7 @@ const char *CRYPTO_get_lock_name(int type)
 		return("dynamic");
 	else if (type < CRYPTO_NUM_LOCKS)
 		return(lock_names[type]);
-	else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
+	else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
 		return("ERROR");
 	else
 		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
--- a/crypto/cryptlib.h
+++ b/crypto/cryptlib.h
@@ -89,10 +89,6 @@ extern "C" {
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"

-/* size of string represenations */
-#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
-#define HEX_SIZE(type)         ((sizeof(type)*2)
-
 #ifdef  __cplusplus
 }
 #endif
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -88,7 +88,7 @@ $! Define The Different Encryption Types.
 $!
 $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
 		  "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
-		  "BN,RSA,DSA,DH,DSO,"+ -
+		  "BN,RSA,DSA,DH,DSO,ENGINE,"+ -
 		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
 		  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
 		  "CONF,TXT_DB,PKCS7,PKCS12,COMP"
@@ -174,7 +174,7 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid"
+$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
@@ -206,6 +206,9 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
 $ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err"
 $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
 	"dso_openssl,dso_win32,dso_vms"
+$ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
+	"hw_atalla,hw_cswift,hw_ncipher,hw_aep,hw_sureware,"+ -
+	"hw_ubsec,hw_keyclient"
 $ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
 	"bss_mem,bss_null,bss_fd,"+ -
@@ -623,7 +626,6 @@ $   WRITE SYS$OUTPUT "	",APPLICATION,".exe"
 $!
 $! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
 $!
-$   ON ERROR THEN GOTO NEXT_APPLICATION
 $   IF (RSAREF.EQS."TRUE")
 $   THEN
 $!
@@ -1195,7 +1197,9 @@ $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+           "/NOLIST/PREFIX=ALL" + -
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -1227,7 +1231,8 @@ $	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
 $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST/INCLUDE=SYS$DISK:[]" + -
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
 	   CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1259,7 +1264,8 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -1326,7 +1332,7 @@ $   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
 $!
 $!  Show user the result
 $!
-$   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
+$   WRITE SYS$OUTPUT "Main C Compiling Command: ",CC
 $!
 $!  Else The User Entered An Invalid Arguement.
 $!
@@ -1357,7 +1363,7 @@ $ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE
 $!
 $!  Show user the result
 $!
-$   WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
+$   WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
 $!
 $! Time to check the contents, and to make sure we get the correct library.
 $!
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -95,38 +95,36 @@ extern "C" {
 * names in cryptlib.c
 */

-#define CRYPTO_LOCK_ERR			1
-#define CRYPTO_LOCK_ERR_HASH		2
-#define CRYPTO_LOCK_X509		3
-#define CRYPTO_LOCK_X509_INFO		4
-#define CRYPTO_LOCK_X509_PKEY		5
+#define	CRYPTO_LOCK_ERR			1
+#define	CRYPTO_LOCK_ERR_HASH		2
+#define	CRYPTO_LOCK_X509		3
+#define	CRYPTO_LOCK_X509_INFO		4
+#define	CRYPTO_LOCK_X509_PKEY		5
 #define CRYPTO_LOCK_X509_CRL		6
 #define CRYPTO_LOCK_X509_REQ		7
 #define CRYPTO_LOCK_DSA			8
 #define CRYPTO_LOCK_RSA			9
 #define CRYPTO_LOCK_EVP_PKEY		10
-#define CRYPTO_LOCK_X509_STORE		11
-#define CRYPTO_LOCK_SSL_CTX		12
-#define CRYPTO_LOCK_SSL_CERT		13
-#define CRYPTO_LOCK_SSL_SESSION		14
-#define CRYPTO_LOCK_SSL_SESS_CERT	15
-#define CRYPTO_LOCK_SSL			16
-/* for binary compatibility between 0.9.6 minor versions,
- * reuse an existing lock (later version use a new one): */
-# define CRYPTO_LOCK_SSL_METHOD		CRYPTO_LOCK_SSL_CTX
-#define CRYPTO_LOCK_RAND		17
-#define CRYPTO_LOCK_RAND2		18
-#define CRYPTO_LOCK_MALLOC		19
-#define CRYPTO_LOCK_BIO			20
-#define CRYPTO_LOCK_GETHOSTBYNAME	21
-#define CRYPTO_LOCK_GETSERVBYNAME	22
-#define CRYPTO_LOCK_READDIR		23
-#define CRYPTO_LOCK_RSA_BLINDING	24
-#define CRYPTO_LOCK_DH			25
-#define CRYPTO_LOCK_MALLOC2		26
-#define CRYPTO_LOCK_DSO			27
-#define CRYPTO_LOCK_DYNLOCK		28
-#define CRYPTO_NUM_LOCKS		29
+#define	CRYPTO_LOCK_X509_STORE		11
+#define	CRYPTO_LOCK_SSL_CTX		12
+#define	CRYPTO_LOCK_SSL_CERT		13
+#define	CRYPTO_LOCK_SSL_SESSION		14
+#define	CRYPTO_LOCK_SSL_SESS_CERT	15
+#define	CRYPTO_LOCK_SSL			16
+#define	CRYPTO_LOCK_RAND		17
+#define	CRYPTO_LOCK_RAND2		18
+#define	CRYPTO_LOCK_MALLOC		19
+#define	CRYPTO_LOCK_BIO			20
+#define	CRYPTO_LOCK_GETHOSTBYNAME	21
+#define	CRYPTO_LOCK_GETSERVBYNAME	22
+#define	CRYPTO_LOCK_READDIR		23
+#define	CRYPTO_LOCK_RSA_BLINDING	24
+#define	CRYPTO_LOCK_DH			25
+#define	CRYPTO_LOCK_MALLOC2		26
+#define	CRYPTO_LOCK_DSO			27
+#define	CRYPTO_LOCK_DYNLOCK		28
+#define	CRYPTO_LOCK_ENGINE		29
+#define	CRYPTO_NUM_LOCKS		30

 #define CRYPTO_LOCK		1
 #define CRYPTO_UNLOCK		2
@@ -148,7 +146,7 @@ extern "C" {
 #endif
 #else
 #define CRYPTO_w_lock(a)
-#define CRYPTO_w_unlock(a)
+#define	CRYPTO_w_unlock(a)
 #define CRYPTO_r_lock(a)
 #define CRYPTO_r_unlock(a)
 #define CRYPTO_add(a,b,c)	((*(a))+=(b))
@@ -345,8 +343,6 @@ void CRYPTO_free(void *);
 void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
 void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);

-void OPENSSL_cleanse(void *ptr, size_t len);
-
 void CRYPTO_set_mem_debug_options(long bits);
 long CRYPTO_get_mem_debug_options(void);

--- a/crypto/des/FILES0
+++ b/crypto/des/FILES0
--- a/Show More
+++ b/Show More