Change scary wording.

Include extra libraries/flags.
Another stupid diff.
2003-10-22 11:28:25 +00:00 · 2003-10-22 11:05:19 +00:00 · 2003-10-08 13:12:50 +00:00 · 2003-10-08 10:18:02 +00:00 · 2003-10-07 10:55:36 +00:00 · 2003-10-05 22:22:15 +00:00
1171 changed files with 251719 additions and 21339 deletions
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,5 +1,5 @@
 openssl.pc
-Makefile
+Makefile.ssl
 MINFO
 makefile.one
 tmp
@@ -15,6 +15,3 @@ cctest.a
 libcrypto.so.*
 libssl.so.*
 libcrypto.sha1
-libcrypto.a.sha1
-*.flc
-semantic.cache
--- a/165
+++ b/165
@@ -2,156 +2,9 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
+ Changes between 0.9.7c and 0.9.7d  [xx XXX XXXX]

-  *) Fixes for newer kerberos headers. NB: the casts are needed because
-     the 'length' field is signed on one version and unsigned on another
-     with no (?) obvious way to tell the difference, without these VC++
-     complains. Also the "definition" of FAR (blank) is no longer included
-     nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
-     some needed definitions.
-     [Steve Henson]
-
-  *) Undo Cygwin change.
-     [Ulf M<>ller]
-
-  *) Added support for proxy certificates according to RFC 3820.
-     Because they may be a security thread to unaware applications,
-     they must be explicitely allowed in run-time.  See
-     docs/HOWTO/proxy_certificates.txt for further information.
-     [Richard Levitte]
-
- Changes between 0.9.7e and 0.9.7f  [22 Mar 2005]
-
-  *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
-     server and client random values. Previously
-     (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
-     less random data when sizeof(time_t) > 4 (some 64 bit platforms).
-
-     This change has negligible security impact because:
-
-     1. Server and client random values still have 24 bytes of pseudo random
-        data.
-
-     2. Server and client random values are sent in the clear in the initial
-        handshake.
-
-     3. The master secret is derived using the premaster secret (48 bytes in
-        size for static RSA ciphersuites) as well as client server and random
-        values.
-
-     The OpenSSL team would like to thank the UK NISCC for bringing this issue
-     to our attention. 
-
-     [Stephen Henson, reported by UK NISCC]
-
-  *) Use Windows randomness collection on Cygwin.
-     [Ulf M<>ller]
-
-  *) Fix hang in EGD/PRNGD query when communication socket is closed
-     prematurely by EGD/PRNGD.
-     [Darren Tucker <dtucker@zip.com.au> via Lutz J<>nicke, resolves #1014]
-
-  *) Prompt for pass phrases when appropriate for PKCS12 input format.
-     [Steve Henson]
-
-  *) Back-port of selected performance improvements from development
-     branch, as well as improved support for PowerPC platforms.
-     [Andy Polyakov]
-
-  *) Add lots of checks for memory allocation failure, error codes to indicate
-     failure and freeing up memory if a failure occurs.
-     [Nauticus Networks SSL Team <openssl@nauticusnet.com>, Steve Henson]
-
-  *) Add new -passin argument to dgst.
-     [Steve Henson]
-
-  *) Perform some character comparisons of different types in X509_NAME_cmp:
-     this is needed for some certificates that reencode DNs into UTF8Strings
-     (in violation of RFC3280) and can't or wont issue name rollover
-     certificates.
-     [Steve Henson]
-
-  *) Make an explicit check during certificate validation to see that
-     the CA setting in each certificate on the chain is correct.  As a
-     side effect always do the following basic checks on extensions,
-     not just when there's an associated purpose to the check:
-
-      - if there is an unhandled critical extension (unless the user
-        has chosen to ignore this fault)
-      - if the path length has been exceeded (if one is set at all)
-      - that certain extensions fit the associated purpose (if one has
-        been given)
-     [Richard Levitte]
-
- Changes between 0.9.7d and 0.9.7e  [25 Oct 2004]
-
-  *) Avoid a race condition when CRLs are checked in a multi threaded 
-     environment. This would happen due to the reordering of the revoked
-     entries during signature checking and serial number lookup. Now the
-     encoding is cached and the serial number sort performed under a lock.
-     Add new STACK function sk_is_sorted().
-     [Steve Henson]
-
-  *) Add Delta CRL to the extension code.
-     [Steve Henson]
-
-  *) Various fixes to s3_pkt.c so alerts are sent properly.
-     [David Holmes <d.holmes@f5.com>]
-
-  *) Reduce the chances of duplicate issuer name and serial numbers (in
-     violation of RFC3280) using the OpenSSL certificate creation utilities.
-     This is done by creating a random 64 bit value for the initial serial
-     number when a serial number file is created or when a self signed
-     certificate is created using 'openssl req -x509'. The initial serial
-     number file is created using 'openssl x509 -next_serial' in CA.pl
-     rather than being initialized to 1.
-     [Steve Henson]
-
- Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
-
-  *) Fix null-pointer assignment in do_change_cipher_spec() revealed           
-     by using the Codenomicon TLS Test Tool (CAN-2004-0079)                    
-     [Joe Orton, Steve Henson]   
-
-  *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
-     (CAN-2004-0112)
-     [Joe Orton, Steve Henson]   
-
-  *) Make it possible to have multiple active certificates with the same
-     subject in the CA index file.  This is done only if the keyword
-     'unique_subject' is set to 'no' in the main CA section (default
-     if 'CA_default') of the configuration file.  The value is saved
-     with the database itself in a separate index attribute file,
-     named like the index file with '.attr' appended to the name.
-     [Richard Levitte]
-
-  *) X509 verify fixes. Disable broken certificate workarounds when 
-     X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
-     keyUsage extension present. Don't accept CRLs with unhandled critical
-     extensions: since verify currently doesn't process CRL extensions this
-     rejects a CRL with *any* critical extensions. Add new verify error codes
-     for these cases.
-     [Steve Henson]
-
-  *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
-     A clarification of RFC2560 will require the use of OCTET STRINGs and 
-     some implementations cannot handle the current raw format. Since OpenSSL
-     copies and compares OCSP nonces as opaque blobs without any attempt at
-     parsing them this should not create any compatibility issues.
-     [Steve Henson]
-
-  *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
-     calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
-     this HMAC (and other) operations are several times slower than OpenSSL
-     < 0.9.7.
-     [Steve Henson]
-
-  *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
-     [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
-
-  *) Use the correct content when signing type "other".
-     [Steve Henson]
+  *)

 Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]

@@ -2143,20 +1996,6 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) Clean old EAY MD5 hack from e_os.h.
     [Richard Levitte]

- Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
-
-  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
-     by using the Codenomicon TLS Test Tool (CAN-2004-0079)
-     [Joe Orton, Steve Henson]
-
- Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
-
-  *) Fix additional bug revealed by the NISCC test suite:
-
-     Stop bug triggering large recursion when presented with
-     certain ASN.1 tags (CAN-2003-0851)
-     [Steve Henson]
-
 Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]

  *) Fix various bugs revealed by running the NISCC test suite:
--- a/125
+++ b/125
@@ -10,7 +10,7 @@ use strict;

 # see INSTALL for instructions.

-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [[no-]fips] [debug] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [fips] [debug] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";

 # Options:
 #
@@ -140,28 +140,22 @@ my %table=(
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
-"debug-ben-fips-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_FIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
+"debug-ben-fips-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DFIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "dist",		"cc:-O::(unknown)::::::",

 # Basic configs that should work on any (32 and less bit) box
 "gcc",		"gcc:-O3::(unknown):::BN_LLONG:::",
 "cc",		"cc:-O::(unknown)::::::",

-####VOS Configurations
-"vos-gcc","gcc:-b hppa1.1-stratus-vos -O3 -Wall -Wuninitialized -D_POSIX_C_SOURCE=200112L -D_BSD::(unknown):VOS:-Wl,-map:BN_LLONG:::::::::::::.so:",
-"debug-vos-gcc","gcc:-b hppa1.1-stratus-vos -O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:::::::::::::.so:",
-"vos-vcc","vcc:-b i386-stratus-vos -O3 -D_POSIX_C_SOURCE=200112L -D_BSD::(unknown):VOS:-Wl,-map::::::::::::::.so:",
-"debug-vos-vcc","vcc:-b i386-stratus-vos -O0 -g -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map::::::::::::::.so:",
-
 #### Solaris x86 with GNU C setups
 # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
 # here because whenever GNU C instantiates an assembler template it
@@ -169,19 +163,9 @@ my %table=(
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
 "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -shared -static-libgcc might appear controversial, but modules taken
-# from static libgcc do not have relocations and linking them into our
-# shared objects doesn't have any negative side-effects. On the contrary,
-# doing so makes it possible to use gcc shared build with Sun C. Given
-# that gcc generates faster code [thanks to inline assembler], I would
-# actually recommend to consider using gcc shared build even with vendor
-# compiler:-)
-#						<appro@fy.chalmers.se>
-"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-amd64.o:::dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### Solaris x86 with Sun C setups
 "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL::::::::::dlfcn:solaris-shared:-KPIC:-xarch=amd64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -233,13 +217,13 @@ my %table=(
 "irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
-# './Configure irix-cc -o32' manually.
+# './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -277,13 +261,12 @@ my %table=(
 # 64bit PARISC for GCC without optimization, which seems to make problems.
 # Submitted by <ross.alexander@uk.neceur.com>
 "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
 # with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux64-shared:+Z::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
@@ -399,20 +382,17 @@ my %table=(
 "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/linux_ppc32.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -bpowerpc64-linux is transient option, -m64 should be the one to use...
-"linux-ppc64",  "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/linux_ppc64.o:::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
 "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-s390x",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc",   "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-amd64.o:::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-em64t", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc",   "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -435,9 +415,7 @@ my %table=(
 "qnx6",	"cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",

 # Linux on ARM
-# ARM comes in both little- and big-endian flavors. The following line is
-# endian neutral, but ./config is free to throw in -D[BL]_ENDIAN...
-"linux-elf-arm","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # SCO/Caldera targets.
 #
@@ -464,10 +442,11 @@ my %table=(


 # IBM's AIX.
-"aix3-cc",    "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc",    "gcc:-O3 -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:asm/aix_ppc32.o:::::::::dlfcn:",
-"aix-cc",     "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::BN_LLONG RC4_CHAR:asm/aix_ppc32.o:::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc",   "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:asm/aix_ppc64.o:::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+"aix-cc",   "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix-gcc",  "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::",
+"aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",

 #
 # Cray T90 and similar (SDSC)
@@ -530,17 +509,17 @@ my %table=(
 "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",

 # MinGW
-"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll",
+"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-mno-cygwin -lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32::::.dll",

 # UWIN 
 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",

 # Cygwin
 "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:cygwin-shared:-D_WINDLL::.dll",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll",

 # DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM=\"/dev/urandom\\x24\":::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",

 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@@ -563,7 +542,7 @@ my %table=(

 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/osx_ppc32.o::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",

 ##### A/UX
@@ -630,7 +609,7 @@ my $threads=0;
 my $no_asm=0;
 my $no_dso=0;
 my @skip=();
-my $Makefile="Makefile";
+my $Makefile="Makefile.ssl";
 my $des_locl="crypto/des/des_locl.h";
 my $des	="crypto/des/des.h";
 my $bn	="crypto/bn/bn.h";
@@ -642,7 +621,6 @@ my $rc2	="crypto/rc2/rc2.h";
 my $bf	="crypto/bf/bf_locl.h";
 my $bn_asm	="bn_asm.o";
 my $des_enc="des_enc.o fcrypt_b.o";
-my $fips_des_enc="fips_des_enc.o";
 my $bf_enc	="bf_enc.o";
 my $cast_enc="c_enc.o";
 my $rc4_enc="rc4_enc.o";
@@ -664,6 +642,10 @@ my $no_sha=0;
 my $no_rsa=0;
 my $no_dh=0;

+$default_ranlib= &which("ranlib") or $default_ranlib="true";
+$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
+  or $perl="perl";
+
 &usage if ($#ARGV < 0);

 my $flags;
@@ -759,8 +741,6 @@ PROCESS_ARGS:
 			{ $no_ssl3 = 1; }
 		elsif (/^no-tls1?$/)
 			{ $no_tls1 = 1; }
-		elsif (/^no-fips$/)
-			{ $fips = 0; }
 		elsif (/^no-(.+)$/)
 			{
 			my $algo=$1;
@@ -829,6 +809,7 @@ PROCESS_ARGS:
 		elsif (/^fips$/)
 			{
 			$fips=1;
+			$openssl_other_defines.="#define OPENSSL_FIPS\n";
 		        }
 		elsif (/^debug$/)
 			{
@@ -950,15 +931,11 @@ print "Configuring for $target\n";

 my $IsWindows=scalar grep /^$target$/,@WinTargets;

-$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
-$exe_ext=".pm" if ($target eq "vos-gcc" or $target eq "debug-vos-gcc" or $target eq "vos-vcc" or $target eq "debug-vos-vcc");
+$exe_ext=".exe" if ($target eq "Cygwin");
+$exe_ext=".exe" if ($target eq "DJGPP");
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";

-$default_ranlib= &which("ranlib") or $default_ranlib="true";
-$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
-  or $perl="perl";
-
 chop $openssldir if $openssldir =~ /\/$/;
 chop $prefix if $prefix =~ /\/$/;

@@ -1173,26 +1150,16 @@ if ($ranlib eq "")

 $bn_obj = $bn_asm unless $bn_obj ne "";

-my $fips_des_obj;
-my $fips_sha1_obj;
 if ($fips)
 	{
-	if ($des_obj =~ /\-elf\.o$/ && $no_shared) # FIPS DES module is not PIC
-		{
-		$fips_des_obj='asm/fips-dx86-elf.o';
-		$openssl_other_defines.="#define OPENSSL_FIPS_DES_ASM\n";
-		}
-	else {	$fips_des_obj=$fips_des_enc;  }
-	$fips_sha1_obj='asm/sx86-elf.o' if ($sha1_obj =~ /\-elf\.o$/);
 	$des_obj=$sha1_obj="";
-	$openssl_other_defines.="#define OPENSSL_FIPS\n";
 	}
-$des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
+$des_obj=$des_enc	unless (!$fips && $des_obj =~ /\.o$/);
 $bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
 $cast_obj=$cast_enc	unless ($cast_obj =~ /\.o$/);
 $rc4_obj=$rc4_enc	unless ($rc4_obj =~ /\.o$/);
 $rc5_obj=$rc5_enc	unless ($rc5_obj =~ /\.o$/);
-if ($sha1_obj =~ /\.o$/ || $fips_sha1_obj =~ /\.o$/)
+if ($sha1_obj =~ /\.o$/)
 	{
 #	$sha1_obj=$sha1_enc;
 	$cflags.=" -DSHA1_ASM";
@@ -1286,14 +1253,12 @@ while (<IN>)
 	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
 	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
-	s/^FIPS_DES_ENC=.*$/FIPS_DES_ENC= $fips_des_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
 	s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
 	s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
 	s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
 	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
 	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
-	s/^FIPS_SHA1_ASM_OBJ=.*$/FIPS_SHA1_ASM_OBJ= $fips_sha1_obj/;
 	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
 	s/^PROCESSOR=.*/PROCESSOR= $processor/;
 	s/^RANLIB=.*/RANLIB= $ranlib/;
@@ -1526,7 +1491,7 @@ if($IsWindows) {
 	printf OUT <<EOF;
 #ifndef MK1MF_BUILD
  /* auto-generated by Configure for crypto/cversion.c:
-   * for Unix builds, crypto/Makefile generates functional definitions;
+   * for Unix builds, crypto/Makefile.ssl generates functional definitions;
   * Windows builds (and other mk1mf builds) compile cversion.c with
   * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
  #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
@@ -1534,7 +1499,7 @@ if($IsWindows) {
 EOF
 	close(OUT);
 } else {
-	my $make_command = "make PERL=\'$perl\'";
+	my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
 	my $make_targets = "";
 	$make_targets .= " links" if $symlink;
 	$make_targets .= " depend" if $depflags ne "" && $make_depend;
@@ -1543,10 +1508,12 @@ EOF
 		if $make_targets ne "";
 	if ( $perl =~ m@^/@) {
 	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
 	    &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
 	} else {
 	    # No path for Perl known ...
 	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
 	if ($depflags ne "" && !$make_depend) {
@@ -1623,10 +1590,10 @@ sub which
 	my $path;
 	foreach $path (split /:/, $ENV{PATH})
 		{
-		if (-f "$path/$name$exe_ext" and -x _)
+		if (-f "$path/$name" and -x _)
 			{
-			return "$path/$name$exe_ext" unless ($name eq "perl" and
-			 system("$path/$name$exe_ext -e " . '\'exit($]<5.0);\''));
+			return "$path/$name" unless ($name eq "perl" and
+			 system("$path/$name -e " . '\'exit($]<5.0);\''));
 			}
 		}
 	}
--- a/52
+++ b/52
@@ -52,7 +52,6 @@ OpenSSL  -  Frequently Asked Questions
 * Is OpenSSL thread-safe?
 * I've compiled a program under Windows and it crashes: why?
 * How do I read or write a DER encoded buffer using the ASN1 functions?
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
 * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
 * I've called <some function> and it fails, why?
 * I just get a load of numbers for the error output, what do they mean?
@@ -61,7 +60,6 @@ OpenSSL  -  Frequently Asked Questions
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 * Why doesn't my server application receive a client certificate?
 * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-* I think I've detected a memory leak, is this a bug?

 ===============================================================================

@@ -70,7 +68,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7g was released on April 11, 2005.
+OpenSSL 0.9.7c was released on September 30, 2003.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -118,14 +116,11 @@ OpenSSL.  Information on the OpenSSL mailing lists is available from

 * Where can I get a compiled version of OpenSSL?

-You can finder pointers to binary distributions in
-http://www.openssl.org/related/binaries.html .
-
 Some applications that use OpenSSL are distributed in binary form.
 When using such an application, you don't need to install OpenSSL
 yourself; the application will include the required parts (e.g. DLLs).

-If you want to build OpenSSL on a Windows system and you don't have
+If you want to install OpenSSL on a Windows system and you don't have
 a C compiler, read the "Mingw32" section of INSTALL.W32 for information
 on how to obtain and install the free GNU C compiler.

@@ -462,7 +457,7 @@ get the best result from OpenSSL.  A bit more complicated solution is the
 following:

 ----- snip:start -----
-  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile | \
+  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
       sed -e 's/ -O[0-9] / -O0 /'`"
  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
  make
@@ -472,10 +467,6 @@ This will only compile sha_dgst.c with -O0, the rest with the optimization
 level chosen by the configuration process.  When the above is done, do the
 test and installation and you're set.

-3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
-should not be used and is not used in SSL/TLS nor any other recognized
-protocol in either case.
-

 * Why does the OpenSSL compilation fail with "ar: command not found"?

@@ -689,20 +680,6 @@ and attempts to free the buffer will have unpredictable results
 because it no longer points to the same address.


-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-
-The short answer is yes, because DER is a special case of BER and OpenSSL
-ASN1 decoders can process BER.
-
-The longer answer is that ASN1 structures can be encoded in a number of
-different ways. One set of ways is the Basic Encoding Rules (BER) with various
-permissible encodings. A restriction of BER is the Distinguished Encoding
-Rules (DER): these uniquely specify how a given structure is encoded.
-
-Therefore, because DER is a special case of BER, DER is an acceptable encoding
-for BER.
-
-
 * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?

 This usually happens when you try compiling something using the PKCS#12
@@ -785,28 +762,5 @@ The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
 Change your code to use the new name when compiling against OpenSSL 0.9.7.


-* I think I've detected a memory leak, is this a bug?
-
-In most cases the cause of an apparent memory leak is an OpenSSL internal table
-that is allocated when an application starts up. Since such tables do not grow
-in size over time they are harmless.
-
-These internal tables can be freed up when an application closes using various
-functions.  Currently these include following:
-
-Thread-local cleanup functions:
-
-  ERR_remove_state()
-
-Application-global cleanup functions that are aware of usage (and therefore
-thread-safe):
-
-  ENGINE_cleanup() and CONF_modules_unload()
-
-"Brutal" (thread-unsafe) Application-global cleanup functions:
-
-  ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
-
-
 ===============================================================================

--- a/4
+++ b/4
@@ -123,7 +123,7 @@
     generic configurations "cc" or "gcc" should usually work on 32 bit
     systems.

-     Configure creates the file Makefile from Makefile.org and
+     Configure creates the file Makefile.ssl from Makefile.org and
     defines various macros in crypto/opensslconf.h (generated from
     crypto/opensslconf.h.in).

@@ -159,7 +159,7 @@
     the failure that isn't a problem in OpenSSL itself (like a missing
     or malfunctioning bc).  If it is a problem with OpenSSL itself,
     try removing any compiler optimization flags from the CFLAG line
-     in Makefile and run "make clean; make". Please send a bug
+     in Makefile.ssl and run "make clean; make". Please send a bug
     report to <openssl-bugs@openssl.org>, including the output of
     "make report" in order to be added to the request tracker at
     http://www.openssl.org/support/rt2.html.
--- a/INSTALL.DJGPP
+++ b/INSTALL.DJGPP
@@ -3,45 +3,32 @@
 INSTALLATION ON THE DOS PLATFORM WITH DJGPP
 -------------------------------------------

- OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
- environment for 16-bit DOS, but only with long filename support.
- If you wish to compile on native DOS with 8+3 filenames, you will
- have to tweak the installation yourself, including renaming files
- with illegal or duplicate names.
+ Openssl has been ported to DOS, but only with long filename support. If
+ you wish to compile on native DOS with 8+3 filenames, you will have to
+ tweak the installation yourself, including renaming files with illegal
+ or duplicate names.

 You should have a full DJGPP environment installed, including the
 latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
 requires that PERL and BC also be installed.

- All of these can be obtained from the usual DJGPP mirror sites or
- directly at "http://www.delorie.com/pub/djgpp". For help on which
- files to download, see the DJGPP "ZIP PICKER" page at
- "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
- the WATT-32 networking package installed before you try to compile
- OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
+ All of these can be obtained from the usual DJGPP mirror sites, such
+ as "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to
+ have the WATT-32 networking package installed before you try to compile
+ openssl. This can be obtained from "http://www.bgnett.no/~giva/".
 The Makefile assumes that the WATT-32 code is in the directory
 specified by the environment variable WATT_ROOT. If you have watt-32
 in directory "watt32" under your main DJGPP directory, specify
 WATT_ROOT="/dev/env/DJDIR/watt32".

- To compile OpenSSL, start your BASH shell, then configure for DJGPP by
- running "./Configure" with appropriate arguments:
-
-	./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
+ To compile openssl, start your BASH shell. Then configure for DOS by
+ running "./Configure" with appropriate arguments. The basic syntax for
+ DOS is:
+ ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
 
- And finally fire up "make". You may run out of DPMI selectors when
- running in a DOS box under Windows. If so, just close the BASH
- shell, go back to Windows, and restart BASH. Then run "make" again.
+ You may run out of DPMI selectors when running in a DOS box under
+ Windows. If so, just close the BASH shell, go back to Windows, and
+ restart BASH. Then run "make" again.

- RUN-TIME CAVEAT LECTOR
- --------------
-
- Quoting FAQ:
-
-  "Cryptographic software needs a source of unpredictable data to work
-   correctly.  Many open source operating systems provide a "randomness
-   device" (/dev/urandom or /dev/random) that serves this purpose."
-
- As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
- party "randomness" DOS driver. One such driver, NOISE.SYS, can be
- obtained from "http://www.rahul.net/dkaufman/index.html".
+ Building openssl under DJGPP has been tested with DJGPP 2.03,
+ GCC 2.952, GCC 2.953, perl 5.005_02 and perl 5.006_01.
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -46,13 +46,12 @@
 http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
 The NASM binary nasmw.exe needs to be installed anywhere on your PATH.

- Firstly you should run Configure (to build a FIPS-certified variant of
- OpenSSL, add the option "fips"):
+ Firstly you should run Configure:

 > perl Configure VC-WIN32

 Next you need to build the Makefiles and optionally the assembly language
- files (to build a FIPS-certified variant of OpenSSL, add the argument "fips"):
+ files:

 - If you are using MASM then run:

@@ -101,12 +100,10 @@
 Borland C++ builder 5
 ---------------------

- * Configure for building with Borland Builder (to build a FIPS-certified
-   variant of OpenSSL, add the option "fips"):
+ * Configure for building with Borland Builder:
   > perl Configure BC-32

- * Create the appropriate makefile (to build a FIPS-certified variant of
-   OpenSSL, add the argument "fips")
+ * Create the appropriate makefile
   > ms\do_nasm

 * Build
@@ -197,8 +194,6 @@
   occur, try
   > ms\mingw32 no-asm
   instead.
-   If you want to build a FIPS-certified variant of OpenSSL, add the argument
-   "fips"

   libcrypto.a and libssl.a are the static libraries. To use the DLLs,
   link with libeay32.a and libssl32.a instead.
--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------

 /* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/MacOS/GetHTTPS.src/CPStringUtils.cpp
+++ b/MacOS/GetHTTPS.src/CPStringUtils.cpp
@@ -2750,4 +2750,4 @@ void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL)
 			}
 		}
 	}
-}
+}
--- a/MacOS/GetHTTPS.src/ErrorHandling.cpp
+++ b/MacOS/GetHTTPS.src/ErrorHandling.cpp
@@ -167,4 +167,4 @@ void ThrowErrorMessageException(void)
 	ThrowDescriptiveException(gErrorMessage);
 }

-#endif
+#endif
--- a/Makefile.org
+++ b/Makefile.org
@@ -101,7 +101,6 @@ PROCESSOR=

 # Set DES_ENC to des_enc.o if you want to use the C version
 #There are 4 x86 assember options.
-FIPS_DES_ENC= des_enc.o fcrypt_b.o
 DES_ENC= asm/dx86-out.o asm/yx86-out.o
 #DES_ENC= des_enc.o fcrypt_b.o          # C
 #DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
@@ -154,7 +153,6 @@ MD5_ASM_OBJ= asm/mx86-out.o

 # Also need SHA1_ASM defined
 SHA1_ASM_OBJ= asm/sx86-out.o
-FIPS_SHA1_ASM_OBJ= asm/sx86-out.o
 #SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
 #SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
 #SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
@@ -176,7 +174,7 @@ LIBKRB5=
 SHLIB_MARK=

 DIRS=   crypto fips ssl $(SHLIB_MARK) sigs apps test tools
-SHLIBDIRS= crypto ssl
+SHLIBDIRS= fips crypto ssl

 # dirs in crypto to build
 SDIRS=  objects \
@@ -186,13 +184,14 @@ SDIRS=  objects \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5

-FDIRS=	sha1 rand des aes dsa rsa dh
+FDIRS=	sha1 rand des aes dsa rsa

 # tests to perform.  "alltests" is a special word indicating that all tests
 # should be performed.
 TESTS = alltests

-MAKEFILE= Makefile
+MAKEFILE= Makefile.ssl
+MAKE=     make -f Makefile.ssl

 MANDIR=$(OPENSSLDIR)/man
 MAN1=1
@@ -205,7 +204,7 @@ ONEDIRS=out tmp
 EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
 WDIRS=  windows
 LIBS=   libcrypto.a libssl.a
-SIGS=	libcrypto.a.sha1
+SIGS=	libcrypto.sha1
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
 SHARED_LIBS=
@@ -223,13 +222,12 @@ HEADER=         e_os.h
 # When we're prepared to use shared libraries in the programs we link here
 # we might remove 'clean-shared' from the targets to perform at this stage

-all: Makefile sub_all openssl.pc
+all: Makefile.ssl sub_all openssl.pc

 sigs:	$(SIGS)
-libcrypto.a.sha1: libcrypto.a
-	@if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-		$(RANLIB) libcrypto.a; \
-		fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
+libcrypto.sha1: libcrypto.a
+	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+		fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.sha1; \
 	fi

 sub_all:
@@ -237,7 +235,7 @@ sub_all:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
@@ -248,7 +246,7 @@ sub_target:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making $(TARGET) in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
@@ -334,18 +332,11 @@ do_cygwin-shared:
 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
-	shlib=cyg$${i}-$(SHLIB_VERSION_NUMBER).dll; \
-	[ "$(PLATFORM)" = "mingw" ] && shlib=$${i}eay32.dll; \
-	[ -f apps/$$shlib ] && rm apps/$$shlib; \
-	[ -f test/$$shlib ] && rm test/$$shlib; \
-	base=;  [ $$i = "crypto" ] && base=-Wl,--image-base,0xFE00000; \
-	( set -x; ${CC} ${SHARED_LDFLAGS} \
-		-shared $$base -o $$shlib \
+	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
 		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--out-implib,lib$$i.dll.a \
-		-Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \
-	cp -p $$shlib apps/; cp -p $$shlib test/; \
+		-Wl,--no-whole-archive $$libs ) || exit 1; \
 	libs="-l$$i $$libs"; \
 	done

@@ -421,7 +412,6 @@ do_solaris-shared:
 		  set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
 			-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			-Wl,-Bsymbolic \
 			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
 			$$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="-l$$i $$libs"; \
@@ -486,12 +476,10 @@ do_irix-shared:
 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
-		( WHOLELIB="-all lib$$i.a -none"; \
-		  (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-none"; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			$${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
+			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
 		libs="-l$$i $$libs"; \
 		done; \
 	fi
@@ -512,18 +500,13 @@ do_hpux-shared:
 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
-	if expr $(PLATFORM) : '.*ia64' > /dev/null; then \
-		shlib=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
-	else \
-		shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
-	fi; \
-	[ -f $$shlib ] && rm -f $$shlib; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
 		+vnocompatwarnings \
 		-b -z +s \
-		-o $$shlib +h $$shlib \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Fl lib$$i.a -ldld -lc ) || exit 1; \
-	chmod a=rx $$shlib; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	done

 # This assumes that GNU utilities are *not* used
@@ -540,17 +523,12 @@ do_hpux64-shared:
 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
-	if expr $(PLATFORM) : '.*ia64' > /dev/null; then \
-		shlib=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
-	else \
-		shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
-	fi; \
-	[ -f $$shlib ] && rm -f $$shlib; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
 		-b -z \
-		-o $$shlib +h $$shlib \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+forceload lib$$i.a -ldl -lc ) || exit 1; \
-	chmod a=rx $$shlib; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	done

 # The following method is said to work on all platforms.  Tests will
@@ -591,8 +569,6 @@ do_aix-shared:
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
 	( set -x; \
-	  OBJECT_MODE=`expr x${SHARED_LDFLAGS} : 'x\-[a-z]\([0-9]*\)'`; \
-	  OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
 	  ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
 	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
 	    $(SHAREDCMD) $(SHAREDFLAGS) \
@@ -619,7 +595,7 @@ do_reliantunix-shared:
 	libs="-l$$i $$libs"; \
 	done

-openssl.pc: Makefile
+openssl.pc: Makefile.ssl
 	@ ( echo 'prefix=$(INSTALLTOP)'; \
 	    echo 'exec_prefix=$${prefix}'; \
 	    echo 'libdir=$${exec_prefix}/lib'; \
@@ -632,8 +608,8 @@ openssl.pc: Makefile
 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc

-Makefile: Makefile.org
-	@echo "Makefile is older than Makefile.org."
+Makefile.ssl: Makefile.org
+	@echo "Makefile.ssl is older than Makefile.org."
 	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
 	@false

@@ -646,7 +622,7 @@ clean:	libclean
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making clean in $$i..." && \
-		$(MAKE) EXE_EXT='${EXE_EXT}' SDIRS='${SDIRS}' clean ) || exit 1; \
+		$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
 		rm -f $(LIBS); \
 	fi; \
 	done;
@@ -663,7 +639,7 @@ makefile.one: files
 	sh util/do_ms.sh

 files:
-	$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
 	@for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
@@ -673,18 +649,19 @@ files:
 	done;

 links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
 	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
 	@for i in $(DIRS); do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making links in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
 	fi; \
 	done;

 gentests:
 	@(cd test && echo "generating dummy tests (if needed)..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );

 dclean:
 	rm -f *.bak
@@ -698,18 +675,29 @@ dclean:

 rehash: rehash.time
 rehash.time: certs
-	@(OPENSSL="`pwd`/util/opensslwrap.sh"; \
-	  OPENSSL_DEBUG_MEMORY=on; \
-	  export OPENSSL OPENSSL_DEBUG_MEMORY; \
-	  $(PERL) tools/c_rehash certs)
+	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
+		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
+		SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
+		LIBPATH="`pwd`:$$LIBPATH"; \
+		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+		$(PERL) tools/c_rehash certs)
 	touch rehash.time

 test:   tests

 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
-	util/shlib_wrap.sh apps/openssl version -a
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+	@LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
+	DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
+	SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
+	LIBPATH="`pwd`:$$LIBPATH"; \
+	if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+	export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+	apps/openssl version -a

 report:
 	@$(PERL) util/selftest.pl
@@ -733,8 +721,13 @@ lint:
 	done;

 tags:
-	rm -f TAGS
-	find . -name '[^.]*.[ch]' | xargs etags -a
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making tags $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+	fi; \
+	done;

 errors:
 	$(PERL) util/mkerr.pl -recurse -write
@@ -754,14 +747,11 @@ crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
 crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
 	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h

-apps/openssl-vms.cnf: apps/openssl.cnf
-	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
-
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE

-update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE
+update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE

 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
@@ -798,17 +788,16 @@ dist:
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)

-install: all install_docs install_sw
-
-install_sw:
+install: all install_docs
 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
-	@headerlist="$(EXHEADER)"; for i in $$headerlist ;\
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/private \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/lib
+	@for i in $(EXHEADER) ;\
 	do \
 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
@@ -825,11 +814,7 @@ install_sw:
 		if [ -f "$$i" ]; then \
 		(       echo installing $$i; \
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-			if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-				: ; \
-			else \
-				$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-			fi; \
+			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 		fi; \
@@ -871,7 +856,6 @@ install_sw:
 		if [ -f "$$i" ]; then \
 		(       echo installing $$i; \
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 		fi; \
 	done;
@@ -887,7 +871,7 @@ install_docs:
 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
 	here="`pwd`"; \
 	filecase=; \
-	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
 		filecase=-i; \
 	fi; \
 	for i in doc/apps/*.pod; do \
--- a/30
+++ b/30
@@ -5,36 +5,6 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
-
-      o More compilation issues fixed.
-      o Adaptation to more modern Kerberos API.
-      o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
-      o Enhanced x86_64 assembler BIGNUM module.
-      o More constification.
-      o Added processing of proxy certificates (RFC 3820).
-
-  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
-
-      o Several compilation issues fixed.
-      o Many memory allocation failure checks added.
-      o Improved comparison of X509 Name type.
-      o Mandatory basic checks on certificates.
-      o Performance improvements.
-
-  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
-
-      o Fix race condition in CRL checking code.
-      o Fixes to PKCS#7 (S/MIME) code.
-
-  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
-
-      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
-      o Security: Fix null-pointer assignment in do_change_cipher_spec()
-      o Allow multiple active certificates with same subject in CA index
-      o Multiple X509 verification fixes
-      o Speed up HMAC and other operations
-
  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:

      o Security: fix various ASN1 parsing bugs.
--- a/13
+++ b/13
@@ -12,8 +12,8 @@ along the whole library path before it bothers looking for .a libraries.  This
 means that -L switches won't matter unless OpenSSL is built with shared
 library support.

-The workaround may be to change the following lines in apps/Makefile and
-test/Makefile:
+The workaround may be to change the following lines in apps/Makefile.ssl and
+test/Makefile.ssl:

  LIBCRYPTO=-L.. -lcrypto
  LIBSSL=-L.. -lssl
@@ -90,6 +90,15 @@ failures in other parts of the code.

 Workaround: modify the target to +O2 when building with no-asm.

+* Poor support for AIX shared builds.
+
+do_aix-shared rule is not flexible enough to parameterize through a
+config-line. './Configure aix43-cc shared' is working, but not
+'./Configure aix64-gcc shared'. In latter case make fails to create shared
+libraries. It's possible to build 64-bit shared libraries by running
+'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
+supporting even gcc shared builds. See RT#463 for background information.
+
 * Problems building shared libraries on SCO OpenServer Release 5.0.6
  with gcc 2.95.3

--- a/18
+++ b/18
@@ -1,7 +1,7 @@

- OpenSSL 0.9.7g 11 April 2005
+ OpenSSL 0.9.7c 30 Sep 2003

- Copyright (c) 1998-2005 The OpenSSL Project
+ Copyright (c) 1998-2003 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.

@@ -173,17 +173,11 @@
 textual explanation of what your patch does.

 Note: For legal reasons, contributions from the US can be accepted only
- if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
- (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
- please take some time to look at
-    http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
- and
-    http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
- for the details. If "your encryption source code is too large to serve as
- an email attachment", they are glad to receive it by fax instead; hope you
- have a cheap long-distance plan.
+ if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
+ see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
+ and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).

- Our preferred format for changes is "diff -u" output. You might
+ The preferred format for changes is "diff -u" output. You might
 generate it like this:

 # cd openssl-work
--- a/8
+++ b/8
@@ -1,20 +1,14 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2005/04/11 15:10:06 $
+  ______________                           $Date: 2003/10/02 10:55:20 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.8:  Under development...
-    o  OpenSSL 0.9.7g: Released on April     11th, 2005
-    o  OpenSSL 0.9.7f: Released on March     22nd, 2005
-    o  OpenSSL 0.9.7e: Released on October   25th, 2004
-    o  OpenSSL 0.9.7d: Released on March     17th, 2004
    o  OpenSSL 0.9.7c: Released on September 30th, 2003
    o  OpenSSL 0.9.7b: Released on April     10th, 2003
    o  OpenSSL 0.9.7a: Released on February  19th, 2003
    o  OpenSSL 0.9.7:  Released on December  31st, 2002
-    o  OpenSSL 0.9.6m: Released on March     17th, 2004
-    o  OpenSSL 0.9.6l: Released on November   4th, 2003
    o  OpenSSL 0.9.6k: Released on September 30th, 2003
    o  OpenSSL 0.9.6j: Released on April     10th, 2003
    o  OpenSSL 0.9.6i: Released on February  19th, 2003
--- a/471
+++ b/471
@@ -92,9 +92,9 @@ $cast_obj     = asm/cx86-out.o
 $rc4_obj      = asm/rx86-out.o
 $rmd160_obj   = asm/rm86-out.o
 $rc5_obj      = asm/r586-out.o
-$dso_scheme   = dlfcn
+$dso_scheme   = win32
 $shared_target= cygwin-shared
-$shared_cflag = -D_WINDLL
+$shared_cflag = 
 $shared_ldflag = 
 $shared_extension = .dll
 $ranlib       = 
@@ -127,7 +127,7 @@ $arflags      =

 *** DJGPP
 $cc           = gcc
-$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM="/dev/urandom\x24"
+$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MSDOS
@@ -1027,56 +1027,6 @@ $arflags      =

 *** aix-cc
 $cc           = cc
-$cflags       = -q32 -O -DB_ENDIAN -qmaxmem=16384
-$unistd       = 
-$thread_cflag = -qthreaded
-$sys_id       = AIX
-$lflags       = 
-$bn_ops       = BN_LLONG RC4_CHAR
-$bn_obj       = asm/aix_ppc32.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= aix-shared
-$shared_cflag = 
-$shared_ldflag = -q32
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = -X 32
-
-*** aix-gcc
-$cc           = gcc
-$cflags       = -O3 -DB_ENDIAN
-$unistd       = 
-$thread_cflag = -D_THREAD_SAFE
-$sys_id       = AIX
-$lflags       = 
-$bn_ops       = BN_LLONG RC4_CHAR
-$bn_obj       = asm/aix_ppc32.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
-*** aix3-cc
-$cc           = cc
 $cflags       = -O -DB_ENDIAN -qmaxmem=16384
 $unistd       = 
 $thread_cflag = (unknown)
@@ -1100,15 +1050,90 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 

-*** aix64-cc
-$cc           = cc
-$cflags       = -q64 -O -DB_ENDIAN -qmaxmem=16384
+*** aix-gcc
+$cc           = gcc
+$cflags       = -O3 -DB_ENDIAN
 $unistd       = 
-$thread_cflag = -qthreaded
+$thread_cflag = (unknown)
 $sys_id       = AIX
 $lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix43-cc
+$cc           = cc
+$cflags       = -O -DAIX -DB_ENDIAN -qmaxmem=16384
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= aix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** aix43-gcc
+$cc           = gcc
+$cflags       = -O1 -DAIX -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix64-cc
+$cc           = cc
+$cflags       = -O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR
-$bn_obj       = asm/aix_ppc64.o
+$bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
@@ -1433,7 +1458,7 @@ $thread_cflag = -D_REENTRANT
 $sys_id       = MACOSX
 $lflags       = 
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
-$bn_obj       = asm/osx_ppc32.o
+$bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
@@ -1527,7 +1552,7 @@ $arflags      =

 *** debug-ben-fips-debug
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_FIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DFIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -1652,7 +1677,7 @@ $arflags      =

 *** debug-levitte-linux-elf
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1677,7 +1702,7 @@ $arflags      =

 *** debug-levitte-linux-elf-extreme
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1702,7 +1727,7 @@ $arflags      =

 *** debug-levitte-linux-noasm
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1727,7 +1752,7 @@ $arflags      =

 *** debug-levitte-linux-noasm-extreme
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1793,10 +1818,10 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
+$shared_target= 
+$shared_cflag = 
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = 
 $ranlib       = 
 $arflags      = 

@@ -1977,12 +2002,12 @@ $arflags      =

 *** debug-steve
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
-$lflags       = -ldl
-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$lflags       = -rdynamic -ldl
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
 $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
 $bf_obj       = asm/bx86-elf.o
@@ -2050,56 +2075,6 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 

-*** debug-vos-gcc
-$cc           = gcc
-$cflags       = -b hppa1.1-stratus-vos -O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG
-$unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = VOS
-$lflags       = -Wl,-map
-$bn_ops       = BN_LLONG
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = .so
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
-*** debug-vos-vcc
-$cc           = vcc
-$cflags       = -b i386-stratus-vos -O0 -g -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG
-$unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = VOS
-$lflags       = -Wl,-map
-$bn_ops       = 
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = .so
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
 *** dgux-R3-gcc
 $cc           = gcc
 $cflags       = -O3 -fomit-frame-pointer
@@ -2332,21 +2307,21 @@ $unistd       =
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
+$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
 $bn_obj       = asm/ia64-cpp.o
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = asm/sha1-ia64.o
+$sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = asm/rc4-ia64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= hpux-shared
 $shared_cflag = +Z
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 

@@ -2607,21 +2582,21 @@ $unistd       =
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
 $bn_obj       = asm/ia64-cpp.o
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = asm/sha1-ia64.o
+$sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = asm/rc4-ia64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= hpux64-shared
 $shared_cflag = +Z
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 

@@ -2700,31 +2675,6 @@ $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 

-*** hpux64-parisc2-gcc
-$cc           = gcc
-$cflags       = -O3 -DB_ENDIAN -DMD32_XARRAY
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
-$bn_obj       = asm/pa-risc2W.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= hpux64-shared
-$shared_cflag = -fpic
-$shared_ldflag = 
-$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** hurd-x86
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall
@@ -2820,7 +2770,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= irix-shared
 $shared_cflag = 
-$shared_ldflag = -n32
+$shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -2845,7 +2795,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= irix-shared
 $shared_cflag = 
-$shared_ldflag = -mabi=n32
+$shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -2870,7 +2820,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= irix-shared
 $shared_cflag = 
-$shared_ldflag = -64
+$shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -2895,7 +2845,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= irix-shared
 $shared_cflag = 
-$shared_ldflag = -mabi=64
+$shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -3052,11 +3002,11 @@ $arflags      =

 *** linux-elf-arm
 $cc           = gcc
-$cflags       = -DTERMIO -O3 -fomit-frame-pointer -Wall
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
-$lflags       = -ldl
+$lflags       = 
 $bn_ops       = BN_LLONG
 $bn_obj       = 
 $des_obj      = 
@@ -3075,31 +3025,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 

-*** linux-em64t
-$cc           = gcc
-$cflags       = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL
-$bn_obj       = asm/x86_64-gcc.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** linux-ia64
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
@@ -3107,14 +3032,14 @@ $unistd       =
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
 $bn_obj       = asm/ia64.o
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = asm/sha1-ia64.o
+$sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = asm/rc4-ia64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -3127,19 +3052,19 @@ $arflags      =

 *** linux-ia64-ecc
 $cc           = ecc
-$cflags       = -DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt
+$cflags       = -DL_ENDIAN -DTERMIO -O2 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
 $bn_obj       = asm/ia64.o
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = asm/sha1-ia64.o
+$sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = asm/rc4-ia64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -3308,7 +3233,7 @@ $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
-$bn_obj       = asm/linux_ppc32.o
+$bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
@@ -3325,31 +3250,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 

-*** linux-ppc64
-$cc           = gcc
-$cflags       = -bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
-$bn_obj       = asm/linux_ppc64.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -bpowerpc64-linux
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** linux-ppro
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall
@@ -3507,14 +3407,14 @@ $unistd       =
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL
 $bn_obj       = asm/x86_64-gcc.o
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = asm/rc4-amd64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -3556,7 +3456,7 @@ $cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wal
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MINGW32
-$lflags       = -lwsock32 -lgdi32
+$lflags       = -mno-cygwin -lwsock32 -lgdi32
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = asm/bn86-out.o asm/co86-out.o
 $des_obj      = asm/dx86-out.o asm/yx86-out.o
@@ -3568,9 +3468,9 @@ $rc4_obj      = asm/rx86-out.o
 $rmd160_obj   = asm/rm86-out.o
 $rc5_obj      = asm/r586-out.o
 $dso_scheme   = win32
-$shared_target= cygwin-shared
-$shared_cflag = -D_WINDLL
-$shared_ldflag = -mno-cygwin
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
 $shared_extension = .dll
 $ranlib       = 
 $arflags      = 
@@ -4175,56 +4075,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 

-*** solaris64-x86_64-cc
-$cc           = cc
-$cflags       = -fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -lsocket -lnsl -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -KPIC
-$shared_ldflag = -xarch=amd64
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
-*** solaris64-x86_64-gcc
-$cc           = gcc
-$cflags       = -m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -lsocket -lnsl -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
-$bn_obj       = asm/x86_64-gcc.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = asm/rc4-amd64.o
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= solaris-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -m64 -shared -static-libgcc
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** sunos-gcc
 $cc           = gcc
 $cflags       = -O3 -mv8 -Dssize_t=int
@@ -4425,56 +4275,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 

-*** vos-gcc
-$cc           = gcc
-$cflags       = -b hppa1.1-stratus-vos -O3 -Wall -Wuninitialized -D_POSIX_C_SOURCE=200112L -D_BSD
-$unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = VOS
-$lflags       = -Wl,-map
-$bn_ops       = BN_LLONG
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = .so
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
-*** vos-vcc
-$cc           = vcc
-$cflags       = -b i386-stratus-vos -O3 -D_POSIX_C_SOURCE=200112L -D_BSD
-$unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = VOS
-$lflags       = -Wl,-map
-$bn_ops       = 
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = .so
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
 *** vxworks-mipsle
 $cc           = ccmips
 $cflags       = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I$(WIND_BASE)/target/h
@@ -4575,6 +4375,31 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 

+*** vxworks-ppc860
+$cc           = ccppc
+$cflags       = -g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h
+$unistd       = 
+$thread_cflag = 
+$sys_id       = VXWORKS
+$lflags       = -r
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
 *** vxworks-ppc860
 $cc           = ccppc
 $cflags       = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h
--- a/VMS/VMSify-conf.pl
+++ b/VMS/VMSify-conf.pl
@@ -1,34 +0,0 @@
-#! /usr/bin/perl
-
-use strict;
-use warnings;
-
-my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
-my @file_vars = ( "database", "certificate", "serial", "crlnumber",
-		  "crl", "private_key", "RANDFILE" );
-while(<STDIN>) {
-    chomp;
-    foreach my $d (@directory_vars) {
-	if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
-	    $_ = "$1sys\\\$disk:\[.$2$3";
-	} elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
-	    $_ = "$1sys\\\$disk:\[.$2$3";
-	}
-	s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
-	while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
-	    $_ = "$1.$3]$4";
-	}
-    }
-    foreach my $f (@file_vars) {
-	s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
-	while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
-	    $_ = "$1.$3$4";
-	}
-	if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
-	    $_ = "$1]$3.$4";
-	} elsif  (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
-	    $_ = "$1]$3$4";
-	}
-   }
-    print $_,"\n";
-}
--- a/VMS/mkshared.com
+++ b/VMS/mkshared.com
@@ -266,14 +266,6 @@ $             falsesum = falsesum + 1
 $         endif
 $         if plat_entry .eqs. "VMS" then truesum = truesum + 1
 $         if plat_entry .eqs. "!VMS" then falsesum = falsesum + 1
-$         if f$trnlnm("OPENSSL_FIPS") .nes. ""
-$         then
-$           if plat_entry .eqs. "OPENSSL_FIPS" then truesum = truesum + 1
-$           if plat_entry .eqs. "!OPENSSL_FIPS" then falsesum = falsesum + 1
-$         else
-$           if plat_entry .eqs. "OPENSSL_FIPS" then falsesum = falsesum + 1
-$           if plat_entry .eqs. "!OPENSSL_FIPS" then truesum = truesum + 1
-$         endif
 $	  goto loop1
 $       endif
 $     endloop1:
--- a/apps/.cvsignore
+++ b/apps/.cvsignore
@@ -3,6 +3,3 @@ Makefile.save
 der_chop
 der_chop.bak
 CA.pl
-openssl.sha1
-*.flc
-semantic.cache
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -36,21 +36,13 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored

-my $openssl;
-if(defined $ENV{OPENSSL}) {
-	$openssl = $ENV{OPENSSL};
-} else {
-	$openssl = "openssl";
-	$ENV{OPENSSL} = $openssl;
-}
-
 $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";
-$REQ="$openssl req $SSLEAY_CONFIG";
-$CA="$openssl ca $SSLEAY_CONFIG";
-$VERIFY="$openssl verify";
-$X509="$openssl x509";
-$PKCS12="$openssl pkcs12";
+$REQ="openssl req $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
+$VERIFY="openssl verify";
+$X509="openssl x509";
+$PKCS12="openssl pkcs12";

 $CATOP="./demoCA";
 $CAKEY="cakey.pem";
@@ -90,6 +82,9 @@ foreach (@ARGV) {
 		mkdir "${CATOP}/crl", $DIRMODE ;
 		mkdir "${CATOP}/newcerts", $DIRMODE;
 		mkdir "${CATOP}/private", $DIRMODE;
+		open OUT, ">${CATOP}/serial";
+		print OUT "01\n";
+		close OUT;
 		open OUT, ">${CATOP}/index.txt";
 		close OUT;
 	    }
@@ -111,10 +106,6 @@ foreach (@ARGV) {
 		    $RET=$?;
 		}
 	    }
-	    if (! -f "${CATOP}/serial" ) {
-		system ("$X509 -in ${CATOP}/$CACERT -noout "
-			. "-next_serial -out ${CATOP}/serial");
-	    }
 	} elsif (/^-pkcs12$/) {
 	    my $cname = $ARGV[1];
 	    $cname = "My Certificate" unless defined $cname;
--- a/apps/CA.sh
+++ b/apps/CA.sh
@@ -30,13 +30,11 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored

-if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
-
 DAYS="-days 365"
-REQ="$OPENSSL req $SSLEAY_CONFIG"
-CA="$OPENSSL ca $SSLEAY_CONFIG"
-VERIFY="$OPENSSL verify"
-X509="$OPENSSL x509"
+REQ="openssl req $SSLEAY_CONFIG"
+CA="openssl ca $SSLEAY_CONFIG"
+VERIFY="openssl verify"
+X509="openssl x509"

 CATOP=./demoCA
 CAKEY=./cakey.pem
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -1,5 +1,5 @@
 #
-#  apps/Makefile
+#  apps/Makefile.ssl
 #

 DIR=		apps
@@ -10,9 +10,10 @@ CFLAG=		-g -static
 INSTALL_PREFIX=
 INSTALLTOP=	/usr/local/ssl
 OPENSSLDIR=	/usr/local/ssl
+MAKE=		make -f Makefile.ssl
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=	Makefile
+MAKEFILE=	Makefile.ssl
 PERL=		perl
 RM=		rm -f
 # KRB5 stuff
@@ -36,7 +37,7 @@ LIBSSL=-L.. -lssl

 PROGRAM= openssl

-SCRIPTS=CA.sh CA.pl
+SCRIPTS=CA.sh CA.pl der_chop

 EXE= $(PROGRAM)$(EXE_EXT)

@@ -44,7 +45,7 @@ E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa rsautl dsa dsaparam \
 	x509 genrsa gendsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
-	pkcs8 spkac smime rand engine ocsp prime
+	pkcs8 spkac smime rand engine ocsp

 PROGS= $(PROGRAM).c

@@ -60,14 +61,14 @@ E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
 	rsa.o rsautl.o dsa.o dsaparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
-	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o
+	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o

 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c rsautl.c dsa.c dsaparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
-	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c prime.c
+	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c

 SRC=$(E_SRC)

@@ -83,7 +84,7 @@ top:

 all:	exe

-exe:	$(EXE)
+exe:	$(PROGRAM)

 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
@@ -93,7 +94,7 @@ sreq.o: req.c
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c

 files:
-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 install:
 	@for i in $(EXE); \
@@ -120,6 +121,7 @@ tags:
 tests:

 links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile

 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -141,22 +143,22 @@ $(DLIBSSL):
 $(DLIBCRYPTO):
 	(cd ..; $(MAKE) DIRS=crypto all)

-$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
-	$(RM) $(EXE)
+$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+	$(RM) $(PROGRAM)
 	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
-	  set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
-	elif [ -z "$(SHARED_LIBS)" ]; then \
-	  set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
 	else \
-	  set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	  $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
 	fi
-	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-		TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \
-	fi
-	-(cd ..; \
-	  OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
-	  $(PERL) tools/c_rehash certs)
+	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
+		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
+		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
+		SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
+		LIBPATH="`pwd`:$$LIBPATH"; \
+		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+		$(PERL) tools/c_rehash certs)

 progs.h: progs.pl
 	$(PERL) progs.pl $(E_EXE) >progs.h
@@ -342,22 +344,21 @@ dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
 dgst.o: ../include/openssl/des_old.h ../include/openssl/dh.h
 dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
-dgst.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
-dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dgst.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-dgst.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c
+dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dgst.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c
 dh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 dh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -636,25 +637,24 @@ openssl.o: ../include/openssl/des.h ../include/openssl/des_old.h
 openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-openssl.o: ../include/openssl/fips.h ../include/openssl/idea.h
-openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-openssl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-openssl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-openssl.o: openssl.c progs.h s_apps.h
+openssl.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+openssl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h
 passwd.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 passwd.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -749,28 +749,6 @@ pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 pkcs8.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c
-prime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-prime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-prime.o: ../include/openssl/cast.h ../include/openssl/conf.h
-prime.o: ../include/openssl/crypto.h ../include/openssl/des.h
-prime.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-prime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-prime.o: ../include/openssl/engine.h ../include/openssl/err.h
-prime.o: ../include/openssl/evp.h ../include/openssl/idea.h
-prime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-prime.o: ../include/openssl/md4.h ../include/openssl/md5.h
-prime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-prime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-prime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-prime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-prime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-prime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-prime.o: ../include/openssl/sha.h ../include/openssl/stack.h
-prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-prime.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h prime.c
 rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -330,6 +330,44 @@ void program_name(char *in, char *out, int size)
 #endif
 #endif

+#ifdef OPENSSL_SYS_WIN32
+int WIN32_rename(char *from, char *to)
+	{
+#ifndef OPENSSL_SYS_WINCE
+	/* Windows rename gives an error if 'to' exists, so delete it
+	 * first and ignore file not found errror
+	 */
+	if((remove(to) != 0) && (errno != ENOENT))
+		return -1;
+#undef rename
+	return rename(from, to);
+#else
+	/* convert strings to UNICODE */
+	{
+	BOOL result = FALSE;
+	WCHAR* wfrom;
+	WCHAR* wto;
+	int i;
+	wfrom = malloc((strlen(from)+1)*2);
+	wto = malloc((strlen(to)+1)*2);
+	if (wfrom != NULL && wto != NULL)
+		{
+		for (i=0; i<(int)strlen(from)+1; i++)
+			wfrom[i] = (short)from[i];
+		for (i=0; i<(int)strlen(to)+1; i++)
+			wto[i] = (short)to[i];
+		result = MoveFile(wfrom, wto);
+		}
+	if (wfrom != NULL)
+		free(wfrom);
+	if (wto != NULL)
+		free(wto);
+	return result;
+	}
+#endif
+	}
+#endif
+
 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
@@ -437,7 +475,7 @@ static int ui_read(UI *ui, UI_STRING *uis)
 			{
 			const char *password =
 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-			if (password && password[0] != '\0')
+			if (password[0] != '\0')
 				{
 				UI_set_result(ui, uis, password);
 				return 1;
@@ -461,7 +499,7 @@ static int ui_write(UI *ui, UI_STRING *uis)
 			{
 			const char *password =
 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-			if (password && password[0] != '\0')
+			if (password[0] != '\0')
 				return 1;
 			}
 		default:
@@ -526,7 +564,7 @@ int password_callback(char *buf, int bufsiz, int verify,
 		char *prompt = NULL;

 		prompt = UI_construct_prompt(ui, "pass phrase",
-			prompt_info);
+			cb_data->prompt_info);

 		ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
 		UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
@@ -675,51 +713,6 @@ int add_oid_section(BIO *err, CONF *conf)
 	return 1;
 }

-static int load_pkcs12(BIO *err, BIO *in, const char *desc,
-		pem_password_cb *pem_cb,  void *cb_data,
-		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
-	{
- 	const char *pass;
-	char tpass[PEM_BUFSIZE];
-	int len, ret = 0;
-	PKCS12 *p12;
-	p12 = d2i_PKCS12_bio(in, NULL);
-	if (p12 == NULL)
-		{
-		BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);	
-		goto die;
-		}
-	/* See if an empty password will do */
-	if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
-		pass = "";
-	else
-		{
-		if (!pem_cb)
-			pem_cb = (pem_password_cb *)password_callback;
-		len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
-		if (len < 0) 
-			{
-			BIO_printf(err, "Passpharse callback error for %s\n",
-					desc);
-			goto die;
-			}
-		if (len < PEM_BUFSIZE)
-			tpass[len] = 0;
-		if (!PKCS12_verify_mac(p12, tpass, len))
-			{
-			BIO_printf(err,
-	"Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);	
-			goto die;
-			}
-		pass = tpass;
-		}
-	ret = PKCS12_parse(p12, pass, pkey, cert, ca);
-	die:
-	if (p12)
-		PKCS12_free(p12);
-	return ret;
-	}
-
 X509 *load_cert(BIO *err, const char *file, int format,
 	const char *pass, ENGINE *e, const char *cert_descrip)
 	{
@@ -800,9 +793,11 @@ X509 *load_cert(BIO *err, const char *file, int format,
 			(pem_password_cb *)password_callback, NULL);
 	else if (format == FORMAT_PKCS12)
 		{
-		if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
-					NULL, &x, NULL))
-			goto end;
+		PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
+
+		PKCS12_parse(p12, NULL, NULL, &x, NULL);
+		PKCS12_free(p12);
+		p12 = NULL;
 		}
 	else	{
 		BIO_printf(err,"bad input format specified for %s\n",
@@ -881,10 +876,11 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 #endif
 	else if (format == FORMAT_PKCS12)
 		{
-		if (!load_pkcs12(err, key, key_descrip,
-				(pem_password_cb *)password_callback, &cb_data,
-				&pkey, NULL, NULL))
-			goto end;
+		PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
+
+		PKCS12_parse(p12, pass, &pkey, NULL, NULL);
+		PKCS12_free(p12);
+		p12 = NULL;
 		}
 	else
 		{
@@ -1389,631 +1385,14 @@ int load_config(BIO *err, CONF *cnf)
 char *make_config_name()
 	{
 	const char *t=X509_get_default_cert_area();
-	size_t len;
 	char *p;

-	len=strlen(t)+strlen(OPENSSL_CONF)+2;
-	p=OPENSSL_malloc(len);
-	BUF_strlcpy(p,t,len);
+	p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2);
+	strcpy(p,t);
 #ifndef OPENSSL_SYS_VMS
-	BUF_strlcat(p,"/",len);
+	strcat(p,"/");
 #endif
-	BUF_strlcat(p,OPENSSL_CONF,len);
+	strcat(p,OPENSSL_CONF);

 	return p;
 	}
-
-static unsigned long index_serial_hash(const char **a)
-	{
-	const char *n;
-
-	n=a[DB_serial];
-	while (*n == '0') n++;
-	return(lh_strhash(n));
-	}
-
-static int index_serial_cmp(const char **a, const char **b)
-	{
-	const char *aa,*bb;
-
-	for (aa=a[DB_serial]; *aa == '0'; aa++);
-	for (bb=b[DB_serial]; *bb == '0'; bb++);
-	return(strcmp(aa,bb));
-	}
-
-static int index_name_qual(char **a)
-	{ return(a[0][0] == 'V'); }
-
-static unsigned long index_name_hash(const char **a)
-	{ return(lh_strhash(a[DB_name])); }
-
-int index_name_cmp(const char **a, const char **b)
-	{ return(strcmp(a[DB_name],
-	     b[DB_name])); }
-
-static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
-static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
-
-#undef BSIZE
-#define BSIZE 256
-
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
-	{
-	BIO *in=NULL;
-	BIGNUM *ret=NULL;
-	MS_STATIC char buf[1024];
-	ASN1_INTEGER *ai=NULL;
-
-	ai=ASN1_INTEGER_new();
-	if (ai == NULL) goto err;
-
-	if ((in=BIO_new(BIO_s_file())) == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	if (BIO_read_filename(in,serialfile) <= 0)
-		{
-		if (!create)
-			{
-			perror(serialfile);
-			goto err;
-			}
-		else
-			{
-			ret=BN_new();
-			if (ret == NULL || !rand_serial(ret, ai))
-				BIO_printf(bio_err, "Out of memory\n");
-			}
-		}
-	else
-		{
-		if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
-			{
-			BIO_printf(bio_err,"unable to load number from %s\n",
-				serialfile);
-			goto err;
-			}
-		ret=ASN1_INTEGER_to_BN(ai,NULL);
-		if (ret == NULL)
-			{
-			BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
-			goto err;
-			}
-		}
-
-	if (ret && retai)
-		{
-		*retai = ai;
-		ai = NULL;
-		}
- err:
-	if (in != NULL) BIO_free(in);
-	if (ai != NULL) ASN1_INTEGER_free(ai);
-	return(ret);
-	}
-
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
-	{
-	char buf[1][BSIZE];
-	BIO *out = NULL;
-	int ret=0;
-	ASN1_INTEGER *ai=NULL;
-	int j;
-
-	if (suffix == NULL)
-		j = strlen(serialfile);
-	else
-		j = strlen(serialfile) + strlen(suffix) + 1;
-	if (j >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-	if (suffix == NULL)
-		BUF_strlcpy(buf[0], serialfile, BSIZE);
-	else
-		{
-#ifndef OPENSSL_SYS_VMS
-		j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
-#else
-		j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
-#endif
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
-	out=BIO_new(BIO_s_file());
-	if (out == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-	if (BIO_write_filename(out,buf[0]) <= 0)
-		{
-		perror(serialfile);
-		goto err;
-		}
-
-	if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
-		{
-		BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
-		goto err;
-		}
-	i2a_ASN1_INTEGER(out,ai);
-	BIO_puts(out,"\n");
-	ret=1;
-	if (retai)
-		{
-		*retai = ai;
-		ai = NULL;
-		}
-err:
-	if (out != NULL) BIO_free_all(out);
-	if (ai != NULL) ASN1_INTEGER_free(ai);
-	return(ret);
-	}
-
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
-	{
-	char buf[5][BSIZE];
-	int i,j;
-	struct stat sb;
-
-	i = strlen(serialfile) + strlen(old_suffix);
-	j = strlen(serialfile) + strlen(new_suffix);
-	if (i > j) j = i;
-	if (j + 1 >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
-		serialfile, new_suffix);
-#else
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
-		serialfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
-		serialfile, old_suffix);
-#else
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
-		serialfile, old_suffix);
-#endif
-	if (stat(serialfile,&sb) < 0)
-		{
-		if (errno != ENOENT 
-#ifdef ENOTDIR
-			&& errno != ENOTDIR)
-#endif
-			goto err;
-		}
-	else
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-			serialfile, buf[1]);
-#endif
-		if (rename(serialfile,buf[1]) < 0)
-			{
-			BIO_printf(bio_err,
-				"unable to rename %s to %s\n",
-				serialfile, buf[1]);
-			perror("reason");
-			goto err;
-			}
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[0],serialfile);
-#endif
-	if (rename(buf[0],serialfile) < 0)
-		{
-		BIO_printf(bio_err,
-			"unable to rename %s to %s\n",
-			buf[0],serialfile);
-		perror("reason");
-		rename(buf[1],serialfile);
-		goto err;
-		}
-	return 1;
- err:
-	return 0;
-	}
-
-int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
-	{
-	BIGNUM *btmp;
-	int ret = 0;
-	if (b)
-		btmp = b;
-	else
-		btmp = BN_new();
-
-	if (!btmp)
-		return 0;
-
-	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
-		goto error;
-	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
-		goto error;
-
-	ret = 1;
-	
-	error:
-
-	if (!b)
-		BN_free(btmp);
-	
-	return ret;
-	}
-
-CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
-	{
-	CA_DB *retdb = NULL;
-	TXT_DB *tmpdb = NULL;
-	BIO *in = BIO_new(BIO_s_file());
-	CONF *dbattr_conf = NULL;
-	char buf[1][BSIZE];
-	long errorline= -1;
-
-	if (in == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-	if (BIO_read_filename(in,dbfile) <= 0)
-		{
-		perror(dbfile);
-		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
-		goto err;
-		}
-	if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
-		{
-		if (tmpdb != NULL) TXT_DB_free(tmpdb);
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
-#else
-	BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
-#endif
-	dbattr_conf = NCONF_new(NULL);
-	if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
-		{
-		if (errorline > 0)
-			{
-			BIO_printf(bio_err,
-				"error on line %ld of db attribute file '%s'\n"
-				,errorline,buf[0]);
-			goto err;
-			}
-		else
-			{
-			NCONF_free(dbattr_conf);
-			dbattr_conf = NULL;
-			}
-		}
-
-	if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
-		{
-		fprintf(stderr, "Out of memory\n");
-		goto err;
-		}
-
-	retdb->db = tmpdb;
-	tmpdb = NULL;
-	if (db_attr)
-		retdb->attributes = *db_attr;
-	else
-		{
-		retdb->attributes.unique_subject = 1;
-		}
-
-	if (dbattr_conf)
-		{
-		char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
-		if (p)
-			{
-			BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
-			switch(*p)
-				{
-			case 'f': /* false */
-			case 'F': /* FALSE */
-			case 'n': /* no */
-			case 'N': /* NO */
-				retdb->attributes.unique_subject = 0;
-				break;
-			case 't': /* true */
-			case 'T': /* TRUE */
-			case 'y': /* yes */
-			case 'Y': /* YES */
-			default:
-				retdb->attributes.unique_subject = 1;
-				break;
-				}
-			}
-		}
-
- err:
-	if (dbattr_conf) NCONF_free(dbattr_conf);
-	if (tmpdb) TXT_DB_free(tmpdb);
-	if (in) BIO_free_all(in);
-	return retdb;
-	}
-
-int index_index(CA_DB *db)
-	{
-	if (!TXT_DB_create_index(db->db, DB_serial, NULL,
-				LHASH_HASH_FN(index_serial_hash),
-				LHASH_COMP_FN(index_serial_cmp)))
-		{
-		BIO_printf(bio_err,
-		  "error creating serial number index:(%ld,%ld,%ld)\n",
-		  			db->db->error,db->db->arg1,db->db->arg2);
-			return 0;
-		}
-
-	if (db->attributes.unique_subject
-		&& !TXT_DB_create_index(db->db, DB_name, index_name_qual,
-			LHASH_HASH_FN(index_name_hash),
-			LHASH_COMP_FN(index_name_cmp)))
-		{
-		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
-			db->db->error,db->db->arg1,db->db->arg2);
-		return 0;
-		}
-	return 1;
-	}
-
-int save_index(char *dbfile, char *suffix, CA_DB *db)
-	{
-	char buf[3][BSIZE];
-	BIO *out = BIO_new(BIO_s_file());
-	int j;
-
-	if (out == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	j = strlen(dbfile) + strlen(suffix);
-	if (j + 6 >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
-#else
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
-#else
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
-#else
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
-#endif
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
-	if (BIO_write_filename(out,buf[0]) <= 0)
-		{
-		perror(dbfile);
-		BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
-		goto err;
-		}
-	j=TXT_DB_write(out,db->db);
-	if (j <= 0) goto err;
-			
-	BIO_free(out);
-
-	out = BIO_new(BIO_s_file());
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
-#endif
-	if (BIO_write_filename(out,buf[1]) <= 0)
-		{
-		perror(buf[2]);
-		BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
-		goto err;
-		}
-	BIO_printf(out,"unique_subject = %s\n",
-		db->attributes.unique_subject ? "yes" : "no");
-	BIO_free(out);
-
-	return 1;
- err:
-	return 0;
-	}
-
-int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
-	{
-	char buf[5][BSIZE];
-	int i,j;
-	struct stat sb;
-
-	i = strlen(dbfile) + strlen(old_suffix);
-	j = strlen(dbfile) + strlen(new_suffix);
-	if (i > j) j = i;
-	if (j + 6 >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
-#else
-	j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
-		dbfile, new_suffix);
-#else
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
-		dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
-		dbfile, new_suffix);
-#else
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
-		dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
-		dbfile, old_suffix);
-#else
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
-		dbfile, old_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
-		dbfile, old_suffix);
-#else
-	j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
-		dbfile, old_suffix);
-#endif
-	if (stat(dbfile,&sb) < 0)
-		{
-		if (errno != ENOENT 
-#ifdef ENOTDIR
-			&& errno != ENOTDIR)
-#endif
-			goto err;
-		}
-	else
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-			dbfile, buf[1]);
-#endif
-		if (rename(dbfile,buf[1]) < 0)
-			{
-			BIO_printf(bio_err,
-				"unable to rename %s to %s\n",
-				dbfile, buf[1]);
-			perror("reason");
-			goto err;
-			}
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[0],dbfile);
-#endif
-	if (rename(buf[0],dbfile) < 0)
-		{
-		BIO_printf(bio_err,
-			"unable to rename %s to %s\n",
-			buf[0],dbfile);
-		perror("reason");
-		rename(buf[1],dbfile);
-		goto err;
-		}
-	if (stat(buf[4],&sb) < 0)
-		{
-		if (errno != ENOENT 
-#ifdef ENOTDIR
-			&& errno != ENOTDIR)
-#endif
-			goto err;
-		}
-	else
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-			buf[4],buf[3]);
-#endif
-		if (rename(buf[4],buf[3]) < 0)
-			{
-			BIO_printf(bio_err,
-				"unable to rename %s to %s\n",
-				buf[4], buf[3]);
-			perror("reason");
-			rename(dbfile,buf[0]);
-			rename(buf[1],dbfile);
-			goto err;
-			}
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[2],buf[4]);
-#endif
-	if (rename(buf[2],buf[4]) < 0)
-		{
-		BIO_printf(bio_err,
-			"unable to rename %s to %s\n",
-			buf[2],buf[4]);
-		perror("reason");
-		rename(buf[3],buf[4]);
-		rename(dbfile,buf[0]);
-		rename(buf[1],dbfile);
-		goto err;
-		}
-	return 1;
- err:
-	return 0;
-	}
-
-void free_index(CA_DB *db)
-	{
-	if (db)
-		{
-		if (db->db) TXT_DB_free(db->db);
-		OPENSSL_free(db);
-		}
-	}
-
-/* This code MUST COME AFTER anything that uses rename() */
-#ifdef OPENSSL_SYS_WIN32
-int WIN32_rename(char *from, char *to)
-	{
-#ifndef OPENSSL_SYS_WINCE
-	/* Windows rename gives an error if 'to' exists, so delete it
-	 * first and ignore file not found errror
-	 */
-	if((remove(to) != 0) && (errno != ENOENT))
-		return -1;
-#undef rename
-	return rename(from, to);
-#else
-	/* convert strings to UNICODE */
-	{
-	BOOL result = FALSE;
-	WCHAR* wfrom;
-	WCHAR* wto;
-	int i;
-	wfrom = malloc((strlen(from)+1)*2);
-	wto = malloc((strlen(to)+1)*2);
-	if (wfrom != NULL && wto != NULL)
-		{
-		for (i=0; i<(int)strlen(from)+1; i++)
-			wfrom[i] = (short)from[i];
-		for (i=0; i<(int)strlen(to)+1; i++)
-			wto[i] = (short)to[i];
-		result = MoveFile(wfrom, wto);
-		}
-	if (wfrom != NULL)
-		free(wfrom);
-	if (wto != NULL)
-		free(wto);
-	return result;
-	}
-#endif
-	}
-#endif
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -148,11 +148,9 @@ int WIN32_rename(char *oldname,char *newname);
 #ifndef NON_MAIN
 CONF *config=NULL;
 BIO *bio_err=NULL;
-int in_FIPS_mode=0;
 #else
 extern CONF *config;
 extern BIO *bio_err;
-extern int in_FIPS_mode;
 #endif

 #else
@@ -161,7 +159,6 @@ extern int in_FIPS_mode;
 extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;
-extern int in_FIPS_mode;

 #endif

@@ -284,39 +281,7 @@ char *make_config_name(void);
 /* Functions defined in ca.c and also used in ocsp.c */
 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 			ASN1_GENERALIZEDTIME **pinvtm, char *str);
-
-#define DB_type         0
-#define DB_exp_date     1
-#define DB_rev_date     2
-#define DB_serial       3       /* index - unique */
-#define DB_file         4       
-#define DB_name         5       /* index - unique when active and not disabled */
-#define DB_NUMBER       6
-
-#define DB_TYPE_REV	'R'
-#define DB_TYPE_EXP	'E'
-#define DB_TYPE_VAL	'V'
-
-typedef struct db_attr_st
-	{
-	int unique_subject;
-	} DB_ATTR;
-typedef struct ca_db_st
-	{
-	DB_ATTR attributes;
-	TXT_DB *db;
-	} CA_DB;
-
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
-int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
-CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
-int index_index(CA_DB *db);
-int save_index(char *dbfile, char *suffix, CA_DB *db);
-int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
-void free_index(CA_DB *db);
-int index_name_cmp(const char **a, const char **b);
+int make_serial_index(TXT_DB *db);

 X509_NAME *do_subject(char *str, long chtype);

@@ -339,6 +304,4 @@ X509_NAME *do_subject(char *str, long chtype);

 #define APP_PASS_LEN	1024

-#define SERIAL_RAND_BITS	64
-
 #endif
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -278,7 +278,6 @@ bad:
 		tmplen=num;
 		for (i=0; i<sk_num(osk); i++)
 			{
-			int typ;
 			ASN1_TYPE *atmp;
 			j=atoi(sk_value(osk,i));
 			if (j == 0)
@@ -297,15 +296,6 @@ bad:
 				ERR_print_errors(bio_err);
 				goto end;
 				}
-			typ = ASN1_TYPE_get(at);
-			if ((typ == V_ASN1_OBJECT)
-				|| (typ == V_ASN1_NULL))
-				{
-				BIO_printf(bio_err, "Can't parse %s type\n",
-					typ == V_ASN1_NULL ? "NULL" : "OBJECT");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
 			/* hmm... this is a little evil but it works */
 			tmpbuf=at->value.asn1_string->data;
 			tmplen=at->value.asn1_string->length;
@@ -314,15 +304,7 @@ bad:
 		num=tmplen;
 		}

-	if (offset >= num)
-		{
-		BIO_printf(bio_err, "Error: offset too large\n");
-		goto end;
-		}
-
-	num -= offset;
-
-	if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
+	if (length == 0) length=(unsigned int)num;
 	if(derout) {
 		if(BIO_write(derout, str + offset, length) != (int)length) {
 			BIO_printf(bio_err, "Error writing output\n");
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -112,7 +112,6 @@
 #define ENV_NEW_CERTS_DIR	"new_certs_dir"
 #define ENV_CERTIFICATE 	"certificate"
 #define ENV_SERIAL		"serial"
-#define ENV_CRLNUMBER		"crlnumber"
 #define ENV_CRL			"crl"
 #define ENV_PRIVATE_KEY		"private_key"
 #define ENV_RANDFILE		"RANDFILE"
@@ -134,6 +133,18 @@

 #define ENV_DATABASE		"database"

+#define DB_type         0
+#define DB_exp_date     1
+#define DB_rev_date     2
+#define DB_serial       3       /* index - unique */
+#define DB_file         4       
+#define DB_name         5       /* index - unique for active */
+#define DB_NUMBER       6
+
+#define DB_TYPE_REV	'R'
+#define DB_TYPE_EXP	'E'
+#define DB_TYPE_VAL	'V'
+
 /* Additional revocation information types */

 #define REV_NONE		0	/* No addditional information */
@@ -190,36 +201,43 @@ extern int EF_ALIGNMENT;
 #endif

 static void lookup_fail(char *name,char *tag);
+static unsigned long index_serial_hash(const char **a);
+static int index_serial_cmp(const char **a, const char **b);
+static unsigned long index_name_hash(const char **a);
+static int index_name_qual(char **a);
+static int index_name_cmp(const char **a,const char **b);
+static BIGNUM *load_serial(char *serialfile);
+static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
+		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
 		   BIGNUM *serial, char *subj, int email_dn, char *startdate,
 		   char *enddate, long days, int batch, char *ext_sect, CONF *conf,
 		   int verbose, unsigned long certopt, unsigned long nameopt,
 		   int default_op, int ext_copy);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			CA_DB *db, BIGNUM *serial, char *subj, int email_dn,
+			TXT_DB *db, BIGNUM *serial, char *subj, int email_dn,
 			char *startdate, char *enddate, long days, int batch,
 			char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
 			unsigned long nameopt, int default_op, int ext_copy,
 			ENGINE *e);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			 CA_DB *db, BIGNUM *serial,char *subj, int email_dn,
+			 TXT_DB *db, BIGNUM *serial,char *subj, int email_dn,
 			 char *startdate, char *enddate, long days, char *ext_sect,
 			 CONF *conf, int verbose, unsigned long certopt, 
 			 unsigned long nameopt, int default_op, int ext_copy);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,
+	STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
 	int email_dn, char *startdate, char *enddate, long days, int batch,
       	int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
 	unsigned long certopt, unsigned long nameopt, int default_op,
 	int ext_copy);
-static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
-static int get_certificate_status(const char *ser_status, CA_DB *db);
-static int do_updatedb(CA_DB *db);
+static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
+static int get_certificate_status(const char *ser_status, TXT_DB *db);
+static int do_updatedb(TXT_DB *db);
 static int check_time_format(char *str);
 char *make_revocation_str(int rev_type, char *rev_arg);
 int make_revoked(X509_REVOKED *rev, char *str);
@@ -231,6 +249,11 @@ static char *section=NULL;
 static int preserve=0;
 static int msie_hack=0;

+static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
+

 int MAIN(int, char **);

@@ -238,7 +261,6 @@ int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	char *key=NULL,*passargin=NULL;
-	int create_ser = 0;
 	int free_key = 0;
 	int total=0;
 	int total_done=0;
@@ -268,7 +290,6 @@ int MAIN(int argc, char **argv)
 	char *outfile=NULL;
 	char *outdir=NULL;
 	char *serialfile=NULL;
-	char *crlnumberfile=NULL;
 	char *extensions=NULL;
 	char *extfile=NULL;
 	char *subj=NULL;
@@ -277,7 +298,6 @@ int MAIN(int argc, char **argv)
 	int rev_type = REV_NONE;
 	char *rev_arg = NULL;
 	BIGNUM *serial=NULL;
-	BIGNUM *crlnumber=NULL;
 	char *startdate=NULL;
 	char *enddate=NULL;
 	long days=0;
@@ -290,13 +310,14 @@ int MAIN(int argc, char **argv)
 	X509 *x=NULL;
 	BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
 	char *dbfile=NULL;
-	CA_DB *db=NULL;
+	TXT_DB *db=NULL;
 	X509_CRL *crl=NULL;
 	X509_REVOKED *r=NULL;
 	ASN1_TIME *tmptm;
 	ASN1_INTEGER *tmpser;
 	char **pp,*p,*f;
 	int i,j;
+	long l;
 	const EVP_MD *dgst=NULL;
 	STACK_OF(CONF_VALUE) *attribs=NULL;
 	STACK_OF(X509) *cert_sk=NULL;
@@ -308,7 +329,6 @@ int MAIN(int argc, char **argv)
 	char *engine = NULL;
 #endif
 	char *tofree=NULL;
-	DB_ATTR db_attr;

 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -538,6 +558,10 @@ bad:

 	ERR_load_crypto_strings();

+#ifndef OPENSSL_NO_ENGINE
+	e = setup_engine(bio_err, engine, 0);
+#endif
+
 	/*****************************************************************/
 	tofree=NULL;
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
@@ -545,19 +569,16 @@ bad:
 	if (configfile == NULL)
 		{
 		const char *s=X509_get_default_cert_area();
-		size_t len;

 #ifdef OPENSSL_SYS_VMS
-		len = strlen(s)+sizeof(CONFIG_FILE);
-		tofree=OPENSSL_malloc(len);
+		tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
 		strcpy(tofree,s);
 #else
-		len = strlen(s)+sizeof(CONFIG_FILE)+1;
-		tofree=OPENSSL_malloc(len);
-		BUF_strlcpy(tofree,s,len);
-		BUF_strlcat(tofree,"/",len);
+		tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
+		strcpy(tofree,s);
+		strcat(tofree,"/");
 #endif
-		BUF_strlcat(tofree,CONFIG_FILE,len);
+		strcat(tofree,CONFIG_FILE);
 		configfile=tofree;
 		}

@@ -582,10 +603,6 @@ bad:
 	if (!load_config(bio_err, conf))
 		goto err;

-#ifndef OPENSSL_NO_ENGINE
-	e = setup_engine(bio_err, engine, 0);
-#endif
-
 	/* Lets get the config section we are using */
 	if (section == NULL)
 		{
@@ -632,41 +649,6 @@ bad:
 	if (randfile == NULL)
 		ERR_clear_error();
 	app_RAND_load_file(randfile, bio_err, 0);
-
-	db_attr.unique_subject = 1;
-	p = NCONF_get_string(conf, section, "unique_subject");
-	if (p)
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
-#endif
-		switch(*p)
-			{
-		case 'f': /* false */
-		case 'F': /* FALSE */
-		case 'n': /* no */
-		case 'N': /* NO */
-			db_attr.unique_subject = 0;
-			break;
-		case 't': /* true */
-		case 'T': /* TRUE */
-		case 'y': /* yes */
-		case 'Y': /* YES */
-		default:
-			db_attr.unique_subject = 1;
-			break;
-			}
-		}
-	else
-		ERR_clear_error();
-#ifdef RL_DEBUG
-	if (!p)
-		BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
-#endif
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
-		db_attr.unique_subject);
-#endif
 	
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
@@ -687,10 +669,17 @@ bad:
 			lookup_fail(section,ENV_DATABASE);
 			goto err;
 			}
-		db = load_index(dbfile,&db_attr);
+		if (BIO_read_filename(in,dbfile) <= 0)
+			{
+			perror(dbfile);
+			BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+			goto err;
+			}
+		db=TXT_DB_read(in,DB_NUMBER);
 		if (db == NULL) goto err;

-		if (!index_index(db)) goto err;
+		if (!make_serial_index(db))
+			goto err;

 		if (get_certificate_status(ser_status,db) != 1)
 			BIO_printf(bio_err,"Error verifying serial %s!\n",
@@ -850,13 +839,19 @@ bad:
 		lookup_fail(section,ENV_DATABASE);
 		goto err;
 		}
-	db = load_index(dbfile, &db_attr);
+	if (BIO_read_filename(in,dbfile) <= 0)
+		{
+		perror(dbfile);
+		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+		goto err;
+		}
+	db=TXT_DB_read(in,DB_NUMBER);
 	if (db == NULL) goto err;

 	/* Lets check some fields */
-	for (i=0; i<sk_num(db->db->data); i++)
+	for (i=0; i<sk_num(db->data); i++)
 		{
-		pp=(char **)sk_value(db->db->data,i);
+		pp=(char **)sk_value(db->data,i);
 		if ((pp[DB_type][0] != DB_TYPE_REV) &&
 			(pp[DB_rev_date][0] != '\0'))
 			{
@@ -907,13 +902,23 @@ bad:
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-		TXT_DB_write(out,db->db);
+		TXT_DB_write(out,db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
-			db->db->data->num);
+			db->data->num);
 		BIO_printf(bio_err,"generating index\n");
 		}
 	
-	if (!index_index(db)) goto err;
+	if (!make_serial_index(db))
+		goto err;
+
+	if (!TXT_DB_create_index(db, DB_name, index_name_qual,
+			LHASH_HASH_FN(index_name_hash),
+			LHASH_COMP_FN(index_name_cmp)))
+		{
+		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
+			db->error,db->arg1,db->arg2);
+		goto err;
+		}

 	/*****************************************************************/
 	/* Update the db file for expired certificates */
@@ -936,9 +941,62 @@ bad:
 			}
 	    	else
 			{
-			if (!save_index(dbfile,"new",db)) goto err;
-				
-			if (!rotate_index(dbfile,"new","old")) goto err;
+			out = BIO_new(BIO_s_file());
+			if (out == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto err;
+				}
+
+#ifndef OPENSSL_SYS_VMS
+			j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile);
+#else
+			j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile);
+#endif
+			if (j < 0 || j >= sizeof buf[0])
+				{
+				BIO_printf(bio_err, "file name too long\n");
+				goto err;
+				}
+			if (BIO_write_filename(out,buf[0]) <= 0)
+		  		{
+		    		perror(dbfile);
+		    		BIO_printf(bio_err,"unable to open '%s'\n",
+									dbfile);
+		    		goto err;
+		  		}
+			j=TXT_DB_write(out,db);
+			if (j <= 0) goto err;
+			
+			BIO_free(out);
+			out = NULL;
+#ifndef OPENSSL_SYS_VMS
+			j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile);
+#else
+			j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile);
+#endif
+			if (j < 0 || j >= sizeof buf[1])
+				{
+				BIO_printf(bio_err, "file name too long\n");
+				goto err;
+				}
+			if (rename(dbfile,buf[1]) < 0)
+		  		{
+		    		BIO_printf(bio_err,
+						"unable to rename %s to %s\n",
+						dbfile, buf[1]);
+		    		perror("reason");
+		    		goto err;
+		  		}
+			if (rename(buf[0],dbfile) < 0)
+				{
+		    		BIO_printf(bio_err,
+						"unable to rename %s to %s\n",
+						buf[0],dbfile);
+		    		perror("reason");
+		    		rename(buf[1],dbfile);
+		    		goto err;
+		  		}
 				
 			if (verbose) BIO_printf(bio_err,
 				"Done. %d entries marked as expired\n",i); 
@@ -994,27 +1052,25 @@ bad:
 			}
 		}

-	if ((md == NULL) && ((md=NCONF_get_string(conf,
-		section,ENV_DEFAULT_MD)) == NULL))
-		{
-		lookup_fail(section,ENV_DEFAULT_MD);
-		goto err;
-		}
-
-	if ((dgst=EVP_get_digestbyname(md)) == NULL)
-		{
-		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
-		goto err;
-		}
-
 	if (req)
 		{
+		if ((md == NULL) && ((md=NCONF_get_string(conf,
+			section,ENV_DEFAULT_MD)) == NULL))
+			{
+			lookup_fail(section,ENV_DEFAULT_MD);
+			goto err;
+			}
 		if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
 			section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
 			{
 			if(strcmp(tmp_email_dn,"no") == 0)
 				email_dn=0;
 			}
+		if ((dgst=EVP_get_digestbyname(md)) == NULL)
+			{
+			BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
+			goto err;
+			}
 		if (verbose)
 			BIO_printf(bio_err,"message digest is %s\n",
 				OBJ_nid2ln(dgst->type));
@@ -1101,7 +1157,7 @@ bad:
 			goto err;
 			}

-		if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)
+		if ((serial=load_serial(serialfile)) == NULL)
 			{
 			BIO_printf(bio_err,"error while loading serial number\n");
 			goto err;
@@ -1235,9 +1291,38 @@ bad:

 			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));

-			if (!save_serial(serialfile,"new",serial,NULL)) goto err;
+			if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
+				{
+				BIO_printf(bio_err,"file name too long\n");
+				goto err;
+				}

-			if (!save_index(dbfile, "new", db)) goto err;
+			strcpy(buf[0],serialfile);
+
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[0],"-new");
+#else
+			strcat(buf[0],".new");
+#endif
+
+			if (!save_serial(buf[0],serial)) goto err;
+
+			strcpy(buf[1],dbfile);
+
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[1],"-new");
+#else
+			strcat(buf[1],".new");
+#endif
+
+			if (BIO_write_filename(out,buf[1]) <= 0)
+				{
+				perror(dbfile);
+				BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+				goto err;
+				}
+			l=TXT_DB_write(out,db);
+			if (l <= 0) goto err;
 			}
 	
 		if (verbose)
@@ -1245,7 +1330,7 @@ bad:
 		for (i=0; i<sk_X509_num(cert_sk); i++)
 			{
 			int k;
-			char *n;
+			unsigned char *n;

 			x=sk_X509_value(cert_sk,i);

@@ -1261,19 +1346,15 @@ bad:
 			strcpy(buf[2],outdir);

 #ifndef OPENSSL_SYS_VMS
-			BUF_strlcat(buf[2],"/",sizeof(buf[2]));
+			strcat(buf[2],"/");
 #endif

-			n=(char *)&(buf[2][strlen(buf[2])]);
+			n=(unsigned char *)&(buf[2][strlen(buf[2])]);
 			if (j > 0)
 				{
 				for (k=0; k<j; k++)
 					{
-					if (n >= &(buf[2][sizeof(buf[2])]))
-						break;
-					BIO_snprintf(n,
-						     &buf[2][0] + sizeof(buf[2]) - n,
-						     "%02X",(unsigned char)*(p++));
+					sprintf((char *)n,"%02X",(unsigned char)*(p++));
 					n+=2;
 					}
 				}
@@ -1299,10 +1380,59 @@ bad:
 		if (sk_X509_num(cert_sk))
 			{
 			/* Rename the database and the serial file */
-			if (!rotate_serial(serialfile,"new","old")) goto err;
+			strncpy(buf[2],serialfile,BSIZE-4);
+			buf[2][BSIZE-4]='\0';

-			if (!rotate_index(dbfile,"new","old")) goto err;
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[2],"-old");
+#else
+			strcat(buf[2],".old");
+#endif

+			BIO_free(in);
+			BIO_free_all(out);
+			in=NULL;
+			out=NULL;
+			if (rename(serialfile,buf[2]) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
+					serialfile,buf[2]);
+				perror("reason");
+				goto err;
+				}
+			if (rename(buf[0],serialfile) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
+					buf[0],serialfile);
+				perror("reason");
+				rename(buf[2],serialfile);
+				goto err;
+				}
+
+			strncpy(buf[2],dbfile,BSIZE-4);
+			buf[2][BSIZE-4]='\0';
+
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[2],"-old");
+#else
+			strcat(buf[2],".old");
+#endif
+
+			if (rename(dbfile,buf[2]) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
+					dbfile,buf[2]);
+				perror("reason");
+				goto err;
+				}
+			if (rename(buf[1],dbfile) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
+					buf[1],dbfile);
+				perror("reason");
+				rename(buf[2],dbfile);
+				goto err;
+				}
 			BIO_printf(bio_err,"Data Base Updated\n");
 			}
 		}
@@ -1333,14 +1463,6 @@ bad:
 				}
 			}

-		if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
-			!= NULL)
-			if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
-				{
-				BIO_printf(bio_err,"error while loading CRL number\n");
-				goto err;
-				}
-
 		if (!crldays && !crlhours)
 			{
 			if (!NCONF_get_number(conf,section,
@@ -1369,9 +1491,9 @@ bad:

 		ASN1_TIME_free(tmptm);

-		for (i=0; i<sk_num(db->db->data); i++)
+		for (i=0; i<sk_num(db->data); i++)
 			{
-			pp=(char **)sk_value(db->db->data,i);
+			pp=(char **)sk_value(db->data,i);
 			if (pp[DB_type][0] == DB_TYPE_REV)
 				{
 				if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -1397,31 +1519,34 @@ bad:

 		/* we now have a CRL */
 		if (verbose) BIO_printf(bio_err,"signing CRL\n");
+		if (md != NULL)
+			{
+			if ((dgst=EVP_get_digestbyname(md)) == NULL)
+				{
+				BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
+				goto err;
+				}
+			}
+		else
+			{
 #ifndef OPENSSL_NO_DSA
-		if (pkey->type == EVP_PKEY_DSA) 
-			dgst=EVP_dss1();
+			if (pkey->type == EVP_PKEY_DSA) 
+				dgst=EVP_dss1();
+			else
 #endif
+				dgst=EVP_md5();
+			}

 		/* Add any extensions asked for */

-		if (crl_ext || crlnumberfile != NULL)
+		if (crl_ext)
 			{
 			X509V3_CTX crlctx;
 			X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
 			X509V3_set_nconf(&crlctx, conf);

-			if (crl_ext)
-				if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
-					crl_ext, crl)) goto err;
-			if (crlnumberfile != NULL)
-				{
-				tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
-				if (!tmpser) goto err;
-				X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
-				ASN1_INTEGER_free(tmpser);
-				crl_v2 = 1;
-				if (!BN_add_word(crlnumber,1)) goto err;
-				}
+			if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
+				crl_ext, crl)) goto err;
 			}
 		if (crl_ext || crl_v2)
 			{
@@ -1429,17 +1554,9 @@ bad:
 				goto err; /* version 2 CRL */
 			}

-		
-		if (crlnumberfile != NULL)	/* we have a CRL number that need updating */
-			if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
-
 		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;

 		PEM_write_bio_X509_CRL(Sout,crl);
-
-		if (crlnumberfile != NULL)	/* Rename the crlnumber file */
-			if (!rotate_serial(crlnumberfile,"new","old")) goto err;
-
 		}
 	/*****************************************************************/
 	if (dorevoke)
@@ -1460,10 +1577,50 @@ bad:
 			if (j <= 0) goto err;
 			X509_free(revcert);

-			if (!save_index(dbfile, "new", db)) goto err;
-
-			if (!rotate_index(dbfile, "new", "old")) goto err;
+			if(strlen(dbfile) > BSIZE-5)
+				{
+				BIO_printf(bio_err,"filename too long\n");
+				goto err;
+				}

+			strcpy(buf[0],dbfile);
+#ifndef OPENSSL_SYS_VMS
+			strcat(buf[0],".new");
+#else
+			strcat(buf[0],"-new");
+#endif
+			if (BIO_write_filename(out,buf[0]) <= 0)
+				{
+				perror(dbfile);
+				BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+				goto err;
+				}
+			j=TXT_DB_write(out,db);
+			if (j <= 0) goto err;
+			BIO_free_all(out);
+			out = NULL;
+			BIO_free_all(in);
+			in = NULL;
+			strncpy(buf[1],dbfile,BSIZE-4);
+			buf[1][BSIZE-4]='\0';
+#ifndef OPENSSL_SYS_VMS
+			strcat(buf[1],".old");
+#else
+			strcat(buf[1],"-old");
+#endif
+			if (rename(dbfile,buf[1]) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
+				perror("reason");
+				goto err;
+				}
+			if (rename(buf[0],dbfile) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
+				perror("reason");
+				rename(buf[1],dbfile);
+				goto err;
+				}
 			BIO_printf(bio_err,"Data Base Updated\n"); 
 			}
 		}
@@ -1485,7 +1642,7 @@ err:
 	if (free_key && key)
 		OPENSSL_free(key);
 	BN_free(serial);
-	free_index(db);
+	TXT_DB_free(db);
 	EVP_PKEY_free(pkey);
 	X509_free(x509);
 	X509_CRL_free(crl);
@@ -1500,8 +1657,106 @@ static void lookup_fail(char *name, char *tag)
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}

+static unsigned long index_serial_hash(const char **a)
+	{
+	const char *n;
+
+	n=a[DB_serial];
+	while (*n == '0') n++;
+	return(lh_strhash(n));
+	}
+
+static int index_serial_cmp(const char **a, const char **b)
+	{
+	const char *aa,*bb;
+
+	for (aa=a[DB_serial]; *aa == '0'; aa++);
+	for (bb=b[DB_serial]; *bb == '0'; bb++);
+	return(strcmp(aa,bb));
+	}
+
+static unsigned long index_name_hash(const char **a)
+	{ return(lh_strhash(a[DB_name])); }
+
+static int index_name_qual(char **a)
+	{ return(a[0][0] == 'V'); }
+
+static int index_name_cmp(const char **a, const char **b)
+	{ return(strcmp(a[DB_name],
+	     b[DB_name])); }
+
+static BIGNUM *load_serial(char *serialfile)
+	{
+	BIO *in=NULL;
+	BIGNUM *ret=NULL;
+	MS_STATIC char buf[1024];
+	ASN1_INTEGER *ai=NULL;
+
+	if ((in=BIO_new(BIO_s_file())) == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto err;
+		}
+
+	if (BIO_read_filename(in,serialfile) <= 0)
+		{
+		perror(serialfile);
+		goto err;
+		}
+	ai=ASN1_INTEGER_new();
+	if (ai == NULL) goto err;
+	if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
+		{
+		BIO_printf(bio_err,"unable to load number from %s\n",
+			serialfile);
+		goto err;
+		}
+	ret=ASN1_INTEGER_to_BN(ai,NULL);
+	if (ret == NULL)
+		{
+		BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
+		goto err;
+		}
+err:
+	if (in != NULL) BIO_free(in);
+	if (ai != NULL) ASN1_INTEGER_free(ai);
+	return(ret);
+	}
+
+static int save_serial(char *serialfile, BIGNUM *serial)
+	{
+	BIO *out;
+	int ret=0;
+	ASN1_INTEGER *ai=NULL;
+
+	out=BIO_new(BIO_s_file());
+	if (out == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto err;
+		}
+	if (BIO_write_filename(out,serialfile) <= 0)
+		{
+		perror(serialfile);
+		goto err;
+		}
+
+	if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
+		{
+		BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
+		goto err;
+		}
+	i2a_ASN1_INTEGER(out,ai);
+	BIO_puts(out,"\n");
+	ret=1;
+err:
+	if (out != NULL) BIO_free_all(out);
+	if (ai != NULL) ASN1_INTEGER_free(ai);
+	return(ret);
+	}
+
 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
 	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1563,7 +1818,7 @@ err:
 	}

 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
 	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1617,7 +1872,7 @@ err:
 	}

 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	     STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
+	     STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
 	     int email_dn, char *startdate, char *enddate, long days, int batch,
 	     int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1635,7 +1890,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	int ok= -1,i,j,last,nid;
 	char *p;
 	CONF_VALUE *cv;
-	char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
+	char *row[DB_NUMBER],**rrow,**irow=NULL;
 	char buf[25];

 	tmptm=ASN1_UTCTIME_new();
@@ -1872,19 +2127,15 @@ again2:
 		goto err;
 		}

-	if (db->attributes.unique_subject)
+	rrow=TXT_DB_get_by_index(db,DB_name,row);
+	if (rrow != NULL)
 		{
-		rrow=TXT_DB_get_by_index(db->db,DB_name,row);
-		if (rrow != NULL)
-			{
-			BIO_printf(bio_err,
-				"ERROR:There is already a certificate for %s\n",
-				row[DB_name]);
-			}
+		BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n",
+			row[DB_name]);
 		}
-	if (rrow == NULL)
+	else
 		{
-		rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+		rrow=TXT_DB_get_by_index(db,DB_serial,row);
 		if (rrow != NULL)
 			{
 			BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
@@ -2091,7 +2342,7 @@ again2:
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto err;
 		}
-	BUF_strlcpy(row[DB_file],"unknown",8);
+	strcpy(row[DB_file],"unknown");
 	row[DB_type][0]='V';
 	row[DB_type][1]='\0';

@@ -2108,10 +2359,10 @@ again2:
 		}
 	irow[DB_NUMBER]=NULL;

-	if (!TXT_DB_insert(db->db,irow))
+	if (!TXT_DB_insert(db,irow))
 		{
 		BIO_printf(bio_err,"failed to update database\n");
-		BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
+		BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
 		goto err;
 		}
 	ok=1;
@@ -2162,7 +2413,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
 	}

 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
 	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
 	     long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
 	     unsigned long nameopt, int default_op, int ext_copy)
@@ -2341,7 +2592,7 @@ static int check_time_format(char *str)
 	return(ASN1_UTCTIME_check(&tm));
 	}

-static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
+static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
 	{
 	ASN1_UTCTIME *tm=NULL;
 	char *row[DB_NUMBER],**rrow,**irow;
@@ -2366,10 +2617,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
 	/* We have to lookup by serial number because name lookup
 	 * skips revoked certs
 	 */
-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
 	if (rrow == NULL)
 		{
-		BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
+		BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);

 		/* We now just add it to the database */
 		row[DB_type]=(char *)OPENSSL_malloc(2);
@@ -2392,7 +2643,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
 			BIO_printf(bio_err,"Memory allocation failure\n");
 			goto err;
 			}
-		BUF_strlcpy(row[DB_file],"unknown",8);
+		strcpy(row[DB_file],"unknown");
 		row[DB_type][0]='V';
 		row[DB_type][1]='\0';

@@ -2409,10 +2660,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
 			}
 		irow[DB_NUMBER]=NULL;

-		if (!TXT_DB_insert(db->db,irow))
+		if (!TXT_DB_insert(db,irow))
 			{
 			BIO_printf(bio_err,"failed to update database\n");
-			BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
+			BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
 			goto err;
 			}

@@ -2457,7 +2708,7 @@ err:
 	return(ok);
 	}

-static int get_certificate_status(const char *serial, CA_DB *db)
+static int get_certificate_status(const char *serial, TXT_DB *db)
 	{
 	char *row[DB_NUMBER],**rrow;
 	int ok=-1,i;
@@ -2498,7 +2749,7 @@ static int get_certificate_status(const char *serial, CA_DB *db)
 	ok=1;

 	/* Search for the certificate */
-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
 	if (rrow == NULL)
 		{
 		BIO_printf(bio_err,"Serial %s not present in db.\n",
@@ -2545,7 +2796,7 @@ err:
 	return(ok);
 	}

-static int do_updatedb (CA_DB *db)
+static int do_updatedb (TXT_DB *db)
 	{
 	ASN1_UTCTIME	*a_tm = NULL;
 	int i, cnt = 0;
@@ -2571,9 +2822,9 @@ static int do_updatedb (CA_DB *db)
 	else
 		a_y2k = 0;

-	for (i = 0; i < sk_num(db->db->data); i++)
+	for (i = 0; i < sk_num(db->data); i++)
 		{
-		rrow = (char **) sk_value(db->db->data, i);
+		rrow = (char **) sk_value(db->data, i);

 		if (rrow[DB_type][0] == 'V')
 		 	{
@@ -2716,16 +2967,16 @@ char *make_revocation_str(int rev_type, char *rev_arg)

 	if (!str) return NULL;

-	BUF_strlcpy(str, (char *)revtm->data, i);
+	strcpy(str, (char *)revtm->data);
 	if (reason)
 		{
-		BUF_strlcat(str, ",", i);
-		BUF_strlcat(str, reason, i);
+		strcat(str, ",");
+		strcat(str, reason);
 		}
 	if (other)
 		{
-		BUF_strlcat(str, ",", i);
-		BUF_strlcat(str, other, i);
+		strcat(str, ",");
+		strcat(str, other);
 		}
 	ASN1_UTCTIME_free(revtm);
 	return str;
@@ -3060,3 +3311,17 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G

 	return ret;
 	}
+
+int make_serial_index(TXT_DB *db)
+	{
+	if (!TXT_DB_create_index(db, DB_serial, NULL,
+				LHASH_HASH_FN(index_serial_hash),
+				LHASH_COMP_FN(index_serial_cmp)))
+		{
+		BIO_printf(bio_err,
+		  "error creating serial number index:(%ld,%ld,%ld)\n",
+		  			db->error,db->arg1,db->arg2);
+			return 0;
+		}
+	return 1;
+	}
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -355,11 +355,7 @@ bad:

 	if (text) X509_CRL_print(out, x);

-	if (noout) 
-		{
-		ret = 0;
-		goto end;
-		}
+	if (noout) goto end;

 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
--- a/apps/der_chop.in
+++ b/apps/der_chop.in
@@ -0,0 +1,305 @@
+#!/usr/local/bin/perl
+#
+# der_chop ... this is one total hack that Eric is really not proud of
+#              so don't look at it and don't ask for support
+#
+# The "documentation" for this (i.e. all the comments) are my fault --tjh
+#
+# This program takes the "raw" output of derparse/asn1parse and 
+# converts it into tokens and then runs regular expression matches
+# to try to figure out what to grab to get the things that are needed
+# and it is possible that this will do the wrong thing as it is a *hack*
+#
+# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET)
+# [I know ... promises promises :-)]
+#
+# To convert a Netscape Certificate:
+#    der_chop < ServerCert.der > cert.pem
+# To convert a Netscape Key (and encrypt it again to protect it)
+#    rsa -inform NET -in ServerKey.der -des > key.pem
+#
+# 23-Apr-96 eay    Added the extra ASN.1 string types, I still think this
+#		   is an evil hack.  If nothing else the parsing should
+#		   be relative, not absolute.
+# 19-Apr-96 tjh    hacked (with eay) into 0.5.x format
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+
+require 'getopts.pl';
+
+$debug=0;
+
+# this was the 0.4.x way of doing things ...
+$cmd="derparse";
+$x509_cmd="x509";
+$crl_cmd="crl";
+$rc4_cmd="rc4";
+$md2_cmd="md2";
+$md4_cmd="md4";
+$rsa_cmd="rsa -des -inform der ";
+
+# this was the 0.5.x way of doing things ...
+$cmd="openssl asn1parse";
+$x509_cmd="openssl x509";
+$crl_cmd="openssl crl";
+$rc4_cmd="openssl rc4";
+$md2_cmd="openssl md2";
+$md4_cmd="openssl md4";
+$rsa_cmd="openssl rsa -des -inform der ";
+
+&Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
+$depth=($opt_d =~ /^\d+$/)?$opt_d:0;
+
+&init_der();
+
+if ($#ARGV != -1)
+	{
+	foreach $file (@ARGV)
+		{
+		print STDERR "doing $file\n";
+		&dofile($file);
+		}
+	}
+else
+	{
+	$file="/tmp/a$$.DER";
+	open(OUT,">$file") || die "unable to open $file:$!\n";
+	for (;;)
+		{
+		$i=sysread(STDIN,$b,1024*10);
+		last if ($i <= 0);
+		$i=syswrite(OUT,$b,$i);
+		}
+	&dofile($file);
+	unlink($file);
+	}
+	
+sub dofile
+	{
+	local($file)=@_;
+	local(@p);
+
+	$b=&load_file($file);
+	@p=&load_file_parse($file);
+
+	foreach $_ (@p)
+		{
+		($off,$d,$hl,$len)=&parse_line($_);
+		$d-=$depth;
+		next if ($d != 0);
+		next if ($len == 0);
+
+		$o=substr($b,$off,$len+$hl);
+		($str,@data)=&der_str($o);
+		print "$str\n" if ($opt_v);
+		if ($str =~ /^$crl/)
+			{
+			open(OUT,"|$crl_cmd -inform d -hash -issuer") ||
+				die "unable to run $crl_cmd:$!\n";
+			print OUT $o;
+			close(OUT);
+			}
+		elsif ($str =~ /^$x509/)
+			{
+			open(OUT,"|$x509_cmd -inform d -hash -subject -issuer")
+				|| die "unable to run $x509_cmd:$!\n";
+			print OUT $o;
+			close(OUT);
+			}
+		elsif ($str =~ /^$rsa/)
+			{
+			($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
+			next unless ($type eq "rsaEncryption");
+			($off,$d,$hl,$len)=&parse_line($data[5]);
+			$os=substr($o,$off+$hl,$len);
+			open(OUT,"|$rsa_cmd")
+				|| die "unable to run $rsa_cmd:$!\n";
+			print OUT $os;
+			close(OUT);
+			}
+		elsif ($str =~ /^0G-1D-1G/)
+			{
+			($off,$d,$hl,$len)=&parse_line($data[1]);
+			$os=substr($o,$off+$hl,$len);
+			print STDERR "<$os>\n" if $opt_v;
+			&do_certificate($o,@data)
+				if (($os eq "certificate") &&
+				    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
+			&do_private_key($o,@data)
+				if (($os eq "private-key") &&
+				    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
+			}
+		}
+	}
+
+sub der_str
+	{
+	local($str)=@_;
+	local(*OUT,*IN,@a,$t,$d,$ret);
+	local($file)="/tmp/b$$.DER";
+	local(@ret);
+
+	open(OUT,">$file");
+	print OUT $str;
+	close(OUT);
+	open(IN,"$cmd -inform 'd' -in $file |") ||
+		die "unable to run $cmd:$!\n";
+	$ret="";
+	while (<IN>)
+		{
+		chop;
+		push(@ret,$_);
+
+		print STDERR "$_\n" if ($debug);
+
+		@a=split(/\s*:\s*/);
+		($d)=($a[1] =~ /d=\s*(\d+)/);
+		$a[2] =~ s/\s+$//;
+		$t=$DER_s2i{$a[2]};
+		$ret.="$d$t-";
+		}
+	close(IN);
+	unlink($file);
+	chop $ret;
+	$ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g;
+	$ret =~ s/(-3G-4B-4L)+/-RCERT/g;
+	return($ret,@ret);
+	}
+
+sub init_der
+	{
+	$crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C";
+	$x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C";
+	$rsa= "0G-1B-1G-2F-2E-1D";
+
+	%DER_i2s=(
+		# SSLeay 0.4.x has this list
+		"A","EOC",
+		"B","INTEGER",
+		"C","BIT STRING",
+		"D","OCTET STRING",
+		"E","NULL",
+		"F","OBJECT",
+		"G","SEQUENCE",
+		"H","SET",
+		"I","PRINTABLESTRING",
+		"J","T61STRING",
+		"K","IA5STRING",
+		"L","UTCTIME",
+		"M","NUMERICSTRING",
+		"N","VIDEOTEXSTRING",
+		"O","GENERALIZEDTIME",
+		"P","GRAPHICSTRING",
+		"Q","ISO64STRING",
+		"R","GENERALSTRING",
+		"S","UNIVERSALSTRING",
+
+		# SSLeay 0.5.x changed some things ... and I'm
+		# leaving in the old stuff but adding in these
+		# to handle the new as well --tjh
+		# - Well I've just taken them out and added the extra new
+		# ones :-) - eay
+		);
+
+	foreach (keys %DER_i2s)
+		{ $DER_s2i{$DER_i2s{$_}}=$_; }
+	}
+
+sub parse_line
+	{
+	local($_)=@_;
+
+	return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/);
+	}
+
+#  0:d=0 hl=4 l=377 cons: univ: SEQUENCE          
+#  4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING      
+# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE          
+# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE          
+# 23:d=3 hl=2 l=  8 prim: univ: OBJECT_IDENTIFIER :rc4
+# 33:d=3 hl=2 l=  0 prim: univ: NULL              
+# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING
+sub do_private_key
+	{
+	local($data,@struct)=@_;
+	local($file)="/tmp/b$$.DER";
+	local($off,$d,$hl,$len,$_,$b,@p,$s);
+
+	($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
+	if ($type eq "rc4")
+		{
+		($off,$d,$hl,$len)=&parse_line($struct[6]);
+		open(OUT,"|$rc4_cmd >$file") ||
+			die "unable to run $rc4_cmd:$!\n";
+		print OUT substr($data,$off+$hl,$len);
+		close(OUT);
+
+		$b=&load_file($file);
+		unlink($file);
+
+		($s,@p)=&der_str($b);
+		die "unknown rsa key type\n$s\n"
+			if ($s ne '0G-1B-1G-2F-2E-1D');
+		local($off,$d,$hl,$len)=&parse_line($p[5]);
+		$b=substr($b,$off+$hl,$len);
+		($s,@p)=&der_str($b);
+		open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n";
+		print OUT $b;
+		close(OUT);
+		}
+	else
+		{
+		print "'$type' is unknown\n";
+		exit(1);
+		}
+	}
+
+sub do_certificate
+	{
+	local($data,@struct)=@_;
+	local($file)="/tmp/b$$.DER";
+	local($off,$d,$hl,$len,$_,$b,@p,$s);
+
+	($off,$d,$hl,$len)=&parse_line($struct[2]);
+	$b=substr($data,$off,$len+$hl);
+
+	open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n";
+	print OUT $b;
+	close(OUT);
+	}
+
+sub load_file
+	{
+	local($file)=@_;
+	local(*IN,$r,$b,$i);
+
+	$r="";
+	open(IN,"<$file") || die "unable to open $file:$!\n";
+	for (;;)
+		{
+		$i=sysread(IN,$b,10240);
+		last if ($i <= 0);
+		$r.=$b;
+		}
+	close(IN);
+	return($r);
+	}
+
+sub load_file_parse
+	{
+	local($file)=@_;
+	local(*IN,$r,@ret,$_,$i,$n,$b);
+
+	open(IN,"$cmd -inform d -in $file|")
+		|| die "unable to run der_parse\n";
+	while (<IN>)
+		{
+		chop;
+		push(@ret,$_);
+		}
+	return($r,@ret);
+	}
+
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -66,7 +66,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/hmac.h>

 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -74,11 +73,9 @@
 #undef PROG
 #define PROG	dgst_main

-static HMAC_CTX hmac_ctx;
-
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow);
+	  const char *file);

 int MAIN(int, char **);

@@ -103,12 +100,9 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
-	char *passargin = NULL, *passin = NULL;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif
-	char *hmac_key=NULL;
-	int non_fips_allow = 0;

 	apps_startup();

@@ -151,12 +145,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			keyfile=*(++argv);
 			}
-		else if (!strcmp(*argv,"-passin"))
-			{
-			if (--argc < 1)
-				break;
-			passargin=*++argv;
-			}
 		else if (strcmp(*argv,"-verify") == 0)
 			{
 			if (--argc < 1) break;
@@ -193,14 +181,6 @@ int MAIN(int argc, char **argv)
 			out_bin = 1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
-		else if (strcmp(*argv,"-non-fips-allow") == 0)
-			non_fips_allow=1;
-		else if (!strcmp(*argv,"-hmac"))
-			{
-			if (--argc < 1)
-				break;
-			hmac_key=*++argv;
-			}
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			md=m;
 		else
@@ -255,7 +235,7 @@ int MAIN(int argc, char **argv)
 		}

 #ifndef OPENSSL_NO_ENGINE
-	e = setup_engine(bio_err, engine, 0);
+        e = setup_engine(bio_err, engine, 0);
 #endif

 	in=BIO_new(BIO_s_file());
@@ -267,12 +247,6 @@ int MAIN(int argc, char **argv)
 		BIO_set_callback_arg(in,bio_err);
 		}

-	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
-		{
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-		}
-
 	if ((in == NULL) || (bmd == NULL))
 		{
 		ERR_print_errors(bio_err);
@@ -314,7 +288,7 @@ int MAIN(int argc, char **argv)
 			sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
 				e, "key file");
 		else
-			sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
+			sigkey = load_key(bio_err, keyfile, keyform, 0, NULL,
 				e, "key file");
 		if (!sigkey)
 			{
@@ -344,30 +318,18 @@ int MAIN(int argc, char **argv)
 			goto end;
 		}
 	}
+		

-	if (non_fips_allow)
-		{
-		EVP_MD_CTX *md_ctx;
-		BIO_get_md_ctx(bmd,&md_ctx);
-		EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-		}

 	/* we use md as a filter, reading from 'in' */
-	if (!BIO_set_md(bmd,md))
-		{
-		BIO_printf(bio_err, "Error setting digest %s\n",
-							EVP_MD_name(md));
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-		
+	BIO_set_md(bmd,md);
 	inp=BIO_push(bmd,in);

 	if (argc == 0)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
-			  siglen,"","(stdin)",bmd,hmac_key, non_fips_allow);
+			  siglen,"","(stdin)");
 		}
 	else
 		{
@@ -385,15 +347,13 @@ int MAIN(int argc, char **argv)
 				}
 			if(!out_bin)
 				{
-				size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;
-				tmp=tofree=OPENSSL_malloc(len);
-				BIO_snprintf(tmp,len,"%s%s(%s)= ",
-							 hmac_key ? "HMAC-" : "",name,argv[i]);
+				tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
+				sprintf(tmp,"%s(%s)= ",name,argv[i]);
 				}
 			else
 				tmp="";
 			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
-				siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow);
+				siglen,tmp,argv[i]);
 			if(r)
 			    err=r;
 			if(tofree)
@@ -408,8 +368,6 @@ end:
 		OPENSSL_free(buf);
 		}
 	if (in != NULL) BIO_free(in);
-	if (passin)
-		OPENSSL_free(passin);
 	BIO_free_all(out);
 	EVP_PKEY_free(sigkey);
 	if(sigbuf) OPENSSL_free(sigbuf);
@@ -420,25 +378,11 @@ end:

 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow)
+	  const char *file)
 	{
-	unsigned int len;
+	int len;
 	int i;
-	EVP_MD_CTX *md_ctx;

-	if (hmac_key)
-		{
-		EVP_MD *md;
-
-		BIO_get_md(bmd,&md);
-		HMAC_CTX_init(&hmac_ctx);
-		if (non_fips_allow)
-			HMAC_CTX_set_flags(&hmac_ctx,
-					EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-		HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);
-		BIO_get_md_ctx(bmd,&md_ctx);
-		BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
-		}
 	for (;;)
 		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
@@ -481,11 +425,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			return 1;
 			}
 		}
-	else if(hmac_key)
-		{
-		HMAC_Final(&hmac_ctx,buf,&len);
-		HMAC_CTX_cleanup(&hmac_ctx);
-		}
 	else
 		len=BIO_gets(bp,(char *)buf,BUFSIZE);

@@ -493,7 +432,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	else 
 		{
 		BIO_write(out,title,strlen(title));
-		for (i=0; (unsigned int)i<len; i++)
+		for (i=0; i<len; i++)
 			{
 			if (sep && (i != 0))
 				BIO_printf(out, ":");
@@ -501,10 +440,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			}
 		BIO_printf(out, "\n");
 		}
-	if (hmac_key)
-		{
-		BIO_set_md_ctx(bmd,md_ctx);
-		}
 	return 0;
 	}

--- a/apps/enc.c
+++ b/apps/enc.c
@@ -114,11 +114,9 @@ int MAIN(int argc, char **argv)
 	unsigned char salt[PKCS5_SALT_LEN];
 	char *str=NULL, *passarg = NULL, *pass = NULL;
 	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
-	char *md=NULL;
 	int enc=1,printkey=0,i,base64=0;
 	int debug=0,olb64=0,nosalt=0;
 	const EVP_CIPHER *cipher=NULL,*c;
-	EVP_CIPHER_CTX *ctx = NULL;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
@@ -126,8 +124,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 	char *engine = NULL;
 #endif
-	const EVP_MD *dgst=NULL;
-	int non_fips_allow = 0;

 	apps_startup();

@@ -257,13 +253,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			hiv= *(++argv);
 			}
-		else if (strcmp(*argv,"-md") == 0)
-			{
-			if (--argc < 1) goto bad;
-			md= *(++argv);
-			}
-		else if (strcmp(*argv,"-non-fips-allow") == 0)
-			non_fips_allow = 1;
 		else if	((argv[0][0] == '-') &&
 			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
 			{
@@ -282,10 +271,8 @@ bad:
 			BIO_printf(bio_err,"%-14s encrypt\n","-e");
 			BIO_printf(bio_err,"%-14s decrypt\n","-d");
 			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
-			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
-			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
-			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
-			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
+			BIO_printf(bio_err,"%-14s key is the next argument\n","-k");
+			BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile");
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
@@ -309,20 +296,6 @@ bad:
        e = setup_engine(bio_err, engine, 0);
 #endif

-	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
-		{
-		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
-		goto end;
-		}
-
-	if (dgst == NULL)
-		{
-		if (in_FIPS_mode)
-			dgst = EVP_sha1();
-		else
-			dgst = EVP_md5();
-		}
-
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -400,9 +373,9 @@ bad:
 			{
 			char buf[200];

-			BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
-				     OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
-				     (enc)?"encryption":"decryption");
+			sprintf(buf,"enter %s %s password:",
+				OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+				(enc)?"encryption":"decryption");
 			strbuf[0]='\0';
 			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
 			if (i == 0)
@@ -510,7 +483,7 @@ bad:
 				sptr = salt;
 			}

-			EVP_BytesToKey(cipher,dgst,sptr,
+			EVP_BytesToKey(cipher,EVP_md5(),sptr,
 				(unsigned char *)str,
 				strlen(str),1,key,iv);
 			/* zero the complete buffer or the string
@@ -543,43 +516,13 @@ bad:

 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
 			goto end;
-
-		/* Since we may be changing parameters work on the encryption
-		 * context rather than calling BIO_set_cipher().
-		 */
-
-		BIO_get_cipher_ctx(benc, &ctx);
-		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
-			{
-			BIO_printf(bio_err, "Error setting cipher %s\n",
-					EVP_CIPHER_name(cipher));
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-		if (non_fips_allow)
-			EVP_CIPHER_CTX_set_flags(ctx,
-				EVP_CIPH_FLAG_NON_FIPS_ALLOW);
-
-		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
-			{
-			BIO_printf(bio_err, "Error setting cipher %s\n",
-					EVP_CIPHER_name(cipher));
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
+		BIO_set_cipher(benc,cipher,key,iv,enc);
 		if (nopad)
-			EVP_CIPHER_CTX_set_padding(ctx, 0);
-
-		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
 			{
-			BIO_printf(bio_err, "Error setting cipher %s\n",
-					EVP_CIPHER_name(cipher));
-			ERR_print_errors(bio_err);
-			goto end;
+			EVP_CIPHER_CTX *ctx;
+			BIO_get_cipher_ctx(benc, &ctx);
+			EVP_CIPHER_CTX_set_padding(ctx, 0);
 			}
-
 		if (debug)
 			{
 			BIO_set_callback(benc,BIO_debug_callback);
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -122,8 +122,8 @@ static int append_buf(char **buf, const char *s, int *size, int step)
 		return 0;

 	if (**buf != '\0')
-		BUF_strlcat(*buf, ", ", *size);
-	BUF_strlcat(*buf, s, *size);
+		strcat(*buf, ", ");
+	strcat(*buf, s);

 	return 1;
 	}
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -142,13 +142,13 @@ $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "RSA;RSAUTL;DSA;DSAPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
-	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP;PRIME"
+	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
 	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
 	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
 	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
-	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ,PRIME.OBJ
+	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",OPENSSL,"
@@ -679,7 +679,7 @@ $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -711,7 +711,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -743,7 +743,7 @@ $!    Use GNU C...
 $!
 $     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
 $     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -68,6 +68,19 @@
 /* Maximum leeway in validity period: default 5 minutes */
 #define MAX_VALIDITY_PERIOD	(5 * 60)

+/* CA index.txt definitions */
+#define DB_type         0
+#define DB_exp_date     1
+#define DB_rev_date     2
+#define DB_serial       3       /* index - unique */
+#define DB_file         4       
+#define DB_name         5       /* index - unique for active */
+#define DB_NUMBER       6
+
+#define DB_TYPE_REV	'R'
+#define DB_TYPE_EXP	'E'
+#define DB_TYPE_VAL	'V'
+
 static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
 				STACK_OF(OCSP_CERTID) *ids);
 static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
@@ -76,12 +89,12 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
 				STACK *names, STACK_OF(OCSP_CERTID) *ids,
 				long nsec, long maxage);

-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
 			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
 			STACK_OF(X509) *rother, unsigned long flags,
 			int nmin, int ndays);

-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
+static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser);
 static BIO *init_responder(char *port);
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
@@ -130,7 +143,7 @@ int MAIN(int argc, char **argv)
 	X509 *rca_cert = NULL;
 	char *ridx_filename = NULL;
 	char *rca_filename = NULL;
-	CA_DB *rdb = NULL;
+	TXT_DB *rdb = NULL;
 	int nmin = 0, ndays = -1;

 	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -687,9 +700,22 @@ int MAIN(int argc, char **argv)

 	if (ridx_filename && !rdb)
 		{
-		rdb = load_index(ridx_filename, NULL);
-		if (!rdb) goto end;
-		if (!index_index(rdb)) goto end;
+		BIO *db_bio = NULL;
+		db_bio = BIO_new_file(ridx_filename, "r");
+		if (!db_bio)
+			{
+			BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename);
+			goto end;
+			}
+		rdb = TXT_DB_read(db_bio, DB_NUMBER);
+		BIO_free(db_bio);
+		if (!rdb)
+			{
+			BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename);
+			goto end;
+			}
+		if (!make_serial_index(rdb))
+			goto end;
 		}

 	if (rdb)
@@ -873,7 +899,7 @@ end:
 	X509_free(cert);
 	X509_free(rsigner);
 	X509_free(rca_cert);
-	free_index(rdb);
+	TXT_DB_free(rdb);
 	BIO_free_all(cbio);
 	BIO_free_all(acbio);
 	BIO_free(out);
@@ -1015,7 +1041,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
 	}


-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
 			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
 			STACK_OF(X509) *rother, unsigned long flags,
 			int nmin, int ndays)
@@ -1107,7 +1133,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db

 	}

-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
+static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
 	{
 	int i;
 	BIGNUM *bn = NULL;
@@ -1120,7 +1146,7 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
 		itmp = BN_bn2hex(bn);
 	row[DB_serial] = itmp;
 	BN_free(bn);
-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
 	OPENSSL_free(itmp);
 	return rrow;
 	}
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -3,13 +3,8 @@
 # This is mostly being used for generation of certificate requests.
 #

-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file		= $ENV::HOME/.oid
+oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids

 # To use this configuration file with the "-extfile" option of the
@@ -34,35 +29,22 @@ default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]

-dir		= sys\$disk:[.demoCA		# Where everything is kept
+dir		= sys\$disk:[.demoCA	# Where everything is kept
 certs		= $dir.certs]		# Where the issued certs are kept
 crl_dir		= $dir.crl]		# Where the issued crl are kept
 database	= $dir]index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
-					# several ctificates with same subject.
-new_certs_dir	= $dir.newcerts]		# default place for new certs.
+new_certs_dir	= $dir.newcerts]	# default place for new certs.

 certificate	= $dir]cacert.pem 	# The CA certificate
-serial		= $dir]serial. 		# The current serial number
-#crlnumber	= $dir]crlnumber.	# the current crl number must be
-					# commented out to leave a V1 CRL
+serial		= $dir]serial.		# The current serial number
 crl		= $dir]crl.pem 		# The current CRL
 private_key	= $dir.private]cakey.pem# The private key
 RANDFILE	= $dir.private].rand	# private random number file

 x509_extensions	= usr_cert		# The extentions to add to the cert

-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt 	= ca_default		# Subject Name options
-cert_opt 	= ca_default		# Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
 # crl_extensions	= crl_ext

 default_days	= 365			# how long to certify for
@@ -104,19 +86,16 @@ distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert

-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options. 
+# This sets the permitted types in a DirectoryString. There are several
+# options. 
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString.
 # utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# nobmp : PrintableString, T61String (no BMPStrings).
 # MASK:XXXX a literal mask value.
 # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
 # so use this option with caution!
-string_mask = nombstr
+dirstring_type = nobmp

 # req_extensions = v3_req # The extensions to add to a certificate request

@@ -145,7 +124,7 @@ commonName			= Common Name (eg, YOUR name)
 commonName_max			= 64

 emailAddress			= Email Address
-emailAddress_max		= 64
+emailAddress_max		= 40

 # SET-ex3			= SET extension number 3

@@ -193,9 +172,6 @@ authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move

 # Copy subject details
 # issuerAltName=issuer:copy
@@ -258,56 +234,3 @@ basicConstraints = CA:true

 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType			= server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment			= "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -129,7 +129,6 @@
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
-#include <openssl/fips.h>

 /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
 * base prototypes (we cast each variable inside the function to the required
@@ -148,7 +147,6 @@ char *default_config_file=NULL;
 #ifdef MONOLITH
 CONF *config=NULL;
 BIO *bio_err=NULL;
-int in_FIPS_mode=0;
 #endif


@@ -229,31 +227,10 @@ int main(int Argc, char *Argv[])
 	char **argv,*p;
 	LHASH *prog=NULL;
 	long errline;
-
+ 
 	arg.data=NULL;
 	arg.count=0;

-	in_FIPS_mode = 0;
-
-#ifdef OPENSSL_FIPS
-	if(getenv("OPENSSL_FIPS")) {
-#if defined(_WIN32)
-		char filename[MAX_PATH] = "";
-		GetModuleFileNameA( NULL, filename, MAX_PATH) ;
-		p = filename;
-#else
-		p = Argv[0];
-#endif
-		if (!FIPS_mode_set(1,p)) {
-			ERR_load_crypto_strings();
-			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-			EXIT(1);
-		}
-		in_FIPS_mode = 1;
-		if (getenv("OPENSSL_FIPS_MD5"))
-			FIPS_allow_md5(1);
-		}
-#endif
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -38,14 +38,10 @@ dir		= ./demoCA		# Where everything is kept
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
-					# several ctificates with same subject.
 new_certs_dir	= $dir/newcerts		# default place for new certs.

 certificate	= $dir/cacert.pem 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
-#crlnumber	= $dir/crlnumber	# the current crl number must be
-					# commented out to leave a V1 CRL
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
@@ -62,7 +58,6 @@ cert_opt 	= ca_default		# Certificate field options

 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
 # crl_extensions	= crl_ext

 default_days	= 365			# how long to certify for
@@ -258,56 +253,3 @@ basicConstraints = CA:true

 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType			= server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment			= "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -109,7 +109,7 @@ int MAIN(int argc, char **argv)
    int maciter = PKCS12_DEFAULT_ITER;
    int twopass = 0;
    int keytype = 0;
-    int cert_pbe;
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    int ret = 1;
    int macver = 1;
@@ -126,13 +126,6 @@ int MAIN(int argc, char **argv)

    apps_startup();

-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-	cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-    else
-#endif
-    cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-
    enc = EVP_des_ede3_cbc();
    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);

@@ -564,7 +557,7 @@ int MAIN(int argc, char **argv)
 	    BIO_printf (bio_err, "Can't read Password\n");
 	    goto export_end;
        }
-	if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+	if (!twopass) strcpy(macpass, pass);
 	/* Turn certbags into encrypted authsafe */
 	authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
 								 iter, bags);
@@ -665,7 +658,7 @@ int MAIN(int argc, char **argv)
    CRYPTO_pop_info();
 #endif

-    if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+    if (!twopass) strcpy(macpass, pass);

    if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
    if(macver) {
@@ -673,7 +666,7 @@ int MAIN(int argc, char **argv)
    CRYPTO_push_info("verify MAC");
 #endif
 	/* If we enter empty password try no password first */
-	if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+	if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
 		/* If mac and crypto pass the same set it to NULL too */
 		if(!twopass) cpass = NULL;
 	} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
@@ -717,10 +710,9 @@ int MAIN(int argc, char **argv)
 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 	     int passlen, int options, char *pempass)
 {
-	STACK_OF(PKCS7) *asafes = NULL;
+	STACK_OF(PKCS7) *asafes;
 	STACK_OF(PKCS12_SAFEBAG) *bags;
 	int i, bagnid;
-	int ret = 0;
 	PKCS7 *p7;

 	if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
@@ -738,22 +730,16 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 			}
 			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
 		} else continue;
-		if (!bags) goto err;
+		if (!bags) return 0;
 	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
 						 options, pempass)) {
 			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
-			goto err;
+			return 0;
 		}
 		sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
-		bags = NULL;
 	}
-	ret = 1;
-
-	err:
-
-	if (asafes)
-		sk_PKCS7_pop_free (asafes, PKCS7_free);
-	return ret;
+	sk_PKCS7_pop_free (asafes, PKCS7_free);
+	return 1;
 }

 int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -102,9 +102,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))
-		goto end;
-
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -1,6 +1,6 @@
 /* pkcs8.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999-2004.
+ * project 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -68,7 +68,7 @@
 int MAIN(int, char **);

 int MAIN(int argc, char **argv)
-	{
+{
 	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
@@ -100,70 +100,43 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
-	while (!badarg && *args && *args[0] == '-')
-		{
-		if (!strcmp(*args,"-v2"))
-			{
-			if (args[1])
-				{
+	while (!badarg && *args && *args[0] == '-') {
+		if (!strcmp(*args,"-v2")) {
+			if (args[1]) {
 				args++;
 				cipher=EVP_get_cipherbyname(*args);
-				if (!cipher)
-					{
+				if(!cipher) {
 					BIO_printf(bio_err,
 						 "Unknown cipher %s\n", *args);
 					badarg = 1;
-					}
 				}
-			else
-				badarg = 1;
-			}
-		else if (!strcmp(*args,"-v1"))
-			{
-			if (args[1])
-				{
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-v1")) {
+			if (args[1]) {
 				args++;
 				pbe_nid=OBJ_txt2nid(*args);
-				if (pbe_nid == NID_undef)
-					{
+				if(pbe_nid == NID_undef) {
 					BIO_printf(bio_err,
 						 "Unknown PBE algorithm %s\n", *args);
 					badarg = 1;
-					}
 				}
-			else
-				badarg = 1;
-			}
-		else if (!strcmp(*args,"-inform"))
-			{
-			if (args[1])
-				{
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-inform")) {
+			if (args[1]) {
 				args++;
 				informat=str2fmt(*args);
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args,"-outform"))
-			{
-			if (args[1])
-				{
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-outform")) {
+			if (args[1]) {
 				args++;
 				outformat=str2fmt(*args);
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-topk8"))
-			topk8 = 1;
-		else if (!strcmp (*args, "-noiter"))
-			iter = 1;
-		else if (!strcmp (*args, "-nocrypt"))
-			nocrypt = 1;
-		else if (!strcmp (*args, "-nooct"))
-			p8_broken = PKCS8_NO_OCTET;
-		else if (!strcmp (*args, "-nsdb"))
-			p8_broken = PKCS8_NS_DB;
-		else if (!strcmp (*args, "-embed"))
-			p8_broken = PKCS8_EMBEDDED_PARAM;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-topk8")) topk8 = 1;
+		else if (!strcmp (*args, "-noiter")) iter = 1;
+		else if (!strcmp (*args, "-nocrypt")) nocrypt = 1;
+		else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;
+		else if (!strcmp (*args, "-nsdb")) p8_broken = PKCS8_NS_DB;
+		else if (!strcmp (*args, "-embed")) p8_broken = PKCS8_EMBEDDED_PARAM;
 		else if (!strcmp(*args,"-passin"))
 			{
 			if (!args[1]) goto bad;
@@ -181,30 +154,21 @@ int MAIN(int argc, char **argv)
 			engine= *(++args);
 			}
 #endif
-		else if (!strcmp (*args, "-in"))
-			{
-			if (args[1])
-				{
+		else if (!strcmp (*args, "-in")) {
+			if (args[1]) {
 				args++;
 				infile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-out"))
-			{
-			if (args[1])
-				{
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+			if (args[1]) {
 				args++;
 				outfile = *args;
-				}
-			else badarg = 1;
-			}
-		else badarg = 1;
+			} else badarg = 1;
+		} else badarg = 1;
 		args++;
-		}
+	}

-	if (badarg)
-		{
+	if (badarg) {
 		bad:
 		BIO_printf(bio_err, "Usage pkcs8 [options]\n");
 		BIO_printf(bio_err, "where options are\n");
@@ -225,199 +189,147 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
-		return 1;
-		}
+		return (1);
+	}

 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif

-	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
-		{
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
-		return 1;
-		}
+		return (1);
+	}

-	if ((pbe_nid == -1) && !cipher)
-		pbe_nid = NID_pbeWithMD5AndDES_CBC;
+	if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC;

-	if (infile)
-		{
-		if (!(in = BIO_new_file(infile, "rb")))
-			{
+	if (infile) {
+		if (!(in = BIO_new_file(infile, "rb"))) {
 			BIO_printf(bio_err,
 				 "Can't open input file %s\n", infile);
 			return (1);
-			}
 		}
-	else
-		in = BIO_new_fp (stdin, BIO_NOCLOSE);
+	} else in = BIO_new_fp (stdin, BIO_NOCLOSE);

-	if (outfile)
-		{
-		if (!(out = BIO_new_file (outfile, "wb")))
-			{
+	if (outfile) {
+		if (!(out = BIO_new_file (outfile, "wb"))) {
 			BIO_printf(bio_err,
 				 "Can't open output file %s\n", outfile);
 			return (1);
-			}
 		}
-	else
-		{
+	} else {
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
-			{
+		{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
-			}
-#endif
 		}
+#endif
+	}
 	if (topk8)
 		{
 		BIO_free(in); /* Not needed in this section */
 		pkey = load_key(bio_err, infile, informat, 1,
 			passin, e, "key");
-		if (!pkey)
-			{
-			BIO_free_all(out);
-			return 1;
-			}
-		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
-			{
+		if (!pkey) {
+			return (1);
+		}
+		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
 			BIO_printf(bio_err, "Error converting key\n");
 			ERR_print_errors(bio_err);
-			EVP_PKEY_free(pkey);
-			BIO_free_all(out);
-			return 1;
-			}
-		if (nocrypt)
-			{
-			if (outformat == FORMAT_PEM) 
+			return (1);
+		}
+		if(nocrypt) {
+			if(outformat == FORMAT_PEM) 
 				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
-			else if (outformat == FORMAT_ASN1)
+			else if(outformat == FORMAT_ASN1)
 				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
-			else
-				{
+			else {
 				BIO_printf(bio_err, "Bad format specified for key\n");
-				PKCS8_PRIV_KEY_INFO_free(p8inf);
-				EVP_PKEY_free(pkey);
-				BIO_free_all(out);
 				return (1);
-				}
 			}
-		else
-			{
-			if (passout)
-				p8pass = passout;
-			else
-				{
+		} else {
+			if(passout) p8pass = passout;
+			else {
 				p8pass = pass;
 				if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
-					{
-					PKCS8_PRIV_KEY_INFO_free(p8inf);
-					EVP_PKEY_free(pkey);
-					BIO_free_all(out);
 					return (1);
-					}
-				}
+			}
 			app_RAND_load_file(NULL, bio_err, 0);
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
 					p8pass, strlen(p8pass),
-					NULL, 0, iter, p8inf)))
-				{
+					NULL, 0, iter, p8inf))) {
 				BIO_printf(bio_err, "Error encrypting key\n");
 				ERR_print_errors(bio_err);
-				PKCS8_PRIV_KEY_INFO_free(p8inf);
-				EVP_PKEY_free(pkey);
-				BIO_free_all(out);
 				return (1);
-				}
-			app_RAND_write_file(NULL, bio_err);
-			if (outformat == FORMAT_PEM) 
-				PEM_write_bio_PKCS8(out, p8);
-			else if (outformat == FORMAT_ASN1)
-				i2d_PKCS8_bio(out, p8);
-			else
-				{
-				BIO_printf(bio_err, "Bad format specified for key\n");
-				PKCS8_PRIV_KEY_INFO_free(p8inf);
-				EVP_PKEY_free(pkey);
-				BIO_free_all(out);
-				return (1);
-				}
-			X509_SIG_free(p8);
 			}
-
+			app_RAND_write_file(NULL, bio_err);
+			if(outformat == FORMAT_PEM) 
+				PEM_write_bio_PKCS8(out, p8);
+			else if(outformat == FORMAT_ASN1)
+				i2d_PKCS8_bio(out, p8);
+			else {
+				BIO_printf(bio_err, "Bad format specified for key\n");
+				return (1);
+			}
+			X509_SIG_free(p8);
+		}
 		PKCS8_PRIV_KEY_INFO_free (p8inf);
 		EVP_PKEY_free(pkey);
 		BIO_free_all(out);
-		if (passin)
-			OPENSSL_free(passin);
-		if (passout)
-			OPENSSL_free(passout);
+		if(passin) OPENSSL_free(passin);
+		if(passout) OPENSSL_free(passout);
 		return (0);
-		}
+	}

-	if (nocrypt)
-		{
-		if (informat == FORMAT_PEM) 
+	if(nocrypt) {
+		if(informat == FORMAT_PEM) 
 			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
-		else if (informat == FORMAT_ASN1)
+		else if(informat == FORMAT_ASN1)
 			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
-		else
-			{
+		else {
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			return (1);
-			}
 		}
-	else
-		{
-		if (informat == FORMAT_PEM) 
+	} else {
+		if(informat == FORMAT_PEM) 
 			p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
-		else if (informat == FORMAT_ASN1)
+		else if(informat == FORMAT_ASN1)
 			p8 = d2i_PKCS8_bio(in, NULL);
-		else
-			{
+		else {
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			return (1);
-			}
+		}

-		if (!p8)
-			{
+		if (!p8) {
 			BIO_printf (bio_err, "Error reading key\n");
 			ERR_print_errors(bio_err);
 			return (1);
-			}
-		if (passin)
-			p8pass = passin;
-		else
-			{
+		}
+		if(passin) p8pass = passin;
+		else {
 			p8pass = pass;
 			EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
-			}
+		}
 		p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
 		X509_SIG_free(p8);
-		}
+	}

-	if (!p8inf)
-		{
+	if (!p8inf) {
 		BIO_printf(bio_err, "Error decrypting key\n");
 		ERR_print_errors(bio_err);
 		return (1);
-		}
+	}

-	if (!(pkey = EVP_PKCS82PKEY(p8inf)))
-		{
+	if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
 		BIO_printf(bio_err, "Error converting key\n");
 		ERR_print_errors(bio_err);
 		return (1);
-		}
+	}
 	
-	if (p8inf->broken)
-		{
+	if (p8inf->broken) {
 		BIO_printf(bio_err, "Warning: broken key encoding: ");
-		switch (p8inf->broken)
-			{
+		switch (p8inf->broken) {
 			case PKCS8_NO_OCTET:
 			BIO_printf(bio_err, "No Octet String in PrivateKey\n");
 			break;
@@ -437,24 +349,21 @@ int MAIN(int argc, char **argv)
 	}
 	
 	PKCS8_PRIV_KEY_INFO_free(p8inf);
-	if (outformat == FORMAT_PEM) 
+	if(outformat == FORMAT_PEM) 
 		PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
-	else if (outformat == FORMAT_ASN1)
+	else if(outformat == FORMAT_ASN1)
 		i2d_PrivateKey_bio(out, pkey);
-	else
-		{
+	else {
 		BIO_printf(bio_err, "Bad format specified for key\n");
 			return (1);
-		}
+	}

 	end:
 	EVP_PKEY_free(pkey);
 	BIO_free_all(out);
 	BIO_free(in);
-	if (passin)
-		OPENSSL_free(passin);
-	if (passout)
-		OPENSSL_free(passout);
+	if(passin) OPENSSL_free(passin);
+	if(passout) OPENSSL_free(passout);

 	return (0);
-	}
+}
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -1,128 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-
-#include "apps.h"
-#include <openssl/bn.h>
-
-
-#undef PROG
-#define PROG prime_main
-
-int MAIN(int argc, char **argv)
-    {
-    int hex=0;
-    int checks=20;
-    BIGNUM *bn=NULL;
-    BIO *bio_out;
-
-    apps_startup();
-
-    if (bio_err == NULL)
-	if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-	    BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-    --argc;
-    ++argv;
-    while (argc >= 1 && **argv == '-')
-	{
-	if(!strcmp(*argv,"-hex"))
-	    hex=1;
-	else if(!strcmp(*argv,"-checks"))
-	    if(--argc < 1)
-		goto bad;
-	    else
-		checks=atoi(*++argv);
-	else
-	    {
-	    BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
-	    goto bad;
-	    }
-	--argc;
-	++argv;
-	}
-
-    if (argv[0] == NULL)
-	{
-	BIO_printf(bio_err,"No prime specified\n");
-	goto bad;
-	}
-
-   if ((bio_out=BIO_new(BIO_s_file())) != NULL)
-	{
-	BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-	    {
-	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	    bio_out = BIO_push(tmpbio, bio_out);
-	    }
-#endif
-	}
-
-    if(hex)
-	BN_hex2bn(&bn,argv[0]);
-    else
-	BN_dec2bn(&bn,argv[0]);
-
-    BN_print(bio_out,bn);
-    BIO_printf(bio_out," is %sprime\n",
-	       BN_is_prime(bn,checks,NULL,NULL,NULL) ? "" : "not ");
-
-    BN_free(bn);
-    BIO_free_all(bio_out);
-
-    return 0;
-
-    bad:
-    BIO_printf(bio_err,"options are\n");
-    BIO_printf(bio_err,"%-14s hex\n","-hex");
-    BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");
-    return 1;
-    }
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -35,7 +35,6 @@ extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
 extern int rand_main(int argc,char *argv[]);
-extern int prime_main(int argc,char *argv[]);
 #ifndef OPENSSL_NO_ENGINE
 extern int engine_main(int argc,char *argv[]);
 #endif
@@ -116,7 +115,6 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
 	{FUNC_TYPE_GENERAL,"smime",smime_main},
 	{FUNC_TYPE_GENERAL,"rand",rand_main},
-	{FUNC_TYPE_GENERAL,"prime",prime_main},
 #ifndef OPENSSL_NO_ENGINE
 	{FUNC_TYPE_GENERAL,"engine",engine_main},
 #endif
--- a/apps/req.c
+++ b/apps/req.c
@@ -175,7 +175,7 @@ int MAIN(int argc, char **argv)
 	char *passin = NULL, *passout = NULL;
 	char *p;
 	char *subj = NULL;
-	const EVP_MD *md_alg=NULL,*digest;
+	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 	unsigned long chtype = MBSTRING_ASC;
 #ifndef MONOLITH
 	char *to_free;
@@ -197,13 +197,6 @@ int MAIN(int argc, char **argv)
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;

-#ifdef  OPENSSL_FIPS
-	if (FIPS_mode())
-		digest = EVP_sha1();
-	else
-#endif
-		digest = EVP_md5();
-
 	prog=argv[0];
 	argc--;
 	argv++;
@@ -506,16 +499,13 @@ bad:
 	else
 		{
 		req_conf=config;
-
-		if (req_conf == NULL)
-			{
-			BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file);
-			if (newreq)
-				goto end;
-			}
-		else if( verbose )
+		if( verbose )
 			BIO_printf(bio_err,"Using configuration from %s\n",
 			default_config_file);
+		if (req_conf == NULL)
+			{
+			BIO_printf(bio_err,"Unable to load config info\n");
+			}
 		}

 	if (req_conf != NULL)
@@ -834,16 +824,14 @@ loop:
 			if ((x509ss=X509_new()) == NULL) goto end;

 			/* Set version to V3 */
-			if(extensions && !X509_set_version(x509ss, 2)) goto end;
+			if(!X509_set_version(x509ss, 2)) goto end;
 			if (serial)
 				{
 				if (!X509_set_serialNumber(x509ss, serial)) goto end;
 				}
 			else
 				{
-				if (!rand_serial(NULL,
-					X509_get_serialNumber(x509ss)))
-						goto end;
+				if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
 				}

 			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
@@ -1235,34 +1223,34 @@ start:		for (;;)
 				}
 			/* If OBJ not recognised ignore it */
 			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
-			if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
-				>= sizeof buf)
+
+			if(strlen(v->name) > sizeof buf-9)
 			   {
 			   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
 			   return 0;
 			   }

+			sprintf(buf,"%s_default",v->name);
 			if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
 				{
 				ERR_clear_error();
 				def="";
 				}
-				
-			BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
+			sprintf(buf,"%s_value",v->name);
 			if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
 				{
 				ERR_clear_error();
 				value=NULL;
 				}

-			BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
+			sprintf(buf,"%s_min",v->name);
 			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
 				{
 				ERR_clear_error();
 				n_min = -1;
 				}

-			BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
+			sprintf(buf,"%s_max",v->name);
 			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
 				{
 				ERR_clear_error();
@@ -1300,13 +1288,13 @@ start2:			for (;;)
 				if ((nid=OBJ_txt2nid(type)) == NID_undef)
 					goto start2;

-				if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
-					>= sizeof buf)
+				if(strlen(v->name) > sizeof buf-9)
 				   {
 				   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
 				   return 0;
 				   }

+				sprintf(buf,"%s_default",type);
 				if ((def=NCONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
 					{
@@ -1315,7 +1303,7 @@ start2:			for (;;)
 					}
 				
 				
-				BIO_snprintf(buf,sizeof buf,"%s_value",type);
+				sprintf(buf,"%s_value",type);
 				if ((value=NCONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
 					{
@@ -1323,11 +1311,11 @@ start2:			for (;;)
 					value=NULL;
 					}

-				BIO_snprintf(buf,sizeof buf,"%s_min",type);
+				sprintf(buf,"%s_min",type);
 				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
 					n_min = -1;

-				BIO_snprintf(buf,sizeof buf,"%s_max",type);
+				sprintf(buf,"%s_max",type);
 				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
 					n_max = -1;

@@ -1409,8 +1397,9 @@ start:
 	(void)BIO_flush(bio_err);
 	if(value != NULL)
 		{
-		BUF_strlcpy(buf,value,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
+		OPENSSL_assert(strlen(value) < sizeof buf-2);
+		strcpy(buf,value);
+		strcat(buf,"\n");
 		BIO_printf(bio_err,"%s\n",value);
 		}
 	else
@@ -1432,8 +1421,8 @@ start:
 		{
 		if ((def == NULL) || (def[0] == '\0'))
 			return(1);
-		BUF_strlcpy(buf,def,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
+		strcpy(buf,def);
+		strcat(buf,"\n");
 		}
 	else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);

@@ -1467,8 +1456,9 @@ start:
 	(void)BIO_flush(bio_err);
 	if (value != NULL)
 		{
-		BUF_strlcpy(buf,value,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
+		OPENSSL_assert(strlen(value) < sizeof buf-2);
+		strcpy(buf,value);
+		strcat(buf,"\n");
 		BIO_printf(bio_err,"%s\n",value);
 		}
 	else
@@ -1490,8 +1480,8 @@ start:
 		{
 		if ((def == NULL) || (def[0] == '\0'))
 			return(1);
-		BUF_strlcpy(buf,def,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
+		strcpy(buf,def);
+		strcat(buf,"\n");
 		}
 	else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);

--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -97,7 +97,6 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey = NULL;
 	RSA *rsa = NULL;
 	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
-	char *passargin = NULL, *passin = NULL;
 	int rsa_inlen, rsa_outlen = 0;
 	int keysize;

@@ -125,9 +124,6 @@ int MAIN(int argc, char **argv)
 		} else if(!strcmp(*argv, "-inkey")) {
 			if (--argc < 1) badarg = 1;
 			keyfile = *(++argv);
-		} else if (!strcmp(*argv,"-passin")) {
-			if (--argc < 1) badarg = 1;
-			passargin= *(++argv);
 		} else if (strcmp(*argv,"-keyform") == 0) {
 			if (--argc < 1) badarg = 1;
 			keyform=str2fmt(*(++argv));
@@ -173,10 +169,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
-	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-	}

 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
@@ -184,7 +176,7 @@ int MAIN(int argc, char **argv)
 	switch(key_type) {
 		case KEY_PRIVKEY:
 		pkey = load_key(bio_err, keyfile, keyform, 0,
-			passin, e, "Private Key");
+			NULL, e, "Private Key");
 		break;

 		case KEY_PUBKEY:
@@ -298,7 +290,6 @@ int MAIN(int argc, char **argv)
 	BIO_free_all(out);
 	if(rsa_in) OPENSSL_free(rsa_in);
 	if(rsa_out) OPENSSL_free(rsa_out);
-	if(passin) OPENSSL_free(passin);
 	return ret;
 }

@@ -322,7 +313,6 @@ static void usage()
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
 #ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
-	BIO_printf (bio_err, "-passin arg    pass phrase source\n");
 #endif

 }
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -197,9 +197,6 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
 	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
-#ifdef WATT32
-	BIO_printf(bio_err," -wdebug       - WATT-32 tcp debugging\n");
-#endif
 	BIO_printf(bio_err," -msg          - Show protocol messages\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
@@ -351,10 +348,6 @@ int MAIN(int argc, char **argv)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
-#ifdef WATT32
-		else if	(strcmp(*argv,"-wdebug") == 0)
-			dbug_init();
-#endif
 		else if	(strcmp(*argv,"-msg") == 0)
 			c_msg=1;
 		else if	(strcmp(*argv,"-showcerts") == 0)
@@ -595,8 +588,6 @@ re_start:
 	if (starttls_proto == 1)
 		{
 		BIO_read(sbio,mbuf,BUFSIZZ);
-		BIO_printf(sbio,"EHLO some.host.name\r\n");
-		BIO_read(sbio,mbuf,BUFSIZZ);
 		BIO_printf(sbio,"STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -153,6 +153,7 @@ static int ssl_sock_init(void)
 #ifdef WATT32
 	extern int _watt_do_exit;
 	_watt_do_exit = 0;
+	dbug_init();
 	if (sock_init())
 		return (0);
 #elif defined(OPENSSL_SYS_WINDOWS)
@@ -388,7 +389,7 @@ redoit:
 			perror("OPENSSL_malloc");
 			return(0);
 			}
-		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
+		strcpy(*host,h1->h_name);

 		h2=GetHostByName(*host);
 		if (h2 == NULL)
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -502,7 +502,7 @@ int MAIN(int argc, char **argv)

 		if (s_www_path != NULL)
 			{
-			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+			sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 			SSL_write(scon,buf,strlen(buf));
 			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
 				bytes_read+=i;
@@ -557,7 +557,7 @@ next:

 	if (s_www_path != NULL)
 		{
-		BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+		sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 		SSL_write(scon,buf,strlen(buf));
 		while (SSL_read(scon,buf,sizeof(buf)) > 0)
 			;
@@ -595,7 +595,7 @@ next:

 		if (s_www_path)
 			{
-			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+			sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 			SSL_write(scon,buf,strlen(buf));
 			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
 				bytes_read+=i;
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -773,7 +773,6 @@ int MAIN(int argc, char **argv)
 			{
 			dsa_doit[R_DSA_512]=1;
 			dsa_doit[R_DSA_1024]=1;
-			dsa_doit[R_DSA_2048]=1;
 			}
 		else
 #endif
@@ -1007,9 +1006,6 @@ int MAIN(int argc, char **argv)
 	c[D_CBC_RC5][0]=count;
 	c[D_CBC_BF][0]=count;
 	c[D_CBC_CAST][0]=count;
-	c[D_CBC_128_AES][0]=count;
-	c[D_CBC_192_AES][0]=count;
-	c[D_CBC_256_AES][0]=count;

 	for (i=1; i<SIZE_NUM; i++)
 		{
@@ -1035,9 +1031,6 @@ int MAIN(int argc, char **argv)
 		c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
 		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
-		c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
-		c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
-		c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
 		}
 #ifndef OPENSSL_NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;
@@ -1395,7 +1388,6 @@ int MAIN(int argc, char **argv)
 					EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
 				else
 					EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
-				EVP_CIPHER_CTX_set_padding(&ctx, 0);

 				Time_F(START);
 				if(decrypt)
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -354,7 +354,6 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
 		/* Continue after extension errors too */
 		if (ctx->error == X509_V_ERR_INVALID_CA) ok=1;
-		if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1;
 		if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
 		if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
 		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -168,7 +168,7 @@ int MAIN(int argc, char **argv)
 	char *CAkeyfile=NULL,*CAserial=NULL;
 	char *alias=NULL;
 	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
-	int next_serial=0,ocspid=0;
+	int ocspid=0;
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
@@ -179,7 +179,7 @@ int MAIN(int argc, char **argv)
 	X509_REQ *rq=NULL;
 	int fingerprint=0;
 	char buf[256];
-	const EVP_MD *md_alg,*digest;
+	const EVP_MD *md_alg,*digest=EVP_md5();
 	CONF *extconf = NULL;
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
@@ -216,13 +216,6 @@ int MAIN(int argc, char **argv)
 	if (ctx == NULL) goto end;
 	X509_STORE_set_verify_cb_func(ctx,callb);

-#ifdef  OPENSSL_FIPS
-	if (FIPS_mode())
-		digest = EVP_sha1();
-	else
-#endif
-		digest = EVP_md5();
-
 	argc--;
 	argv++;
 	num=0;
@@ -378,8 +371,6 @@ int MAIN(int argc, char **argv)
 			email= ++num;
 		else if (strcmp(*argv,"-serial") == 0)
 			serial= ++num;
-		else if (strcmp(*argv,"-next_serial") == 0)
-			next_serial= ++num;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus= ++num;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -600,19 +591,12 @@ bad:
 		if ((x=X509_new()) == NULL) goto end;
 		ci=x->cert_info;

-		if (sno == NULL)
+		if (sno)
 			{
-			sno = ASN1_INTEGER_new();
-			if (!sno || !rand_serial(NULL, sno))
+			if (!X509_set_serialNumber(x, sno))
 				goto end;
-			if (!X509_set_serialNumber(x, sno)) 
-				goto end;
-			ASN1_INTEGER_free(sno);
-			sno = NULL;
 			}
-		else if (!X509_set_serialNumber(x, sno)) 
-			goto end;
-
+		else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
 		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
 		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;

@@ -633,7 +617,7 @@ bad:
 		if (xca == NULL) goto end;
 		}

-	if (!noout || text || next_serial)
+	if (!noout || text)
 		{
 		OBJ_create("2.99999.3",
 			"SET.ex3","SET x509v3 extension 3");
@@ -707,24 +691,6 @@ bad:
 				i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
 				BIO_printf(STDout,"\n");
 				}
-			else if (next_serial == i)
-				{
-				BIGNUM *bnser;
-				ASN1_INTEGER *ser;
-				ser = X509_get_serialNumber(x);
-				bnser = ASN1_INTEGER_to_BN(ser, NULL);
-				if (!bnser)
-					goto end;
-				if (!BN_add_word(bnser, 1))
-					goto end;
-				ser = BN_to_ASN1_INTEGER(bnser, NULL);
-				if (!ser)
-					goto end;
-				BN_free(bnser);
-				i2a_ASN1_INTEGER(out, ser);
-				ASN1_INTEGER_free(ser);
-				BIO_puts(out, "\n");
-				}
 			else if (email == i) 
 				{
 				int j;
@@ -981,9 +947,9 @@ bad:

 	if (checkend)
 		{
-		time_t tcheck=time(NULL) + checkoffset;
+		time_t tnow=time(NULL);

-		if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0)
+		if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
 			{
 			BIO_printf(out,"Certificate will expire\n");
 			ret=1;
@@ -1056,44 +1022,105 @@ end:
 	OPENSSL_EXIT(ret);
 	}

-static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
+static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
 	{
 	char *buf = NULL, *p;
-	ASN1_INTEGER *bs = NULL;
+	MS_STATIC char buf2[1024];
+	ASN1_INTEGER *bs = NULL, *bs2 = NULL;
+	BIO *io = NULL;
 	BIGNUM *serial = NULL;
-	size_t len;

-	len = ((serialfile == NULL)
-		?(strlen(CAfile)+strlen(POSTFIX)+1)
-		:(strlen(serialfile)))+1;
-	buf=OPENSSL_malloc(len);
+	buf=OPENSSL_malloc( ((serialfile == NULL)
+			?(strlen(CAfile)+strlen(POSTFIX)+1)
+			:(strlen(serialfile)))+1);
 	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
 	if (serialfile == NULL)
 		{
-		BUF_strlcpy(buf,CAfile,len);
+		strcpy(buf,CAfile);
 		for (p=buf; *p; p++)
 			if (*p == '.')
 				{
 				*p='\0';
 				break;
 				}
-		BUF_strlcat(buf,POSTFIX,len);
+		strcat(buf,POSTFIX);
 		}
 	else
-		BUF_strlcpy(buf,serialfile,len);
+		strcpy(buf,serialfile);
+	serial=BN_new();
+	bs=ASN1_INTEGER_new();
+	if ((serial == NULL) || (bs == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}

-	serial = load_serial(buf, create, NULL);
-	if (serial == NULL) goto end;
+	io=BIO_new(BIO_s_file());
+	if (io == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	
+	if (BIO_read_filename(io,buf) <= 0)
+		{
+		if (!create)
+			{
+			perror(buf);
+			goto end;
+			}
+		else
+			{
+			ASN1_INTEGER_set(bs,1);
+			BN_one(serial);
+			}
+		}
+	else 
+		{
+		if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
+			{
+			BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		else
+			{
+			serial=BN_bin2bn(bs->data,bs->length,serial);
+			if (serial == NULL)
+				{
+				BIO_printf(bio_err,"error converting bin 2 bn");
+				goto end;
+				}
+			}
+		}

 	if (!BN_add_word(serial,1))
 		{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
+	if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
+		{ BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
+	if (BIO_write_filename(io,buf) <= 0)
+		{
+		BIO_printf(bio_err,"error attempting to write serial number file\n");
+		perror(buf);
+		goto end;
+		}
+	i2a_ASN1_INTEGER(io,bs2);
+	BIO_puts(io,"\n");

-	if (!save_serial(buf, NULL, serial, &bs)) goto end;
-
- end:
+	BIO_free(io);
 	if (buf) OPENSSL_free(buf);
+	ASN1_INTEGER_free(bs2);
 	BN_free(serial);
+	io=NULL;
 	return bs;
+
+	end:
+	if (buf) OPENSSL_free(buf);
+	BIO_free(io);
+	ASN1_INTEGER_free(bs);
+	BN_free(serial);
+	return NULL;
+
 	}

 static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
@@ -1115,7 +1142,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 		goto end;
 		}
 	if (sno) bs = sno;
-	else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
+	else if (!(bs = load_serial(CAfile, serialfile, create)))
 		goto end;

 /*	if (!X509_STORE_add_cert(ctx,x)) goto end;*/
--- a/certs/ICE-CA.pem
+++ b/certs/ICE-CA.pem
@@ -0,0 +1,59 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:35:53 1997 GMT
+            Not After : Apr  2 17:35:53 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
+                    8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
+                    44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
+                    e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
+                    49:11:a5:c9:45
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0.........z.."p......e..
+            X509v3 Subject Key Identifier: 
+                ..~r..:..B.44fu......3
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...
+            X509v3 Subject Alternative Name: 
+                0!..secude-support@darmstadt.gmd.de
+            X509v3 Issuer Alternative Name: 
+                0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
+            X509v3 Basic Constraints: critical
+                0....
+            X509v3 CRL Distribution Points: 
+                0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
+    Signature Algorithm: md5WithRSAEncryption
+        17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
+        69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
+        98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
+        88:73:cd:60:28:79:a3:fc:48:7a
+-----BEGIN CERTIFICATE-----
+MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
+AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
+BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
+IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
+NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
+MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
+VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
+LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
+/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
+aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
+7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
+-----END CERTIFICATE-----
--- a/certs/ICE-root.pem
+++ b/certs/ICE-root.pem
@@ -0,0 +1,48 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:33:36 1997 GMT
+            Not After : Apr  2 17:33:36 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
+                    82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
+                    13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
+                    9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
+                    e7:c7:9f:41:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                ........z.."p......e..
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Subject Alternative Name: 
+                0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
+            X509v3 Basic Constraints: critical
+                0....
+    Signature Algorithm: md5WithRSAEncryption
+        76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
+        03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
+        f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
+        7e:22:9f:25:06:60:bd:79:30:3d
+-----BEGIN CERTIFICATE-----
+MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
+EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
+0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
+ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
+dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
+LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
+iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
+fiKfJQZgvXkwPQ==
+-----END CERTIFICATE-----
--- a/certs/ICE-user.pem
+++ b/certs/ICE-user.pem
@@ -0,0 +1,63 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Validity
+            Not Before: Apr  2 17:35:59 1997 GMT
+            Not After : Apr  2 17:35:59 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
+                    de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
+                    31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
+                    b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
+                    be:3e:a4:61:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0...~r..:..B.44fu......3
+            X509v3 Subject Key Identifier: 
+                ...... .*...1.*.......
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...0.......
+            X509v3 Subject Alternative Name: 
+                0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
+            X509v3 Issuer Alternative Name: 
+                0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
+..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
+            X509v3 Basic Constraints: critical
+                0.
+            X509v3 CRL Distribution Points: 
+                0.0.......gmdca@gmd.de
+    Signature Algorithm: md5WithRSAEncryption
+        69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
+        4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
+        c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
+        9a:f7:6f:63:9b:94:99:83:d6:a4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
+OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
+Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
+EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
+qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
+BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
+nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
+A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
+HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
+YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
+dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
+VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
+Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
+ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
+DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
+-----END CERTIFICATE-----
--- a/certs/ICE.crl
+++ b/certs/ICE.crl
@@ -0,0 +1,9 @@
+-----BEGIN X509 CRL-----
+MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
+VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
+NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
+WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
+i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
+KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
+mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
+-----END X509 CRL-----
--- a/certs/expired/RegTP-4R.pem
+++ b/certs/expired/RegTP-4R.pem
--- a/certs/demo/ca-cert.pem
+++ b/certs/demo/ca-cert.pem
--- a/certs/demo/dsa-ca.pem
+++ b/certs/demo/dsa-ca.pem
--- a/certs/demo/dsa-pca.pem
+++ b/certs/demo/dsa-pca.pem
--- a/certs/eng1.pem
+++ b/certs/eng1.pem
@@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9CYW5rRW5n
-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
-aW9uMRMwEQYDVQQDEwpiYW5rZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBiYW5r
-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
-BAoTD0JhbmtFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmJhbmtlbmdpbmUxIDAeBgkqhkiG9w0B
-CQEWEWNhQGJhbmtlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA14LoTUAl1/hEy+Kh1kLHiBdW2zD3V4IhM7xxTVKsYsIH56nr69ATTIxU
-P36eRzeZ137qt1AxHFjDCidk3m1Ul6l59ProPexdslLLM2npM3f2cteg+toyiYiS
-EJKjyzIu1xF1j9qzGkymSY/4DsXLZNk9FaczxMk/Ooc6Os1M3AverL4VG4rYIb6f
-eR32cIKJ9Q1fGuyKk7ipq1XQfPW8a8TgZdbHbe7U9Gk3iasGMHHvpR9Ep3mGbgdT
-uQ98SBEuIwe1BUCGg/MXpVy48MNXfAMotBgGw4pl9yqSjMni2FB+E9Q9DHFs2RgX
-MqzKuo8zcPxKx2kZ6Arj8+27dw2clQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4IBAQBauupHX9EhpC/r57d6b5kkeWvognxIP9//TO4iw3qb
-zIXEkPXmJmwVzlzoKJWqiya+aw19SP0+G6CzsFOBo/9ehmz+hZ8bhYX4MjlWzX5u
-Tnkhz172j9fOBUmrTVPkcRIs6zjCD5PQAGoBPP1/Zdy2N36lZ0U7lg07Opirj/yJ
-PSJeM2j0fwIFAroiVckvdT0BVwB6S/cPaAQGPghbbr1YGSmYrMriSv825ILJUfxz
-rJYunGR9FiY9Ob7+jwJwiZMS4CxSPktutxr/3hOvr1+ALS7IcVakhhA3PuZAJbdH
-FRclR9qMM8aBnBZmf+Uv3K3uhT+UBzzY654U9Yi1JYnA
-----END CERTIFICATE-----
--- a/certs/eng2.pem
+++ b/certs/eng2.pem
@@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9DZXJ0RW5n
-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
-aW9uMRMwEQYDVQQDEwpjZXJ0ZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBjZXJ0
-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
-BAoTD0NlcnRFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmNlcnRlbmdpbmUxIDAeBgkqhkiG9w0B
-CQEWEWNhQGNlcnRlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA7aTXURShaeVt9u/dP3Q2dVib3jTCZvEyc6yfpGgaYWewXWuP4HOSfI4h
-GZblbpl+dzJc6RjhR+pguIRtbT5FJB8SJGjRqoujBEOQOxtVtc2fjM9Dqh0iOvMW
-WS6buxHG55GVrHAQaO5HXEScKQBa9ZyNmpSXPTEBrDMej1OAGOkc524/TZrgFPF4
-AiJLLkxCcP8NuzUKlW3WzNMSSoCtjkUKy4wjSLlAWCFM0T9Df6/+Z8ZUQTzHoKCD
-ncH5Qnynd7DlOwKQ2JwwxRhYGiGVTUN0GUq7qA11kW3+vnbFesKQXoF6o2PVx9s2
-YXviI2NXXUjZ0pVnsnFCc45Pm8XojwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4IBAQBP/aHOKJ00Akzc9HWM1X30hlWZFBaQi4pqD4Uhk8+p
-KzzwFP5DRLBOz8TYBbtdXrS6hxVMr2sqWmhVkuyepWhHZazKGyHY/y0FbOXsewAV
-1QxxSyx7ve89pCKv4/w0rQcP916iHc8Y/TCpmz7eITa3GId+8H/XTaBi8GBp9X9O
-w8m25FmEB1NT+eJwefvfdKowjy4tSorKdW/eJspxNuTSRGmUy8G71W5dYvgpAlx6
-mdnHyzxEGvRYNNI2bS0ifXgbEFNWqSas9q34ea5KOpkJu8T/KyXfSb6rPOsBSb0t
-wMowwGtCVH2C4Lw/8zo0EjhMpTOsPaub408PrZ+NQ2bl
-----END CERTIFICATE-----
--- a/certs/eng3.pem
+++ b/certs/eng3.pem
@@ -1,34 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIF3TCCA8WgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9Gb3J0RW5n
-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
-aW9uMRMwEQYDVQQDEwpmb3J0ZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBmb3J0
-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
-BAoTD0ZvcnRFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmZvcnRlbmdpbmUxIDAeBgkqhkiG9w0B
-CQEWEWNhQGZvcnRlbmdpbmUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
-CgKCAgEAyr7GbpwDxx1v3EYbo0gcO+ligEhlDqG2e7u/AbWGoVAqc8+q6auUJUtz
-4i7oh0yNadu1o9kpXW+znkgO0zlrgjGskqqMO1ooppzTJdFy/P8gR6x1Iuv3kWtX
-OuzwPPEjv09LWlhyJsN+oU4ztTVf07I0Q9zYupcoDQ58XKRheI9KdDB2DYSmxywA
-WSLQwIeG0Qa7gvokeQlpkgkEC7viEecJ3752KXBJHnh7As51mxnlpmG6sDy67Eli
-HDw5tHETRqbtnscGBjskGQBqR5xt7+QnnthZrN8HJHDoa9zgGephwizhkL44lXLF
-YK9W5XhFbblw2c+mAcHkokRiwD7CPeIoyD2a/Jcw3n5hegKTlNhd4BFGVF6JR7gF
-OFk2QfHXit5uthsij9Xhl7WAgQUqLgggD9MphqPf4nY66OZUJV9ZsmB+Qfp8UizB
-0WAOegactKVyRqHtRa+KIEXQXNtZgjcmMk9CYkP0nIbKtgKXaH6+9VMHNOryCnFE
-7pSsuPUkypncFWCHGSeiFO3w4w4J4csltxBADQzxfRu5KZnlToQN7bVpI/Q31tVX
-E5bjrJcq6Oj/OTqZ3ID+OqbkUdAg0ggjRKcTgxnLHd/AbMzJ6PsclDDf7cLs0WSl
-xMxQR/z5bNST1rNtT9rsiv2TOhfvCBxO9AOjBioO8PLO032HTNECAwEAAaMQMA4w
-DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAVyBpPWfT2VOyvVpslGKx
-8h0+CWP8cilygGRtZJ5dAJzc//1REAHdvK+TgZ4Foz3dqHhXI+RNN0FpzuWaYMjW
-ZTS0kAmcOQuGY1Oo4PGlPHI21pNz29oFDTJr0ZmLBJ4JKVsE2soJg55jdk9MZHA7
-K//7HH9RsmrWZOE5DZDlrxp6+naixhMwnlPKKisIy9GNZUPqGdUWABMdB/BUVVNl
-NU5TtWpIXUClMd8a+eoKcItBeYXowkHOBpinPkDX3clFDIUfWiw0Ro08s8SrrFqR
-8Szwbrj52Xv1RM56oGqCjnkvJctxihODV7NcpxoAFjIZokDom0q6zPrrTUsLFQov
-Plovc3w5hmALiDMshaTvE1nm3Psn4yQ+FlRE8epTZrQiIGypZkZC6lcz0mYawueW
-cThYWGFhVG4ktQzOjjNRsNxopW+W7cF1zQTxiWUDnxIKSj7gtdQ2jiubxEEhfVag
-r8DMtAccNVTZVURpGi56TptOOuotrTqqC+2GviW4hlxvdvmuQN0OlXlUwzz2Trxc
-FamNnuA54lZw/8arLtxsFmHrcnPw53+1spumLD0S5UkxHNu40h6LIVpZz3H+0rLz
-uFofTfiyMjcfK2AyHQTgUCbsrvgNuLDQUbyFGVchdFUkhztX3DhEVnxnnrpY4BVj
-QdTqWIvw7lGlSuDCjxEQAOc=
-----END CERTIFICATE-----
--- a/certs/eng4.pem
+++ b/certs/eng4.pem
@@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9NYWlsRW5n
-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
-aW9uMRMwEQYDVQQDEwptYWlsZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBtYWls
-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
-BAoTD01haWxFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCm1haWxlbmdpbmUxIDAeBgkqhkiG9w0B
-CQEWEWNhQG1haWxlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAqXmfsU+lx+NFmn6tN17RTOyaddHqLnr/3rzEDIyT9TN+tF9TG7jmK7lJ
-Jrj5arQ3nTFaLF8JuND2U1z/cLPw6/TX+1tE3v3CNUDSjaisyUDiUyp3TE8hMMMz
-zfZQn0JsGgNhhWxqyzjhRQGtKL4+xtn8VsF/8zGgZYke7nlmVKz/FslDFTnNoodL
-BAEGiu9JQS9qqpbSs20NdZ6LXPL2A4iTjnsNFBW3jIMVIn/JVVyaycU7ue2oFviD
-vLNpkVZcR7A+jjIdIumOc5VSF0y7y74cQC5YwkR2mLK7UBYDK6NCY3ta/C4M8NsM
-0FpmvRl0+A1ivZtVwqI98dxDtp7HeQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4IBAQAjfNn5BCzxylBDakFQGWKE/P43PRibMOEzfd7+DzbY
-WIekoz3i00DwoH3b6j4gwlDJRAOq4dF6/Pt/uBOHDo/op+ef+9ErmKPd+ehXN9h3
-7QbccTgz7DtVwA4iRlDRLru+JuXzT+OsCHuFZMOLJ+KD2JAGh3W68JjdcLkrlcpt
-AU0wc5aOHPPfEBdIah8y8QtNzXRVzoBt8zzvgCARkXxTS2u/9QaXR1hML0JtDgQS
-SdZ6Kd8SN6yzqxD+buYD5sOfJmjBF/n3lqFHNMHnnGXy2TAXZtIAWzffU3A0cGPB
-N6FZ026a86HbF1X4k+xszhbJu/ikczyuWnCJIg3fTYSD
-----END CERTIFICATE-----
--- a/certs/eng5.pem
+++ b/certs/eng5.pem
@@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIID6TCCAtGgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBrjELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRowGAYDVQQKExFUcmFkZXJF
-bmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRGl2
-aXNpb24xFTATBgNVBAMTDHRyYWRlcmVuZ2luZTEiMCAGCSqGSIb3DQEJARYTY2FA
-dHJhZGVyZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBa
-MIGuMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8x
-GjAYBgNVBAoTEVRyYWRlckVuZ2luZSBJbmMuMSkwJwYDVQQLEyBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eSBEaXZpc2lvbjEVMBMGA1UEAxMMdHJhZGVyZW5naW5lMSIw
-IAYJKoZIhvcNAQkBFhNjYUB0cmFkZXJlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAzyX5QE+5SN+zgNn1v3zp9HmP4hQOWW8WuEVItZVP
-9bt/xj5NeJd1kyPL/SqnF2qHcL3o/74r0Ga55aKHniwKYgQTlp5ELGfQ568QQeN9
-xNIHtUXeStI9zCNZyZC+4YqObdMR/ivKA/WsLfUVMl2lV5JzJJz1BOE0gKEYiEyz
-gIq5oLzkP/mOXoHRvWSZD2D0eHYIO7ovV2epVFK7g7p+dC4QoeIUEli+GF/Myg88
-dV/qmi+Sybck2RLPXa8Nh27/ETVQ7kE1Eafmx7EyCqIhG+5lwJAy3HwHUBwAYuzj
-iuZz5lD8aQmr8SKuvy3eOH9SVN5wh3YBlrNGwTStkESVLwIDAQABoxAwDjAMBgNV
-HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAWOPAUhZd3x9EQiFJcuxFTMd9q
-axgcriCzJsM6D96sYGko9xTeLhX/lr1bliVYI5AlupoLXAdMzGHJkOgaTirKjQXr
-F9nymDdUWKe3TmwGob5016nQlH7qRKvGO3hka0rOGRK2U/2JT/4Qp8iH/DFi6cyM
-uP0q8n64SAkxZXLzUuFQXqf7U/SNjzb9XJQEIAdjp7eYd3Qb4jDsDcX0FrKMF1aV
-r0dCDnS7am7WTXPYCDGdSkPgEHEtLYIYH3lZp5sKdVZ9wl4F0WNFkRWRUr7AXPjw
-50uLmUNmKCd8JZLMGA1TRNSTi7U9EcrWt0OkMWm74T2WVnAgNsDv2WrWsGfj
-----END CERTIFICATE-----
--- a/certs/expired/vsign3.pem
+++ b/certs/expired/vsign3.pem
@@ -1,18 +0,0 @@
-subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan  7 23:59:59 2004 GMT
-----BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
-RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
-rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
-STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
-ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
-pA==
-----END CERTIFICATE-----
--- a/certs/expired/factory.pem
+++ b/certs/expired/factory.pem
--- a/certs/demo/nortelCA.pem
+++ b/certs/demo/nortelCA.pem
--- a/certs/demo/pca-cert.pem
+++ b/certs/demo/pca-cert.pem
--- a/certs/expired/rsa-cca.pem
+++ b/certs/expired/rsa-cca.pem
--- a/certs/demo/timCA.pem
+++ b/certs/demo/timCA.pem
--- a/certs/demo/tjhCA.pem
+++ b/certs/demo/tjhCA.pem
--- a/certs/expired/vsign2.pem
+++ b/certs/expired/vsign2.pem
--- a/certs/vsign3.pem
+++ b/certs/vsign3.pem
@@ -1,17 +1,18 @@
 subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
 notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Aug  1 23:59:59 2028 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
 -----BEGIN CERTIFICATE-----
-MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
-BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
-I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
-CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
-lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
-AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
+RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
+rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
+STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
+ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
+pA==
 -----END CERTIFICATE-----
--- a/certs/demo/vsigntca.pem
+++ b/certs/demo/vsigntca.pem
--- a/certs/wellsfgo.pem
+++ b/certs/wellsfgo.pem
@@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
-VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v
-dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0
-MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww
-KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G
-A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13
-5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE
-SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O
-JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu
-ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE
-AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB
-AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB
-CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw
-b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo
-7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/
-0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7
-nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx
-x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ
-33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s=
-----END CERTIFICATE-----
--- a/153
+++ b/153
@@ -23,7 +23,6 @@
 PREFIX=""
 SUFFIX=""
 TEST="false"
-EXE=""

 # pick up any command line args to config
 for i
@@ -111,16 +110,16 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "m68k-apple-aux3"; exit 0
 	;;

-    AIX:[3-9]:4:*)
-	echo "${MACHINE}-ibm-aix"; exit 0
+    AIX:[3456789]:4:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
 	;;

-    AIX:*:[5-9]:*)
-	echo "${MACHINE}-ibm-aix"; exit 0
+    AIX:*:[56789]:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
 	;;

    AIX:*)
-	echo "${MACHINE}-ibm-aix3"; exit 0
+	echo "${MACHINE}-ibm-aix"; exit 0
 	;;

    dgux:*)
@@ -135,7 +134,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
 	case "$HPUXVER" in
 	    1[0-9].*)	# HPUX 10 and 11 targets are unified
-		echo "${MACHINE}-hp-hpux1x"; exit 0
+		echo "${MACHINE}-hp-hpux10"; exit 0
 		;;
 	    *)
 		echo "${MACHINE}-hp-hpux"; exit 0
@@ -289,14 +288,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-sysv4"; exit 0
 	;;

-    VOS:*:*:i786)
-     echo "i386-stratus-vos"; exit 0
-     ;;
-
-    VOS:*:*:*)
-     echo "hppa1.1-stratus-vos"; exit 0
-     ;;
-
    *:4*:R4*:m88k)
 	echo "${MACHINE}-whatever-sysv4"; exit 0
 	;;
@@ -337,9 +328,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "mips-sony-newsos4"; exit 0;
 	;;

-    MINGW*)
-	echo "${MACHINE}-whatever-mingw"; echo 0;
-	;;
    CYGWIN*)
 	case "$RELEASE" in
 	    [bB]*|1.0|1.[12].*)
@@ -422,10 +410,9 @@ if [ "$SYSTEM" = "HP-UX" ];then
  GCC_BITS="32"
  if [ $GCCVER -ge 30 ]; then
    # PA64 support only came in with gcc 3.0.x.
-    # We check if the preprocessor symbol __LP64__ is defined...
-    if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then
-      : # __LP64__ has slipped through, it therefore is not defined
-    else
+    # We look for the preprocessor symbol __LP64__ indicating
+    # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
+    if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
      GCC_BITS="64"
    fi
  fi
@@ -445,7 +432,7 @@ if [ "$SYSTEM" = "SunOS" ]; then
  	egrep -e '^cc: .* C [0-9]\.[0-9]' | \
 	sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'`
  CCVER=${CCVER:-0}
-  if [ $MACHINE != i86pc -a $CCVER -gt 40 ]; then
+  if [ $CCVER -gt 40 ]; then
    CC=cc	# overrides gcc!!!
    if [ $CCVER -eq 50 ]; then
      echo "WARNING! Detected WorkShop C 5.0. Do make sure you have"
@@ -494,29 +481,29 @@ case "$GUESSOS" in
 	OUT="irix-$CC"
 	;;
  mips3-sgi-irix)
-	#CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
-	#CPU=${CPU:-0}
-	#if [ $CPU -ge 5000 ]; then
-	#	options="$options -mips4"
-	#else
-	#	options="$options -mips3"
-	#fi
+	CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=${CPU:-0}
+	if [ $CPU -ge 5000 ]; then
+		options="$options -mips4"
+	else
+		options="$options -mips3"
+	fi
 	OUT="irix-mips3-$CC"
 	;;
  mips4-sgi-irix64)
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
 	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
-	if [ "$TEST" = "false" -a -t 1 ]; then
+	if [ "$TEST" = "false" ]; then
 	  echo "         You have about 5 seconds to press Ctrl-C to abort."
-	  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	  (stty -icanon min 0 time 50; read waste) < /dev/tty
 	fi
-        #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
-        #CPU=${CPU:-0}
-        #if [ $CPU -ge 5000 ]; then
-        #        options="$options -mips4"
-        #else
-        #        options="$options -mips3"
-        #fi
+        CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+        CPU=${CPU:-0}
+        if [ $CPU -ge 5000 ]; then
+                options="$options -mips4"
+        else
+                options="$options -mips3"
+        fi
 	OUT="irix-mips3-$CC"
 	;;
  alpha-*-linux2)
@@ -550,14 +537,9 @@ EOF
 	rm dummy dummy.c
 	;;
  ppc64-*-linux2)
-	echo "WARNING! If you wish to build 64-bit library, then you have to"
-	echo "         invoke './Configure linux-ppc64' *manually*."
-	if [ "$TEST" = "false" -a -t 1 ]; then
-	    echo "         You have about 5 seconds to press Ctrl-C to abort."
-	    (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
-	fi
-	OUT="linux-ppc"
-	;;
+	#Use the standard target for PPC architecture until we create a
+	#special one for the 64bit architecture.
+	OUT="linux-ppc" ;;
  ppc-*-linux2) OUT="linux-ppc" ;;
  m68k-*-linux*) OUT="linux-m68k" ;;
  ia64-*-linux?) OUT="linux-ia64" ;;
@@ -568,9 +550,9 @@ EOF
 	echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
 	echo "         and wish to build 64-bit library, then you have to"
 	echo "         invoke './Configure linux64-sparcv9' *manually*."
-	if [ "$TEST" = "false" -a -t 1 ]; then
+	if [ "$TEST" = "false" ]; then
 	  echo "          You have about 5 seconds to press Ctrl-C to abort."
-	  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	  (stty -icanon min 0 time 50; read waste) < /dev/tty
 	fi
 	OUT="linux-sparcv9" ;;
  sparc-*-linux2)
@@ -601,9 +583,7 @@ EOF

 	options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH"
 	OUT="linux-parisc" ;;
-  arm*b-*-linux2) OUT="linux-elf-arm"; options="$options -DB_ENDIAN" ;;
-  arm*l-*-linux2) OUT="linux-elf-arm"; options="$options -DL_ENDIAN" ;;
-  arm*-*-linux2)  OUT="linux-elf-arm" ;;
+  arm*-*-linux2) OUT="linux-elf-arm" ;;
  s390-*-linux2) OUT="linux-s390" ;;
  s390x-*-linux?) OUT="linux-s390x" ;;
  x86_64-*-linux?) OUT="linux-x86_64" ;;
@@ -627,9 +607,9 @@ EOF
 	    if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
-		if [ "$TEST" = "false" -a -t 1 ]; then
+		if [ "$TEST" = "false" ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
-		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
 		fi
 	    elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
 		# $GCC_ARCH denotes default ABI chosen by compiler driver
@@ -639,17 +619,17 @@ EOF
 		OUT="solaris64-sparcv9-gcc"
 		echo "WARNING! If you wish to build 32-bit library, then you have to"
 		echo "         invoke './Configure solaris-sparcv9-gcc' *manually*."
-		if [ "$TEST" = "false" -a -t 1 ]; then
+		if [ "$TEST" = "false" ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
-		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
 		fi
 	    elif [ "$GCC_ARCH" = "-m32" ]; then
 		echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
 		echo "        and wish to build 64-bit library, then you have to"
 		echo "        invoke './Configure solaris64-sparcv9-gcc' *manually*."
-		if [ "$TEST" = "false" -a -t 1 ]; then
+		if [ "$TEST" = "false" ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
-		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
 		fi
 	    fi
 	fi
@@ -657,14 +637,7 @@ EOF
  sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
  sun4d-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
  sun4*-*-solaris2)	OUT="solaris-sparcv7-$CC" ;;
-  *86*-*-solaris2)
-	ISA64=`(isalist) 2>/dev/null | grep amd64`
-	if [ "$ISA64" != "" ]; then
-	    OUT="solaris64-x86_64-$CC"
-	else
-	    OUT="solaris-x86-$CC"
-	fi
-	;;
+  *86*-*-solaris2) OUT="solaris-x86-$CC" ;;
  *-*-sunos4) OUT="sunos-$CC" ;;
  alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
  sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;;
@@ -705,10 +678,6 @@ EOF
  *-*-UnixWare21*) OUT="unixware-2.1" ;;
  *-*-Unixware20*) OUT="unixware-2.0" ;;
  *-*-Unixware21*) OUT="unixware-2.1" ;;
-  *-*-vos)
-	options="$options no-threads no-shared no-asm no-dso"
-	EXE=".pm"
-	OUT="vos-$CC" ;;
  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
@@ -716,7 +685,7 @@ EOF
 	if [ $CC = "gcc" ];
 	then
 	  if [ $GCC_BITS = "64" ]; then
-	    OUT="hpux64-parisc2-gcc"
+	    OUT="hpux64-parisc-gcc"
 	  else
 	    OUT="hpux-parisc-gcc"
 	  fi
@@ -731,10 +700,10 @@ EOF
 	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
 	     echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
 	     echo "         If you wish to build 32-bit library, the you have to"
-	     echo "         invoke './Configure hpux-ia64-cc' *manually*."
-	     if [ "$TEST" = "false" -a -t 1 ]; then
+	     echo "         invoke './Configure hpux-ia32-cc' *manually*."
+	     if [ "$TEST" = "false" ]; then
 		echo "         You have about 5 seconds to press Ctrl-C to abort."
-		(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		(stty -icanon min 0 time 50; read waste) < /dev/tty
 	     fi
 	     OUT="hpux64-ia64-cc"
 	elif [ $CPU_VERSION -ge 532 ]; then	# PA-RISC 2.x CPU
@@ -744,9 +713,9 @@ EOF
 	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
 		echo "WARNING! If you wish to build 64-bit library then you have to"
 		echo "         invoke './Configure hpux64-parisc2-cc' *manually*."
-		if [ "$TEST" = "false" -a -t 1 ]; then
+		if [ "$TEST" = "false" ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
-		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
 		fi
 	     fi
 	elif [ $CPU_VERSION -ge 528 ]; then	# PA-RISC 1.1+ CPU
@@ -758,28 +727,8 @@ EOF
 	fi
 	options="$options -D_REENTRANT" ;;
  *-hpux)	OUT="hpux-parisc-$CC" ;;
-  *-aix)
-	KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null`
-	KERNEL_BITS=${KERNEL_BITS:-32}
-	OBJECT_MODE=${OBJECT_MODE:-32}
-	if [ "$CC" = "gcc" ]; then
-	    OUT="aix-gcc"
-	elif [ $OBJECT_MODE -eq 64 ]; then
-	    echo 'Your $OBJECT_MODE was found to be set to 64' 
-	    OUT="aix64-cc"
-	else
-	    OUT="aix-cc"
-	    if [ $KERNEL_BITS -eq 64 ]; then
-		echo "WARNING! If you wish to build 64-bit kit, then you have to"
-		echo "         invoke './Configure aix64-cc' *manually*."
-		if [ "$TEST" = "false" -a -t 1 ]; then
-		    echo "         You have ~5 seconds to press Ctrl-C to abort."
-		    (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
-		fi
-	    fi
-	fi
-	;;
  # these are all covered by the catchall below
+  # *-aix) OUT="aix-$CC" ;;
  # *-dgux) OUT="dgux" ;;
  mips-sony-newsos4) OUT="newsos4-gcc" ;;
  *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
@@ -856,8 +805,8 @@ fi

 if [ ".$PERL" = . ] ; then
 	for i in . `echo $PATH | sed 's/:/ /g'`; do
-		if [ -f "$i/perl5$EXE" ] ; then
-			PERL="$i/perl5$EXE"
+		if [ -f "$i/perl5" ] ; then
+			PERL="$i/perl5"
 			break;
 		fi;
 	done
@@ -865,9 +814,9 @@ fi

 if [ ".$PERL" = . ] ; then
 	for i in . `echo $PATH | sed 's/:/ /g'`; do
-		if [ -f "$i/perl$EXE" ] ; then
-			if "$i/perl$EXE" -e 'exit($]<5.0)'; then
-				PERL="$i/perl$EXE"
+		if [ -f "$i/perl" ] ; then
+			if "$i/perl" -e 'exit($]<5.0)'; then
+				PERL="$i/perl"
 				break;
 			fi;
 		fi;
--- a/crypto/.cvsignore
+++ b/crypto/.cvsignore
@@ -2,5 +2,3 @@ lib
 buildinf.h
 opensslconf.h
 Makefile.save
-*.flc
-semantic.cache
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -11,9 +11,10 @@ CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
+MAKE=           make -f Makefile.ssl
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=       Makefile
+MAKEFILE=       Makefile.ssl
 RM=             rm -f
 AR=		ar r

@@ -49,11 +50,11 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)

-all: shared
+all: buildinf.h lib subdirs shared

-buildinf.h: ../Makefile
+buildinf.h: ../Makefile.ssl
 	( echo "#ifndef MK1MF_BUILD"; \
-	echo '  /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
+	echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
 	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
 	echo '  #define PLATFORM "$(PLATFORM)"'; \
 	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
@@ -72,7 +73,7 @@ subdirs:
 	done;

 files:
-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 	@for i in $(SDIRS) ;\
 	do \
 	(cd $$i && echo "making 'files' in crypto/$$i..." && \
@@ -80,9 +81,11 @@ files:
 	done;

 links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@for i in $(SDIRS); do \
 	(cd $$i && echo "making links in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
@@ -93,9 +96,8 @@ lib:	$(LIBOBJ)
 	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib

-shared: buildinf.h lib subdirs
-	@if [ -n "$(SHARED_LIBS)" ]; then \
-		egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null || \
+shared:
+	if [ -n "$(SHARED_LIBS)" ]; then \
 		(cd ..; $(MAKE) $(SHARED_LIB)); \
 	fi

@@ -114,7 +116,7 @@ tests:
 	done;

 install:
-	@headerlist="$(EXHEADER)"; for i in $$headerlist ;\
+	@for i in $(EXHEADER) ;\
 	do \
 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
@@ -201,8 +203,8 @@ mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
 mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
-o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
-o_str.o: o_str.c o_str.h
+o_str.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.c
+o_str.o: o_str.h
 o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
 o_time.o: o_time.h
 tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
--- a/crypto/aes/.cvsignore
+++ b/crypto/aes/.cvsignore
@@ -1,4 +1,2 @@
 lib
 Makefile.save
-*.flc
-semantic.cache
--- a/crypto/aes/Makefile.ssl
+++ b/crypto/aes/Makefile.ssl
@@ -11,9 +11,10 @@ CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
+MAKE=		make -f Makefile.ssl
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=	Makefile
+MAKEFILE=	Makefile.ssl
 AR=		ar r

 # CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
@@ -48,9 +49,10 @@ lib:	$(LIBOBJ)
 $(LIBOBJ): $(LIBSRC)

 files:
-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
@@ -58,7 +60,7 @@ links:
 install: installs

 installs:
-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+	@for i in $(EXHEADER) ; \
 	do  \
 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
@@ -86,9 +88,8 @@ clean:

 aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
-aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h
-aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-aes_cfb.o: aes_cfb.c aes_locl.h
+aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
 aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
 aes_core.o: aes_core.c aes_locl.h
--- a/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
@@ -52,8 +52,6 @@
 #ifndef HEADER_AES_H
 #define HEADER_AES_H

-#include <openssl/e_os2.h>
-
 #ifdef OPENSSL_NO_AES
 #error AES is disabled.
 #endif
@@ -66,10 +64,6 @@
 #define AES_MAXNR 14
 #define AES_BLOCK_SIZE 16

-#if defined(OPENSSL_FIPS)
-#define FIPS_AES_SIZE_T	int
-#endif
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
--- a/crypto/aes/aes_cbc.c
+++ b/crypto/aes/aes_cbc.c
@@ -66,7 +66,6 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 	unsigned long n;
 	unsigned long len = length;
 	unsigned char tmp[AES_BLOCK_SIZE];
-	const unsigned char *iv = ivec;

 	assert(in && out && key && ivec);
 	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
@@ -74,39 +73,22 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 	if (AES_ENCRYPT == enc) {
 		while (len >= AES_BLOCK_SIZE) {
 			for(n=0; n < AES_BLOCK_SIZE; ++n)
-				out[n] = in[n] ^ iv[n];
-			AES_encrypt(out, out, key);
-			iv = out;
+				tmp[n] = in[n] ^ ivec[n];
+			AES_encrypt(tmp, out, key);
+			memcpy(ivec, out, AES_BLOCK_SIZE);
 			len -= AES_BLOCK_SIZE;
 			in += AES_BLOCK_SIZE;
 			out += AES_BLOCK_SIZE;
 		}
 		if (len) {
 			for(n=0; n < len; ++n)
-				out[n] = in[n] ^ iv[n];
+				tmp[n] = in[n] ^ ivec[n];
 			for(n=len; n < AES_BLOCK_SIZE; ++n)
-				out[n] = iv[n];
-			AES_encrypt(out, out, key);
-			iv = out;
-		}
-		memcpy(ivec,iv,AES_BLOCK_SIZE);
-	} else if (in != out) {
-		while (len >= AES_BLOCK_SIZE) {
-			AES_decrypt(in, out, key);
-			for(n=0; n < AES_BLOCK_SIZE; ++n)
-				out[n] ^= iv[n];
-			iv = in;
-			len -= AES_BLOCK_SIZE;
-			in  += AES_BLOCK_SIZE;
-			out += AES_BLOCK_SIZE;
-		}
-		if (len) {
-			AES_decrypt(in,tmp,key);
-			for(n=0; n < len; ++n)
-				out[n] = tmp[n] ^ iv[n];
-			iv = in;
-		}
-		memcpy(ivec,iv,AES_BLOCK_SIZE);
+				tmp[n] = ivec[n];
+			AES_encrypt(tmp, tmp, key);
+			memcpy(out, tmp, AES_BLOCK_SIZE);
+			memcpy(ivec, tmp, AES_BLOCK_SIZE);
+		}			
 	} else {
 		while (len >= AES_BLOCK_SIZE) {
 			memcpy(tmp, in, AES_BLOCK_SIZE);
@@ -120,12 +102,10 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 		}
 		if (len) {
 			memcpy(tmp, in, AES_BLOCK_SIZE);
-			AES_decrypt(tmp, out, key);
+			AES_decrypt(tmp, tmp, key);
 			for(n=0; n < len; ++n)
 				out[n] ^= ivec[n];
-			for(n=len; n < AES_BLOCK_SIZE; ++n)
-				out[n] = tmp[n];
 			memcpy(ivec, tmp, AES_BLOCK_SIZE);
-		}
+		}			
 	}
 }
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
@@ -114,7 +114,6 @@

 #include <openssl/aes.h>
 #include "aes_locl.h"
-#include "e_os.h"

 /* The input and output encrypted as though 128bit cfb mode is being
 * used.  The extra state information to record how much of the
@@ -158,35 +157,61 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,

 /* This expects a single block of size nbits for both in and out. Note that
   it corrupts any extra bits in the last byte of out */
+/* Untested, once it is working, it will be optimised */
 void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
 			    const int nbits,const AES_KEY *key,
 			    unsigned char *ivec,const int enc)
    {
-    int n,rem,num;
+    int n;
    unsigned char ovec[AES_BLOCK_SIZE*2];

-    if (nbits<=0 || nbits>128) return;
-
+    assert(in && out && key && ivec);
+    if(enc)
+	{
+	/* construct the new IV */
+	AES_encrypt(ivec,ovec,key);
+	/* encrypt the input */
+	for(n=0 ; n < (nbits+7)/8 ; ++n)
+	    out[n]=in[n]^ovec[n];
 	/* fill in the first half of the new IV with the current IV */
 	memcpy(ovec,ivec,AES_BLOCK_SIZE);
-	/* construct the new IV */
-	AES_encrypt(ivec,ivec,key);
-	num = (nbits+7)/8;
-	if (enc)	/* encrypt the input */
-	    for(n=0 ; n < num ; ++n)
-		out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
-	else		/* decrypt the input */
-	    for(n=0 ; n < num ; ++n)
-		out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
-	/* shift ovec left... */
-	rem = nbits%8;
-	num = nbits/8;
-	if(rem==0)
-	    memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
-	else
+	/* and put the ciphertext in the second half */
+	memcpy(ovec+AES_BLOCK_SIZE,out,(nbits+7)/8);
+	/* shift ovec left most of the bits... */
+	memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0));
+	/* now the remaining bits */
+	if(nbits%8 != 0)
 	    for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-		ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
-
+		{
+		ovec[n]<<=nbits%8;
+		ovec[n]|=ovec[n+1]>>(8-nbits%8);
+		}
+	/* finally, move it back into place */
+	memcpy(ivec,ovec,AES_BLOCK_SIZE);
+	}
+    else
+	{
+	/* construct the new IV in the first half of ovec */
+	AES_encrypt(ivec,ovec,key);
+	/* decrypt the input */
+	for(n=0 ; n < (nbits+7)/8 ; ++n)
+	    out[n]=in[n]^ovec[n];
+	/* fill in the first half of the new IV with the current IV */
+	memcpy(ovec,ivec,AES_BLOCK_SIZE);
+	/* append the ciphertext */
+	memcpy(ovec+AES_BLOCK_SIZE,in,(nbits+7)/8);
+	/* shift ovec left most of the bits... */
+	memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0));
+	/* now the remaining bits */
+	if(nbits%8 != 0)
+	    for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+		{
+		ovec[n]<<=nbits%8;
+		ovec[n]|=ovec[n+1]>>(8-nbits%8);
+		}
+	/* finally, move it back into place */
+	memcpy(ivec,ovec,AES_BLOCK_SIZE);
+	}
    /* it is not necessary to cleanse ovec, since the IV is not secret */
    }

--- a/crypto/aes/aes_ctr.c
+++ b/crypto/aes/aes_ctr.c
@@ -59,7 +59,7 @@
 #include <openssl/aes.h>
 #include "aes_locl.h"

-/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the AES code
+/* NOTE: CTR mode is big-endian.  The rest of the AES code
 * is endian-neutral. */

 /* increment counter (128-bit int) by 1 */
@@ -67,36 +67,61 @@ static void AES_ctr128_inc(unsigned char *counter) {
 	unsigned long c;

 	/* Grab bottom dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter +  0);
+	c++;
+	PUTU32(counter +  0, c);
+#else
 	c = GETU32(counter + 12);
-	c++;	c &= 0xFFFFFFFF;
+	c++;
 	PUTU32(counter + 12, c);
+#endif

 	/* if no overflow, we're done */
 	if (c)
 		return;

 	/* Grab 1st dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter +  4);
+	c++;
+	PUTU32(counter +  4, c);
+#else
 	c = GETU32(counter +  8);
-	c++;	c &= 0xFFFFFFFF;
+	c++;
 	PUTU32(counter +  8, c);
+#endif

 	/* if no overflow, we're done */
 	if (c)
 		return;

 	/* Grab 2nd dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter +  8);
+	c++;
+	PUTU32(counter +  8, c);
+#else
 	c = GETU32(counter +  4);
-	c++;	c &= 0xFFFFFFFF;
+	c++;
 	PUTU32(counter +  4, c);
+#endif

 	/* if no overflow, we're done */
 	if (c)
 		return;

 	/* Grab top dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter + 12);
+	c++;
+	PUTU32(counter + 12, c);
+#else
 	c = GETU32(counter +  0);
-	c++;	c &= 0xFFFFFFFF;
+	c++;
 	PUTU32(counter +  0, c);
+#endif
+
 }

 /* The input encrypted as though 128bit counter mode is being
--- a/crypto/aes/aes_locl.h
+++ b/crypto/aes/aes_locl.h
@@ -62,7 +62,7 @@
 #include <stdlib.h>
 #include <string.h>

-#if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE)
+#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
 # define GETU32(p) SWAP(*((u32 *)(p)))
 # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
--- a/crypto/asn1/.cvsignore
+++ b/crypto/asn1/.cvsignore
@@ -1,4 +1,2 @@
 lib
 Makefile.save
-*.flc
-semantic.cache
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -10,9 +10,10 @@ CFLAG=-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=	Makefile
+MAKEFILE=	Makefile.ssl
 AR=		ar r

 CFLAGS= $(INCLUDES) $(CFLAG)
@@ -73,15 +74,16 @@ lib:	$(LIBOBJ)
 	@touch lib

 files:
-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)

 install:
-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+	@for i in $(EXHEADER) ; \
 	do  \
 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -194,12 +194,8 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 			c=(unsigned char *)OPENSSL_realloc_clean(a->data,
 								 a->length,
 								 w+1);
-		if (c == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-  		if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
+		if (c == NULL) return(0);
+		if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
 		a->data=c;
 		a->length=w+1;
 	}
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -65,7 +65,6 @@
 # include <sys/types.h>
 #endif

-#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
@@ -79,11 +78,7 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 	unsigned char *str,*p;

 	i=i2d(data,NULL);
-	if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
+	if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0);
 	p=str;
 	i2d(data,&p);

--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -156,7 +156,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
 		if (!new_data)
 			{
-			ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
 		ret->data=new_data;
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -115,7 +115,7 @@ err:

 #endif

-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
 	{
 	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[9]={99, 99,12,31,23,59,59,12,59};
@@ -192,9 +192,8 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
 		{
 		if (s != NULL)
 			{
-			if (!ASN1_STRING_set((ASN1_STRING *)s,
-				(unsigned char *)str,t.length))
-				return 0;
+			ASN1_STRING_set((ASN1_STRING *)s,
+				(unsigned char *)str,t.length);
 			s->type=V_ASN1_GENERALIZEDTIME;
 			}
 		return(1);
@@ -209,7 +208,6 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	char *p;
 	struct tm *ts;
 	struct tm data;
-	size_t len = 20; 

 	if (s == NULL)
 		s=M_ASN1_GENERALIZEDTIME_new();
@@ -221,22 +219,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 		return(NULL);

 	p=(char *)s->data;
-	if ((p == NULL) || ((size_t)s->length < len))
+	if ((p == NULL) || (s->length < 16))
 		{
-		p=OPENSSL_malloc(len);
-		if (p == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
+		p=OPENSSL_malloc(20);
+		if (p == NULL) return(NULL);
 		if (s->data != NULL)
 			OPENSSL_free(s->data);
 		s->data=(unsigned char *)p;
 		}

-	BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
-		     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+	sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
 	s->length=strlen(p);
 	s->type=V_ASN1_GENERALIZEDTIME;
 #ifdef CHARSET_EBCDIC_not
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -64,26 +64,7 @@ ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
 { return M_ASN1_INTEGER_dup(x);}

 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
-	{ 
-	int neg, ret;
-	/* Compare signs */
-	neg = x->type & V_ASN1_NEG;
-	if (neg != (y->type & V_ASN1_NEG))
-		{
-		if (neg)
-			return -1;
-		else
-			return 1;
-		}
-
-	ret = ASN1_STRING_cmp(x, y);
-
-	if (neg)
-		return -ret;
-	else
-		return ret;
-	}
-	
+{ return M_ASN1_INTEGER_cmp(x,y);}

 /* 
 * This converts an ASN1 INTEGER into its content encoding.
--- a/crypto/asn1/a_mbstr.c
+++ b/crypto/asn1/a_mbstr.c
@@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,

 	if((minsize > 0) && (nchar < minsize)) {
 		ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
-		BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
+		sprintf(strbuf, "%ld", minsize);
 		ERR_add_error_data(2, "minsize=", strbuf);
 		return -1;
 	}

 	if((maxsize > 0) && (nchar > maxsize)) {
 		ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
-		BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
+		sprintf(strbuf, "%ld", maxsize);
 		ERR_add_error_data(2, "maxsize=", strbuf);
 		return -1;
 	}
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>

-int ASN1_PRINTABLE_type(const unsigned char *s, int len)
+int ASN1_PRINTABLE_type(unsigned char *s, int len)
 	{
 	int c;
 	int ia5=0;
--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -118,13 +118,8 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
 		}

        pStart  = p; /* Catch the beg of Setblobs*/
-		/* In this array we will store the SET blobs */
-		rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
-		if (rgSetBlob == NULL)
-			{
-			ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
+        if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
+we will store the SET blobs */

        for (i=0; i<sk_num(a); i++)
 	        {
@@ -140,11 +135,7 @@ SetBlob
 /* Now we have to sort the blobs. I am using a simple algo.
    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-		if (!(pTempMem = OPENSSL_malloc(totSize)))
-			{
-			ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
+        if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;

 /* Copy to temp mem */
        p = pTempMem;
@@ -169,13 +160,7 @@ STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
 	STACK *ret=NULL;

 	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=sk_new_null()) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
+		{ if ((ret=sk_new_null()) == NULL) goto err; }
 	else
 		ret=(*a);

--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -285,7 +285,7 @@ const static signed char tag2nbyte[] = {
 	-1, -1, 0, -1,		/* 10-13 */
 	-1, -1, -1, -1,		/* 15-17 */
 	-1, 1, 1,		/* 18-20 */
-	-1, 1, 1, 1,		/* 21-24 */
+	-1, 1, -1,-1,		/* 21-24 */
 	-1, 1, -1,		/* 25-27 */
 	4, -1, 2		/* 28-30 */
 };
@@ -553,12 +553,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
 	if((type < 0) || (type > 30)) return -1;
 	mbflag = tag2nbyte[type];
 	if(mbflag == -1) return -1;
-	if (mbflag == 0)
-		mbflag = MBSTRING_UTF8;
-	else if (mbflag == 4)
-		mbflag = MBSTRING_UNIV;
-	else		
-		mbflag |= MBSTRING_FLAG;
+	mbflag |= MBSTRING_FLAG;
 	stmp.data = NULL;
 	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
 	if(ret < 0) return ret;
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -114,7 +114,7 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 	return ASN1_GENERALIZEDTIME_set(s,t);
 	}

-int ASN1_TIME_check(ASN1_TIME *t)
+int ASN1_TIME_check(const ASN1_TIME *t)
 	{
 	if (t->type == V_ASN1_GENERALIZEDTIME)
 		return ASN1_GENERALIZEDTIME_check(t);
@@ -124,11 +124,11 @@ int ASN1_TIME_check(ASN1_TIME *t)
 	}

 /* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
+						   ASN1_GENERALIZEDTIME **out)
 	{
 	ASN1_GENERALIZEDTIME *ret;
 	char *str;
-	int newlen;

 	if (!ASN1_TIME_check(t)) return NULL;

@@ -151,14 +151,12 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
 	/* grow the string */
 	if (!ASN1_STRING_set(ret, NULL, t->length + 2))
 		return NULL;
-	/* ASN1_STRING_set() allocated 'len + 1' bytes. */
-	newlen = t->length + 2 + 1;
 	str = (char *)ret->data;
 	/* Work out the century and prepend */
-	if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
-	else BUF_strlcpy(str, "20", newlen);
+	if (t->data[0] >= '5') strcpy(str, "19");
+	else strcpy(str, "20");

-	BUF_strlcat(str, (char *)t->data, newlen);
+	BUF_strlcat(str, (char *)t->data, t->length+3);	/* Include space for a '\0' */

 	return ret;
 	}
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -71,10 +71,7 @@ int ASN1_TYPE_get(ASN1_TYPE *a)
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 	{
 	if (a->value.ptr != NULL)
-		{
-		ASN1_TYPE **tmp_a = &a;
-		ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
-		}
+		ASN1_primitive_free((ASN1_VALUE **)&a, NULL);
 	a->type=type;
 	a->value.ptr=value;
 	}
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -112,7 +112,7 @@ err:

 #endif

-int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
 	{
 	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[8]={99,12,31,23,59,59,12,59};
@@ -173,9 +173,8 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
 		{
 		if (s != NULL)
 			{
-			if (!ASN1_STRING_set((ASN1_STRING *)s,
-				(unsigned char *)str,t.length))
-				return 0;
+			ASN1_STRING_set((ASN1_STRING *)s,
+				(unsigned char *)str,t.length);
 			s->type = V_ASN1_UTCTIME;
 			}
 		return(1);
@@ -189,7 +188,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	char *p;
 	struct tm *ts;
 	struct tm data;
-	size_t len = 20;

 	if (s == NULL)
 		s=M_ASN1_UTCTIME_new();
@@ -201,21 +199,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 		return(NULL);

 	p=(char *)s->data;
-	if ((p == NULL) || ((size_t)s->length < len))
+	if ((p == NULL) || (s->length < 14))
 		{
-		p=OPENSSL_malloc(len);
-		if (p == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
+		p=OPENSSL_malloc(20);
+		if (p == NULL) return(NULL);
 		if (s->data != NULL)
 			OPENSSL_free(s->data);
 		s->data=(unsigned char *)p;
 		}

-	BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
-		     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+	sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
 	s->length=strlen(p);
 	s->type=V_ASN1_UTCTIME;
 #ifdef CHARSET_EBCDIC_not
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -142,13 +142,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
 		goto err;
 		}

-	if (!EVP_VerifyInit_ex(&ctx,type, NULL))
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
-		goto err;
-		}
-
 	inl = ASN1_item_i2d(asn, &buf_in, it);
 	
 	if (buf_in == NULL)
@@ -157,6 +150,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
 		goto err;
 		}

+	EVP_VerifyInit_ex(&ctx,type, NULL);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);

 	OPENSSL_cleanse(buf_in,(unsigned int)inl);
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -754,7 +754,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);

 DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)

-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
@@ -762,7 +762,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
 time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
 #endif

-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 

@@ -793,8 +793,8 @@ DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_TIME)

 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
-int ASN1_TIME_check(ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_check(const ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);

 int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
 			int (*func)(), int ex_tag, int ex_class, int is_set);
@@ -829,7 +829,7 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);

 /* General */
 /* given a string, return the correct type, max is the maximum length */
-int ASN1_PRINTABLE_type(const unsigned char *s, int max);
+int ASN1_PRINTABLE_type(unsigned char *s, int max);

 int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
 ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
@@ -950,19 +950,16 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_A2I_ASN1_ENUMERATED			 101
 #define ASN1_F_A2I_ASN1_INTEGER				 102
 #define ASN1_F_A2I_ASN1_STRING				 103
-#define ASN1_F_ASN1_BIT_STRING_SET_BIT			 176
 #define ASN1_F_ASN1_CHECK_TLEN				 104
 #define ASN1_F_ASN1_COLLATE_PRIMITIVE			 105
 #define ASN1_F_ASN1_COLLECT				 106
 #define ASN1_F_ASN1_D2I_BIO				 107
 #define ASN1_F_ASN1_D2I_EX_PRIMITIVE			 108
 #define ASN1_F_ASN1_D2I_FP				 109
-#define ASN1_F_ASN1_DIGEST				 177
 #define ASN1_F_ASN1_DO_ADB				 110
 #define ASN1_F_ASN1_DUP					 111
 #define ASN1_F_ASN1_ENUMERATED_SET			 112
 #define ASN1_F_ASN1_ENUMERATED_TO_BN			 113
-#define ASN1_F_ASN1_GENERALIZEDTIME_SET			 178
 #define ASN1_F_ASN1_GET_OBJECT				 114
 #define ASN1_F_ASN1_HEADER_NEW				 115
 #define ASN1_F_ASN1_I2D_BIO				 116
@@ -978,7 +975,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_SEQ_PACK				 126
 #define ASN1_F_ASN1_SEQ_UNPACK				 127
 #define ASN1_F_ASN1_SIGN				 128
-#define ASN1_F_ASN1_STRING_SET				 179
 #define ASN1_F_ASN1_STRING_TABLE_ADD			 129
 #define ASN1_F_ASN1_STRING_TYPE_NEW			 130
 #define ASN1_F_ASN1_TEMPLATE_D2I			 131
@@ -988,7 +984,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
 #define ASN1_F_ASN1_UNPACK_STRING			 136
-#define ASN1_F_ASN1_UTCTIME_SET				 180
 #define ASN1_F_ASN1_VERIFY				 137
 #define ASN1_F_BN_TO_ASN1_ENUMERATED			 138
 #define ASN1_F_BN_TO_ASN1_INTEGER			 139
@@ -1012,7 +1007,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_X509_CINF				 157
 #define ASN1_F_D2I_X509_NAME				 158
 #define ASN1_F_D2I_X509_PKEY				 159
-#define ASN1_F_I2D_ASN1_SET				 181
 #define ASN1_F_I2D_ASN1_TIME				 160
 #define ASN1_F_I2D_DSA_PUBKEY				 161
 #define ASN1_F_I2D_NETSCAPE_RSA				 162
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,19 +70,16 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),	"a2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),	"a2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),	"a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_ASN1_BIT_STRING_SET_BIT,0),	"ASN1_BIT_STRING_set_bit"},
 {ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0),	"ASN1_CHECK_TLEN"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),	"ASN1_COLLATE_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLECT,0),	"ASN1_COLLECT"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),	"ASN1_d2i_bio"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0),	"ASN1_D2I_EX_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),	"ASN1_d2i_fp"},
-{ERR_PACK(0,ASN1_F_ASN1_DIGEST,0),	"ASN1_digest"},
 {ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0),	"ASN1_DO_ADB"},
 {ERR_PACK(0,ASN1_F_ASN1_DUP,0),	"ASN1_dup"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),	"ASN1_ENUMERATED_set"},
 {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),	"ASN1_ENUMERATED_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0),	"ASN1_GENERALIZEDTIME_set"},
 {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),	"ASN1_get_object"},
 {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),	"ASN1_HEADER_new"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),	"ASN1_i2d_bio"},
@@ -98,7 +95,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),	"ASN1_seq_pack"},
 {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),	"ASN1_seq_unpack"},
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_sign"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_SET,0),	"ASN1_STRING_set"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),	"ASN1_STRING_TABLE_add"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),	"ASN1_TEMPLATE_D2I"},
@@ -108,7 +104,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
-{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_SET,0),	"ASN1_UTCTIME_set"},
 {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_verify"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),	"BN_to_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
@@ -132,7 +127,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"D2I_X509_CINF"},
 {ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"D2I_X509_NAME"},
 {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"d2i_X509_PKEY"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_SET,0),	"i2d_ASN1_SET"},
 {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"I2D_ASN1_TIME"},
 {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),	"i2d_DSA_PUBKEY"},
 {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"i2d_Netscape_RSA"},
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ben Laurie	fdf12fd455	Change scary wording.	2003-10-22 11:28:25 +00:00
Ben Laurie	50c71f8701	Include extra libraries/flags.	2003-10-22 11:05:19 +00:00
Ben Laurie	f25b0dddbb	Another stupid diff.	2003-10-08 13:12:50 +00:00
Ben Laurie	871743aea9	FIPS depends on object, so crypto must be built before fips.	2003-10-08 10:18:02 +00:00
Ben Laurie	2821a5e587	Don't assume diff is any good.	2003-10-07 10:55:36 +00:00
Ben Laurie	739320b840	No test.	2003-10-05 22:22:15 +00:00
Ben Laurie	c9ee3ccd45	Fingerprinting needs to work even if OpenSSL isn't installed yet.	2003-10-04 14:11:45 +00:00
Richard Levitte	95a64aa4b8	Recent changes from 0.9.7-stable	2003-10-02 10:55:25 +00:00
Ben Laurie	80be2f484f	setkey is already defined on HP/UX.	2003-09-30 16:15:49 +00:00
Richard Levitte	cf54f06dcb	Make sure we get OPENSSL_FIPS.	2003-09-29 22:29:03 +00:00
Richard Levitte	5389c2dfa1	Recent changes from 0.9.7-stable	2003-09-29 19:02:26 +00:00
Richard Levitte	4e2307ebdc	Detect correctly that we're in FIPS mode. Don't run testfipsssl unless in FIPS mode.	2003-09-29 18:46:31 +00:00
Richard Levitte	64961dc3c5	Recent changes from 0.9.7-stable	2003-09-29 15:10:24 +00:00
Richard Levitte	ed2e0e3988	Synchronise util/libeay.num with the 0.9.7-stable one. Correct some depend targets in the fips directory tree. make update	2003-09-28 09:26:37 +00:00
Richard Levitte	7027553741	Recent changes from 0.9.7-stable	2003-09-28 09:07:11 +00:00
Ben Laurie	445aa1c44a	DSA self-test.	2003-09-27 20:07:17 +00:00
Ben Laurie	2343078660	Selftest RSA and some fixes.	2003-09-27 15:54:43 +00:00
Richard Levitte	2fe7c59277	Recent changes from 0.9.7-stable.	2003-09-27 10:13:11 +00:00
Ben Laurie	899ffab2c9	Make FIPS work again.	2003-09-25 20:04:40 +00:00
Ben Laurie	577332db14	Constification.	2003-09-25 20:01:57 +00:00
Richard Levitte	3b84ce3b6f	Use OPENSSL_FIPS instead of FIPS.	2003-09-25 12:24:52 +00:00
Richard Levitte	2667b068a1	Uhmm, o_str.o, not o_str.c...	2003-09-25 12:22:46 +00:00
Dr. Stephen Henson	a26be0386e	In order to get the expected self signed error when calling X509_verify_cert() in x509.c the cert should not be added to the trusted store.	2003-09-21 02:12:36 +00:00
Ben Laurie	d5adc4b475	Missing file.	2003-09-14 13:01:54 +00:00
Ben Laurie	fe2d15d814	Don't debug.	2003-09-13 20:41:53 +00:00
Ben Laurie	c45c8f3f1c	Make TLSv1 work in FIPS mode.	2003-09-13 17:03:54 +00:00
Ben Laurie	b09c9a91cb	Add a debug flag.	2003-09-13 16:57:56 +00:00
Ben Laurie	a2fd4d03e8	Temporarily remove FIPS test that doesn't work.	2003-09-13 13:36:13 +00:00
Ben Laurie	52fc641da0	Add RSA to FIPS.	2003-09-11 21:37:01 +00:00
Richard Levitte	f29f610bf5	make update	2003-09-10 09:15:22 +00:00
Richard Levitte	27d63818e1	Include "e_os.h" instead of "../e_os.h", and trust the building procedure to give the correct -I options to the compiler. This is especially true for test programs that appear in two places, with different paths to e_os.h depending on where they are built.	2003-09-10 09:15:09 +00:00
Richard Levitte	fa68935f57	Include openssl/fips.h outside of the check for FIPS, so make depend doesn't differ between FIPS and non-FIPS modes.	2003-09-10 09:06:01 +00:00
Richard Levitte	b2f94f81e1	We currently define FIPS, not OPENSSL_FIPS. The reason for this is (probably) that FIPS is an entirely internal macro, and is not accessible by third-party authors.	2003-09-10 09:05:06 +00:00
Dr. Stephen Henson	ad6eec30a3	Use BIO_snprintf() instead of snprintf(). Update hashes.	2003-09-10 00:44:53 +00:00
Dr. Stephen Henson	25c578f3ca	Typo.	2003-09-10 00:16:42 +00:00
Dr. Stephen Henson	22f083815c	Include e_os.h in a few cases (to pick up str(n)icmp defs). Disable a few tests if not FIPS.	2003-09-10 00:10:34 +00:00
Dr. Stephen Henson	c61e45fba0	Update hashes. Fix a few typos in o_str.c	2003-09-09 23:43:29 +00:00
Richard Levitte	7418027279	make update	2003-09-09 16:39:41 +00:00
Richard Levitte	d3446728f9	Move the FIPS check so make depend doesn't give different results depending on FIPS mode.	2003-09-09 16:38:16 +00:00
Richard Levitte	245dac4d17	Generalise the definition of strcasecmp() and strncasecmp() for platforms that don't (necessarely) have it. In the case of VMS, this means moving a couple of functions from apps/ to crypto/ and make them general (although only used privately).	2003-09-09 14:48:52 +00:00
cvs2svn	c377882c39	This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips- 0_9_7-stable'.	2003-09-09 14:48:37 +00:00
Richard Levitte	c2cdb1a877	Test data files should not be part of the TEST value, or util/mk1mf.pl gets confused... The separate TESTDATA variable was inspired from crypto/evp/Makefile.ssl.	2003-09-09 09:10:45 +00:00
Dr. Stephen Henson	31b28f95be	Put #ifdef FIPS round FIPS DSA_generate_parameters . #if 0 unimplemented ciphers so mkdef.pl doesn't pick them up.	2003-09-08 17:01:48 +00:00
Richard Levitte	f61bc950c1	Recent changes from 0.9.7-stable.	2003-09-08 16:49:37 +00:00
Richard Levitte	64a014a6d2	Make it builadable in non-FIPS mode. The current solution is very Unix-bound, and there is probably a better way to do this.	2003-09-08 16:43:55 +00:00
Dr. Stephen Henson	a86eff4296	included <string.h> in fips.c to pick up memcmp definition. update fips_make_sha1 to use fips_err.h update hashes.	2003-09-08 12:49:08 +00:00
Dr. Stephen Henson	4c4ef336a9	Update dependencies.	2003-09-08 12:39:13 +00:00
Richard Levitte	1ce9c76f8e	More files to ignore.	2003-09-08 11:37:31 +00:00
Richard Levitte	19c8d4a5f8	Ignore the directory rsp (introduced when running tests).	2003-09-08 11:36:32 +00:00
Richard Levitte	e7d580a924	Some more files to ignore.	2003-09-08 11:35:23 +00:00
Richard Levitte	1f8e046af9	Since fips_err is really just used as a header by fips_err_wrapper.c, let's change it's suffix from .c to .h. This also avoids some otherwise very mysterious (and probably sensible from a historical point of view :-)) name changes done by mk1mf.pl.	2003-09-08 11:33:07 +00:00
Richard Levitte	7e1ef2d62a	When building the FIPS test binaries, also build the corresponding fingerprints.	2003-09-08 10:00:23 +00:00
Richard Levitte	ccf61c87fe	Remove some unneeded space.	2003-09-08 09:59:43 +00:00
Richard Levitte	6d02c53762	Use $(TOP) instead of ../.. as much as possible.	2003-09-08 09:59:11 +00:00
Richard Levitte	dac0d334ad	Because of changes in Makefile.ssl, the files got reordered.	2003-09-08 09:57:57 +00:00
Richard Levitte	f63ff4a1a3	Produce libcrypto.sha1 directly after building the libraries. Otherwise, the test target will fail because libcrypto.sha1 is missing or not up to date.	2003-09-08 09:57:27 +00:00
Richard Levitte	9ef37a8dc9	make update.	2003-09-08 09:17:36 +00:00
Richard Levitte	fbb40083c1	fips_err.c doesn't belong with the headers.	2003-09-08 09:17:13 +00:00
Richard Levitte	549d89f7ed	Include all the fips directories.	2003-09-08 09:16:39 +00:00
Richard Levitte	5db9e7bec8	Handle the "fips" option.	2003-09-08 09:16:17 +00:00
Ben Laurie	104f570c73	Missing file.	2003-09-07 11:13:54 +00:00
Ben Laurie	e1015c1fe7	Samples.	2003-09-07 10:59:34 +00:00
Ben Laurie	97e62d5554	Add samples.	2003-09-07 10:53:13 +00:00
Dr. Stephen Henson	9aca5b2259	Fix signed/unsigned warning.	2003-09-06 16:57:16 +00:00
Ben Laurie	b8b47f67d0	Add fingerprint chain and checking.	2003-09-06 13:31:40 +00:00
Ben Laurie	b5da126b21	Make the problem clearer.	2003-09-06 10:41:27 +00:00
Richard Levitte	a7d64957b9	Include e_os.h to get the proper definition of OPENSSL_UNISTD, and use that macro. It's possible that OPENSSL_UNISTD_IO should be used instead of OPENSSL_UNISTD, for the MSDOS case...	2003-09-05 14:09:40 +00:00
Richard Levitte	f743ef233a	make update	2003-09-05 13:41:04 +00:00
Richard Levitte	79176d6053	ALWAYS check the standalone source. make update.	2003-09-05 13:37:28 +00:00
Richard Levitte	e726e5f170	Make sure the compilation of the FIPS stuff goes through even in non-FIPS mode. Update the appropriate fingerprints accordingly. (something is weird, someone else was working on the same stuff, and removed fips_sha1_selftest.c from fips/sha1/standalone.sha1...)	2003-09-05 13:26:52 +00:00
Dr. Stephen Henson	c1a32376db	Fix signed/unsigned warnings and C++ comments. Update hashes	2003-09-05 13:00:34 +00:00
Richard Levitte	6b211d8cd2	Include string.h and stdlib.h where needed, to avoid warnings about strlen(), memcmp(), exit() and others to be used without a proper declaration. Update the appropriate fingerprints accordingly.	2003-09-05 12:22:21 +00:00
Ben Laurie	f3bda010df	Missing files.	2003-09-04 16:46:42 +00:00
Ben Laurie	4ccac96346	Automagically seed FIPS PRNG. Add OPENSSL_FIPS flag.	2003-09-04 10:22:13 +00:00
Ben Laurie	4ef3352608	-DFIPS may be the last thing on the line.	2003-09-04 09:04:24 +00:00
Ben Laurie	1f1bd3a51a	Selftests.	2003-09-04 07:17:43 +00:00
Ben Laurie	b2293a6cc6	DSA stuff and tests.	2003-09-03 14:11:33 +00:00
Ben Laurie	766332ac11	More test vectors.	2003-08-31 09:50:11 +00:00
Ben Laurie	51f7c5a6ea	Add test.	2003-08-31 08:52:39 +00:00
Ben Laurie	fc0376e257	Handle 3DES tests.	2003-08-30 17:28:08 +00:00
Ben Laurie	51c568b309	Add 3-DES CFB-r mode (no test vectors yet).	2003-08-30 15:50:26 +00:00
Ben Laurie	2b3784c235	Updated test vectors (probably incorrect, but who am I to question?).	2003-08-30 15:35:37 +00:00
Ben Laurie	2e9f3c4636	Oops. Need to allocate extra buffer.	2003-08-30 14:49:08 +00:00
Ben Laurie	aac3861773	Build the test program when needed.	2003-08-30 13:19:03 +00:00
Ben Laurie	e0162fa745	Remove unused functions/data.	2003-08-29 18:58:03 +00:00
Richard Levitte	a8e3195083	Undo the change that left LD_LIBRARY_PATH unchanged. The errors I saw weren't due to that, but to a change on the SCO machines I used for testing, where my $PATH was suddenly incorrect.	2003-08-14 07:02:27 +00:00
Richard Levitte	4435349cc6	Make sure the order matches the command line in Makefile.ssl.	2003-08-11 10:31:21 +00:00
Richard Levitte	ec47bb7c81	- Add a configuration keyword "fips" to compile with FIPS implementations. - Reorder the build so the standalone FIPS SHA1 checker is built first. - Add necessary defines to avoid symbol clashes between FIPS and non-FIPS implementations. - Change necessary signatures. - Correct bugs in FIPS build Makefiles. - make update	2003-08-11 10:24:52 +00:00
cvs2svn	bf50d5b4ac	This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips- 0_9_7-stable'.	2003-08-08 10:08:15 +00:00