Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f

Prepare OpenSSL 0.9.8g: cherry pick
http://cvs.openssl.org/chngview?cn=16696 Ensure the ticket expected flag is reset when a stateless resumption is successful. Submitted by: steve
2007-10-19 08:25:15 +00:00 · 2007-10-19 07:44:10 +00:00 · 2007-10-19 07:42:38 +00:00 · 2007-10-19 07:39:53 +00:00 · 2007-10-19 07:36:34 +00:00 · 2007-10-19 07:31:16 +00:00
250 changed files with 6552 additions and 19958 deletions
--- a/140
+++ b/140
@@ -2,142 +2,6 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.8g and 0.9.8h  [28 May 2008]
-
-  *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
-     handshake which could lead to a cilent crash as found using the
-     Codenomicon TLS test suite (CVE-2008-1672) 
-     [Steve Henson, Mark Cox]
-
-  *) Fix double free in TLS server name extensions which could lead to
-     a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) 
-     [Joe Orton]
-
-  *) Clear error queue in SSL_CTX_use_certificate_chain_file()
-
-     Clear the error queue to ensure that error entries left from
-     older function calls do not interfere with the correct operation.
-     [Lutz Jaenicke, Erik de Castro Lopo]
-
-  *) Remove root CA certificates of commercial CAs:
-
-     The OpenSSL project does not recommend any specific CA and does not
-     have any policy with respect to including or excluding any CA.
-     Therefore it does not make any sense to ship an arbitrary selection
-     of root CA certificates with the OpenSSL software.
-     [Lutz Jaenicke]
-
-  *) RSA OAEP patches to fix two separate invalid memory reads.
-     The first one involves inputs when 'lzero' is greater than
-     'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
-     before the beginning of from). The second one involves inputs where
-     the 'db' section contains nothing but zeroes (there is a one-byte
-     invalid read after the end of 'db').
-     [Ivan Nestlerode <inestlerode@us.ibm.com>]
-
-  *) Partial backport from 0.9.9-dev:
-
-     Introduce bn_mul_mont (dedicated Montgomery multiplication
-     procedure) as a candidate for BIGNUM assembler implementation.
-     While 0.9.9-dev uses assembler for various architectures, only
-     x86_64 is available by default here in the 0.9.8 branch, and
-     32-bit x86 is available through a compile-time setting.
-
-     To try the 32-bit x86 assembler implementation, use Configure
-     option "enable-montasm" (which exists only for this backport).
-
-     As "enable-montasm" for 32-bit x86 disclaims code stability
-     anyway, in this constellation we activate additional code
-     backported from 0.9.9-dev for further performance improvements,
-     namely BN_from_montgomery_word.  (To enable this otherwise,
-     e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".)
-
-     [Andy Polyakov (backport partially by Bodo Moeller)]
-
-  *) Add TLS session ticket callback. This allows an application to set
-     TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
-     values. This is useful for key rollover for example where several key
-     sets may exist with different names.
-     [Steve Henson]
-
-  *) Reverse ENGINE-internal logic for caching default ENGINE handles.
-     This was broken until now in 0.9.8 releases, such that the only way
-     a registered ENGINE could be used (assuming it initialises
-     successfully on the host) was to explicitly set it as the default
-     for the relevant algorithms. This is in contradiction with 0.9.7
-     behaviour and the documentation. With this fix, when an ENGINE is
-     registered into a given algorithm's table of implementations, the
-     'uptodate' flag is reset so that auto-discovery will be used next
-     time a new context for that algorithm attempts to select an
-     implementation.
-     [Ian Lister (tweaked by Geoff Thorpe)]
-
-  *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
-     implemention in the following ways:
-
-     Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
-     hard coded.
-
-     Lack of BER streaming support means one pass streaming processing is
-     only supported if data is detached: setting the streaming flag is
-     ignored for embedded content.
-
-     CMS support is disabled by default and must be explicitly enabled
-     with the enable-cms configuration option.
-     [Steve Henson]
-
-  *) Update the GMP engine glue to do direct copies between BIGNUM and
-     mpz_t when openssl and GMP use the same limb size. Otherwise the
-     existing "conversion via a text string export" trick is still used.
-     [Paul Sheer <paulsheer@gmail.com>]
-
-  *) Zlib compression BIO. This is a filter BIO which compressed and
-     uncompresses any data passed through it.
-     [Steve Henson]
-
-  *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
-     RFC3394 compatible AES key wrapping.
-     [Steve Henson]
-
-  *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
-     sets string data without copying. X509_ALGOR_set0() and
-     X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
-     data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
-     from an X509_ATTRIBUTE structure optionally checking it occurs only
-     once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
-     data.
-     [Steve Henson]
-
-  *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
-     to get the expected BN_FLG_CONSTTIME behavior.
-     [Bodo Moeller (Google)]
-  
-  *) Netware support:
-
-     - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
-     - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
-     - added some more tests to do_tests.pl
-     - fixed RunningProcess usage so that it works with newer LIBC NDKs too
-     - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
-     - added new Configure targets netware-clib-bsdsock, netware-clib-gcc,
-       netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
-     - various changes to netware.pl to enable gcc-cross builds on Win32
-       platform
-     - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
-     - various changes to fix missing prototype warnings
-     - fixed x86nasm.pl to create correct asm files for NASM COFF output
-     - added AES, WHIRLPOOL and CPUID assembler code to build files
-     - added missing AES assembler make rules to mk1mf.pl
-     - fixed order of includes in apps/ocsp.c so that e_os.h settings apply
-     [Guenter Knauf <eflash@gmx.net>]
-
-  *) Implement certificate status request TLS extension defined in RFC3546.
-     A client can set the appropriate parameters and receive the encoded
-     OCSP response via a callback. A server can query the supplied parameters
-     and set the encoded OCSP response in the callback. Add simplified examples
-     to s_client and s_server.
-     [Steve Henson]
-
 Changes between 0.9.8f and 0.9.8g  [19 Oct 2007]

  *) Fix various bugs:
@@ -303,10 +167,6 @@
     authentication-only ciphersuites.
     [Bodo Moeller]

-  *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was
-     not complete and could lead to a possible single byte overflow
-     (CVE-2007-5135) [Ben Laurie]
-
 Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]

  *) Since AES128 and AES256 (and similarly Camellia128 and
--- a/75
+++ b/75
@@ -10,7 +10,7 @@ use strict;

 # see INSTALL for instructions.

-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";

 # Options:
 #
@@ -54,8 +54,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
 # [no-]zlib     [don't] compile support for zlib compression.
 # zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared
 #		library and will be loaded in run-time by the OpenSSL library.
-# enable-montasm 0.9.8 branch only: enable Montgomery x86 assembler backport
-#               from 0.9.9
 # 386           generate 80386 code
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
@@ -116,12 +114,12 @@ my $tlib="-lnsl -lsocket";
 my $bits1="THIRTY_TWO_BIT ";
 my $bits2="SIXTY_FOUR_BIT ";

-my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o MAYBE-MO86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o";
-my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o MAYBE-MO86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o";
-my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o";
+my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o:rm86-elf.o:r586-elf.o";
+my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o:rm86-cof.o:r586-cof.o";
+my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o:rm86-out.o:r586-out.o";

-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::";
-my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o::";
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o::::md5-x86_64.o:::rc4-x86_64.o::";
+my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o::";

 my $no_asm="::::::::::";

@@ -157,10 +155,7 @@ my %table=(
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
-"debug-steve64", "gcc:-m64 -DL_ENDIAN -DTERMIO -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wall -Werror -Wno-long-long -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve32", "gcc:-m32 -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
-"debug-steve-opt",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -O3 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
 "debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -206,11 +201,11 @@ my %table=(
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 ####
 "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with Sun C setups
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
@@ -218,11 +213,11 @@ my %table=(
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
 "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
 "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 

 #### SunOS configs, assuming sparc for the gcc one.
 #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
@@ -337,9 +332,9 @@ my %table=(
 "linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -369,7 +364,7 @@ my %table=(
 # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
 # simply *happens* to work around a compiler bug in gcc 3.3.3,
 # triggered by RIPEMD160 code.
-"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

@@ -483,20 +478,15 @@ my %table=(
 "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
 "debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",

-# NetWare from David Ward (dsward@novell.com)
-# requires either MetroWerks NLM development tools, or gcc / nlmconv
-# NetWare defaults socket bio to WinSock sockets. However,
-# the builds can be configured to use BSD sockets instead.
+# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools
 # netware-clib => legacy CLib c-runtime support
-"netware-clib", "mwccnlm::::::${x86_gcc_opts}::",
-"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::",
-"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
-"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
+"netware-clib", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
 # netware-libc => LibC/NKS support
+# NetWare defaults socket bio to WinSock sockets. However, the LibC build can be
+# configured to use BSD sockets instead.
 "netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
 "netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
 "netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
-"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",

 # DJGPP
 "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:",
@@ -510,7 +500,7 @@ my %table=(
 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
 "darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:ppccpuid_osx64.o:osx_ppc64.o osx_ppc64-mont.o:::::sha1-ppc_osx64.o sha256-ppc_osx64.o sha512-ppc_osx64.o:::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:ppccpuid_osx64.o:osx_ppc64.o osx_ppc64-mont.o:::::sha1-ppc_osx64.o sha256-ppc_osx64.o sha512-ppc_osx64.o:::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
@@ -541,9 +531,7 @@ my %table=(

 my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
 		    VC-NT VC-CE VC-WIN32
-		    BC-32 OS2-EMX
-		    netware-clib netware-clib-bsdsock
-		    netware-libc netware-libc-bsdsock);
+		    BC-32 OS2-EMX netware-clib netware-libc netware-libc-bsdsock);

 my $idx = 0;
 my $idx_cc = $idx++;
@@ -582,7 +570,6 @@ my $no_shared=0; # but "no-shared" is default
 my $zlib=1;      # but "no-zlib" is default
 my $no_krb5=0;   # but "no-krb5" is implied unless "--with-krb5-..." is used
 my $no_rfc3779=1; # but "no-rfc3779" is default
-my $montasm=1;   # but "no-montasm" is default
 my $no_asm=0;
 my $no_dso=0;
 my $no_gmp=0;
@@ -602,7 +589,7 @@ my $des_enc="des_enc.o fcrypt_b.o";
 my $aes_enc="aes_core.o aes_cbc.o";
 my $bf_enc	="bf_enc.o";
 my $cast_enc="c_enc.o";
-my $rc4_enc="rc4_enc.o rc4_skey.o";
+my $rc4_enc="rc4_enc.o";
 my $rc5_enc="rc5_enc.o";
 my $md5_obj="";
 my $sha1_obj="";
@@ -616,10 +603,8 @@ my $perl;

 my %disabled = ( # "what"         => "comment"
                 "camellia"       => "default",
-                 "cms"            => "default",
                 "gmp"            => "default",
                 "mdc2"           => "default",
-                 "montasm"        => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9)
                 "rc5"            => "default",
                 "rfc3779"        => "default",
                 "seed"           => "default",
@@ -634,7 +619,7 @@ my %disabled = ( # "what"         => "comment"
 # For symmetry, "disable-..." is a synonym for "no-...".

 # This is what $depflags will look like with the above default:
-my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT ";
+my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT ";


 my $no_sse2=0;
@@ -899,8 +884,6 @@ foreach (sort (keys %disabled))
 		{ $no_shared = 1; }
 	elsif (/^zlib$/)
 		{ $zlib = 0; }
-	elsif (/^montasm$/)
-		{ $montasm = 0; }
 	elsif (/^static-engine$/)
 		{ }
 	elsif (/^zlib-dynamic$/)
@@ -948,7 +931,6 @@ my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
 $IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());

 $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
-$exe_ext=".nlm" if ($target =~ /netware/);
 $exe_ext=".pm"  if ($target =~ /vos/);
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";
@@ -1127,14 +1109,6 @@ if ($no_asm)
 	$cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
 	$sha1_obj=$md5_obj=$rmd160_obj="";
 	}
-if ($montasm)
-	{
-	$bn_obj =~ s/MAYBE-MO86-/mo86-/;
-	}
-else
-	{
-	$bn_obj =~ s/MAYBE-MO86-[a-z.]*//;
-	}

 if (!$no_shared)
 	{
@@ -1253,7 +1227,6 @@ $bn_obj = $bn_asm unless $bn_obj ne "";
 # bn86* is the only one implementing bn_*_part_words
 $cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);
 $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/);
-$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/);

 $des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
 $bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
@@ -1649,7 +1622,7 @@ EOF
 }

 # create the ms/version32.rc file if needed
-if ($IsMK1MF && ($target !~ /^netware/)) {
+if ($IsMK1MF) {
 	my ($v1, $v2, $v3, $v4);
 	if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
 		$v1=hex $1;
--- a/27
+++ b/27
@@ -32,7 +32,6 @@ OpenSSL  -  Frequently Asked Questions
 * How do I install a CA certificate into a browser?
 * Why is OpenSSL x509 DN output not conformant to RFC2253?
 * What is a "128 bit certificate"? Can I create one with OpenSSL?
-* How can I set up a bundle of commercial root CA certificates?

 [BUILD] Questions about building and testing OpenSSL

@@ -76,7 +75,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8h was released on May 28th, 2008.
+OpenSSL 0.9.8g was released on October 19th, 2007.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -427,20 +426,6 @@ The export laws were later changed to allow almost unrestricted use of strong
 encryption so these certificates are now obsolete.


-* How can I set up a bundle of commercial root CA certificates?
-
-The OpenSSL software is shipped without any root CA certificate as the
-OpenSSL project does not have any policy on including or excluding
-any specific CA and does not intend to set up such a policy. Deciding
-about which CAs to support is up to application developers or
-administrators.
-
-Other projects do have other policies so you can for example extract the CA
-bundle used by Mozilla and/or modssl as described in this article:
-
-  http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html
-
-
 [BUILD] =======================================================================

 * Why does the linker complain about undefined symbols?
@@ -838,11 +823,11 @@ code itself (the hex digits after the second colon).

 * Why do I get errors about unknown algorithms?

-The cause is forgetting to load OpenSSL's table of algorithms with
-OpenSSL_add_all_algorithms(). See the manual page for more information. This
-can cause several problems such as being unable to read in an encrypted
-PEM file, unable to decrypt a PKCS#12 file or signature failure when
-verifying certificates.
+This can happen under several circumstances such as reading in an
+encrypted private key or attempting to decrypt a PKCS#12 file. The cause
+is forgetting to load OpenSSL's table of algorithms with
+OpenSSL_add_all_algorithms(). See the manual page for more information.
+

 * Why can't the OpenSSH configure script detect OpenSSL?

--- a/4
+++ b/4
@@ -158,7 +158,7 @@
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
     message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/support/rt.html and will be forwarded to a
+     via http://www.openssl.org/support/rt2.html and will be forwarded to a
     public mailing list). Include the output of "make report" in your message.
     Please check out the request tracker. Maybe the bug was already
     reported or has already been fixed.
@@ -180,7 +180,7 @@
     in Makefile.ssl and run "make clean; make". Please send a bug
     report to <openssl-bugs@openssl.org>, including the output of
     "make report" in order to be added to the request tracker at
-     http://www.openssl.org/support/rt.html.
+     http://www.openssl.org/support/rt2.html.

  4. If everything tests ok, install OpenSSL with

--- a/INSTALL.NW
+++ b/INSTALL.NW
@@ -8,62 +8,58 @@ Notes about building OpenSSL for NetWare.
 BUILD PLATFORM:
 ---------------
 The build scripts (batch files, perl scripts, etc) have been developed and
-tested on W2K.  The scripts should run fine on other Windows platforms
-(NT, Win9x, WinXP) but they have not been tested.  They may require some
-modifications.
+tested on W2K.  The scripts should run fine on other Windows
+platforms (NT, Win9x, WinXP) but they haven't been tested.  They may require 
+some modifications.


 Supported NetWare Platforms - NetWare 5.x, NetWare 6.x:
-------------------------------------------------------
-OpenSSL can either use the WinSock interfaces introduced in NetWare 5,
-or the BSD socket interface.  Previous versions of NetWare, 4.x and 3.x,
-are only supported if OpenSSL is build for CLIB and BSD sockets;
-WinSock builds only support NetWare 5 and up.
+------------------------------------------
+OpenSSL uses the WinSock interfaces introduced in NetWare 5.  Therefore,
+previous versions of NetWare, 4.x and 3.x, are not supported.

 On NetWare there are two c-runtime libraries.  There is the legacy CLIB 
-interfaces and the newer LIBC interfaces.  Being ANSI-C libraries, the 
-functionality in CLIB and LIBC is similar but the LIBC interfaces are built 
+interfaces and the newer LibC interfaces.  Being ANSI-C libraries, the 
+functionality in CLIB and LibC is similar but the LibC interfaces are built 
 using Novell Kernal Services (NKS) which is designed to leverage 
 multi-processor environments.

-The NetWare port of OpenSSL can be configured to build using CLIB or LIBC.
-The CLIB build was developed and tested using NetWare 5.0 sp6.0a.  The LIBC 
+The NetWare port of OpenSSL can configured to build using CLIB or LibC.  The 
+CLIB build was developed and tested using NetWare 5.0 sp6.0a.  The LibC 
 build was developed and tested using the NetWare 6.0 FCS.  

-The necessary LIBC functionality ships with NetWare 6.  However, earlier 
-NetWare 5.x versions will require updates in order to run the OpenSSL LIBC
-build (NetWare 5.1 SP8 is known to work).
+The necessary LibC functionality ships with NetWare 6.  However, earlier 
+NetWare 5.x versions will require updates in order to run the OpenSSL LibC
+build.

-As of June 2005, the LIBC build can be configured to use BSD sockets instead
+As of June 2005, the LibC build can be configured to use BSD sockets instead
 of WinSock sockets. Call Configure (usually through netware\build.bat) using
 a target of "netware-libc-bsdsock" instead of "netware-libc".

-As of June 2007, support for CLIB and BSD sockets is also now available
-using a target of "netware-clib-bsdsock" instead of "netware-clib";
-also gcc builds are now supported on both Linux and Win32 (post 0.9.8e).

 REQUIRED TOOLS:
 ---------------
 Based upon the configuration and build options used, some or all of the
 following tools may be required:

+
 * Perl for Win32 - required (http://www.activestate.com/ActivePerl)
   Used to run the various perl scripts on the build platform.

+
 * Perl 5.8.0 for NetWare v3.20 (or later) - required 
   (http://developer.novell.com) Used to run the test script on NetWare 
   after building.

-* Compiler / Linker - required:
-   Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare (commercial):
-      Provides command line tools used for building.
-      Tools:
-      mwccnlm.exe  - C/C++ Compiler for NetWare
-      mwldnlm.exe  - Linker for NetWare
-      mwasmnlm.exe - x86 assembler for NetWare (if using assembly option)

-   gcc / nlmconv Cross-Compiler, available from Novell Forge (free):
-         http://forge.novell.com/modules/xfmod/project/?aunixnw
+* Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare - required:
+   Provides command line tools used for building.
+
+   Tools:
+   mwccnlm.exe  - C/C++ Compiler for NetWare
+   mwldnlm.exe  - Linker for NetWare
+   mwasmnlm.exe - x86 assembler for NetWare (if using assembly option)
+

 * Assemblers - optional:
   If you intend to build using the assembly options you will need an
@@ -83,11 +79,11 @@ following tools may be required:
   In order to build you will need a make tool.  Two make tools are
   supported, GNU make (gmake.exe) or Microsoft nmake.exe.

-   make.exe - GNU make for Windows (version 3.75 used for development)
-         http://gnuwin32.sourceforge.net/packages/make.htm
+   gmake.exe - GNU make for Windows (version 3.75 used for development)
+         http://www.gnu.org/software/make/make.html

   nmake.exe - Microsoft make (Version 6.00.8168.0 used for development)
-         http://support.microsoft.com/kb/132084/EN-US/
+

 * Novell Developer Kit (NDK) - required: (http://developer.novell.com)

@@ -127,14 +123,14 @@ following tools may be required:

   LIBC - BUILDS:
   
-      Libraries for C (LIBC) - LIBC headers and import files
-         If you are going to build a LIBC version of OpenSSL, you will
-         need the LIBC headers and imports.  The March 14, 2002 NDK release or
+      Libraries for C (LibC) - LibC headers and import files
+         If you are going to build a LibC version of OpenSSL, you will
+         need the LibC headers and imports.  The March 14, 2002 NDK release or
         later is required.  
         
-         NOTE: The LIBC SDK includes the necessary WinSock2 support.
-         It is not necessary to download the WinSock2 NDK when building for
-         LIBC. The LIBC SDK also includes the appropriate BSD socket support
+         NOTE: The LibC SDK includes the necessary WinSock2 support.  It
+         It is not necessary to download the WinSock2 Developer when building
+         for LibC. The LibC SDK also includes the appropriate BSD socket support
         if configuring to use BSD sockets.


@@ -147,36 +143,33 @@ The set_env.bat file is a template you can use to set up the path
 and environment variables you will need to build.  Modify the
 various lines to point to YOUR tools and run set_env.bat.

-   netware\set_env.bat <target> [compiler]
+   netware\set_env.bat [target]

-      target        - "netware-clib" - CLIB NetWare build
-                    - "netware-libc" - LIBC NetWare build
-
-      compiler      - "gnuc"         - GNU GCC Compiler
-                    - "codewarrior"  - MetroWerks CodeWarrior (default)
+      target        - "netware-clib" - CLib NetWare build
+                    - "netware-libc" - LibC NetWare build

 If you don't use set_env.bat, you will need to set up the following
 environment variables:

-   PATH - Set PATH to point to the tools you will use.
+   path - Set path to point to the tools you will use.

-   INCLUDE - The location of the NDK include files.
+   MWCIncludes - The location of the NDK include files.
         
-            CLIB ex: set INCLUDE=c:\ndk\nwsdk\include\nlm
-            LIBC ex: set INCLUDE=c:\ndk\libc\include
+            CLIB ex: set MWCIncludes=c:\ndk\nwsdk\include\nlm
+            LibC ex: set MWCIncludes=c:\ndk\libc\include

   PRELUDE - The absolute path of the prelude object to link with.  For
            a CLIB build it is recommended you use the "clibpre.o" files shipped
-            with the Metrowerks PDK for NetWare.  For a LIBC build you should 
-            use the "libcpre.o" file delivered with the LIBC NDK components.
+            with the Metrowerks PDK for NetWare.  For a LibC build you should 
+            use the "libcpre.o" file delivered with the LibC NDK components.

            CLIB ex: set PRELUDE=c:\ndk\nwsdk\imports\clibpre.o
-            LIBC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o
+            LibC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o

   IMPORTS - The locaton of the NDK import files.

            CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports
-            LIBC ex: set IMPORTS=c:\ndk\libc\imports
+            LibC ex: set IMPORTS=c:\ndk\libc\imports


 In order to build, you need to run the Perl scripts to configure the build
@@ -189,10 +182,9 @@ the assembly code.  Always run build.bat from the "openssl" directory.

   netware\build [target] [debug opts] [assembly opts] [configure opts]

-      target        - "netware-clib" - CLIB NetWare build (WinSock Sockets)
-                    - "netware-clib-bsdsock" - CLIB NetWare build (BSD Sockets)
-                    - "netware-libc" - LIBC NetWare build (WinSock Sockets)
-                    - "netware-libc-bsdsock" - LIBC NetWare build (BSD Sockets)
+      target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
+                    - "netware-libc" - LibC NetWare build (WinSock Sockets)
+                    - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
 
      debug opts    - "debug"  - build debug

@@ -201,27 +193,25 @@ the assembly code.  Always run build.bat from the "openssl" directory.
                      "no-asm"   - don't use assembly

      configure opts- all unrecognized arguments are passed to the
-                      perl 'configure' script. See that script for
-                      internal documentation regarding options that
-                      are available.
+                      perl configure script

   examples:

      CLIB build, debug, without assembly:
         netware\build.bat netware-clib debug no-asm

-      LIBC build, non-debug, using NASM assembly, add mdc2 support:
-         netware\build.bat netware-libc nw-nasm enable-mdc2
+      LibC build, non-debug, using NASM assembly:
+         netware\build.bat netware-libc nw-nasm

-      LIBC build, BSD sockets, non-debug, without assembly:
+      LibC build, BSD sockets, non-debug, without assembly:
         netware\build.bat netware-libc-bsdsock no-asm

 Running build.bat generates a make file to be processed by your make 
 tool (gmake or nmake):

   CLIB ex: gmake -f netware\nlm_clib_dbg.mak 
-   LIBC ex: gmake -f netware\nlm_libc.mak 
-   LIBC ex: gmake -f netware\nlm_libc_bsdsock.mak 
+   LibC ex: gmake -f netware\nlm_libc.mak 
+   LibC ex: gmake -f netware\nlm_libc_bsdsock.mak 


 You can also run the build scripts manually if you do not want to use the
@@ -230,7 +220,7 @@ subdirectory (in the order listed below):

   perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock]
      configures no assembly build for specified netware environment
-      (CLIB or LIBC).
+      (CLIB or LibC).

   perl util\mkfiles.pl >MINFO
      generates a listing of source files (used by mk1mf)
@@ -260,12 +250,12 @@ The output from the build is placed in the following directories:
      tmp_nw_clib         - temporary build files
      outinc_nw_clib      - necesary include files

-   LIBC Debug build:
+   LibC Debug build:
      out_nw_libc.dbg     - static libs & test nlm(s)
      tmp_nw_libc.dbg     - temporary build files
      outinc_nw_libc      - necessary include files

-   LIBC Non-debug build:
+   LibC Non-debug build:
      out_nw_libc         - static libs & test nlm(s)
      tmp_nw_libc         - temporary build files
      outinc_nw_libc      - necesary include files
@@ -291,7 +281,7 @@ To run cpy_tests.bat:
      NetWare drive    - drive letter of mapped drive

      CLIB ex: netware\cpy_tests out_nw_clib m:
-      LIBC ex: netware\cpy_tests out_nw_libc m:
+      LibC ex: netware\cpy_tests out_nw_libc m:


 The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server
@@ -366,9 +356,9 @@ clean up the resources!

 Multi-threaded Development
 ---------------------------
-The NetWare version of OpenSSL is thread-safe, however multi-threaded
+The NetWare version of OpenSSL is thread-safe however, multi-threaded
 applications must provide the necessary locking function callbacks.  This
-is described in doc\threads.doc.  The file "openssl-x.x.x\crypto\threads\mttest.c"
+is described in doc\threads.doc.  The file "openssl\crypto\threads\mttest.c"
 is a multi-threaded test program and demonstrates the locking functions.


@@ -438,7 +428,7 @@ Makefile "vclean"
 ------------------
 The generated makefile has a "vclean" target which cleans up the build
 directories.  If you have been building successfully and suddenly
-experience problems, use "vclean" (gmake -f netware\nlm_xxxx.mak vclean) and retry.
+experience problems, use "vclean" (gmake -f netware\nlm.mak vclean) and retry.


 "Undefined Symbol" Linker errors
--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------

 /* ====================================================================
- * Copyright (c) 1998-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/Makefile.org
+++ b/Makefile.org
@@ -115,7 +115,7 @@ SDIRS=  \
 	bn ec rsa dsa ecdsa dh ecdh dso engine \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-	store cms pqueue
+	store pqueue
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...

--- a/Netware/build.bat
+++ b/Netware/build.bat
@@ -7,9 +7,8 @@ rem   usage:
 rem      build [target] [debug opts] [assembly opts] [configure opts]
 rem
 rem      target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
-rem                    - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
-rem                    - "netware-libc" - LibC NetWare build (WinSock Sockets)
-rem                    - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
+rem                    - "netware-libc" - LibC NKS NetWare build (WinSock Sockets)
+rem                    - "netware-libc-bsdsock" - LibC NKS NetWare build (BSD Sockets)
 rem 
 rem      debug opts    - "debug"  - build debug
 rem
@@ -72,12 +71,10 @@ if "%1" == "nw-nasm"  set NO_ASM=
 if "%1" == "nw-nasm"  set ARG_PROCESSED=YES
 if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm
 if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks
-if "%1" == "nw-mwasm" set NO_ASM=
+if "%1" == "nw-mwasm"  set NO_ASM=
 if "%1" == "nw-mwasm" set ARG_PROCESSED=YES
 if "%1" == "netware-clib" set BLD_TARGET=netware-clib
 if "%1" == "netware-clib" set ARG_PROCESSED=YES
-if "%1" == "netware-clib-bsdsock" set BLD_TARGET=netware-clib-bsdsock
-if "%1" == "netware-clib-bsdsock" set ARG_PROCESSED=YES
 if "%1" == "netware-libc" set BLD_TARGET=netware-libc
 if "%1" == "netware-libc" set ARG_PROCESSED=YES
 if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock
@@ -97,7 +94,6 @@ if "%BLD_TARGET%" == "no_target" goto no_target
 rem build the nlm make file name which includes target and debug info
 set NLM_MAKE=
 if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
-if "%BLD_TARGET%" == "netware-clib-bsdsock" set NLM_MAKE=netware\nlm_clib_bsdsock
 if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
 if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock
 if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
@@ -114,14 +110,7 @@ echo Generating x86 for %ASSEMBLER% assembler

 echo Bignum
 cd crypto\bn\asm
-rem perl x86.pl %ASM_MODE% > bn-nw.asm
-perl bn-586.pl %ASM_MODE% > bn-nw.asm
-perl co-586.pl %ASM_MODE% > co-nw.asm
-cd ..\..\..
-
-echo AES
-cd crypto\aes\asm
-perl aes-586.pl %ASM_MODE% > a-nw.asm
+perl x86.pl %ASM_MODE% > bn-nw.asm
 cd ..\..\..

 echo DES
@@ -171,11 +160,6 @@ cd crypto\rc5\asm
 perl rc5-586.pl %ASM_MODE% > r5-nw.asm
 cd ..\..\..

-echo CPUID
-cd crypto
-perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm
-cd ..\
-
 rem ===============================================================
 rem
 :do_config
@@ -192,10 +176,8 @@ echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET%
 echo .
 perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE%

-make -f %NLM_MAKE% vclean
-echo .
 echo The makefile "%NLM_MAKE%" has been created use your maketool to
-echo build (ex: make -f %NLM_MAKE%)
+echo build (ex: gmake -f %NLM_MAKE%)
 goto end

 rem ===============================================================
@@ -207,9 +189,8 @@ echo .
 echo .  usage: build [target] [debug opts] [assembly opts] [configure opts]
 echo .
 echo .     target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
-echo .                   - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
-echo .                   - "netware-libc" - LibC NetWare build (WinSock Sockets)
-echo .                   - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
+echo .                   - "netware-libc" - LibC NKS NetWare build (WinSock Sockets)
+echo .                   - "netware-libc-bsdsock" - LibC NKS NetWare build (BSD Sockets)
 echo .
 echo .     debug opts    - "debug"  - build debug
 echo .
--- a/Netware/cpy_tests.bat
+++ b/Netware/cpy_tests.bat
@@ -73,7 +73,6 @@ copy %loc%\test\testsid.pem   %2\openssl\test\
 copy %loc%\test\testx509.pem  %2\openssl\test\
 copy %loc%\test\v3-cert1.pem  %2\openssl\test\
 copy %loc%\test\v3-cert2.pem  %2\openssl\test\
-copy %loc%\crypto\evp\evptests.txt %2\openssl\test\

 rem   copy the apps directory stuff
 copy %loc%\apps\client.pem    %2\openssl\apps\
--- a/Netware/do_tests.pl
+++ b/Netware/do_tests.pl
@@ -34,17 +34,12 @@ sub main()
   # delete all the output files in the output directory
   unlink <$output_path\\*.*>;

-   # open the main log file
+   # open the main log file 
   open(OUT, ">$log_file") || die "unable to open $log_file\n";

-   print( OUT "========================================================\n");
-   my $outFile = "$output_path\\version.out";
-   system("openssl2 version (CLIB_OPT)/>$outFile");
-   log_output("CHECKING FOR OPENSSL VERSION:", $outFile);
-
+   
   algorithm_tests();
   encryption_tests();
-   evp_tests();
   pem_tests();
   verify_tests();
   ca_tests();
@@ -61,10 +56,9 @@ sub algorithm_tests
 {
   my $i;
   my $outFile;
-   my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test,
-                 sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test,
-                 rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest,
-                 ecdsatest, ectest, exptest, casttest, hmactest );
+   my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test,
+                 md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest,
+                 dhtest, exptest );

   print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");

@@ -74,16 +68,16 @@ sub algorithm_tests
   foreach $i (@tests)
   {
      if (-e "$base_path\\$i.nlm")
-      {
+	  {
         $outFile = "$output_path\\$i.out";
-         system("$i (CLIB_OPT)/>$outFile");
+         system("$i > $outFile");
         log_desc("Test: $i\.nlm:");
         log_output("", $outFile );
-      }
-      else
-      {
+	  }
+	  else
+	  {
         log_desc("Test: $i\.nlm: file not found");
-      }
+	  }
   }
 }

@@ -115,24 +109,24 @@ sub encryption_tests

      # do encryption
      $outFile = "$output_path\\enc.out";
-      system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" );
+      system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher > $outFile" );
      log_output("Encrypting: $input --> $cipher", $outFile);

      # do decryption
      $outFile = "$output_path\\dec.out";
-      system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
+      system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
      log_output("Decrypting: $cipher --> $clear", $outFile);

      # compare files
      $x = compare_files( $input, $clear, 1);
      if ( $x == 0 )
      {
-         print( "\rSUCCESS - files match: $input, $clear\n");
+         print( "SUCCESS - files match: $input, $clear\n");
         print( OUT "SUCCESS - files match: $input, $clear\n");
      }
      else
      {
-         print( "\rERROR: files don't match\n");
+         print( "ERROR: files don't match\n");
         print( OUT "ERROR: files don't match\n");
      }

@@ -142,24 +136,24 @@ sub encryption_tests

      # do encryption B64
      $outFile = "$output_path\\B64enc.out";
-      system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile");
+      system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher > $outFile");
      log_output("Encrypting(B64): $cipher --> $clear", $outFile);

      # do decryption B64
      $outFile = "$output_path\\B64dec.out";
-      system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
+      system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
      log_output("Decrypting(B64): $cipher --> $clear", $outFile);

      # compare files
      $x = compare_files( $input, $clear, 1);
      if ( $x == 0 )
      {
-         print( "\rSUCCESS - files match: $input, $clear\n");
+         print( "SUCCESS - files match: $input, $clear\n");
         print( OUT "SUCCESS - files match: $input, $clear\n");
      }
      else
      {
-         print( "\rERROR: files don't match\n");
+         print( "ERROR: files don't match\n");
         print( OUT "ERROR: files don't match\n");
      }

@@ -205,24 +199,24 @@ sub pem_tests

      if ($i ne "req" )
      {
-         system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile");
+         system("openssl2 $i -in $input -out $tmp_out > $outFile");
         log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
      }
      else
      {
-         system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile");
+         system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config > $outFile");
         log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
      }

      $x = compare_files( $input, $tmp_out);
      if ( $x == 0 )
      {
-         print( "\rSUCCESS - files match: $input, $tmp_out\n");
+         print( "SUCCESS - files match: $input, $tmp_out\n");
         print( OUT "SUCCESS - files match: $input, $tmp_out\n");
      }
      else
      {
-         print( "\rERROR: files don't match\n");
+         print( "ERROR: files don't match\n");
         print( OUT "ERROR: files don't match\n");
      }
      do_wait();
@@ -237,8 +231,7 @@ sub verify_tests
   my $i;
   my $outFile = "$output_path\\verify.out";

-   $cert_path =~ s/\\/\//g;
-   my @cert_files = <$cert_path/*.pem>;
+   my @cert_files = <$cert_path\\*.pem>;

   print( "\nRUNNING VERIFY TESTS:\n\n");

@@ -249,7 +242,7 @@ sub verify_tests

   foreach $i (@cert_files)
   {
-      system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile");
+      system("openssl2 verify -CAfile $tmp_cert $i >$outFile");
      log_desc("Verifying cert: $i");
      log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
   }
@@ -270,103 +263,103 @@ sub ssl_tests
   print( OUT "\n========================================================\n");
   print( OUT "SSL TESTS:\n\n");

-   system("ssltest -ssl2 (CLIB_OPT)/>$outFile");
+   system("ssltest -ssl2 >$outFile");
   log_desc("Testing sslv2:");
   log_output("ssltest -ssl2", $outFile);

-   system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -ssl2 -server_auth >$outFile");
   log_desc("Testing sslv2 with server authentication:");
   log_output("$ssltest -ssl2 -server_auth", $outFile);

-   system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -ssl2 -client_auth >$outFile");
   log_desc("Testing sslv2 with client authentication:");
   log_output("$ssltest -ssl2 -client_auth", $outFile);

-   system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -ssl2 -server_auth -client_auth >$outFile");
   log_desc("Testing sslv2 with both client and server authentication:");
   log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile);

-   system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
+   system("ssltest -ssl3 >$outFile");
   log_desc("Testing sslv3:");
   log_output("ssltest -ssl3", $outFile);

-   system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -ssl3 -server_auth >$outFile");
   log_desc("Testing sslv3 with server authentication:");
   log_output("$ssltest -ssl3 -server_auth", $outFile);

-   system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -ssl3 -client_auth >$outFile");
   log_desc("Testing sslv3 with client authentication:");
   log_output("$ssltest -ssl3 -client_auth", $outFile);

-   system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -ssl3 -server_auth -client_auth >$outFile");
   log_desc("Testing sslv3 with both client and server authentication:");
   log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);

-   system("ssltest (CLIB_OPT)/>$outFile");
+   system("ssltest >$outFile");
   log_desc("Testing sslv2/sslv3:");
   log_output("ssltest", $outFile);

-   system("$ssltest -server_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -server_auth >$outFile");
   log_desc("Testing sslv2/sslv3 with server authentication:");
   log_output("$ssltest -server_auth", $outFile);

-   system("$ssltest -client_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -client_auth >$outFile");
   log_desc("Testing sslv2/sslv3 with client authentication:");
   log_output("$ssltest -client_auth ", $outFile);

-   system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -server_auth -client_auth >$outFile");
   log_desc("Testing sslv2/sslv3 with both client and server authentication:");
   log_output("$ssltest -server_auth -client_auth", $outFile);

-   system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -ssl2 >$outFile");
   log_desc("Testing sslv2 via BIO pair:");
   log_output("ssltest -bio_pair -ssl2", $outFile);

-   system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -dhe1024dsa -v >$outFile");
   log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
   log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);

-   system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -bio_pair -ssl2 -server_auth >$outFile");
   log_desc("Testing sslv2 with server authentication via BIO pair:");
   log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile);

-   system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -bio_pair -ssl2 -client_auth >$outFile");
   log_desc("Testing sslv2 with client authentication via BIO pair:");
   log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile);

-   system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -bio_pair -ssl2 -server_auth -client_auth >$outFile");
   log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
   log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile);

-   system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -ssl3 >$outFile");
   log_desc("Testing sslv3 via BIO pair:");
   log_output("ssltest -bio_pair -ssl3", $outFile);

-   system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -bio_pair -ssl3 -server_auth >$outFile");
   log_desc("Testing sslv3 with server authentication via BIO pair:");
   log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);

-   system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -bio_pair -ssl3 -client_auth >$outFile");
   log_desc("Testing sslv3 with client authentication  via BIO pair:");
   log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);

-   system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -bio_pair -ssl3 -server_auth -client_auth >$outFile");
   log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
   log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);

-   system("ssltest -bio_pair (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair >$outFile");
   log_desc("Testing sslv2/sslv3 via BIO pair:");
   log_output("ssltest -bio_pair", $outFile);

-   system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -bio_pair -server_auth >$outFile");
   log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
   log_output("$ssltest -bio_pair -server_auth", $outFile);

-   system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -bio_pair -client_auth >$outFile");
   log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
   log_output("$ssltest -bio_pair -client_auth", $outFile);

-   system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   system("$ssltest -bio_pair -server_auth -client_auth >$outFile");
   log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
   log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
 }
@@ -396,43 +389,43 @@ sub ca_tests
   print( OUT "\n========================================================\n");
   print( OUT "CA TESTS:\n");

-   system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile");
+   system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile");
   log_desc("Make a certificate request using req:");
   log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);

-   system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile");
+   system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile");
   log_desc("Convert the certificate request into a self signed certificate using x509:");
   log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);

-   system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile");
+   system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile");
   log_desc("Convert a certificate into a certificate request using 'x509':");
   log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);

-   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile");
+   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile");
   log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);

-   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile");
+   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile");
   log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);

-   system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile");
+   system("openssl2 verify -CAfile $CAcert $CAcert >$outFile");
   log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);

-   system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile");
+   system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile");
   log_desc("Make another certificate request using req:");
   log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);

-   system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile");
+   system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile");
   log_desc("Sign certificate request with the just created CA via x509:");
   log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);

-   system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile");
+   system("openssl2 verify -CAfile $CAcert $Ucert >$outFile");
   log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);

-   system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile");
+   system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile");
   log_desc("Certificate details");
   log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);

-   print(OUT "--\n");
+   print(OUT "-- \n");
   print(OUT "The generated CA certificate is $CAcert\n");
   print(OUT "The generated CA private key is $CAkey\n");
   print(OUT "The current CA signing serial number is in $CAserial\n");
@@ -442,29 +435,6 @@ sub ca_tests
   print(OUT "--\n");
 }

-############################################################################
-sub evp_tests
-{
-   my $i = 'evp_test';
-
-   print( "\nRUNNING EVP TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "EVP TESTS:\n\n");
-
-   if (-e "$base_path\\$i.nlm")
-   {
-       my $outFile = "$output_path\\$i.out";
-       system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile");
-       log_desc("Test: $i\.nlm:");
-       log_output("", $outFile );
-   }
-   else
-   {
-       log_desc("Test: $i\.nlm: file not found");
-   }
-}
-
 ############################################################################
 sub log_output( $ $ )
 {
@@ -475,7 +445,7 @@ sub log_output( $ $ )

   if ($desc)
   {
-      print("\r$desc\n");
+      print("$desc\n");
      print(OUT "$desc\n");
   }

@@ -487,8 +457,8 @@ sub log_output( $ $ )
      # copy test output to log file
   open(IN, "<$file");
   while (<IN>)
-   {
-      print(OUT $_);
+   { 
+      print(OUT $_); 
      if ( $_ =~ /ERROR/ )
      {
         $error = 1;
@@ -515,13 +485,13 @@ sub log_output( $ $ )
      $key = getc;
      print("\n");
   }
-
-      # Several of the testing scripts run a loop loading the
+      
+      # Several of the testing scripts run a loop loading the 
      # same NLM with different options.
-      # On slow NetWare machines there appears to be some delay in the
+      # On slow NetWare machines there appears to be some delay in the 
      # OS actually unloading the test nlms and the OS complains about.
-      # the NLM already being loaded.  This additional pause is to
-      # to help provide a little more time for unloading before trying to
+      # the NLM already being loaded.  This additional pause is to 
+      # to help provide a little more time for unloading before trying to 
      # load again.
   sleep(1);
 }
@@ -592,7 +562,7 @@ sub do_wait()
 ############################################################################
 sub make_tmp_cert_file()
 {
-   my @cert_files = <$cert_path/*.pem>;
+   my @cert_files = <$cert_path\\*.pem>;

      # delete the file if it already exists
   unlink($tmp_cert);
@@ -600,7 +570,7 @@ sub make_tmp_cert_file()
   open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";

   print("building temporary cert file\n");
-
+   
   # create a temporary cert file that contains all the certs
   foreach $i (@cert_files)
   {
--- a/Netware/set_env.bat
+++ b/Netware/set_env.bat
@@ -16,97 +16,75 @@ if "a%1" == "a" goto usage
               
 set LIBC_BUILD=
 set CLIB_BUILD=
-set GNUC=

 if "%1" == "netware-clib" set CLIB_BUILD=Y
 if "%1" == "netware-clib" set LIBC_BUILD=

-if "%1" == "netware-libc" set LIBC_BUILD=Y
-if "%1" == "netware-libc" set CLIB_BUILD=
-
-if "%2" == "gnuc" set GNUC=Y
-if "%2" == "codewarrior" set GNUC=
+if "%1" == "netware-libc"  set LIBC_BUILD=Y
+if "%1" == "netware-libc"  set CLIB_BUILD=

 rem   Location of tools (compiler, linker, etc)
-if "%NDKBASE%" == "" set NDKBASE=c:\Novell
+set TOOLS=d:\i_drive\tools

 rem   If Perl for Win32 is not already in your path, add it here
 set PERL_PATH=

 rem   Define path to the Metrowerks command line tools
-rem   or GNU Crosscompiler gcc / nlmconv
 rem   ( compiler, assembler, linker)
-if "%GNUC%" == "Y" set COMPILER_PATH=c:\usr\i586-netware\bin;c:\usr\bin
-if "%GNUC%" == "" set COMPILER_PATH=c:\prg\cwcmdl40
+set METROWERKS_PATH=%TOOLS%\codewar\pdk_21\tools\command line tools
+rem set METROWERKS_PATH=%TOOLS%\codewar\PDK_40\Other Metrowerks Tools\Command Line Tools

 rem   If using gnu make define path to utility
-rem set GNU_MAKE_PATH=%NDKBASE%\gnu
-set GNU_MAKE_PATH=c:\prg\tools
+set GNU_MAKE_PATH=%TOOLS%\gnu

 rem   If using ms nmake define path to nmake
-rem set MS_NMAKE_PATH=%NDKBASE%\msvc\600\bin
+set MS_NMAKE_PATH=%TOOLS%\msvc\600\bin

 rem   If using NASM assembler define path
-rem set NASM_PATH=%NDKBASE%\nasm
-set NASM_PATH=c:\prg\tools
+set NASM_PATH=%TOOLS%\nasm

 rem   Update path to include tool paths
-set path=%path%;%COMPILER_PATH%
+set path=%path%;%METROWERKS_PATH%
 if not "%GNU_MAKE_PATH%" == "" set path=%path%;%GNU_MAKE_PATH%
 if not "%MS_NMAKE_PATH%" == "" set path=%path%;%MS_NMAKE_PATH%
 if not "%NASM_PATH%"     == "" set path=%path%;%NASM_PATH%
 if not "%PERL_PATH%"     == "" set path=%path%;%PERL_PATH%

-rem   Set INCLUDES to location of Novell NDK includes
-if "%LIBC_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\libc\include;%NDKBASE%\ndk\libc\include\winsock
-if "%CLIB_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\nwsdk\include\nlm;%NDKBASE%\ws295sdk\include
+rem   Set MWCIncludes to location of Novell NDK includes
+if "%LIBC_BUILD%" == "Y" set MWCIncludes=%TOOLS%\ndk\libc\include;%TOOLS%\ndk\libc\include\winsock;.\engines
+if "%CLIB_BUILD%" == "Y" set MWCIncludes=%TOOLS%\ndk\nwsdk\include\nlm;.\engines
+set include=

 rem   Set Imports to location of Novell NDK import files
-if "%LIBC_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\libc\imports
-if "%CLIB_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\nwsdk\imports
+if "%LIBC_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\libc\imports
+if "%CLIB_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\nwsdk\imports

 rem   Set PRELUDE to the absolute path of the prelude object to link with in
 rem   the Metrowerks NetWare PDK - NOTE: for Clib builds "clibpre.o" is 
 rem   recommended, for LibC NKS builds libcpre.o must be used
-if "%GNUC%" == "Y" goto gnuc
 if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.o
-rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o
-if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.o
-echo using MetroWerks CodeWarrior 
-goto info
+if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o

-:gnuc
-if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.gcc.o
-rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.gcc.o
-if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.gcc.o
-echo using GNU GCC Compiler 
-
-:info
-echo.

 if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
 if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..." 

 if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
 if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..." 
-
 goto end

 :usage
 rem ===============================================================
-echo.
-echo No target build specified!
-echo.
-echo usage: set_env [target] [compiler]
-echo.
-echo target      - "netware-clib" - Clib build
-echo             - "netware-libc" - LibC build
-echo.
-echo compiler    - "gnuc"         - GNU GCC Compiler
-echo             - "codewarrior"  - MetroWerks CodeWarrior (default)
-echo.
+echo .
+echo . No target build specified!
+echo .
+echo . usage: set_env [target]
+echo .
+echo .   target      - "netware-clib" - Clib build
+echo .               - "netware-libc" - LibC build
+echo .
+
+

 :end
-echo.
-

--- a/6
+++ b/6
@@ -1,7 +1,7 @@

- OpenSSL 0.9.8h
+ OpenSSL 0.9.8g

- Copyright (c) 1998-2008 The OpenSSL Project
+ Copyright (c) 1998-2007 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.

@@ -161,7 +161,7 @@
    - Stack Traceback (if the application dumps core)

 Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/support/rt.html) by mail to:
+ (http://www.openssl.org/support/rt2.html) by mail to:

    openssl-bugs@openssl.org

--- a/7
+++ b/7
@@ -1,12 +1,11 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2008/05/28 07:37:13 $
+  ______________                           $Date: 2007/10/19 08:25:14 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.9:  Under development...
-    o  OpenSSL 0.9.8h: Released on May       28th, 2008
-    o  OpenSSL 0.9.8g: Released on October   19th, 2007
+    o  OpenSSL 0.9.8g: Released on October   19th, 2007 
    o  OpenSSL 0.9.8f: Released on October   11th, 2007 
    o  OpenSSL 0.9.8e: Released on February  23rd, 2007
    o  OpenSSL 0.9.8d: Released on September 28th, 2006
@@ -50,7 +49,7 @@
    o  OpenSSL 0.9.2b: Released on March     22th, 1999
    o  OpenSSL 0.9.1c: Released on December  23th, 1998

-  [See also http://www.openssl.org/support/rt.html]
+  [See also http://www.openssl.org/support/rt2.html]

  RELEASE SHOWSTOPPERS

--- a/124
+++ b/124
@@ -124,7 +124,7 @@ $bf_obj       =
 $md5_obj      = 
 $sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o rc4_skey.o
+$rc4_obj      = rc4-ia64.o
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -148,7 +148,7 @@ $bn_obj       =
 $des_obj      = des_enc-sparc.o fcrypt_b.o
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = 
+$md5_obj      = md5-sparcv9.o
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -205,7 +205,7 @@ $bf_obj       = bx86-out.o
 $md5_obj      = mx86-out.o
 $sha1_obj     = sx86-out.o s512sse2-out.o
 $cast_obj     = cx86-out.o
-$rc4_obj      = rx86-out.o rc4_skey.o
+$rc4_obj      = rx86-out.o
 $rmd160_obj   = rm86-out.o
 $rc5_obj      = r586-out.o
 $dso_scheme   = dlfcn
@@ -232,7 +232,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -252,12 +252,12 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
 $cpuid_obj    = x86_64cpuid.o
-$bn_obj       = x86_64-gcc.o x86_64-mont.o
+$bn_obj       = x86_64-gcc.o
 $des_obj      = 
-$aes_obj      = aes-x86_64.o
+$aes_obj      = 
 $bf_obj       = 
 $md5_obj      = md5-x86_64.o
-$sha1_obj     = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
+$sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = rc4-x86_64.o
 $rmd160_obj   = 
@@ -286,7 +286,7 @@ $bf_obj       = bx86-cof.o
 $md5_obj      = mx86-cof.o
 $sha1_obj     = sx86-cof.o s512sse2-cof.o
 $cast_obj     = cx86-cof.o
-$rc4_obj      = rx86-cof.o rc4_skey.o
+$rc4_obj      = rx86-cof.o
 $rmd160_obj   = rm86-cof.o
 $rc5_obj      = r586-cof.o
 $dso_scheme   = dlfcn
@@ -340,7 +340,7 @@ $bf_obj       = bx86-out.o
 $md5_obj      = mx86-out.o
 $sha1_obj     = sx86-out.o s512sse2-out.o
 $cast_obj     = cx86-out.o
-$rc4_obj      = rx86-out.o rc4_skey.o
+$rc4_obj      = rx86-out.o
 $rmd160_obj   = rm86-out.o
 $rc5_obj      = r586-out.o
 $dso_scheme   = 
@@ -853,7 +853,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -1018,13 +1018,13 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= darwin-shared
-$shared_cflag = -fPIC -fno-common
-$shared_ldflag = -arch ppc64 -dynamiclib
-$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
-$ranlib       = 
-$arflags      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = dlfcn
+$shared_ldflag = darwin-shared
+$shared_extension = -fPIC -fno-common
+$ranlib       = -arch ppc64 -dynamiclib
+$arflags      = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib

 *** darwin64-x86_64-cc
 $cc           = cc
@@ -1096,7 +1096,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -1285,7 +1285,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = 
@@ -1366,7 +1366,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -1393,7 +1393,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -1474,7 +1474,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -1501,7 +1501,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -1528,7 +1528,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -1555,7 +1555,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -1582,7 +1582,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = 
@@ -1660,7 +1660,7 @@ $bn_obj       = sparcv8plus.o
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = 
+$md5_obj      = md5-sparcv8plus.o
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -1687,7 +1687,7 @@ $bn_obj       = sparcv8plus.o
 $des_obj      = des_enc-sparc.o fcrypt_b.o
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = 
+$md5_obj      = md5-sparcv8plus.o
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -1717,7 +1717,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -1879,7 +1879,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = 
@@ -2014,7 +2014,7 @@ $bf_obj       =
 $md5_obj      = 
 $sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o rc4_skey.o
+$rc4_obj      = rc4-ia64.o
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2041,7 +2041,7 @@ $bf_obj       =
 $md5_obj      = 
 $sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o rc4_skey.o
+$rc4_obj      = rc4-ia64.o
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2230,7 +2230,7 @@ $bf_obj       =
 $md5_obj      = 
 $sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o rc4_skey.o
+$rc4_obj      = rc4-ia64.o
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2257,7 +2257,7 @@ $bf_obj       =
 $md5_obj      = 
 $sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o rc4_skey.o
+$rc4_obj      = rc4-ia64.o
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2338,7 +2338,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -2635,7 +2635,7 @@ $bf_obj       = bx86-out.o
 $md5_obj      = mx86-out.o
 $sha1_obj     = sx86-out.o s512sse2-out.o
 $cast_obj     = cx86-out.o
-$rc4_obj      = rx86-out.o rc4_skey.o
+$rc4_obj      = rx86-out.o
 $rmd160_obj   = rm86-out.o
 $rc5_obj      = r586-out.o
 $dso_scheme   = 
@@ -2662,7 +2662,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -2743,7 +2743,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -2770,7 +2770,7 @@ $bf_obj       =
 $md5_obj      = 
 $sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o rc4_skey.o
+$rc4_obj      = rc4-ia64.o
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2797,7 +2797,7 @@ $bf_obj       =
 $md5_obj      = 
 $sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o rc4_skey.o
+$rc4_obj      = rc4-ia64.o
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2824,7 +2824,7 @@ $bf_obj       =
 $md5_obj      = 
 $sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o rc4_skey.o
+$rc4_obj      = rc4-ia64.o
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2929,7 +2929,7 @@ $bn_obj       = sparcv8plus.o
 $des_obj      = des_enc-sparc.o fcrypt_b.o
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = 
+$md5_obj      = md5-sparcv8plus.o
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -2952,12 +2952,12 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
 $cpuid_obj    = x86_64cpuid.o
-$bn_obj       = x86_64-gcc.o x86_64-mont.o
+$bn_obj       = x86_64-gcc.o
 $des_obj      = 
-$aes_obj      = aes-x86_64.o
+$aes_obj      = 
 $bf_obj       = 
 $md5_obj      = md5-x86_64.o
-$sha1_obj     = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
+$sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = rc4-x86_64.o
 $rmd160_obj   = 
@@ -2983,7 +2983,7 @@ $bn_obj       =
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = 
+$md5_obj      = md5-sparcv9.o
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -3013,7 +3013,7 @@ $bf_obj       = bx86-cof.o
 $md5_obj      = mx86-cof.o
 $sha1_obj     = sx86-cof.o s512sse2-cof.o
 $cast_obj     = cx86-cof.o
-$rc4_obj      = rx86-cof.o rc4_skey.o
+$rc4_obj      = rx86-cof.o
 $rmd160_obj   = rm86-cof.o
 $rc5_obj      = r586-cof.o
 $dso_scheme   = win32
@@ -3418,7 +3418,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -3445,7 +3445,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -3577,7 +3577,7 @@ $bn_obj       = sparcv8plus.o
 $des_obj      = des_enc-sparc.o fcrypt_b.o
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = 
+$md5_obj      = md5-sparcv8plus.o
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -3604,7 +3604,7 @@ $bn_obj       = sparcv8plus.o
 $des_obj      = des_enc-sparc.o fcrypt_b.o
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = 
+$md5_obj      = md5-sparcv8plus.o
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -3661,7 +3661,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -3685,7 +3685,7 @@ $bn_obj       =
 $des_obj      = des_enc-sparc.o fcrypt_b.o
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = 
+$md5_obj      = md5-sparcv9.o
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -3712,7 +3712,7 @@ $bn_obj       =
 $des_obj      = des_enc-sparc.o fcrypt_b.o
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = 
+$md5_obj      = md5-sparcv9.o
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -3735,12 +3735,12 @@ $sys_id       =
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
 $cpuid_obj    = x86_64cpuid.o
-$bn_obj       = x86_64-gcc.o x86_64-mont.o
+$bn_obj       = x86_64-gcc.o
 $des_obj      = 
-$aes_obj      = aes-x86_64.o
+$aes_obj      = 
 $bf_obj       = 
 $md5_obj      = md5-x86_64.o
-$sha1_obj     = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
+$sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = rc4-x86_64.o
 $rmd160_obj   = 
@@ -3762,12 +3762,12 @@ $sys_id       =
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
 $cpuid_obj    = x86_64cpuid.o
-$bn_obj       = x86_64-gcc.o x86_64-mont.o
+$bn_obj       = x86_64-gcc.o
 $des_obj      = 
-$aes_obj      = aes-x86_64.o
+$aes_obj      = 
 $bf_obj       = 
 $md5_obj      = md5-x86_64.o
-$sha1_obj     = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
+$sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = rc4-x86_64.o
 $rmd160_obj   = 
@@ -3985,7 +3985,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
@@ -4012,7 +4012,7 @@ $bf_obj       = bx86-elf.o
 $md5_obj      = mx86-elf.o
 $sha1_obj     = sx86-elf.o s512sse2-elf.o
 $cast_obj     = cx86-elf.o
-$rc4_obj      = rx86-elf.o rc4_skey.o
+$rc4_obj      = rx86-elf.o
 $rmd160_obj   = rm86-elf.o
 $rc5_obj      = r586-elf.o
 $dso_scheme   = dlfcn
--- a/apps/Makefile
+++ b/apps/Makefile
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2010,7 +2010,7 @@ int parse_yesno(const char *str, int def)
 		case 'y': /* yes */
 		case 'Y': /* YES */
 		case '1': /* 1 */
-			ret = 1;
+			ret = 0;
 			break;
 		default:
 			ret = def;
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -122,9 +122,6 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#ifndef OPENSSL_NO_OCSP
-#include <openssl/ocsp.h>
-#endif
 #include <openssl/ossl_typ.h>

 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
@@ -231,12 +228,6 @@ extern BIO *bio_err;
 #  endif
 #endif

-#ifdef OPENSSL_SYSNAME_WIN32
-#  define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
-#else
-#  define openssl_fdset(a,b) FD_SET(a, b)
-#endif
-
 typedef struct args_st
 	{
 	char **data;
@@ -284,12 +275,6 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
 #endif

-#ifndef OPENSSL_NO_OCSP
-OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
-			char *host, char *path, char *port, int use_ssl,
-			int req_timeout);
-#endif
-
 int load_config(BIO *err, CONF *cnf);
 char *make_config_name(void);

--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2882,22 +2882,13 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
 	p=(char *)str->data;
 	for (j=str->length; j>0; j--)
 		{
-#ifdef CHARSET_EBCDIC
-		if ((*p >= 0x20) && (*p <= 0x7e))
-			BIO_printf(bp,"%c",os_toebcdic[*p]);
-#else
 		if ((*p >= ' ') && (*p <= '~'))
 			BIO_printf(bp,"%c",*p);
-#endif
 		else if (*p & 0x80)
 			BIO_printf(bp,"\\0x%02X",*p);
 		else if ((unsigned char)*p == 0xf7)
 			BIO_printf(bp,"^?");
-#ifdef CHARSET_EBCDIC
-		else	BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]);
-#else
 		else	BIO_printf(bp,"^%c",*p+'@');
-#endif
 		p++;
 		}
 	BIO_printf(bp,"'\n");
--- a/apps/cms.c
+++ b/apps/cms.c
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -190,8 +190,6 @@ int MAIN(int argc, char **argv)
 			out_bin = 1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
-		else if (!strcmp(*argv,"-fips-fingerprint"))
-			hmac_key = "etaonrishdlcupfm";
 		else if (!strcmp(*argv,"-hmac"))
 			{
 			if (--argc < 1)
@@ -229,7 +227,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
-		BIO_printf(bio_err,"-hmac key       create hashed MAC with key\n");
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 #endif
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -244,7 +244,7 @@ bad:
 				" the ec parameters are encoded\n");
 		BIO_printf(bio_err, "                 in the asn1 der "
 				"encoding\n");
-		BIO_printf(bio_err, "                 possible values:"
+		BIO_printf(bio_err, "                 possilbe values:"
 				" named_curve (default)\n");
 		BIO_printf(bio_err,"                                  "
 				"explicit\n");
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -142,7 +142,7 @@ $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "RSA;RSAUTL;DSA;DSAPARAM;EC;ECPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
-	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;CMS;RAND;ENGINE;OCSP;PRIME"
+	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP;PRIME"
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",OPENSSL,"
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -56,14 +56,15 @@
 *
 */
 #ifndef OPENSSL_NO_OCSP
-#define USE_SOCKETS
+
 #include <stdio.h>
-#include <stdlib.h>
 #include <string.h>
-#include "apps.h" /* needs to be included before the openssl headers! */
-#include <openssl/e_os2.h>
-#include <openssl/ssl.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/ocsp.h>
 #include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/bn.h>

 /* Maximum leeway in validity period: default 5 minutes */
 #define MAX_VALIDITY_PERIOD	(5 * 60)
@@ -85,8 +86,6 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
 static BIO *init_responder(char *port);
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
-				OCSP_REQUEST *req, int req_timeout);

 #undef PROG
 #define PROG ocsp_main
@@ -113,11 +112,11 @@ int MAIN(int argc, char **argv)
 	BIO *acbio = NULL, *cbio = NULL;
 	BIO *derbio = NULL;
 	BIO *out = NULL;
-	int req_timeout = -1;
 	int req_text = 0, resp_text = 0;
 	long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
 	char *CAfile = NULL, *CApath = NULL;
 	X509_STORE *store = NULL;
+	SSL_CTX *ctx = NULL;
 	STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
 	char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
 	unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
@@ -155,22 +154,6 @@ int MAIN(int argc, char **argv)
 				}
 			else badarg = 1;
 			}
-		else if (!strcmp(*args, "-timeout"))
-			{
-			if (args[1])
-				{
-				args++;
-				req_timeout = atol(*args);
-				if (req_timeout < 0)
-					{
-					BIO_printf(bio_err,
-						"Illegal timeout value %s\n",
-						*args);
-					badarg = 1;
-					}
-				}
-			else badarg = 1;
-			}
 		else if (!strcmp(*args, "-url"))
 			{
 			if (args[1])
@@ -720,14 +703,52 @@ int MAIN(int argc, char **argv)
 	else if (host)
 		{
 #ifndef OPENSSL_NO_SOCK
-		resp = process_responder(bio_err, req, host, path,
-						port, use_ssl, req_timeout);
-		if (!resp)
-			goto end;
+		cbio = BIO_new_connect(host);
 #else
 		BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
 		goto end;
 #endif
+		if (!cbio)
+			{
+			BIO_printf(bio_err, "Error creating connect BIO\n");
+			goto end;
+			}
+		if (port) BIO_set_conn_port(cbio, port);
+		if (use_ssl == 1)
+			{
+			BIO *sbio;
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+			ctx = SSL_CTX_new(SSLv23_client_method());
+#elif !defined(OPENSSL_NO_SSL3)
+			ctx = SSL_CTX_new(SSLv3_client_method());
+#elif !defined(OPENSSL_NO_SSL2)
+			ctx = SSL_CTX_new(SSLv2_client_method());
+#else
+			BIO_printf(bio_err, "SSL is disabled\n");
+			goto end;
+#endif
+			if (ctx == NULL)
+				{
+				BIO_printf(bio_err, "Error creating SSL context.\n");
+				goto end;
+				}
+			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+			sbio = BIO_new_ssl(ctx, 1);
+			cbio = BIO_push(sbio, cbio);
+			}
+		if (BIO_do_connect(cbio) <= 0)
+			{
+			BIO_printf(bio_err, "Error connecting BIO\n");
+			goto end;
+			}
+		resp = OCSP_sendreq_bio(cbio, path, req);
+		BIO_free_all(cbio);
+		cbio = NULL;
+		if (!resp)
+			{
+			BIO_printf(bio_err, "Error querying OCSP responsder\n");
+			goto end;
+			}
 		}
 	else if (respin)
 		{
@@ -876,6 +897,7 @@ end:
 		OPENSSL_free(host);
 		OPENSSL_free(port);
 		OPENSSL_free(path);
+		SSL_CTX_free(ctx);
 		}

 	OPENSSL_EXIT(ret);
@@ -1099,7 +1121,6 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
 	char *itmp, *row[DB_NUMBER],**rrow;
 	for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
 	bn = ASN1_INTEGER_to_BN(ser,NULL);
-	OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */
 	if (BN_is_zero(bn))
 		itmp = BUF_strdup("00");
 	else
@@ -1210,137 +1231,4 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
 	return 1;
 	}

-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
-				OCSP_REQUEST *req, int req_timeout)
-	{
-	int fd;
-	int rv;
-	OCSP_REQ_CTX *ctx = NULL;
-	OCSP_RESPONSE *rsp = NULL;
-	fd_set confds;
-	struct timeval tv;
-
-	if (req_timeout != -1)
-		BIO_set_nbio(cbio, 1);
-
-	rv = BIO_do_connect(cbio);
-
-	if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio)))
-		{
-		BIO_puts(err, "Error connecting BIO\n");
-		return NULL;
-		}
-
-	if (req_timeout == -1)
-		return OCSP_sendreq_bio(cbio, path, req);
-
-	if (BIO_get_fd(cbio, &fd) <= 0)
-		{
-		BIO_puts(err, "Can't get connection fd\n");
-		goto err;
-		}
-
-	if (rv <= 0)
-		{
-		FD_ZERO(&confds);
-		openssl_fdset(fd, &confds);
-		tv.tv_usec = 0;
-		tv.tv_sec = req_timeout;
-		rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
-		if (rv == 0)
-			{
-			BIO_puts(err, "Timeout on connect\n");
-			return NULL;
-			}
-		}
-
-
-	ctx = OCSP_sendreq_new(cbio, path, req, -1);
-	if (!ctx)
-		return NULL;
-	
-	for (;;)
-		{
-		rv = OCSP_sendreq_nbio(&rsp, ctx);
-		if (rv != -1)
-			break;
-		FD_ZERO(&confds);
-		openssl_fdset(fd, &confds);
-		tv.tv_usec = 0;
-		tv.tv_sec = req_timeout;
-		if (BIO_should_read(cbio))
-			rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
-		else if (BIO_should_write(cbio))
-			rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
-		else
-			{
-			BIO_puts(err, "Unexpected retry condition\n");
-			goto err;
-			}
-		if (rv == 0)
-			{
-			BIO_puts(err, "Timeout on request\n");
-			break;
-			}
-		if (rv == -1)
-			{
-			BIO_puts(err, "Select error\n");
-			break;
-			}
-			
-		}
-	err:
-	if (ctx)
-		OCSP_REQ_CTX_free(ctx);
-
-	return rsp;
-	}
-
-OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
-			char *host, char *path, char *port, int use_ssl,
-			int req_timeout)
-	{
-	BIO *cbio = NULL;
-	SSL_CTX *ctx = NULL;
-	OCSP_RESPONSE *resp = NULL;
-	cbio = BIO_new_connect(host);
-	if (!cbio)
-		{
-		BIO_printf(err, "Error creating connect BIO\n");
-		goto end;
-		}
-	if (port) BIO_set_conn_port(cbio, port);
-	if (use_ssl == 1)
-		{
-		BIO *sbio;
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
-		ctx = SSL_CTX_new(SSLv23_client_method());
-#elif !defined(OPENSSL_NO_SSL3)
-		ctx = SSL_CTX_new(SSLv3_client_method());
-#elif !defined(OPENSSL_NO_SSL2)
-		ctx = SSL_CTX_new(SSLv2_client_method());
-#else
-		BIO_printf(err, "SSL is disabled\n");
-			goto end;
-#endif
-		if (ctx == NULL)
-			{
-			BIO_printf(err, "Error creating SSL context.\n");
-			goto end;
-			}
-		SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
-		sbio = BIO_new_ssl(ctx, 1);
-		cbio = BIO_push(sbio, cbio);
-		}
-	resp = query_responder(err, cbio, path, req, req_timeout);
-	if (!resp)
-		BIO_printf(bio_err, "Error querying OCSP responsder\n");
-	end:
-	if (ctx)
-		SSL_CTX_free(ctx);
-	if (cbio)
-		BIO_free_all(cbio);
-	return resp;
-	}
-
 #endif
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -28,7 +28,6 @@ extern int speed_main(int argc,char *argv[]);
 extern int s_time_main(int argc,char *argv[]);
 extern int version_main(int argc,char *argv[]);
 extern int pkcs7_main(int argc,char *argv[]);
-extern int cms_main(int argc,char *argv[]);
 extern int crl2pkcs7_main(int argc,char *argv[]);
 extern int sess_id_main(int argc,char *argv[]);
 extern int ciphers_main(int argc,char *argv[]);
@@ -110,9 +109,6 @@ FUNCTION functions[] = {
 #endif
 	{FUNC_TYPE_GENERAL,"version",version_main},
 	{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
-#ifndef OPENSSL_NO_CMS
-	{FUNC_TYPE_GENERAL,"cms",cms_main},
-#endif
 	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
 	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
 #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -43,8 +43,6 @@ foreach (@ARGV)
 		{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^pkcs12$/))
 		{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^cms$/))
-		{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
 	else
 		{ print $str; }
 	}
--- a/apps/req.c
+++ b/apps/req.c
@@ -719,7 +719,8 @@ bad:
 			   message */
 			goto end;
 			}
-		else
+		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || 
+			EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
 			{
 			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 			if (randfile == NULL)
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -119,36 +119,24 @@ int MAIN(int argc, char **argv)
 	while(argc >= 1)
 	{
 		if (!strcmp(*argv,"-in")) {
-			if (--argc < 1)
-				badarg = 1;
-			else
-				infile= *(++argv);
+			if (--argc < 1) badarg = 1;
+                        infile= *(++argv);
 		} else if (!strcmp(*argv,"-out")) {
-			if (--argc < 1)
-				badarg = 1;
-			else
-				outfile= *(++argv);
+			if (--argc < 1) badarg = 1;
+			outfile= *(++argv);
 		} else if(!strcmp(*argv, "-inkey")) {
-			if (--argc < 1)
-				badarg = 1;
-			else
-				keyfile = *(++argv);
+			if (--argc < 1) badarg = 1;
+			keyfile = *(++argv);
 		} else if (!strcmp(*argv,"-passin")) {
-			if (--argc < 1)
-				badarg = 1;
-			else
-				passargin= *(++argv);
+			if (--argc < 1) badarg = 1;
+			passargin= *(++argv);
 		} else if (strcmp(*argv,"-keyform") == 0) {
-			if (--argc < 1)
-				badarg = 1;
-			else
-				keyform=str2fmt(*(++argv));
+			if (--argc < 1) badarg = 1;
+			keyform=str2fmt(*(++argv));
 #ifndef OPENSSL_NO_ENGINE
 		} else if(!strcmp(*argv, "-engine")) {
-			if (--argc < 1)
-				badarg = 1;
-			else
-				engine = *(++argv);
+			if (--argc < 1) badarg = 1;
+			engine = *(++argv);
 #endif
 		} else if(!strcmp(*argv, "-pubin")) {
 			key_type = KEY_PUBKEY;
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -134,7 +134,6 @@ typedef unsigned int u_int;
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/rand.h>
-#include <openssl/ocsp.h>
 #include "s_apps.h"
 #include "timeouts.h"

@@ -174,16 +173,12 @@ static int c_Pause=0;
 static int c_debug=0;
 #ifndef OPENSSL_NO_TLSEXT
 static int c_tlsextdebug=0;
-static int c_status_req=0;
 #endif
 static int c_msg=0;
 static int c_showcerts=0;

 static void sc_usage(void);
 static void print_stuff(BIO *berr,SSL *con,int full);
-#ifndef OPENSSL_NO_TLSEXT
-static int ocsp_resp_cb(SSL *s, void *arg);
-#endif
 static BIO *bio_c_out=NULL;
 static int c_quiet=0;
 static int c_ign_eof=0;
@@ -244,7 +239,6 @@ static void sc_usage(void)
 #ifndef OPENSSL_NO_TLSEXT
 	BIO_printf(bio_err," -servername host  - Set TLS extension servername in ClientHello\n");
 	BIO_printf(bio_err," -tlsextdebug      - hex dump of all TLS extensions received\n");
-	BIO_printf(bio_err," -status           - request certificate status from server\n");
 	BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
 #endif
 	}
@@ -441,8 +435,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_TLSEXT
 		else if	(strcmp(*argv,"-tlsextdebug") == 0)
 			c_tlsextdebug=1;
-		else if	(strcmp(*argv,"-status") == 0)
-			c_status_req=1;
 #endif
 #ifdef WATT32
 		else if (strcmp(*argv,"-wdebug") == 0)
@@ -834,23 +826,6 @@ re_start:
 		SSL_set_tlsext_debug_callback(con, tlsext_cb);
 		SSL_set_tlsext_debug_arg(con, bio_c_out);
 		}
-	if (c_status_req)
-		{
-		SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
-		SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
-		SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
-#if 0
-{
-STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
-OCSP_RESPID *id = OCSP_RESPID_new();
-id->value.byKey = ASN1_OCTET_STRING_new();
-id->type = V_OCSP_RESPID_KEY;
-ASN1_STRING_set(id->value.byKey, "Hello World", -1);
-sk_OCSP_RESPID_push(ids, id);
-SSL_set_tlsext_status_ids(con, ids);
-}
-#endif
-		}
 #endif

 	SSL_set_bio(con,sbio,sbio);
@@ -1455,31 +1430,3 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 	(void)BIO_flush(bio);
 	}

-#ifndef OPENSSL_NO_TLSEXT
-
-static int ocsp_resp_cb(SSL *s, void *arg)
-	{
-	const unsigned char *p;
-	int len;
-	OCSP_RESPONSE *rsp;
-	len = SSL_get_tlsext_status_ocsp_resp(s, &p);
-	BIO_puts(arg, "OCSP response: ");
-	if (!p)
-		{
-		BIO_puts(arg, "no response sent\n");
-		return 1;
-		}
-	rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
-	if (!rsp)
-		{
-		BIO_puts(arg, "response parse error\n");
-		BIO_dump_indent(arg, (char *)p, len, 4);
-		return 0;
-		}
-	BIO_puts(arg, "\n======================================\n");
-	OCSP_RESPONSE_print(arg, rsp, 0);
-	BIO_puts(arg, "======================================\n");
-	OCSP_RESPONSE_free(rsp);
-	return 1;
-	}
-#endif  /* ndef OPENSSL_NO_TLSEXT */
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -153,7 +153,6 @@ typedef unsigned int u_int;
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
-#include <openssl/ocsp.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -270,8 +269,6 @@ static BIO *bio_s_out=NULL;
 static int s_debug=0;
 #ifndef OPENSSL_NO_TLSEXT
 static int s_tlsextdebug=0;
-static int s_tlsextstatus=0;
-static int cert_status_cb(SSL *s, void *arg);
 #endif
 static int s_msg=0;
 static int s_quiet=0;
@@ -333,11 +330,6 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use\n");
 	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);
-	BIO_printf(bio_err," -crl_check    - check the peer certificate has not been revoked by its CA.\n" \
-	                   "                 The CRL(s) are appended to the certificate file\n");
-	BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
-	                   "                 or any other CRL in the CA chain. CRL(s) are appened to the\n" \
-	                   "                 the certificate file.\n");
 	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
 	BIO_printf(bio_err," -key arg      - Private Key file to use, in cert file if\n");
 	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT);
@@ -593,152 +585,6 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
 		}
 	return SSL_TLSEXT_ERR_OK;
 }
-
-/* Structure passed to cert status callback */
-
-typedef struct tlsextstatusctx_st {
-   /* Default responder to use */
-   char *host, *path, *port;
-   int use_ssl;
-   int timeout;
-   BIO *err;
-   int verbose;
-} tlsextstatusctx;
-
-static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0};
-
-/* Certificate Status callback. This is called when a client includes a
- * certificate status request extension.
- *
- * This is a simplified version. It examines certificates each time and
- * makes one OCSP responder query for each request.
- *
- * A full version would store details such as the OCSP certificate IDs and
- * minimise the number of OCSP responses by caching them until they were
- * considered "expired".
- */
-
-static int cert_status_cb(SSL *s, void *arg)
-	{
-	tlsextstatusctx *srctx = arg;
-	BIO *err = srctx->err;
-	char *host, *port, *path;
-	int use_ssl;
-	unsigned char *rspder = NULL;
-	int rspderlen;
-	STACK *aia = NULL;
-	X509 *x = NULL;
-	X509_STORE_CTX inctx;
-	X509_OBJECT obj;
-	OCSP_REQUEST *req = NULL;
-	OCSP_RESPONSE *resp = NULL;
-	OCSP_CERTID *id = NULL;
-	STACK_OF(X509_EXTENSION) *exts;
-	int ret = SSL_TLSEXT_ERR_NOACK;
-	int i;
-#if 0
-STACK_OF(OCSP_RESPID) *ids;
-SSL_get_tlsext_status_ids(s, &ids);
-BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
-#endif
-	if (srctx->verbose)
-		BIO_puts(err, "cert_status: callback called\n");
-	/* Build up OCSP query from server certificate */
-	x = SSL_get_certificate(s);
-	aia = X509_get1_ocsp(x);
-	if (aia)
-		{
-		if (!OCSP_parse_url(sk_value(aia, 0),
-			&host, &port, &path, &use_ssl))
-			{
-			BIO_puts(err, "cert_status: can't parse AIA URL\n");
-			goto err;
-			}
-		if (srctx->verbose)
-			BIO_printf(err, "cert_status: AIA URL: %s\n",
-					sk_value(aia, 0));
-		}
-	else
-		{
-		if (!srctx->host)
-			{
-			BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n");
-			goto done;
-			}
-		host = srctx->host;
-		path = srctx->path;
-		port = srctx->port;
-		use_ssl = srctx->use_ssl;
-		}
-		
-	if (!X509_STORE_CTX_init(&inctx,
-				SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
-				NULL, NULL))
-		goto err;
-	if (X509_STORE_get_by_subject(&inctx,X509_LU_X509,
-				X509_get_issuer_name(x),&obj) <= 0)
-		{
-		BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
-		X509_STORE_CTX_cleanup(&inctx);
-		goto done;
-		}
-	req = OCSP_REQUEST_new();
-	if (!req)
-		goto err;
-	id = OCSP_cert_to_id(NULL, x, obj.data.x509);
-	X509_free(obj.data.x509);
-	X509_STORE_CTX_cleanup(&inctx);
-	if (!id)
-		goto err;
-	if (!OCSP_request_add0_id(req, id))
-		goto err;
-	id = NULL;
-	/* Add any extensions to the request */
-	SSL_get_tlsext_status_exts(s, &exts);
-	for (i = 0; i < sk_X509_EXTENSION_num(exts); i++)
-		{
-		X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
-		if (!OCSP_REQUEST_add_ext(req, ext, -1))
-			goto err;
-		}
-	resp = process_responder(err, req, host, path, port, use_ssl,
-					srctx->timeout);
-	if (!resp)
-		{
-		BIO_puts(err, "cert_status: error querying responder\n");
-		goto done;
-		}
-	rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
-	if (rspderlen <= 0)
-		goto err;
-	SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
-	if (srctx->verbose)
-		{
-		BIO_puts(err, "cert_status: ocsp response sent:\n");
-		OCSP_RESPONSE_print(err, resp, 2);
-		}
-	ret = SSL_TLSEXT_ERR_OK;
-	done:
-	if (ret != SSL_TLSEXT_ERR_OK)
-		ERR_print_errors(err);
-	if (aia)
-		{
-		OPENSSL_free(host);
-		OPENSSL_free(path);
-		OPENSSL_free(port);
-		X509_email_free(aia);
-		}
-	if (id)
-		OCSP_CERTID_free(id);
-	if (req)
-		OCSP_REQUEST_free(req);
-	if (resp)
-		OCSP_RESPONSE_free(resp);
-	return ret;
-	err:
-	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-	goto done;
-	}
 #endif
 int MAIN(int, char **);

@@ -914,7 +760,7 @@ int MAIN(int argc, char *argv[])
 			{
 			vflags |= X509_V_FLAG_CRL_CHECK;
 			}
-		else if (strcmp(*argv,"-crl_check_all") == 0)
+		else if (strcmp(*argv,"-crl_check") == 0)
 			{
 			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
 			}
@@ -946,33 +792,6 @@ int MAIN(int argc, char *argv[])
 #ifndef OPENSSL_NO_TLSEXT
 		else if	(strcmp(*argv,"-tlsextdebug") == 0)
 			s_tlsextdebug=1;
-		else if	(strcmp(*argv,"-status") == 0)
-			s_tlsextstatus=1;
-		else if	(strcmp(*argv,"-status_verbose") == 0)
-			{
-			s_tlsextstatus=1;
-			tlscstatp.verbose = 1;
-			}
-		else if (!strcmp(*argv, "-status_timeout"))
-			{
-			s_tlsextstatus=1;
-                        if (--argc < 1) goto bad;
-			tlscstatp.timeout = atoi(*(++argv));
-			}
-		else if (!strcmp(*argv, "-status_url"))
-			{
-			s_tlsextstatus=1;
-                        if (--argc < 1) goto bad;
-			if (!OCSP_parse_url(*(++argv),
-					&tlscstatp.host,
-					&tlscstatp.port,
-					&tlscstatp.path,
-					&tlscstatp.use_ssl))
-				{
-				BIO_printf(bio_err, "Error parsing URL\n");
-				goto bad;
-				}
-			}
 #endif
 		else if	(strcmp(*argv,"-msg") == 0)
 			{ s_msg=1; }
@@ -1611,12 +1430,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 		SSL_set_tlsext_debug_callback(con, tlsext_cb);
 		SSL_set_tlsext_debug_arg(con, bio_s_out);
 		}
-	if (s_tlsextstatus)
-		{
-		SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
-		tlscstatp.err = bio_err;
-		SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
-		}
 #endif
 #ifndef OPENSSL_NO_KRB5
 		if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -577,7 +577,7 @@ int MAIN(int argc, char **argv)
 #define MAX_BLOCK_SIZE 64
 #endif
 	unsigned char DES_iv[8];
-	unsigned char iv[2*MAX_BLOCK_SIZE/8];
+	unsigned char iv[MAX_BLOCK_SIZE/8];
 #ifndef OPENSSL_NO_DES
 	DES_cblock *buf_as_des_cblock = NULL;
 	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -114,7 +114,6 @@ static const char *x509_usage[]={
 " -alias          - output certificate alias\n",
 " -noout          - no certificate output\n",
 " -ocspid         - print OCSP hash values for the subject name and public key\n",
-" -ocspurl        - print OCSP Responder URL(s)\n",
 " -trustout       - output a \"trusted\" certificate\n",
 " -clrtrust       - clear all trusted purposes\n",
 " -clrreject      - clear all rejected purposes\n",
@@ -180,7 +179,6 @@ int MAIN(int argc, char **argv)
 	int next_serial=0;
 	int subject_hash=0,issuer_hash=0,ocspid=0;
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
-	int ocsp_uri=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
 	int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
@@ -380,8 +378,6 @@ int MAIN(int argc, char **argv)
 			C= ++num;
 		else if (strcmp(*argv,"-email") == 0)
 			email= ++num;
-		else if (strcmp(*argv,"-ocsp_uri") == 0)
-			ocsp_uri= ++num;
 		else if (strcmp(*argv,"-serial") == 0)
 			serial= ++num;
 		else if (strcmp(*argv,"-next_serial") == 0)
@@ -735,14 +731,11 @@ bad:
 				ASN1_INTEGER_free(ser);
 				BIO_puts(out, "\n");
 				}
-			else if ((email == i) || (ocsp_uri == i))
+			else if (email == i) 
 				{
 				int j;
 				STACK *emlst;
-				if (email == i)
-					emlst = X509_get1_email(x);
-				else
-					emlst = X509_get1_ocsp(x);
+				emlst = X509_get1_email(x);
 				for (j = 0; j < sk_num(emlst); j++)
 					BIO_printf(STDout, "%s\n", sk_value(emlst, j));
 				X509_email_free(emlst);
--- a/certs/README.RootCerts
+++ b/certs/README.RootCerts
@@ -1,4 +0,0 @@
-The OpenSSL project does not (any longer) include root CA certificates.
-
-Please check out the FAQ:
-  * How can I set up a bundle of commercial root CA certificates?
--- a/certs/RegTP-5R.pem
+++ b/certs/RegTP-5R.pem
@@ -0,0 +1,19 @@
+issuer= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+notBefore=Mar 22 08:55:51 2000 GMT
+notAfter=Mar 22 08:55:51 2005 GMT
+subject= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+-----BEGIN CERTIFICATE-----
+MIICaDCCAdSgAwIBAgIDDIOqMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
+OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
+aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4w
+IhgPMjAwMDAzMjIwODU1NTFaGA8yMDA1MDMyMjA4NTU1MVowbzELMAkGA1UEBhMC
+REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
+bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0Eg
+MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAih5BUycfBpqKhU8RDsaS
+vV5AtzWeXQRColL9CH3t0DKnhjKAlJ8iccFtJNv+d3bh8bb9sh0maRSo647xP7hs
+HTjKgTE4zM5BYNfXvST79OtcMgAzrnDiGjQIIWv8xbfV1MqxxdtZJygrwzRMb9jG
+CAGoJEymoyzAMNG7tSdBWnUCBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
+KyQDAwECBQADgYEAOaK8ihVSBUcL2IdVBxZYYUKwMz5m7H3zqhN8W9w+iafWudH6
+b+aahkbENEwzg3C3v5g8nze7v7ssacQze657LHjP+e7ksUDIgcS4R1pU2eN16bjS
+P/qGPF3rhrIEHoK5nJULkjkZYTtNiOvmQ/+G70TXDi3Os/TwLlWRvu+7YLM=
+-----END CERTIFICATE-----
--- a/certs/RegTP-6R.pem
+++ b/certs/RegTP-6R.pem
@@ -0,0 +1,19 @@
+issuer= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+notBefore=Feb  1 09:52:17 2001 GMT
+notAfter=Jun  1 09:52:17 2005 GMT
+subject= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+-----BEGIN CERTIFICATE-----
+MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
+OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
+aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
+IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
+REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
+bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
+MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
+wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
+mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
+ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
+KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
+IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
+XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
+-----END CERTIFICATE-----
--- a/certs/aol1.pem
+++ b/certs/aol1.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
+bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2
+MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk
+hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym
+1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW
+OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb
+2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko
+O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU
+AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
+Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb
+LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir
+oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C
+MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds
+sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
+-----END CERTIFICATE-----
--- a/certs/aol2.pem
+++ b/certs/aol2.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
+bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2
+MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC
+206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci
+KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2
+JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9
+BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e
+Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B
+PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
+Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq
+Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
+o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3
+L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj
+YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj
+FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn
+xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2
+LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
+obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8
+CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe
+IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA
+DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F
+AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX
+Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb
+AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl
+Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
+RY8mkaKO/qk=
+-----END CERTIFICATE-----
--- a/certs/aoltw1.pem
+++ b/certs/aoltw1.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
+HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
+IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAwMFoXDTM3MTEyMDE1
+MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
+SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
+IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U
+0pPlLYnKhHw/EEMbjIt8hFj4JHxIzyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItI
+TuLCxFlpMGK2MKKMCxGZYTVtfu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAf
+RC+iYkGzuxgh28pxPIzstrkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqF
+zQ6axOAAsNUl6twr5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqh
+BC4aMqiaILGcLCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEA
+AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jY
+PXy+XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/
+BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNMeUWn
+9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7CegCgTXT
+Ct8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77BfWgDrvq2g+EQF
+Z7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oTLW4jYYehY0KswsuX
+n2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCzvhGbRWeDhhmH05i9CBoW
+H1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmwX7A5KGgOc90lmt4S
+-----END CERTIFICATE-----
--- a/certs/aoltw2.pem
+++ b/certs/aoltw2.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
+HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
+IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAwMFoXDTM3MDkyODIz
+NDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
+SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
+IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ
+7ouZzU9AhqS2TcnZsdw8TQ2FTBVsRotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilb
+m2BPJoPRYxJWSXakFsKlnUWsi4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOY
+xFSMFkpBd4aVdQxHAWZg/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZ
+YYCLqJV+FNwSbKTQ2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbq
+JS5Gr42whTg0ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fx
+I2rSAG2X+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETz
+kxmlJ85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh
+EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNoKk/S
+Btc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJKg71ZDIM
+gtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1ExMVCgyhwn2RAu
+rda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaAFE9pbQN+nZ8HGEO8txBO
+1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAO/Ouyugu
+h4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0cnAxa8cZmIDJgt43d15Ui47y6mdP
+yXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRFASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q
+7C+qPBR7V8F+GBRn7iTGvboVsNIYvbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKT
+RuidDV29rs4prWPVVRaAMCf/drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/
+ClTluUI8JPu3B5wwn3la5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyB
+M5kYJRF3p+v9WAksmWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQ
+my8YJPamTQr5O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xO
+AU++CrYD062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT
+9Y41xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H
+hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOLZ8/5
+fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg=
+-----END CERTIFICATE-----
--- a/certs/argena.pem
+++ b/certs/argena.pem
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIG0zCCBbugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBzDELMAkGA1UEBhMCQVQx
+EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTE6MDgGA1UEChMxQVJH
+RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEl
+MCMGA1UECxMcQS1DRVJUIENlcnRpZmljYXRpb24gU2VydmljZTEYMBYGA1UEAxMP
+QS1DRVJUIEFEVkFOQ0VEMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGEtY2VydC5hdDAe
+Fw0wNDEwMjMxNDE0MTRaFw0xMTEwMjMxNDE0MTRaMIHMMQswCQYDVQQGEwJBVDEQ
+MA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQKEzFBUkdF
+IERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0aW9uMSUw
+IwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYDVQQDEw9B
+LUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0LmF0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3euXIy+mnf6BYKbK+QH5k679
+tUFqeT8jlZxMew8eNiHuw9KoxWBzL6KksK+5uK7Gatw+sbAYntEGE80P+Jg1hADM
+e+Fr5V0bc6QS3gkVtfUCW/RIvfMM39oxvmqJmOgPnJU7H6+nmLtsq61tv9kVJi/2
+4Y5wXW3odet72sF57EoG6s78w0BUVLNcMngS9bZZzmdG3/d6JbkGgoNF/8DcgCBJ
+W/t0JrcIzyppXIOVtUzzOrrU86zuUgT3Rtkl5kjG7DEHpFb9H0fTOY1v8+gRoaO6
+2gA0PCiysgVZjwgVeYe3KAg11nznyleDv198uK3Dc1oXIGYjJx2FpKWUvAuAEwID
+AQABo4ICvDCCArgwHQYDVR0OBBYEFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYMIH5BgNV
+HSMEgfEwge6AFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYoYHSpIHPMIHMMQswCQYDVQQG
+EwJBVDEQMA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQK
+EzFBUkdFIERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0
+aW9uMSUwIwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYD
+VQQDEw9BLUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0
+LmF0ggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMEcGA1UdJQRAMD4G
+CCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcD
+CAYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAP8wUQYDVR0gBEowSDBGBggq
+KAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRwOi8vd3d3LmEtY2VydC5hdC9jZXJ0
+aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgBhvhCAQgELhYsaHR0cDovL3d3dy5h
+LWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5Lmh0bWwwGQYDVR0RBBIwEIEOaW5m
+b0BhLWNlcnQuYXQwLwYDVR0SBCgwJoEOaW5mb0BhLWNlcnQuYXSGFGh0dHA6Ly93
+d3cuYS1jZXJ0LmF0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHBzOi8vc2VjdXJlLmEt
+Y2VydC5hdC9jZ2ktYmluL2EtY2VydC1hZHZhbmNlZC5jZ2kwDQYJKoZIhvcNAQEF
+BQADggEBACX1IvgfdG2rvfv35O48vSEvcVaEdlN8USFBHWz3JRAozgzvaBtwHkjK
+Zwt5l/BWOtjbvHfRjDt7ijlBEcxOOrNC1ffyMHwHrXpvff6YpQ5wnxmIYEQcURiG
+HMqruEX0WkuDNgSKwefsgXs27eeBauHgNGVcTYH1rmHu/ZyLpLxOyJQ2PCzA1DzW
+3rWkIX92ogJ7lTRdWrbxwUL1XGinxnnaQ74+/y0pI9JNEv7ic2tpkweRMpkedaLW
+msC1+orfKTebsg69aMaCx7o6jNONRmR/7TVaPf8/k6g52cHZ9YWjQvup22b5rWxG
+J5r5LZ4vCPmF4+T4lutjUYAa/lGuQTg=
+-----END CERTIFICATE-----
--- a/certs/argeng.pem
+++ b/certs/argeng.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAyygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCQVQx
+EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAGA1UEChM5QXJn
+ZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBmdWVyIERhdGVu
+c2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVuLmF0MB4XDTAx
+MDIxMjExMzAzMFoXDTA5MDIxMjExMzAzMFowgZgxCzAJBgNVBAYTAkFUMRAwDgYD
+VQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExQjBABgNVBAoTOUFyZ2UgRGF0
+ZW4gT2VzdGVycmVpY2hpc2NoZSBHZXNlbGxzY2hhZnQgZnVlciBEYXRlbnNjaHV0
+ejEiMCAGCSqGSIb3DQEJARYTYS1jZXJ0QGFyZ2VkYXRlbi5hdDCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAwgsHqoNtmmrJ86+e1I4hOVBaL4kokqKN2IPOIL+1
+XwY8vfOOUfPEdhWpaC0ldt7VYrksgDiUccgH0FROANWK2GkfKMDzjjXHysR04uEb
+Om7Kqjqn0nproOGkFG+QvBZgs+Ws+HXNFJA6V76fU4+JXq4452LSK4Lr5YcBquu3
+NJECAwEAAaOCARkwggEVMB0GA1UdDgQWBBQ0j59zH/G31zRjgK1y2P//tSAWZjCB
+xQYDVR0jBIG9MIG6gBQ0j59zH/G31zRjgK1y2P//tSAWZqGBnqSBmzCBmDELMAkG
+A1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAG
+A1UEChM5QXJnZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBm
+dWVyIERhdGVuc2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVu
+LmF0ggEAMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE
+AwICBDANBgkqhkiG9w0BAQQFAAOBgQBFuJYncqMYB6gXQS3eDOI90BEHfFTKy/dV
+AV+K7QdAYikWmqgBheRdPKddJdccPy/Zl/p3ZT7GhDyC5f3wZjcuu8AJ27BNwbCA
+x54dgxgCNcyPm79nY8MRtEdEpoRGdSsFKJemz6hpXM++MWFciyrRWIIA44XB0Gv3
+US0spjsDPQ==
+-----END CERTIFICATE-----
--- a/certs/demo/nortelCA.pem
+++ b/certs/demo/nortelCA.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
+BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
+HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
+IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
+MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
+aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
+GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
+ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
+zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
+YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
+hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
+cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
+YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
+-----END CERTIFICATE-----
+
--- a/certs/demo/timCA.pem
+++ b/certs/demo/timCA.pem
@@ -0,0 +1,16 @@
+Tims test GCI CA
+
+-----BEGIN CERTIFICATE-----
+MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
+cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
+gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
+cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
+dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
+OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
+AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
+-----END CERTIFICATE-----
+
--- a/certs/demo/tjhCA.pem
+++ b/certs/demo/tjhCA.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
+cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
+IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
+VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
+NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
+I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
+RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
+KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
+Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
+9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
+WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
+-----END CERTIFICATE-----
--- a/certs/demo/vsigntca.pem
+++ b/certs/demo/vsigntca.pem
@@ -0,0 +1,18 @@
+subject=/O=VeriSign, Inc/OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD./OU=For VeriSign authorized testing only. No assurances (C)VS1997
+notBefore=Mar  4 00:00:00 1997 GMT
+notAfter=Mar  4 23:59:59 2025 GMT
+-----BEGIN CERTIFICATE-----
+MIICTTCCAfcCEEdoCqpuXxnoK27q7d58Qc4wDQYJKoZIhvcNAQEEBQAwgakxFjAU
+BgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52ZXJpc2lnbi5jb20v
+cmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBMaWFiLiBMVEQuMUYw
+RAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0aW5nIG9ubHkuIE5v
+IGFzc3VyYW5jZXMgKEMpVlMxOTk3MB4XDTk3MDMwNDAwMDAwMFoXDTI1MDMwNDIz
+NTk1OVowgakxFjAUBgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52
+ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBM
+aWFiLiBMVEQuMUYwRAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0
+aW5nIG9ubHkuIE5vIGFzc3VyYW5jZXMgKEMpVlMxOTk3MFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAMak6xImJx44jMKcbkACy5/CyMA2fqXK4PlzTtCxRq5tFkDzne7s
+cI8oFK/J+gFZNE3bjidDxf07O3JOYG9RGx8CAwEAATANBgkqhkiG9w0BAQQFAANB
+ADT523tENOKrEheZFpsJx1UUjPrG7TwYc/C4NBHrZI4gZJcKVFIfNulftVS6UMYW
+ToLEMaUojc3DuNXHG21PDG8=
+-----END CERTIFICATE-----
--- a/certs/eng1.pem
+++ b/certs/eng1.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
+CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9CYW5rRW5n
+aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
+aW9uMRMwEQYDVQQDEwpiYW5rZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBiYW5r
+ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
+CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
+BAoTD0JhbmtFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmJhbmtlbmdpbmUxIDAeBgkqhkiG9w0B
+CQEWEWNhQGJhbmtlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA14LoTUAl1/hEy+Kh1kLHiBdW2zD3V4IhM7xxTVKsYsIH56nr69ATTIxU
+P36eRzeZ137qt1AxHFjDCidk3m1Ul6l59ProPexdslLLM2npM3f2cteg+toyiYiS
+EJKjyzIu1xF1j9qzGkymSY/4DsXLZNk9FaczxMk/Ooc6Os1M3AverL4VG4rYIb6f
+eR32cIKJ9Q1fGuyKk7ipq1XQfPW8a8TgZdbHbe7U9Gk3iasGMHHvpR9Ep3mGbgdT
+uQ98SBEuIwe1BUCGg/MXpVy48MNXfAMotBgGw4pl9yqSjMni2FB+E9Q9DHFs2RgX
+MqzKuo8zcPxKx2kZ6Arj8+27dw2clQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBBQUAA4IBAQBauupHX9EhpC/r57d6b5kkeWvognxIP9//TO4iw3qb
+zIXEkPXmJmwVzlzoKJWqiya+aw19SP0+G6CzsFOBo/9ehmz+hZ8bhYX4MjlWzX5u
+Tnkhz172j9fOBUmrTVPkcRIs6zjCD5PQAGoBPP1/Zdy2N36lZ0U7lg07Opirj/yJ
+PSJeM2j0fwIFAroiVckvdT0BVwB6S/cPaAQGPghbbr1YGSmYrMriSv825ILJUfxz
+rJYunGR9FiY9Ob7+jwJwiZMS4CxSPktutxr/3hOvr1+ALS7IcVakhhA3PuZAJbdH
+FRclR9qMM8aBnBZmf+Uv3K3uhT+UBzzY654U9Yi1JYnA
+-----END CERTIFICATE-----
--- a/certs/eng2.pem
+++ b/certs/eng2.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
+CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9DZXJ0RW5n
+aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
+aW9uMRMwEQYDVQQDEwpjZXJ0ZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBjZXJ0
+ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
+CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
+BAoTD0NlcnRFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmNlcnRlbmdpbmUxIDAeBgkqhkiG9w0B
+CQEWEWNhQGNlcnRlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA7aTXURShaeVt9u/dP3Q2dVib3jTCZvEyc6yfpGgaYWewXWuP4HOSfI4h
+GZblbpl+dzJc6RjhR+pguIRtbT5FJB8SJGjRqoujBEOQOxtVtc2fjM9Dqh0iOvMW
+WS6buxHG55GVrHAQaO5HXEScKQBa9ZyNmpSXPTEBrDMej1OAGOkc524/TZrgFPF4
+AiJLLkxCcP8NuzUKlW3WzNMSSoCtjkUKy4wjSLlAWCFM0T9Df6/+Z8ZUQTzHoKCD
+ncH5Qnynd7DlOwKQ2JwwxRhYGiGVTUN0GUq7qA11kW3+vnbFesKQXoF6o2PVx9s2
+YXviI2NXXUjZ0pVnsnFCc45Pm8XojwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBBQUAA4IBAQBP/aHOKJ00Akzc9HWM1X30hlWZFBaQi4pqD4Uhk8+p
+KzzwFP5DRLBOz8TYBbtdXrS6hxVMr2sqWmhVkuyepWhHZazKGyHY/y0FbOXsewAV
+1QxxSyx7ve89pCKv4/w0rQcP916iHc8Y/TCpmz7eITa3GId+8H/XTaBi8GBp9X9O
+w8m25FmEB1NT+eJwefvfdKowjy4tSorKdW/eJspxNuTSRGmUy8G71W5dYvgpAlx6
+mdnHyzxEGvRYNNI2bS0ifXgbEFNWqSas9q34ea5KOpkJu8T/KyXfSb6rPOsBSb0t
+wMowwGtCVH2C4Lw/8zo0EjhMpTOsPaub408PrZ+NQ2bl
+-----END CERTIFICATE-----
--- a/certs/eng3.pem
+++ b/certs/eng3.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
+CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9Gb3J0RW5n
+aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
+aW9uMRMwEQYDVQQDEwpmb3J0ZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBmb3J0
+ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
+CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
+BAoTD0ZvcnRFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmZvcnRlbmdpbmUxIDAeBgkqhkiG9w0B
+CQEWEWNhQGZvcnRlbmdpbmUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAyr7GbpwDxx1v3EYbo0gcO+ligEhlDqG2e7u/AbWGoVAqc8+q6auUJUtz
+4i7oh0yNadu1o9kpXW+znkgO0zlrgjGskqqMO1ooppzTJdFy/P8gR6x1Iuv3kWtX
+OuzwPPEjv09LWlhyJsN+oU4ztTVf07I0Q9zYupcoDQ58XKRheI9KdDB2DYSmxywA
+WSLQwIeG0Qa7gvokeQlpkgkEC7viEecJ3752KXBJHnh7As51mxnlpmG6sDy67Eli
+HDw5tHETRqbtnscGBjskGQBqR5xt7+QnnthZrN8HJHDoa9zgGephwizhkL44lXLF
+YK9W5XhFbblw2c+mAcHkokRiwD7CPeIoyD2a/Jcw3n5hegKTlNhd4BFGVF6JR7gF
+OFk2QfHXit5uthsij9Xhl7WAgQUqLgggD9MphqPf4nY66OZUJV9ZsmB+Qfp8UizB
+0WAOegactKVyRqHtRa+KIEXQXNtZgjcmMk9CYkP0nIbKtgKXaH6+9VMHNOryCnFE
+7pSsuPUkypncFWCHGSeiFO3w4w4J4csltxBADQzxfRu5KZnlToQN7bVpI/Q31tVX
+E5bjrJcq6Oj/OTqZ3ID+OqbkUdAg0ggjRKcTgxnLHd/AbMzJ6PsclDDf7cLs0WSl
+xMxQR/z5bNST1rNtT9rsiv2TOhfvCBxO9AOjBioO8PLO032HTNECAwEAAaMQMA4w
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAVyBpPWfT2VOyvVpslGKx
+8h0+CWP8cilygGRtZJ5dAJzc//1REAHdvK+TgZ4Foz3dqHhXI+RNN0FpzuWaYMjW
+ZTS0kAmcOQuGY1Oo4PGlPHI21pNz29oFDTJr0ZmLBJ4JKVsE2soJg55jdk9MZHA7
+K//7HH9RsmrWZOE5DZDlrxp6+naixhMwnlPKKisIy9GNZUPqGdUWABMdB/BUVVNl
+NU5TtWpIXUClMd8a+eoKcItBeYXowkHOBpinPkDX3clFDIUfWiw0Ro08s8SrrFqR
+8Szwbrj52Xv1RM56oGqCjnkvJctxihODV7NcpxoAFjIZokDom0q6zPrrTUsLFQov
+Plovc3w5hmALiDMshaTvE1nm3Psn4yQ+FlRE8epTZrQiIGypZkZC6lcz0mYawueW
+cThYWGFhVG4ktQzOjjNRsNxopW+W7cF1zQTxiWUDnxIKSj7gtdQ2jiubxEEhfVag
+r8DMtAccNVTZVURpGi56TptOOuotrTqqC+2GviW4hlxvdvmuQN0OlXlUwzz2Trxc
+FamNnuA54lZw/8arLtxsFmHrcnPw53+1spumLD0S5UkxHNu40h6LIVpZz3H+0rLz
+uFofTfiyMjcfK2AyHQTgUCbsrvgNuLDQUbyFGVchdFUkhztX3DhEVnxnnrpY4BVj
+QdTqWIvw7lGlSuDCjxEQAOc=
+-----END CERTIFICATE-----
--- a/certs/eng4.pem
+++ b/certs/eng4.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
+CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9NYWlsRW5n
+aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
+aW9uMRMwEQYDVQQDEwptYWlsZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBtYWls
+ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
+CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
+BAoTD01haWxFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCm1haWxlbmdpbmUxIDAeBgkqhkiG9w0B
+CQEWEWNhQG1haWxlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAqXmfsU+lx+NFmn6tN17RTOyaddHqLnr/3rzEDIyT9TN+tF9TG7jmK7lJ
+Jrj5arQ3nTFaLF8JuND2U1z/cLPw6/TX+1tE3v3CNUDSjaisyUDiUyp3TE8hMMMz
+zfZQn0JsGgNhhWxqyzjhRQGtKL4+xtn8VsF/8zGgZYke7nlmVKz/FslDFTnNoodL
+BAEGiu9JQS9qqpbSs20NdZ6LXPL2A4iTjnsNFBW3jIMVIn/JVVyaycU7ue2oFviD
+vLNpkVZcR7A+jjIdIumOc5VSF0y7y74cQC5YwkR2mLK7UBYDK6NCY3ta/C4M8NsM
+0FpmvRl0+A1ivZtVwqI98dxDtp7HeQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBBQUAA4IBAQAjfNn5BCzxylBDakFQGWKE/P43PRibMOEzfd7+DzbY
+WIekoz3i00DwoH3b6j4gwlDJRAOq4dF6/Pt/uBOHDo/op+ef+9ErmKPd+ehXN9h3
+7QbccTgz7DtVwA4iRlDRLru+JuXzT+OsCHuFZMOLJ+KD2JAGh3W68JjdcLkrlcpt
+AU0wc5aOHPPfEBdIah8y8QtNzXRVzoBt8zzvgCARkXxTS2u/9QaXR1hML0JtDgQS
+SdZ6Kd8SN6yzqxD+buYD5sOfJmjBF/n3lqFHNMHnnGXy2TAXZtIAWzffU3A0cGPB
+N6FZ026a86HbF1X4k+xszhbJu/ikczyuWnCJIg3fTYSD
+-----END CERTIFICATE-----
--- a/certs/eng5.pem
+++ b/certs/eng5.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6TCCAtGgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBrjELMAkGA1UEBhMCQ0Ex
+CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRowGAYDVQQKExFUcmFkZXJF
+bmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRGl2
+aXNpb24xFTATBgNVBAMTDHRyYWRlcmVuZ2luZTEiMCAGCSqGSIb3DQEJARYTY2FA
+dHJhZGVyZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBa
+MIGuMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8x
+GjAYBgNVBAoTEVRyYWRlckVuZ2luZSBJbmMuMSkwJwYDVQQLEyBDZXJ0aWZpY2F0
+aW9uIEF1dGhvcml0eSBEaXZpc2lvbjEVMBMGA1UEAxMMdHJhZGVyZW5naW5lMSIw
+IAYJKoZIhvcNAQkBFhNjYUB0cmFkZXJlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzyX5QE+5SN+zgNn1v3zp9HmP4hQOWW8WuEVItZVP
+9bt/xj5NeJd1kyPL/SqnF2qHcL3o/74r0Ga55aKHniwKYgQTlp5ELGfQ568QQeN9
+xNIHtUXeStI9zCNZyZC+4YqObdMR/ivKA/WsLfUVMl2lV5JzJJz1BOE0gKEYiEyz
+gIq5oLzkP/mOXoHRvWSZD2D0eHYIO7ovV2epVFK7g7p+dC4QoeIUEli+GF/Myg88
+dV/qmi+Sybck2RLPXa8Nh27/ETVQ7kE1Eafmx7EyCqIhG+5lwJAy3HwHUBwAYuzj
+iuZz5lD8aQmr8SKuvy3eOH9SVN5wh3YBlrNGwTStkESVLwIDAQABoxAwDjAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAWOPAUhZd3x9EQiFJcuxFTMd9q
+axgcriCzJsM6D96sYGko9xTeLhX/lr1bliVYI5AlupoLXAdMzGHJkOgaTirKjQXr
+F9nymDdUWKe3TmwGob5016nQlH7qRKvGO3hka0rOGRK2U/2JT/4Qp8iH/DFi6cyM
+uP0q8n64SAkxZXLzUuFQXqf7U/SNjzb9XJQEIAdjp7eYd3Qb4jDsDcX0FrKMF1aV
+r0dCDnS7am7WTXPYCDGdSkPgEHEtLYIYH3lZp5sKdVZ9wl4F0WNFkRWRUr7AXPjw
+50uLmUNmKCd8JZLMGA1TRNSTi7U9EcrWt0OkMWm74T2WVnAgNsDv2WrWsGfj
+-----END CERTIFICATE-----
--- a/certs/expired/ICE-CA.pem
+++ b/certs/expired/ICE-CA.pem
@@ -0,0 +1,59 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:35:53 1997 GMT
+            Not After : Apr  2 17:35:53 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
+                    8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
+                    44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
+                    e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
+                    49:11:a5:c9:45
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0.........z.."p......e..
+            X509v3 Subject Key Identifier: 
+                ..~r..:..B.44fu......3
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...
+            X509v3 Subject Alternative Name: 
+                0!..secude-support@darmstadt.gmd.de
+            X509v3 Issuer Alternative Name: 
+                0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
+            X509v3 Basic Constraints: critical
+                0....
+            X509v3 CRL Distribution Points: 
+                0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
+    Signature Algorithm: md5WithRSAEncryption
+        17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
+        69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
+        98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
+        88:73:cd:60:28:79:a3:fc:48:7a
+-----BEGIN CERTIFICATE-----
+MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
+AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
+BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
+IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
+NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
+MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
+VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
+LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
+/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
+aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
+7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
+-----END CERTIFICATE-----
--- a/certs/expired/ICE-root.pem
+++ b/certs/expired/ICE-root.pem
@@ -0,0 +1,48 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
+        Validity
+            Not Before: Apr  2 17:33:36 1997 GMT
+            Not After : Apr  2 17:33:36 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
+                    82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
+                    13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
+                    9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
+                    e7:c7:9f:41:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                ........z.."p......e..
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Subject Alternative Name: 
+                0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
+            X509v3 Basic Constraints: critical
+                0....
+    Signature Algorithm: md5WithRSAEncryption
+        76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
+        03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
+        f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
+        7e:22:9f:25:06:60:bd:79:30:3d
+-----BEGIN CERTIFICATE-----
+MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
+A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
+EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
+0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
+ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
+dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
+LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
+iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
+fiKfJQZgvXkwPQ==
+-----END CERTIFICATE-----
--- a/certs/expired/ICE-user.pem
+++ b/certs/expired/ICE-user.pem
@@ -0,0 +1,63 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
+        Validity
+            Not Before: Apr  2 17:35:59 1997 GMT
+            Not After : Apr  2 17:35:59 1998 GMT
+        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
+        Subject Public Key Info:
+            Public Key Algorithm: rsa
+            RSA Public Key: (512 bit)
+                Modulus (512 bit):
+                    00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
+                    de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
+                    31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
+                    b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
+                    be:3e:a4:61:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Authority Key Identifier: 
+                0...~r..:..B.44fu......3
+            X509v3 Subject Key Identifier: 
+                ...... .*...1.*.......
+            X509v3 Key Usage: critical
+                ....
+            X509v3 Certificate Policies: critical
+                0.0...*...0.......
+            X509v3 Subject Alternative Name: 
+                0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
+            X509v3 Issuer Alternative Name: 
+                0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
+..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
+            X509v3 Basic Constraints: critical
+                0.
+            X509v3 CRL Distribution Points: 
+                0.0.......gmdca@gmd.de
+    Signature Algorithm: md5WithRSAEncryption
+        69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
+        4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
+        c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
+        9a:f7:6f:63:9b:94:99:83:d6:a4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
+cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
+OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
+Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
+EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
+qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
+BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
+nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
+A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
+HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
+YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
+dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
+VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
+Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
+ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
+DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
+-----END CERTIFICATE-----
--- a/certs/expired/RegTP-4R.pem
+++ b/certs/expired/RegTP-4R.pem
@@ -0,0 +1,19 @@
+issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+notBefore=Jan 21 16:04:53 1999 GMT
+notAfter=Jan 21 16:04:53 2004 GMT
+subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+-----BEGIN CERTIFICATE-----
+MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
+MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
+dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
+MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
+AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
+dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
+IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
+aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
+jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
+5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
+JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
+Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
+JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
+-----END CERTIFICATE-----
--- a/certs/expired/factory.pem
+++ b/certs/expired/factory.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
+MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
+DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
+CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
+amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
+iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
+U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
+zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
+BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
+/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
+lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
+S7ELuYGtmYgYm9NZOIr7yU0=
+-----END CERTIFICATE-----
--- a/certs/expired/rsa-cca.pem
+++ b/certs/expired/rsa-cca.pem
@@ -0,0 +1,19 @@
+subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
+notBefore=941104185834Z
+notAfter =991103185834Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END X509 CERTIFICATE-----
--- a/certs/expired/rsa-ssca.pem
+++ b/certs/expired/rsa-ssca.pem
@@ -0,0 +1,19 @@
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=941109235417Z
+notAfter =991231235417Z
+-----BEGIN X509 CERTIFICATE-----
+
+MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+-----END X509 CERTIFICATE-----
--- a/certs/expired/vsign2.pem
+++ b/certs/expired/vsign2.pem
@@ -0,0 +1,18 @@
+subject=/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaYCEQC6WslMBTuS1qe2307QU5INMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAtlqLow1qI4OAa885h/QhEzMGTCWi7VUSl8WngLn6g8EgoPovFQ18
+oWBrfnks+gYPOq72G2+x0v8vKFJfg31LxHq3+GYfgFT8t8KOWUoUV0bRmpO+QZED
+uxWAk1zr58wIbD8+s0r8/0tsI9VQgiZEGY4jw3HqGSRHBJ51v8imAB8CAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQC2AB+TV6QHp0DOZUA/VV7t7/pUSaUw1iF8YYfug5ML
+v7Qz8pisnwa/TqjOFIFMywROWMPPX+5815pvy0GKt3+BuP+EYcYnQ2UdDOyxAArd
+G6S7x3ggKLKi3TaVLuFUT79guXdoEZkj6OpS6KoATmdOu5C1RZtG644W78QzWzM9
+1Q==
+-----END CERTIFICATE-----
--- a/certs/expired/vsign3.pem
+++ b/certs/expired/vsign3.pem
@@ -0,0 +1,18 @@
+subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
+RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
+rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
+STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
+ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
+pA==
+-----END CERTIFICATE-----
--- a/certs/thawteCb.pem
+++ b/certs/thawteCb.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
+MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
+MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
+DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
+dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
+DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
+yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
+L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
+EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
+7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
+qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
+-----END CERTIFICATE-----
--- a/certs/thawteCp.pem
+++ b/certs/thawteCp.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
+dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
+MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
+MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
+A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
+cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
+VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
+ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
+uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
+pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
+-----END CERTIFICATE-----
--- a/certs/vsign1.pem
+++ b/certs/vsign1.pem
@@ -0,0 +1,17 @@
+subject=/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2020 GMT
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEDJQM89Q0VbzXIGtZVxPyCUwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTIwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
+zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
+TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBAEtEZmBoZOSYG/OwcuaViXzde7OVwB0u2NgZ0C00PcZQ
+mhCGjKo/O6gE/DdSlcPZydvN8oYGxLEb8IKIMEKOF1AcZHq4PplJdJf8rAJD+5YM
+VgQlDHx8h50kp9jwMim1pN9dokzFFjKoQvZFprY2ueC/ZTaTwtLXa9zeWdaiNfhF
+-----END CERTIFICATE-----
--- a/certs/vsign3.pem
+++ b/certs/vsign3.pem
@@ -0,0 +1,17 @@
+subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Aug  1 23:59:59 2028 GMT
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+-----END CERTIFICATE-----
--- a/certs/vsignss.pem
+++ b/certs/vsignss.pem
@@ -0,0 +1,17 @@
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=Nov  9 00:00:00 1994 GMT
+notAfter=Jan  7 23:59:59 2010 GMT
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----
--- a/certs/wellsfgo.pem
+++ b/certs/wellsfgo.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0
+MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww
+KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G
+A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13
+5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE
+SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O
+JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu
+ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE
+AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB
+AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB
+CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw
+b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo
+7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/
+0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7
+nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx
+x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ
+33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s=
+-----END CERTIFICATE-----
--- a/crypto/.cvsignore
+++ b/crypto/.cvsignore
@@ -4,4 +4,3 @@ opensslconf.h
 Makefile.save
 *.flc
 semantic.cache
-x86cpuid-elf.s
--- a/crypto/aes/Makefile
+++ b/crypto/aes/Makefile
@@ -24,8 +24,8 @@ APPS=

 LIB=$(TOP)/libcrypto.a
 LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \
-       aes_ctr.c aes_ige.c aes_wrap.c
-LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \
+       aes_ctr.c aes_ige.c
+LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o \
       $(AES_ASM_OBJ)

 SRC= $(LIBSRC)
@@ -57,9 +57,6 @@ ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl
 ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)

-aes-x86_64.s: asm/aes-x86_64.pl
-	$(PERL) asm/aes-x86_64.pl $@
-
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

@@ -120,11 +117,3 @@ aes_misc.o: ../../include/openssl/opensslconf.h
 aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
 aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
-aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h
-aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-aes_wrap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-aes_wrap.o: ../../include/openssl/opensslconf.h
-aes_wrap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-aes_wrap.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-aes_wrap.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_wrap.c
--- a/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
@@ -130,12 +130,6 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
 			const AES_KEY *key2, const unsigned char *ivec,
 			const int enc);

-int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
-		unsigned char *out,
-		const unsigned char *in, unsigned int inlen);
-int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
-		unsigned char *out,
-		const unsigned char *in, unsigned int inlen);

 #ifdef  __cplusplus
 }
--- a/crypto/aes/aes_wrap.c
+++ b/crypto/aes/aes_wrap.c
@@ -1,259 +0,0 @@
-/* crypto/aes/aes_wrap.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/aes.h>
-#include <openssl/bio.h>
-
-static const unsigned char default_iv[] = {
-  0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
-};
-
-int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
-		unsigned char *out,
-		const unsigned char *in, unsigned int inlen)
-	{
-	unsigned char *A, B[16], *R;
-	unsigned int i, j, t;
-	if ((inlen & 0x7) || (inlen < 8))
-		return -1;
-	A = B;
-	t = 1;
-	memcpy(out + 8, in, inlen);
-	if (!iv)
-		iv = default_iv;
-
-	memcpy(A, iv, 8);
-
-	for (j = 0; j < 6; j++)
-		{
-		R = out + 8;
-		for (i = 0; i < inlen; i += 8, t++, R += 8)
-			{
-			memcpy(B + 8, R, 8);
-			AES_encrypt(B, B, key);
-			A[7] ^= (unsigned char)(t & 0xff);
-			if (t > 0xff)	
-				{
-				A[6] ^= (unsigned char)((t & 0xff) >> 8);
-				A[5] ^= (unsigned char)((t & 0xff) >> 16);
-				A[4] ^= (unsigned char)((t & 0xff) >> 24);
-				}
-			memcpy(R, B + 8, 8);
-			}
-		}
-	memcpy(out, A, 8);
-	return inlen + 8;
-	}
-
-int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
-		unsigned char *out,
-		const unsigned char *in, unsigned int inlen)
-	{
-	unsigned char *A, B[16], *R;
-	unsigned int i, j, t;
-	inlen -= 8;
-	if (inlen & 0x7)
-		return -1;
-	if (inlen < 8)
-		return -1;
-	A = B;
-	t =  6 * (inlen >> 3);
-	memcpy(A, in, 8);
-	memcpy(out, in + 8, inlen);
-	for (j = 0; j < 6; j++)
-		{
-		R = out + inlen - 8;
-		for (i = 0; i < inlen; i += 8, t--, R -= 8)
-			{
-			A[7] ^= (unsigned char)(t & 0xff);
-			if (t > 0xff)	
-				{
-				A[6] ^= (unsigned char)((t & 0xff) >> 8);
-				A[5] ^= (unsigned char)((t & 0xff) >> 16);
-				A[4] ^= (unsigned char)((t & 0xff) >> 24);
-				}
-			memcpy(B + 8, R, 8);
-			AES_decrypt(B, B, key);
-			memcpy(R, B + 8, 8);
-			}
-		}
-	if (!iv)
-		iv = default_iv;
-	if (memcmp(A, iv, 8))
-		{
-		OPENSSL_cleanse(out, inlen);
-		return 0;
-		}
-	return inlen;
-	}
-
-#ifdef AES_WRAP_TEST
-
-int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
-			 const unsigned char *iv,
-			 const unsigned char *eout,
-			 const unsigned char *key, int keylen)
-	{
-	unsigned char *otmp = NULL, *ptmp = NULL;
-	int r, ret = 0;
-	AES_KEY wctx;
-	otmp = OPENSSL_malloc(keylen + 8);
-	ptmp = OPENSSL_malloc(keylen);
-	if (!otmp || !ptmp)
-		return 0;
-	if (AES_set_encrypt_key(kek, keybits, &wctx))
-		goto err;
-	r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
-	if (r <= 0)
-		goto err;
-
-	if (eout && memcmp(eout, otmp, keylen))
-		goto err;
-		
-	if (AES_set_decrypt_key(kek, keybits, &wctx))
-		goto err;
-	r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
-
-	if (memcmp(key, ptmp, keylen))
-		goto err;
-
-	ret = 1;
-
-	err:
-	if (otmp)
-		OPENSSL_free(otmp);
-	if (ptmp)
-		OPENSSL_free(ptmp);
-
-	return ret;
-
-	}
-
-
-
-int main(int argc, char **argv)
-{
-
-static const unsigned char kek[] = {
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
-};
-
-static const unsigned char key[] = {
-  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
-};
-
-static const unsigned char e1[] = {
-  0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
-  0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
-  0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
-};
-
-static const unsigned char e2[] = {
-  0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
-  0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
-  0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
-};
-
-static const unsigned char e3[] = {
-  0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
-  0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
-  0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
-};
-
-static const unsigned char e4[] = {
-  0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
-  0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
-  0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
-  0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
-};
-
-static const unsigned char e5[] = {
-  0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
-  0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
-  0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
-  0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
-};
-
-static const unsigned char e6[] = {
-  0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
-  0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
-  0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
-  0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
-  0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
-};
-
-	AES_KEY wctx, xctx;
-	int ret;
-	ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
-	fprintf(stderr, "Key test result %d\n", ret);
-}
-	
-	
-#endif
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -26,7 +26,7 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 	t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
 	tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
 	f_int.c f_string.c n_pkey.c \
-	f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \
+	f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
 	asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
 	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
@@ -38,7 +38,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
 	tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
 	f_int.o f_string.o n_pkey.o \
-	f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \
+	f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
 	asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
 	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o

@@ -213,11 +213,11 @@ a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c
 a_object.o: ../../e_os.h ../../include/openssl/asn1.h
-a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_object.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_object.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_object.o: ../../include/openssl/opensslconf.h
 a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
@@ -292,8 +292,7 @@ a_type.o: ../../e_os.h ../../include/openssl/asn1.h
 a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_type.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_type.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h a_type.c
@@ -363,20 +362,6 @@ asn1_par.o: ../../include/openssl/opensslconf.h
 asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
-asn_mime.o: ../../e_os.h ../../include/openssl/asn1.h
-asn_mime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-asn_mime.o: ../cryptlib.h asn_mime.c
 asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h
 asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -62,7 +62,6 @@
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
-#include <openssl/bn.h>

 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 	{
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -59,7 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
-#include <openssl/objects.h>

 int ASN1_TYPE_get(ASN1_TYPE *a)
 	{
@@ -80,31 +79,6 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 	a->value.ptr=value;
 	}

-int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
-	{
-	if (!value || (type == V_ASN1_BOOLEAN))
-		{
-		void *p = (void *)value;
-		ASN1_TYPE_set(a, type, p);
-		}
-	else if (type == V_ASN1_OBJECT)
-		{
-		ASN1_OBJECT *odup;
-		odup = OBJ_dup(value);
-		if (!odup)
-			return 0;
-		ASN1_TYPE_set(a, type, odup);
-		}
-	else
-		{
-		ASN1_STRING *sdup;
-		sdup = ASN1_STRING_dup((ASN1_STRING *)value);
-		if (!sdup)
-			return 0;
-		ASN1_TYPE_set(a, type, sdup);
-		}
-	return 1;
-	}

 IMPLEMENT_STACK_OF(ASN1_TYPE)
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -158,12 +158,7 @@ extern "C" {
 #define MBSTRING_BMP		(MBSTRING_FLAG|2)
 #define MBSTRING_UNIV		(MBSTRING_FLAG|4)

-#define SMIME_OLDMIME		0x400
-#define SMIME_CRLFEOL		0x800
-#define SMIME_STREAM		0x1000
-
 struct X509_algor_st;
-DECLARE_STACK_OF(X509_ALGOR)

 #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
 #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
@@ -223,13 +218,6 @@ typedef struct asn1_object_st
 * be inserted in the memory buffer 
 */
 #define ASN1_STRING_FLAG_NDEF 0x010 
-
-/* This flag is used by the CMS code to indicate that a string is not
- * complete and is a place holder for content when it had all been 
- * accessed. The flag will be reset when content has been written to it.
- */
-#define ASN1_STRING_FLAG_CONT 0x020 
-
 /* This is the base type that holds just about everything :-) */
 typedef struct asn1_string_st
 	{
@@ -323,8 +311,8 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
 	int i2d_##name##_NDEF(name *a, unsigned char **out);

 #define DECLARE_ASN1_FUNCTIONS_const(name) \
-	DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
-	DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
+	name *name##_new(void); \
+	void name##_free(name *a);

 #define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
 	type *name##_new(void); \
@@ -534,7 +522,6 @@ typedef struct asn1_type_st
 		 * contain the set or sequence bytes */
 		ASN1_STRING *		set;
 		ASN1_STRING *		sequence;
-		ASN1_VALUE  *		asn1_value;
 		} value;
 	} ASN1_TYPE;

@@ -765,7 +752,6 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)

 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
-int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);

 ASN1_OBJECT *	ASN1_OBJECT_new(void );
 void		ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -788,7 +774,6 @@ int 		ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
  /* Since this is used to store all sorts of things, via macros, for now, make
     its data void * */
 int 		ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
-void		ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
 int ASN1_STRING_length(ASN1_STRING *x);
 void ASN1_STRING_length_set(ASN1_STRING *x, int n);
 int ASN1_STRING_type(ASN1_STRING *x);
@@ -941,12 +926,6 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);

 void *ASN1_item_dup(const ASN1_ITEM *it, void *x);

-/* ASN1 alloc/free macros for when a type is only used internally */
-
-#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
-#define M_ASN1_free_of(x, type) \
-		ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
-
 #ifndef OPENSSL_NO_FP_API
 void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);

@@ -1075,17 +1054,7 @@ void ASN1_add_oid_module(void);

 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-
-typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-					const ASN1_ITEM *it);
-
-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
-				int ctype_nid, int econt_nid,
-				STACK_OF(X509_ALGOR) *mdalgs,
-				asn1_output_data_fn *data_fn,
-				const ASN1_ITEM *it);
-ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
-
+	
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -1135,7 +1104,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_ITEM_VERIFY				 197
 #define ASN1_F_ASN1_MBSTRING_NCOPY			 122
 #define ASN1_F_ASN1_OBJECT_NEW				 123
-#define ASN1_F_ASN1_OUTPUT_DATA				 207
 #define ASN1_F_ASN1_PACK_STRING				 124
 #define ASN1_F_ASN1_PCTX_NEW				 205
 #define ASN1_F_ASN1_PKCS5_PBE_SET			 125
@@ -1155,8 +1123,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_UNPACK_STRING			 136
 #define ASN1_F_ASN1_UTCTIME_SET				 187
 #define ASN1_F_ASN1_VERIFY				 137
-#define ASN1_F_B64_READ_ASN1				 208
-#define ASN1_F_B64_WRITE_ASN1				 209
 #define ASN1_F_BITSTR_CB				 180
 #define ASN1_F_BN_TO_ASN1_ENUMERATED			 138
 #define ASN1_F_BN_TO_ASN1_INTEGER			 139
@@ -1197,8 +1163,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_PARSE_TAGGING				 182
 #define ASN1_F_PKCS5_PBE2_SET				 167
 #define ASN1_F_PKCS5_PBE_SET				 202
-#define ASN1_F_SMIME_READ_ASN1				 210
-#define ASN1_F_SMIME_TEXT				 211
 #define ASN1_F_X509_CINF_NEW				 168
 #define ASN1_F_X509_CRL_ADD0_REVOKED			 169
 #define ASN1_F_X509_INFO_NEW				 170
@@ -1210,8 +1174,6 @@ void ERR_load_ASN1_strings(void);

 /* Reason codes. */
 #define ASN1_R_ADDING_OBJECT				 171
-#define ASN1_R_ASN1_PARSE_ERROR				 198
-#define ASN1_R_ASN1_SIG_PARSE_ERROR			 199
 #define ASN1_R_AUX_ERROR				 100
 #define ASN1_R_BAD_CLASS				 101
 #define ASN1_R_BAD_OBJECT_HEADER			 102
@@ -1258,7 +1220,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
 #define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
 #define ASN1_R_INVALID_DIGIT				 130
-#define ASN1_R_INVALID_MIME_TYPE			 200
 #define ASN1_R_INVALID_MODIFIER				 186
 #define ASN1_R_INVALID_NUMBER				 187
 #define ASN1_R_INVALID_SEPARATOR			 131
@@ -1268,9 +1229,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_IV_TOO_LARGE				 135
 #define ASN1_R_LENGTH_ERROR				 136
 #define ASN1_R_LIST_ERROR				 188
-#define ASN1_R_MIME_NO_CONTENT_TYPE			 201
-#define ASN1_R_MIME_PARSE_ERROR				 202
-#define ASN1_R_MIME_SIG_PARSE_ERROR			 203
 #define ASN1_R_MISSING_EOC				 137
 #define ASN1_R_MISSING_SECOND_NUMBER			 138
 #define ASN1_R_MISSING_VALUE				 189
@@ -1280,11 +1238,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_NON_HEX_CHARACTERS			 141
 #define ASN1_R_NOT_ASCII_FORMAT				 190
 #define ASN1_R_NOT_ENOUGH_DATA				 142
-#define ASN1_R_NO_CONTENT_TYPE				 204
 #define ASN1_R_NO_MATCHING_CHOICE_TYPE			 143
-#define ASN1_R_NO_MULTIPART_BODY_FAILURE		 205
-#define ASN1_R_NO_MULTIPART_BOUNDARY			 206
-#define ASN1_R_NO_SIG_CONTENT_TYPE			 207
 #define ASN1_R_NULL_IS_WRONG_LENGTH			 144
 #define ASN1_R_OBJECT_NOT_ASCII_FORMAT			 191
 #define ASN1_R_ODD_NUMBER_OF_CHARS			 145
@@ -1294,8 +1248,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED			 149
 #define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG		 192
 #define ASN1_R_SHORT_LINE				 150
-#define ASN1_R_SIG_INVALID_MIME_TYPE			 208
-#define ASN1_R_STREAMING_NOT_SUPPORTED			 209
 #define ASN1_R_STRING_TOO_LONG				 151
 #define ASN1_R_STRING_TOO_SHORT				 152
 #define ASN1_R_TAG_VALUE_TOO_HIGH			 153
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -110,7 +110,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY),	"ASN1_item_verify"},
 {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY),	"ASN1_mbstring_ncopy"},
 {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),	"ASN1_OBJECT_new"},
-{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA),	"ASN1_OUTPUT_DATA"},
 {ERR_FUNC(ASN1_F_ASN1_PACK_STRING),	"ASN1_pack_string"},
 {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),	"ASN1_PCTX_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),	"ASN1_PKCS5_PBE_SET"},
@@ -130,8 +129,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),	"ASN1_unpack_string"},
 {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),	"ASN1_UTCTIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_VERIFY),	"ASN1_verify"},
-{ERR_FUNC(ASN1_F_B64_READ_ASN1),	"B64_READ_ASN1"},
-{ERR_FUNC(ASN1_F_B64_WRITE_ASN1),	"B64_WRITE_ASN1"},
 {ERR_FUNC(ASN1_F_BITSTR_CB),	"BITSTR_CB"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),	"BN_to_ASN1_ENUMERATED"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),	"BN_to_ASN1_INTEGER"},
@@ -172,8 +169,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_PARSE_TAGGING),	"PARSE_TAGGING"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),	"PKCS5_pbe2_set"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET),	"PKCS5_pbe_set"},
-{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),	"SMIME_read_ASN1"},
-{ERR_FUNC(ASN1_F_SMIME_TEXT),	"SMIME_text"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),	"X509_CINF_NEW"},
 {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),	"X509_CRL_add0_revoked"},
 {ERR_FUNC(ASN1_F_X509_INFO_NEW),	"X509_INFO_new"},
@@ -188,8 +183,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 static ERR_STRING_DATA ASN1_str_reasons[]=
 	{
 {ERR_REASON(ASN1_R_ADDING_OBJECT)        ,"adding object"},
-{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR)     ,"asn1 parse error"},
-{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"},
 {ERR_REASON(ASN1_R_AUX_ERROR)            ,"aux error"},
 {ERR_REASON(ASN1_R_BAD_CLASS)            ,"bad class"},
 {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
@@ -236,7 +229,6 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
 {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
 {ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},
-{ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
 {ERR_REASON(ASN1_R_INVALID_MODIFIER)     ,"invalid modifier"},
 {ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
 {ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
@@ -246,9 +238,6 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_IV_TOO_LARGE)         ,"iv too large"},
 {ERR_REASON(ASN1_R_LENGTH_ERROR)         ,"length error"},
 {ERR_REASON(ASN1_R_LIST_ERROR)           ,"list error"},
-{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"},
-{ERR_REASON(ASN1_R_MIME_PARSE_ERROR)     ,"mime parse error"},
-{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"},
 {ERR_REASON(ASN1_R_MISSING_EOC)          ,"missing eoc"},
 {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
 {ERR_REASON(ASN1_R_MISSING_VALUE)        ,"missing value"},
@@ -258,11 +247,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS)   ,"non hex characters"},
 {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT)     ,"not ascii format"},
 {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},
-{ERR_REASON(ASN1_R_NO_CONTENT_TYPE)      ,"no content type"},
 {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
-{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
-{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
-{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE)  ,"no sig content type"},
 {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
 {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"},
 {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS)  ,"odd number of chars"},
@@ -272,8 +257,6 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
 {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"},
 {ERR_REASON(ASN1_R_SHORT_LINE)           ,"short line"},
-{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
-{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"},
 {ERR_REASON(ASN1_R_STRING_TOO_LONG)      ,"string too long"},
 {ERR_REASON(ASN1_R_STRING_TOO_SHORT)     ,"string too short"},
 {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH)   ,"tag value too high"},
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -393,14 +393,6 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
 	return(1);
 	}

-void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
-	{
-	if (str->data)
-		OPENSSL_free(str->data);
-	str->data = data;
-	str->length = len;
-	}
-
 ASN1_STRING *ASN1_STRING_new(void)
 	{
 	return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
--- a/crypto/asn1/asn1t.h
+++ b/crypto/asn1/asn1t.h
@@ -169,9 +169,6 @@ extern "C" {
 #define ASN1_NDEF_SEQUENCE(tname) \
 	ASN1_SEQUENCE(tname)

-#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
-	ASN1_SEQUENCE_cb(tname, cb)
-
 #define ASN1_SEQUENCE_cb(tname, cb) \
 	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
 	ASN1_SEQUENCE(tname)
@@ -371,10 +368,6 @@ extern "C" {
 #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
 			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)

-/* EXPLICIT using indefinite length constructed form */
-#define ASN1_NDEF_EXP(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
-
 /* EXPLICIT OPTIONAL using indefinite length constructed form */
 #define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
 			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -1,874 +0,0 @@
-/* asn_mime.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-/* Generalised MIME like utilities for streaming ASN1. Although many
- * have a PKCS7/CMS like flavour others are more general purpose.
- */
-
-/* MIME format structures
- * Note that all are translated to lower case apart from
- * parameter values. Quotes are stripped off
- */
-
-typedef struct {
-char *param_name;			/* Param name e.g. "micalg" */
-char *param_value;			/* Param value e.g. "sha1" */
-} MIME_PARAM;
-
-DECLARE_STACK_OF(MIME_PARAM)
-IMPLEMENT_STACK_OF(MIME_PARAM)
-
-typedef struct {
-char *name;				/* Name of line e.g. "content-type" */
-char *value;				/* Value of line e.g. "text/plain" */
-STACK_OF(MIME_PARAM) *params;		/* Zero or more parameters */
-} MIME_HEADER;
-
-DECLARE_STACK_OF(MIME_HEADER)
-IMPLEMENT_STACK_OF(MIME_HEADER)
-
-static char * strip_ends(char *name);
-static char * strip_start(char *name);
-static char * strip_end(char *name);
-static MIME_HEADER *mime_hdr_new(char *name, char *value);
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
-			const MIME_HEADER * const *b);
-static int mime_param_cmp(const MIME_PARAM * const *a,
-			const MIME_PARAM * const *b);
-static void mime_param_free(MIME_PARAM *param);
-static int mime_bound_check(char *line, int linelen, char *bound, int blen);
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
-static int strip_eol(char *linebuf, int *plen);
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
-static void mime_hdr_free(MIME_HEADER *hdr);
-
-#define MAX_SMLEN 1024
-#define mime_debug(x) /* x */
-
-/* Base 64 read and write of ASN1 structure */
-
-static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-				const ASN1_ITEM *it)
-	{
-	BIO *b64;
-	int r;
-	b64 = BIO_new(BIO_f_base64());
-	if(!b64)
-		{
-		ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	/* prepend the b64 BIO so all data is base64 encoded.
-	 */
-	out = BIO_push(b64, out);
-	r = ASN1_item_i2d_bio(it, out, val);
-	(void)BIO_flush(out);
-	BIO_pop(out);
-	BIO_free(b64);
-	return r;
-	}
-
-static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
-{
-	BIO *b64;
-	ASN1_VALUE *val;
-	if(!(b64 = BIO_new(BIO_f_base64()))) {
-		ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	bio = BIO_push(b64, bio);
-	val = ASN1_item_d2i_bio(it, bio, NULL);
-	if(!val)
-		ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR);
-	(void)BIO_flush(bio);
-	bio = BIO_pop(bio);
-	BIO_free(b64);
-	return val;
-}
-
-/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
-
-static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
-	{
-	const EVP_MD *md;
-	int i, have_unknown = 0, write_comma, md_nid;
-	have_unknown = 0;
-	write_comma = 0;
-	for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
-		{
-		if (write_comma)
-			BIO_write(out, ",", 1);
-		write_comma = 1;
-		md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
-		md = EVP_get_digestbynid(md_nid);
-		switch(md_nid)
-			{
-			case NID_sha1:
-			BIO_puts(out, "sha1");
-			break;
-
-			case NID_md5:
-			BIO_puts(out, "md5");
-			break;
-
-			case NID_sha256:
-			BIO_puts(out, "sha-256");
-			break;
-
-			case NID_sha384:
-			BIO_puts(out, "sha-384");
-			break;
-
-			case NID_sha512:
-			BIO_puts(out, "sha-512");
-			break;
-
-			default:
-			if (have_unknown)
-				write_comma = 0;
-			else
-				{
-				BIO_puts(out, "unknown");
-				have_unknown = 1;
-				}
-			break;
-
-			}
-		}
-
-	return 1;
-
-	}
-
-/* SMIME sender */
-
-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
-				int ctype_nid, int econt_nid,
-				STACK_OF(X509_ALGOR) *mdalgs,
-				asn1_output_data_fn *data_fn,
-				const ASN1_ITEM *it)
-{
-	char bound[33], c;
-	int i;
-	const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
-	const char *msg_type=NULL;
-	if (flags & SMIME_OLDMIME)
-		mime_prefix = "application/x-pkcs7-";
-	else
-		mime_prefix = "application/pkcs7-";
-
-	if (flags & SMIME_CRLFEOL)
-		mime_eol = "\r\n";
-	else
-		mime_eol = "\n";
-	if((flags & SMIME_DETACHED) && data) {
-	/* We want multipart/signed */
-		/* Generate a random boundary */
-		RAND_pseudo_bytes((unsigned char *)bound, 32);
-		for(i = 0; i < 32; i++) {
-			c = bound[i] & 0xf;
-			if(c < 10) c += '0';
-			else c += 'A' - 10;
-			bound[i] = c;
-		}
-		bound[32] = 0;
-		BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-		BIO_printf(bio, "Content-Type: multipart/signed;");
-		BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
-		BIO_puts(bio, " micalg=\"");
-		asn1_write_micalg(bio, mdalgs);
-		BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
-						bound, mime_eol, mime_eol);
-		BIO_printf(bio, "This is an S/MIME signed message%s%s",
-						mime_eol, mime_eol);
-		/* Now write out the first part */
-		BIO_printf(bio, "------%s%s", bound, mime_eol);
-		if (!data_fn(bio, data, val, flags, it))
-			return 0;
-		BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
-
-		/* Headers for signature */
-
-		BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
-		BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
-		BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
-								mime_eol);
-		BIO_printf(bio, "Content-Disposition: attachment;");
-		BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
-							mime_eol, mime_eol);
-		B64_write_ASN1(bio, val, NULL, 0, it);
-		BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
-							mime_eol, mime_eol);
-		return 1;
-	}
-
-	/* Determine smime-type header */
-
-	if (ctype_nid == NID_pkcs7_enveloped)
-		msg_type = "enveloped-data";
-	else if (ctype_nid == NID_pkcs7_signed)
-		{
-		if (econt_nid == NID_id_smime_ct_receipt)
-			msg_type = "signed-receipt";
-		else if (sk_X509_ALGOR_num(mdalgs) >= 0)
-			msg_type = "signed-data";
-		else
-			msg_type = "certs-only";
-		}
-	else if (ctype_nid == NID_id_smime_ct_compressedData)
-		{
-		msg_type = "compressed-data";
-		cname = "smime.p7z";
-		}
-	/* MIME headers */
-	BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-	BIO_printf(bio, "Content-Disposition: attachment;");
-	BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
-	BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
-	if (msg_type)
-		BIO_printf(bio, " smime-type=%s;", msg_type);
-	BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
-	BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
-						mime_eol, mime_eol);
-	if (!B64_write_ASN1(bio, val, data, flags, it))
-		return 0;
-	BIO_printf(bio, "%s", mime_eol);
-	return 1;
-}
-
-#if 0
-
-/* Handle output of ASN1 data */
-
-
-static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-					const ASN1_ITEM *it)
-	{
-	BIO *tmpbio;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_STREAM_ARG sarg;
-
-	if (!(flags & SMIME_DETACHED))
-		{
-		SMIME_crlf_copy(data, out, flags);
-		return 1;
-		}
-
-	if (!aux || !aux->asn1_cb)
-		{
-		ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
-					ASN1_R_STREAMING_NOT_SUPPORTED);
-		return 0;
-		}
-
-	sarg.out = out;
-	sarg.ndef_bio = NULL;
-	sarg.boundary = NULL;
-
-	/* Let ASN1 code prepend any needed BIOs */
-
-	if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
-		return 0;
-
-	/* Copy data across, passing through filter BIOs for processing */
-	SMIME_crlf_copy(data, sarg.ndef_bio, flags);
-
-	/* Finalize structure */
-	if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
-		return 0;
-
-	/* Now remove any digests prepended to the BIO */
-
-	while (sarg.ndef_bio != out)
-		{
-		tmpbio = BIO_pop(sarg.ndef_bio);
-		BIO_free(sarg.ndef_bio);
-		sarg.ndef_bio = tmpbio;
-		}
-
-	return 1;
-
-	}
-
-#endif
-
-/* SMIME reader: handle multipart/signed and opaque signing.
- * in multipart case the content is placed in a memory BIO
- * pointed to by "bcont". In opaque this is set to NULL
- */
-
-ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
-{
-	BIO *asnin;
-	STACK_OF(MIME_HEADER) *headers = NULL;
-	STACK_OF(BIO) *parts = NULL;
-	MIME_HEADER *hdr;
-	MIME_PARAM *prm;
-	ASN1_VALUE *val;
-	int ret;
-
-	if(bcont) *bcont = NULL;
-
-	if (!(headers = mime_parse_hdr(bio))) {
-		ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR);
-		return NULL;
-	}
-
-	if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
-		return NULL;
-	}
-
-	/* Handle multipart/signed */
-
-	if(!strcmp(hdr->value, "multipart/signed")) {
-		/* Split into two parts */
-		prm = mime_param_find(hdr, "boundary");
-		if(!prm || !prm->param_value) {
-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-			ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
-			return NULL;
-		}
-		ret = multi_split(bio, prm->param_value, &parts);
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		if(!ret || (sk_BIO_num(parts) != 2) ) {
-			ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
-			sk_BIO_pop_free(parts, BIO_vfree);
-			return NULL;
-		}
-
-		/* Parse the signature piece */
-		asnin = sk_BIO_value(parts, 1);
-
-		if (!(headers = mime_parse_hdr(asnin))) {
-			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR);
-			sk_BIO_pop_free(parts, BIO_vfree);
-			return NULL;
-		}
-
-		/* Get content type */
-
-		if(!(hdr = mime_hdr_find(headers, "content-type")) ||
-								 !hdr->value) {
-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-			ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
-			return NULL;
-		}
-
-		if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
-			strcmp(hdr->value, "application/pkcs7-signature")) {
-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
-			ERR_add_error_data(2, "type: ", hdr->value);
-			sk_BIO_pop_free(parts, BIO_vfree);
-			return NULL;
-		}
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		/* Read in ASN1 */
-		if(!(val = b64_read_asn1(asnin, it))) {
-			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR);
-			sk_BIO_pop_free(parts, BIO_vfree);
-			return NULL;
-		}
-
-		if(bcont) {
-			*bcont = sk_BIO_value(parts, 0);
-			BIO_free(asnin);
-			sk_BIO_free(parts);
-		} else sk_BIO_pop_free(parts, BIO_vfree);
-		return val;
-	}
-		
-	/* OK, if not multipart/signed try opaque signature */
-
-	if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
-	    strcmp (hdr->value, "application/pkcs7-mime")) {
-		ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE);
-		ERR_add_error_data(2, "type: ", hdr->value);
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		return NULL;
-	}
-
-	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-	
-	if(!(val = b64_read_asn1(bio, it))) {
-		ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
-		return NULL;
-	}
-	return val;
-
-}
-
-/* Copy text from one BIO to another making the output CRLF at EOL */
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
-{
-	BIO *bf;
-	char eol;
-	int len;
-	char linebuf[MAX_SMLEN];
-	/* Buffer output so we don't write one line at a time. This is
-	 * useful when streaming as we don't end up with one OCTET STRING
-	 * per line.
-	 */
-	bf = BIO_new(BIO_f_buffer());
-	if (!bf)
-		return 0;
-	out = BIO_push(bf, out);
-	if(flags & SMIME_BINARY)
-		{
-		while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
-						BIO_write(out, linebuf, len);
-		}
-	else
-		{
-		if(flags & SMIME_TEXT)
-			BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
-		while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0)
-			{
-			eol = strip_eol(linebuf, &len);
-			if (len)
-				BIO_write(out, linebuf, len);
-			if(eol) BIO_write(out, "\r\n", 2);
-			}
-		}
-	(void)BIO_flush(out);
-	BIO_pop(out);
-	BIO_free(bf);
-	return 1;
-}
-
-/* Strip off headers if they are text/plain */
-int SMIME_text(BIO *in, BIO *out)
-{
-	char iobuf[4096];
-	int len;
-	STACK_OF(MIME_HEADER) *headers;
-	MIME_HEADER *hdr;
-
-	if (!(headers = mime_parse_hdr(in))) {
-		ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR);
-		return 0;
-	}
-	if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-		ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE);
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		return 0;
-	}
-	if (strcmp (hdr->value, "text/plain")) {
-		ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE);
-		ERR_add_error_data(2, "type: ", hdr->value);
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		return 0;
-	}
-	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-	while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
-						BIO_write(out, iobuf, len);
-	return 1;
-}
-
-/* Split a multipart/XXX message body into component parts: result is
- * canonical parts in a STACK of bios
- */
-
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
-{
-	char linebuf[MAX_SMLEN];
-	int len, blen;
-	int eol = 0, next_eol = 0;
-	BIO *bpart = NULL;
-	STACK_OF(BIO) *parts;
-	char state, part, first;
-
-	blen = strlen(bound);
-	part = 0;
-	state = 0;
-	first = 1;
-	parts = sk_BIO_new_null();
-	*ret = parts;
-	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-		state = mime_bound_check(linebuf, len, bound, blen);
-		if(state == 1) {
-			first = 1;
-			part++;
-		} else if(state == 2) {
-			sk_BIO_push(parts, bpart);
-			return 1;
-		} else if(part) {
-			/* Strip CR+LF from linebuf */
-			next_eol = strip_eol(linebuf, &len);
-			if(first) {
-				first = 0;
-				if(bpart) sk_BIO_push(parts, bpart);
-				bpart = BIO_new(BIO_s_mem());
-				BIO_set_mem_eof_return(bpart, 0);
-			} else if (eol)
-				BIO_write(bpart, "\r\n", 2);
-			eol = next_eol;
-			if (len)
-				BIO_write(bpart, linebuf, len);
-		}
-	}
-	return 0;
-}
-
-/* This is the big one: parse MIME header lines up to message body */
-
-#define MIME_INVALID	0
-#define MIME_START	1
-#define MIME_TYPE	2
-#define MIME_NAME	3
-#define MIME_VALUE	4
-#define MIME_QUOTE	5
-#define MIME_COMMENT	6
-
-
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
-{
-	char *p, *q, c;
-	char *ntmp;
-	char linebuf[MAX_SMLEN];
-	MIME_HEADER *mhdr = NULL;
-	STACK_OF(MIME_HEADER) *headers;
-	int len, state, save_state = 0;
-
-	headers = sk_MIME_HEADER_new(mime_hdr_cmp);
-	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-	/* If whitespace at line start then continuation line */
-	if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
-	else state = MIME_START;
-	ntmp = NULL;
-	/* Go through all characters */
-	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
-
-	/* State machine to handle MIME headers
-	 * if this looks horrible that's because it *is*
-         */
-
-		switch(state) {
-			case MIME_START:
-			if(c == ':') {
-				state = MIME_TYPE;
-				*p = 0;
-				ntmp = strip_ends(q);
-				q = p + 1;
-			}
-			break;
-
-			case MIME_TYPE:
-			if(c == ';') {
-				mime_debug("Found End Value\n");
-				*p = 0;
-				mhdr = mime_hdr_new(ntmp, strip_ends(q));
-				sk_MIME_HEADER_push(headers, mhdr);
-				ntmp = NULL;
-				q = p + 1;
-				state = MIME_NAME;
-			} else if(c == '(') {
-				save_state = state;
-				state = MIME_COMMENT;
-			}
-			break;
-
-			case MIME_COMMENT:
-			if(c == ')') {
-				state = save_state;
-			}
-			break;
-
-			case MIME_NAME:
-			if(c == '=') {
-				state = MIME_VALUE;
-				*p = 0;
-				ntmp = strip_ends(q);
-				q = p + 1;
-			}
-			break ;
-
-			case MIME_VALUE:
-			if(c == ';') {
-				state = MIME_NAME;
-				*p = 0;
-				mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-				ntmp = NULL;
-				q = p + 1;
-			} else if (c == '"') {
-				mime_debug("Found Quote\n");
-				state = MIME_QUOTE;
-			} else if(c == '(') {
-				save_state = state;
-				state = MIME_COMMENT;
-			}
-			break;
-
-			case MIME_QUOTE:
-			if(c == '"') {
-				mime_debug("Found Match Quote\n");
-				state = MIME_VALUE;
-			}
-			break;
-		}
-	}
-
-	if(state == MIME_TYPE) {
-		mhdr = mime_hdr_new(ntmp, strip_ends(q));
-		sk_MIME_HEADER_push(headers, mhdr);
-	} else if(state == MIME_VALUE)
-			 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-	if(p == linebuf) break;	/* Blank line means end of headers */
-}
-
-return headers;
-
-}
-
-static char *strip_ends(char *name)
-{
-	return strip_end(strip_start(name));
-}
-
-/* Strip a parameter of whitespace from start of param */
-static char *strip_start(char *name)
-{
-	char *p, c;
-	/* Look for first non white space or quote */
-	for(p = name; (c = *p) ;p++) {
-		if(c == '"') {
-			/* Next char is start of string if non null */
-			if(p[1]) return p + 1;
-			/* Else null string */
-			return NULL;
-		}
-		if(!isspace((unsigned char)c)) return p;
-	}
-	return NULL;
-}
-
-/* As above but strip from end of string : maybe should handle brackets? */
-static char *strip_end(char *name)
-{
-	char *p, c;
-	if(!name) return NULL;
-	/* Look for first non white space or quote */
-	for(p = name + strlen(name) - 1; p >= name ;p--) {
-		c = *p;
-		if(c == '"') {
-			if(p - 1 == name) return NULL;
-			*p = 0;
-			return name;
-		}
-		if(isspace((unsigned char)c)) *p = 0;	
-		else return name;
-	}
-	return NULL;
-}
-
-static MIME_HEADER *mime_hdr_new(char *name, char *value)
-{
-	MIME_HEADER *mhdr;
-	char *tmpname, *tmpval, *p;
-	int c;
-	if(name) {
-		if(!(tmpname = BUF_strdup(name))) return NULL;
-		for(p = tmpname ; *p; p++) {
-			c = *p;
-			if(isupper(c)) {
-				c = tolower(c);
-				*p = c;
-			}
-		}
-	} else tmpname = NULL;
-	if(value) {
-		if(!(tmpval = BUF_strdup(value))) return NULL;
-		for(p = tmpval ; *p; p++) {
-			c = *p;
-			if(isupper(c)) {
-				c = tolower(c);
-				*p = c;
-			}
-		}
-	} else tmpval = NULL;
-	mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
-	if(!mhdr) return NULL;
-	mhdr->name = tmpname;
-	mhdr->value = tmpval;
-	if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
-	return mhdr;
-}
-		
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
-{
-	char *tmpname, *tmpval, *p;
-	int c;
-	MIME_PARAM *mparam;
-	if(name) {
-		tmpname = BUF_strdup(name);
-		if(!tmpname) return 0;
-		for(p = tmpname ; *p; p++) {
-			c = *p;
-			if(isupper(c)) {
-				c = tolower(c);
-				*p = c;
-			}
-		}
-	} else tmpname = NULL;
-	if(value) {
-		tmpval = BUF_strdup(value);
-		if(!tmpval) return 0;
-	} else tmpval = NULL;
-	/* Parameter values are case sensitive so leave as is */
-	mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
-	if(!mparam) return 0;
-	mparam->param_name = tmpname;
-	mparam->param_value = tmpval;
-	sk_MIME_PARAM_push(mhdr->params, mparam);
-	return 1;
-}
-
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
-			const MIME_HEADER * const *b)
-{
-	return(strcmp((*a)->name, (*b)->name));
-}
-
-static int mime_param_cmp(const MIME_PARAM * const *a,
-			const MIME_PARAM * const *b)
-{
-	return(strcmp((*a)->param_name, (*b)->param_name));
-}
-
-/* Find a header with a given name (if possible) */
-
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
-{
-	MIME_HEADER htmp;
-	int idx;
-	htmp.name = name;
-	idx = sk_MIME_HEADER_find(hdrs, &htmp);
-	if(idx < 0) return NULL;
-	return sk_MIME_HEADER_value(hdrs, idx);
-}
-
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
-{
-	MIME_PARAM param;
-	int idx;
-	param.param_name = name;
-	idx = sk_MIME_PARAM_find(hdr->params, &param);
-	if(idx < 0) return NULL;
-	return sk_MIME_PARAM_value(hdr->params, idx);
-}
-
-static void mime_hdr_free(MIME_HEADER *hdr)
-{
-	if(hdr->name) OPENSSL_free(hdr->name);
-	if(hdr->value) OPENSSL_free(hdr->value);
-	if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
-	OPENSSL_free(hdr);
-}
-
-static void mime_param_free(MIME_PARAM *param)
-{
-	if(param->param_name) OPENSSL_free(param->param_name);
-	if(param->param_value) OPENSSL_free(param->param_value);
-	OPENSSL_free(param);
-}
-
-/* Check for a multipart boundary. Returns:
- * 0 : no boundary
- * 1 : part boundary
- * 2 : final boundary
- */
-static int mime_bound_check(char *line, int linelen, char *bound, int blen)
-{
-	if(linelen == -1) linelen = strlen(line);
-	if(blen == -1) blen = strlen(bound);
-	/* Quickly eliminate if line length too short */
-	if(blen + 2 > linelen) return 0;
-	/* Check for part boundary */
-	if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
-		if(!strncmp(line + blen + 2, "--", 2)) return 2;
-		else return 1;
-	}
-	return 0;
-}
-
-static int strip_eol(char *linebuf, int *plen)
-	{
-	int len = *plen;
-	char *p, c;
-	int is_eol = 0;
-	p = linebuf + len - 1;
-	for (p = linebuf + len - 1; len > 0; len--, p--)
-		{
-		c = *p;
-		if (c == '\n')
-			is_eol = 1;
-		else if (c != '\r')
-			break;
-		}
-	*plen = len;
-	return is_eol;
-	}
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -449,13 +449,13 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)

 	l=80-2-obase;

-	b=X509_NAME_oneline(name,NULL,0);
-	if (!*b)
+	b=s=X509_NAME_oneline(name,NULL,0);
+	if (!*s)
 		{
 		OPENSSL_free(b);
 		return 1;
 		}
-	s=b+1; /* skip the first slash */
+	s++; /* skip the first slash */

 	c=s;
 	for (;;)
@@ -480,7 +480,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 			{
 			i=s-c;
 			if (BIO_write(bp,c,i) != i) goto err;
-			c=s+1;	/* skip following slash */
+			c+=i;
+			c++;
 			if (*s != '\0')
 				{
 				if (BIO_write(bp,", ",2) != 2) goto err;
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -944,7 +944,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
 		if (utype != typ->type)
 			ASN1_TYPE_set(typ, utype, NULL);
 		opval = pval;
-		pval = &typ->value.asn1_value;
+		pval = (ASN1_VALUE **)&typ->value.ptr;
 		}
 	switch(utype)
 		{
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -597,7 +597,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
 		typ = (ASN1_TYPE *)*pval;
 		utype = typ->type;
 		*putype = utype;
-		pval = &typ->value.asn1_value;
+		pval = (ASN1_VALUE **)&typ->value.ptr;
 		}
 	else utype = *putype;

--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -115,6 +115,8 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
 				return;
 			}
 		i = asn1_get_choice_selector(pval, it);
+		if (asn1_cb)
+			asn1_cb(ASN1_OP_FREE_PRE, pval, it);
 		if ((i >= 0) && (i < it->tcount))
 			{
 			ASN1_VALUE **pchval;
@@ -219,7 +221,7 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 		{
 		ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
 		utype = typ->type;
-		pval = &typ->value.asn1_value;
+		pval = (ASN1_VALUE **)&typ->value.ptr;
 		if (!*pval)
 			return;
 		}
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -66,65 +66,8 @@ ASN1_SEQUENCE(X509_ALGOR) = {
 	ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
 } ASN1_SEQUENCE_END(X509_ALGOR)

-ASN1_ITEM_TEMPLATE(X509_ALGORS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
-ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
-
 IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)

 IMPLEMENT_STACK_OF(X509_ALGOR)
 IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
-
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
-	{
-	if (!alg)
-		return 0;
-	if (ptype != V_ASN1_UNDEF)
-		{
-		if (alg->parameter == NULL)
-			alg->parameter = ASN1_TYPE_new();
-		if (alg->parameter == NULL)
-			return 0;
-		}
-	if (alg)
-		{
-		if (alg->algorithm)
-			ASN1_OBJECT_free(alg->algorithm);
-		alg->algorithm = aobj;
-		}
-	if (ptype == 0)
-		return 1;	
-	if (ptype == V_ASN1_UNDEF)
-		{
-		if (alg->parameter)
-			{
-			ASN1_TYPE_free(alg->parameter);
-			alg->parameter = NULL;
-			}
-		}
-	else
-		ASN1_TYPE_set(alg->parameter, ptype, pval);
-	return 1;
-	}
-
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-						X509_ALGOR *algor)
-	{
-	if (paobj)
-		*paobj = algor->algorithm;
-	if (pptype)
-		{
-		if (algor->parameter == NULL)
-			{
-			*pptype = V_ASN1_UNDEF;
-			return;
-			}
-		else
-			*pptype = algor->parameter->type;
-		if (ppval)
-			*ppval = algor->parameter->value.ptr;
-		}
-	}
-
--- a/crypto/asn1/x_exten.c
+++ b/crypto/asn1/x_exten.c
@@ -67,10 +67,5 @@ ASN1_SEQUENCE(X509_EXTENSION) = {
 	ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(X509_EXTENSION)

-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
-ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
-
 IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -63,11 +63,7 @@
 #include "cryptlib.h"
 #include <openssl/bio.h>
 #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
-#include <netdb.h>
-#if defined(NETWARE_CLIB)
-#include <sys/ioctl.h>
-NETDB_DEFINE_CONTEXT
-#endif
+#include "netdb.h"
 #endif

 #ifndef OPENSSL_NO_SOCK
@@ -182,11 +178,11 @@ int BIO_get_port(const char *str, unsigned short *port_ptr)
 		/* Note: under VMS with SOCKETSHR, it seems like the first
 		 * parameter is 'char *', instead of 'const char *'
 		 */
+ 		s=getservbyname(
 #ifndef CONST_STRICT
-		s=getservbyname((char *)str,"tcp");
-#else
-		s=getservbyname(str,"tcp");
+		    (char *)
 #endif
+		    str,"tcp");
 		if(s != NULL)
 			*port_ptr=ntohs((unsigned short)s->s_port);
 		CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
@@ -364,11 +360,7 @@ struct hostent *BIO_gethostbyname(const char *name)
 #if 1
 	/* Caching gethostbyname() results forever is wrong,
 	 * so we have to let the true gethostbyname() worry about this */
-#if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
-	return gethostbyname((char*)name);
-#else
 	return gethostbyname(name);
-#endif
 #else
 	struct hostent *ret;
 	int i,lowi=0,j;
@@ -408,11 +400,11 @@ struct hostent *BIO_gethostbyname(const char *name)
 		/* Note: under VMS with SOCKETSHR, it seems like the first
 		 * parameter is 'char *', instead of 'const char *'
 		 */
+		ret=gethostbyname(
 #  ifndef CONST_STRICT
-		ret=gethostbyname((char *)name);
-#  else
-		ret=gethostbyname(name);
+		    (char *)
 #  endif
+		    name);

 		if (ret == NULL)
 			goto end;
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -95,7 +95,6 @@ extern "C" {
 #define BIO_TYPE_BIO		(19|0x0400)		/* (half a) BIO pair */
 #define BIO_TYPE_LINEBUFFER	(20|0x0200)		/* filter */
 #define BIO_TYPE_DGRAM		(21|0x0400|0x0100)
-#define BIO_TYPE_COMP 		(23|0x0200)		/* filter */

 #define BIO_TYPE_DESCRIPTOR	0x0100	/* socket, fd, connect or accept */
 #define BIO_TYPE_FILTER		0x0200
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -208,13 +208,9 @@ static int dgram_write(BIO *b, const char *in, int inl)
 	clear_socket_error();

    if ( data->connected )
-        ret=writesocket(b->num,in,inl);
+        ret=send(b->num,in,inl,0);
    else
-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
-        ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer));
-#else
        ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));
-#endif

 	BIO_clear_retry_flags(b);
 	if (ret <= 0)
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -89,10 +89,6 @@
 #include "bio_lcl.h"
 #include <openssl/err.h>

-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-#include <nwfileio.h>
-#endif
-
 #if !defined(OPENSSL_NO_STDIO)

 static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
@@ -289,9 +285,9 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
         /* Under CLib there are differences in file modes
         */
 		if (num & BIO_FP_TEXT)
-			setmode(fd,O_TEXT);
+			_setmode(fd,O_TEXT);
 		else
-			setmode(fd,O_BINARY);
+			_setmode(fd,O_BINARY);
 #elif defined(OPENSSL_SYS_MSDOS)
 		int fd = fileno((FILE*)ptr);
 		/* Set correct text/binary mode */
--- a/crypto/bn/.cvsignore
+++ b/crypto/bn/.cvsignore
@@ -4,4 +4,3 @@ Makefile.save
 semantic.cache
 co86-elf.s
 bn86-elf.s
-mo86-elf.s
--- a/crypto/bn/Makefile
+++ b/crypto/bn/Makefile
@@ -67,22 +67,16 @@ bn86-elf.s:	asm/bn-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > ../$@)
 co86-elf.s:	asm/co-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) co-586.pl elf $(CFLAGS) > ../$@)
-mo86-elf.s:	asm/mo-586.pl ../perlasm/x86asm.pl
-	(cd asm; $(PERL) mo-586.pl elf $(CFLAGS) > ../$@)
 # COFF
 bn86-cof.s: asm/bn-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) bn-586.pl coff $(CFLAGS) > ../$@)
 co86-cof.s: asm/co-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) co-586.pl coff $(CFLAGS) > ../$@)
-mo86-cof.s: asm/mo-586.pl ../perlasm/x86asm.pl
-	(cd asm; $(PERL) mo-586.pl coff $(CFLAGS) > ../$@)
 # a.out
 bn86-out.s: asm/bn-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) bn-586.pl a.out $(CFLAGS) > ../$@)
 co86-out.s: asm/co-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) co-586.pl a.out $(CFLAGS) > ../$@)
-mo86-out.s: asm/mo-586.pl ../perlasm/x86asm.pl
-	(cd asm; $(PERL) mo-586.pl a.out $(CFLAGS) > ../$@)

 sparcv8.o:	asm/sparcv8.S
 	$(CC) $(CFLAGS) -c asm/sparcv8.S
@@ -97,8 +91,6 @@ bn-mips3.o:	asm/mips3.s

 x86_64-gcc.o:	asm/x86_64-gcc.c
 	$(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c
-x86_64-mont.s:	asm/x86_64-mont.pl
-	$(PERL) asm/x86_64-mont.pl $@

 bn-ia64.s:	asm/ia64.S
 	$(CC) $(CFLAGS) -E asm/ia64.S > $@
--- a/crypto/bn/asm/mo-586.pl
+++ b/crypto/bn/asm/mo-586.pl
@@ -1,603 +0,0 @@
-#!/usr/bin/env perl
-
-# This is crypto/bn/asm/x86-mont.pl (with asciz from crypto/perlasm/x86asm.pl)
-# from OpenSSL 0.9.9-dev 
-
-sub ::asciz
-{ my @str=unpack("C*",shift);
-    push @str,0;
-    while ($#str>15) {
-	&data_byte(@str[0..15]);
-	foreach (0..15) { shift @str; }
-    }
-    &data_byte(@str) if (@str);
-}
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# October 2005
-#
-# This is a "teaser" code, as it can be improved in several ways...
-# First of all non-SSE2 path should be implemented (yes, for now it
-# performs Montgomery multiplication/convolution only on SSE2-capable
-# CPUs such as P4, others fall down to original code). Then inner loop
-# can be unrolled and modulo-scheduled to improve ILP and possibly
-# moved to 128-bit XMM register bank (though it would require input
-# rearrangement and/or increase bus bandwidth utilization). Dedicated
-# squaring procedure should give further performance improvement...
-# Yet, for being draft, the code improves rsa512 *sign* benchmark by
-# 110%(!), rsa1024 one - by 70% and rsa4096 - by 20%:-)
-
-# December 2006
-#
-# Modulo-scheduling SSE2 loops results in further 15-20% improvement.
-# Integer-only code [being equipped with dedicated squaring procedure]
-# gives ~40% on rsa512 sign benchmark...
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],$0);
-
-$sse2=0;
-for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-
-&external_label("OPENSSL_ia32cap_P") if ($sse2);
-
-&function_begin("bn_mul_mont");
-
-$i="edx";
-$j="ecx";
-$ap="esi";	$tp="esi";		# overlapping variables!!!
-$rp="edi";	$bp="edi";		# overlapping variables!!!
-$np="ebp";
-$num="ebx";
-
-$_num=&DWP(4*0,"esp");			# stack top layout
-$_rp=&DWP(4*1,"esp");
-$_ap=&DWP(4*2,"esp");
-$_bp=&DWP(4*3,"esp");
-$_np=&DWP(4*4,"esp");
-$_n0=&DWP(4*5,"esp");	$_n0q=&QWP(4*5,"esp");
-$_sp=&DWP(4*6,"esp");
-$_bpend=&DWP(4*7,"esp");
-$frame=32;				# size of above frame rounded up to 16n
-
-	&xor	("eax","eax");
-	&mov	("edi",&wparam(5));	# int num
-	&cmp	("edi",4);
-	&jl	(&label("just_leave"));
-
-	&lea	("esi",&wparam(0));	# put aside pointer to argument block
-	&lea	("edx",&wparam(1));	# load ap
-	&mov	("ebp","esp");		# saved stack pointer!
-	&add	("edi",2);		# extra two words on top of tp
-	&neg	("edi");
-	&lea	("esp",&DWP(-$frame,"esp","edi",4));	# alloca($frame+4*(num+2))
-	&neg	("edi");
-
-	# minimize cache contention by arraning 2K window between stack
-	# pointer and ap argument [np is also position sensitive vector,
-	# but it's assumed to be near ap, as it's allocated at ~same
-	# time].
-	&mov	("eax","esp");
-	&sub	("eax","edx");
-	&and	("eax",2047);
-	&sub	("esp","eax");		# this aligns sp and ap modulo 2048
-
-	&xor	("edx","esp");
-	&and	("edx",2048);
-	&xor	("edx",2048);
-	&sub	("esp","edx");		# this splits them apart modulo 4096
-
-	&and	("esp",-64);		# align to cache line
-
-	################################# load argument block...
-	&mov	("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
-	&mov	("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
-	&mov	("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp
-	&mov	("edx",&DWP(3*4,"esi"));# const BN_ULONG *np
-	&mov	("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0
-	#&mov	("edi",&DWP(5*4,"esi"));# int num
-
-	&mov	("esi",&DWP(0,"esi"));	# pull n0[0]
-	&mov	($_rp,"eax");		# ... save a copy of argument block
-	&mov	($_ap,"ebx");
-	&mov	($_bp,"ecx");
-	&mov	($_np,"edx");
-	&mov	($_n0,"esi");
-	&lea	($num,&DWP(-3,"edi"));	# num=num-1 to assist modulo-scheduling
-	#&mov	($_num,$num);		# redundant as $num is not reused
-	&mov	($_sp,"ebp");		# saved stack pointer!
-
-if($sse2) {
-$acc0="mm0";	# mmx register bank layout
-$acc1="mm1";
-$car0="mm2";
-$car1="mm3";
-$mul0="mm4";
-$mul1="mm5";
-$temp="mm6";
-$mask="mm7";
-
-	&picmeup("eax","OPENSSL_ia32cap_P");
-	&bt	(&DWP(0,"eax"),26);
-	&jnc	(&label("non_sse2"));
-
-	&mov	("eax",-1);
-	&movd	($mask,"eax");		# mask 32 lower bits
-
-	&mov	($ap,$_ap);		# load input pointers
-	&mov	($bp,$_bp);
-	&mov	($np,$_np);
-
-	&xor	($i,$i);		# i=0
-	&xor	($j,$j);		# j=0
-
-	&movd	($mul0,&DWP(0,$bp));		# bp[0]
-	&movd	($mul1,&DWP(0,$ap));		# ap[0]
-	&movd	($car1,&DWP(0,$np));		# np[0]
-
-	&pmuludq($mul1,$mul0);			# ap[0]*bp[0]
-	&movq	($car0,$mul1);
-	&movq	($acc0,$mul1);			# I wish movd worked for
-	&pand	($acc0,$mask);			# inter-register transfers
-
-	&pmuludq($mul1,$_n0q);			# *=n0
-
-	&pmuludq($car1,$mul1);			# "t[0]"*np[0]*n0
-	&paddq	($car1,$acc0);
-
-	&movd	($acc1,&DWP(4,$np));		# np[1]
-	&movd	($acc0,&DWP(4,$ap));		# ap[1]
-
-	&psrlq	($car0,32);
-	&psrlq	($car1,32);
-
-	&inc	($j);				# j++
-&set_label("1st",16);
-	&pmuludq($acc0,$mul0);			# ap[j]*bp[0]
-	&pmuludq($acc1,$mul1);			# np[j]*m1
-	&paddq	($car0,$acc0);			# +=c0
-	&paddq	($car1,$acc1);			# +=c1
-
-	&movq	($acc0,$car0);
-	&pand	($acc0,$mask);
-	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
-	&paddq	($car1,$acc0);			# +=ap[j]*bp[0];
-	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
-	&psrlq	($car0,32);
-	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[j-1]=
-	&psrlq	($car1,32);
-
-	&lea	($j,&DWP(1,$j));
-	&cmp	($j,$num);
-	&jl	(&label("1st"));
-
-	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[0]
-	&pmuludq($acc1,$mul1);			# np[num-1]*m1
-	&paddq	($car0,$acc0);			# +=c0
-	&paddq	($car1,$acc1);			# +=c1
-
-	&movq	($acc0,$car0);
-	&pand	($acc0,$mask);
-	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[0];
-	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
-
-	&psrlq	($car0,32);
-	&psrlq	($car1,32);
-
-	&paddq	($car1,$car0);
-	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
-
-	&inc	($i);				# i++
-&set_label("outer");
-	&xor	($j,$j);			# j=0
-
-	&movd	($mul0,&DWP(0,$bp,$i,4));	# bp[i]
-	&movd	($mul1,&DWP(0,$ap));		# ap[0]
-	&movd	($temp,&DWP($frame,"esp"));	# tp[0]
-	&movd	($car1,&DWP(0,$np));		# np[0]
-	&pmuludq($mul1,$mul0);			# ap[0]*bp[i]
-
-	&paddq	($mul1,$temp);			# +=tp[0]
-	&movq	($acc0,$mul1);
-	&movq	($car0,$mul1);
-	&pand	($acc0,$mask);
-
-	&pmuludq($mul1,$_n0q);			# *=n0
-
-	&pmuludq($car1,$mul1);
-	&paddq	($car1,$acc0);
-
-	&movd	($temp,&DWP($frame+4,"esp"));	# tp[1]
-	&movd	($acc1,&DWP(4,$np));		# np[1]
-	&movd	($acc0,&DWP(4,$ap));		# ap[1]
-
-	&psrlq	($car0,32);
-	&psrlq	($car1,32);
-	&paddq	($car0,$temp);			# +=tp[1]
-
-	&inc	($j);				# j++
-	&dec	($num);
-&set_label("inner");
-	&pmuludq($acc0,$mul0);			# ap[j]*bp[i]
-	&pmuludq($acc1,$mul1);			# np[j]*m1
-	&paddq	($car0,$acc0);			# +=c0
-	&paddq	($car1,$acc1);			# +=c1
-
-	&movq	($acc0,$car0);
-	&movd	($temp,&DWP($frame+4,"esp",$j,4));# tp[j+1]
-	&pand	($acc0,$mask);
-	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
-	&paddq	($car1,$acc0);			# +=ap[j]*bp[i]+tp[j]
-	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
-	&psrlq	($car0,32);
-	&movd	(&DWP($frame-4,"esp",$j,4),$car1);# tp[j-1]=
-	&psrlq	($car1,32);
-	&paddq	($car0,$temp);			# +=tp[j+1]
-
-	&dec	($num);
-	&lea	($j,&DWP(1,$j));		# j++
-	&jnz	(&label("inner"));
-
-	&mov	($num,$j);
-	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[i]
-	&pmuludq($acc1,$mul1);			# np[num-1]*m1
-	&paddq	($car0,$acc0);			# +=c0
-	&paddq	($car1,$acc1);			# +=c1
-
-	&movq	($acc0,$car0);
-	&pand	($acc0,$mask);
-	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[i]+tp[num-1]
-	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
-	&psrlq	($car0,32);
-	&psrlq	($car1,32);
-
-	&movd	($temp,&DWP($frame+4,"esp",$num,4));	# += tp[num]
-	&paddq	($car1,$car0);
-	&paddq	($car1,$temp);
-	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
-
-	&lea	($i,&DWP(1,$i));		# i++
-	&cmp	($i,$num);
-	&jle	(&label("outer"));
-
-	&emms	();				# done with mmx bank
-	&jmp	(&label("common_tail"));
-
-&set_label("non_sse2",16);
-}
-
-if (0) {
-	&mov	("esp",$_sp);
-	&xor	("eax","eax");	# signal "not fast enough [yet]"
-	&jmp	(&label("just_leave"));
-	# While the below code provides competitive performance for
-	# all key lengthes on modern Intel cores, it's still more
-	# than 10% slower for 4096-bit key elsewhere:-( "Competitive"
-	# means compared to the original integer-only assembler.
-	# 512-bit RSA sign is better by ~40%, but that's about all
-	# one can say about all CPUs...
-} else {
-$inp="esi";	# integer path uses these registers differently
-$word="edi";
-$carry="ebp";
-
-	&mov	($inp,$_ap);
-	&lea	($carry,&DWP(1,$num));
-	&mov	($word,$_bp);
-	&xor	($j,$j);				# j=0
-	&mov	("edx",$inp);
-	&and	($carry,1);				# see if num is even
-	&sub	("edx",$word);				# see if ap==bp
-	&lea	("eax",&DWP(4,$word,$num,4));		# &bp[num]
-	&or	($carry,"edx");
-	&mov	($word,&DWP(0,$word));			# bp[0]
-	&jz	(&label("bn_sqr_mont"));
-	&mov	($_bpend,"eax");
-	&mov	("eax",&DWP(0,$inp));
-	&xor	("edx","edx");
-
-&set_label("mull",16);
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[j]*bp[0]
-	&add	($carry,"eax");
-	&lea	($j,&DWP(1,$j));
-	&adc	("edx",0);
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
-	&cmp	($j,$num);
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
-	&jl	(&label("mull"));
-
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[num-1]*bp[0]
-	 &mov	($word,$_n0);
-	&add	("eax",$carry);
-	 &mov	($inp,$_np);
-	&adc	("edx",0);
-	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
-
-	&mov	(&DWP($frame,"esp",$num,4),"eax");	# tp[num-1]=
-	&xor	($j,$j);
-	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
-	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
-
-	&mov	("eax",&DWP(0,$inp));			# np[0]
-	&mul	($word);				# np[0]*m
-	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
-	&mov	("eax",&DWP(4,$inp));			# np[1]
-	&adc	("edx",0);
-	&inc	($j);
-
-	&jmp	(&label("2ndmadd"));
-
-&set_label("1stmadd",16);
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[j]*bp[i]
-	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
-	&lea	($j,&DWP(1,$j));
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
-	&adc	("edx",0);
-	&cmp	($j,$num);
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
-	&jl	(&label("1stmadd"));
-
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[num-1]*bp[i]
-	&add	("eax",&DWP($frame,"esp",$num,4));	# +=tp[num-1]
-	 &mov	($word,$_n0);
-	&adc	("edx",0);
-	 &mov	($inp,$_np);
-	&add	($carry,"eax");
-	&adc	("edx",0);
-	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
-
-	&xor	($j,$j);
-	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
-	&mov	(&DWP($frame,"esp",$num,4),$carry);	# tp[num-1]=
-	&adc	($j,0);
-	 &mov	("eax",&DWP(0,$inp));			# np[0]
-	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
-	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
-
-	&mul	($word);				# np[0]*m
-	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
-	&mov	("eax",&DWP(4,$inp));			# np[1]
-	&adc	("edx",0);
-	&mov	($j,1);
-
-&set_label("2ndmadd",16);
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j]*m
-	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
-	&lea	($j,&DWP(1,$j));
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+1]
-	&adc	("edx",0);
-	&cmp	($j,$num);
-	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j-1]=
-	&jl	(&label("2ndmadd"));
-
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j]*m
-	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&adc	("edx",0);
-	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
-
-	&xor	("eax","eax");
-	 &mov	($j,$_bp);				# &bp[i]
-	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
-	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
-	 &lea	($j,&DWP(4,$j));
-	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
-	 &cmp	($j,$_bpend);
-	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
-	&je	(&label("common_tail"));
-
-	&mov	($word,&DWP(0,$j));			# bp[i+1]
-	&mov	($inp,$_ap);
-	&mov	($_bp,$j);				# &bp[++i]
-	&xor	($j,$j);
-	&xor	("edx","edx");
-	&mov	("eax",&DWP(0,$inp));
-	&jmp	(&label("1stmadd"));
-
-&set_label("bn_sqr_mont",16);
-$sbit=$num;
-	&mov	($_num,$num);
-	&mov	($_bp,$j);				# i=0
-
-	&mov	("eax",$word);				# ap[0]
-	&mul	($word);				# ap[0]*ap[0]
-	&mov	(&DWP($frame,"esp"),"eax");		# tp[0]=
-	&mov	($sbit,"edx");
-	&shr	("edx",1);
-	&and	($sbit,1);
-	&inc	($j);
-&set_label("sqr",16);
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[j]*ap[0]
-	&add	("eax",$carry);
-	&lea	($j,&DWP(1,$j));
-	&adc	("edx",0);
-	&lea	($carry,&DWP(0,$sbit,"eax",2));
-	&shr	("eax",31);
-	&cmp	($j,$_num);
-	&mov	($sbit,"eax");
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
-	&jl	(&label("sqr"));
-
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[num-1]
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[num-1]*ap[0]
-	&add	("eax",$carry);
-	 &mov	($word,$_n0);
-	&adc	("edx",0);
-	 &mov	($inp,$_np);
-	&lea	($carry,&DWP(0,$sbit,"eax",2));
-	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
-	&shr	("eax",31);
-	&mov	(&DWP($frame,"esp",$j,4),$carry);	# tp[num-1]=
-
-	&lea	($carry,&DWP(0,"eax","edx",2));
-	 &mov	("eax",&DWP(0,$inp));			# np[0]
-	&shr	("edx",31);
-	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num]=
-	&mov	(&DWP($frame+8,"esp",$j,4),"edx");	# tp[num+1]=
-
-	&mul	($word);				# np[0]*m
-	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
-	&mov	($num,$j);
-	&adc	("edx",0);
-	&mov	("eax",&DWP(4,$inp));			# np[1]
-	&mov	($j,1);
-
-&set_label("3rdmadd",16);
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j]*m
-	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&mov	("eax",&DWP(4,$inp,$j,4));		# np[j+1]
-	&adc	("edx",0);
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j-1]=
-
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j+1]*m
-	&add	($carry,&DWP($frame+4,"esp",$j,4));	# +=tp[j+1]
-	&lea	($j,&DWP(2,$j));
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+2]
-	&adc	("edx",0);
-	&cmp	($j,$num);
-	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j]=
-	&jl	(&label("3rdmadd"));
-
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j]*m
-	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&adc	("edx",0);
-	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
-
-	&mov	($j,$_bp);				# i
-	&xor	("eax","eax");
-	&mov	($inp,$_ap);
-	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
-	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
-	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
-	&cmp	($j,$num);
-	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
-	&je	(&label("common_tail"));
-
-	&mov	($word,&DWP(4,$inp,$j,4));		# ap[i]
-	&lea	($j,&DWP(1,$j));
-	&mov	("eax",$word);
-	&mov	($_bp,$j);				# ++i
-	&mul	($word);				# ap[i]*ap[i]
-	&add	("eax",&DWP($frame,"esp",$j,4));	# +=tp[i]
-	&adc	("edx",0);
-	&mov	(&DWP($frame,"esp",$j,4),"eax");	# tp[i]=
-	&xor	($carry,$carry);
-	&cmp	($j,$num);
-	&lea	($j,&DWP(1,$j));
-	&je	(&label("sqrlast"));
-
-	&mov	($sbit,"edx");				# zaps $num
-	&shr	("edx",1);
-	&and	($sbit,1);
-&set_label("sqradd",16);
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[j]*ap[i]
-	&add	("eax",$carry);
-	&lea	($carry,&DWP(0,"eax","eax"));
-	&adc	("edx",0);
-	&shr	("eax",31);
-	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
-	&lea	($j,&DWP(1,$j));
-	&adc	("eax",0);
-	&add	($carry,$sbit);
-	&adc	("eax",0);
-	&cmp	($j,$_num);
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
-	&mov	($sbit,"eax");
-	&jle	(&label("sqradd"));
-
-	&mov	($carry,"edx");
-	&lea	("edx",&DWP(0,$sbit,"edx",2));
-	&shr	($carry,31);
-&set_label("sqrlast");
-	&mov	($word,$_n0);
-	&mov	($inp,$_np);
-	&imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
-
-	&add	("edx",&DWP($frame,"esp",$j,4));	# +=tp[num]
-	&mov	("eax",&DWP(0,$inp));			# np[0]
-	&adc	($carry,0);
-	&mov	(&DWP($frame,"esp",$j,4),"edx");	# tp[num]=
-	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num+1]=
-
-	&mul	($word);				# np[0]*m
-	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
-	&lea	($num,&DWP(-1,$j));
-	&adc	("edx",0);
-	&mov	($j,1);
-	&mov	("eax",&DWP(4,$inp));			# np[1]
-
-	&jmp	(&label("3rdmadd"));
-}
-
-&set_label("common_tail",16);
-	&mov	($np,$_np);			# load modulus pointer
-	&mov	($rp,$_rp);			# load result pointer
-	&lea	($tp,&DWP($frame,"esp"));	# [$ap and $bp are zapped]
-
-	&mov	("eax",&DWP(0,$tp));		# tp[0]
-	&mov	($j,$num);			# j=num-1
-	&xor	($i,$i);			# i=0 and clear CF!
-
-&set_label("sub",16);
-	&sbb	("eax",&DWP(0,$np,$i,4));
-	&mov	(&DWP(0,$rp,$i,4),"eax");	# rp[i]=tp[i]-np[i]
-	&dec	($j);				# doesn't affect CF!
-	&mov	("eax",&DWP(4,$tp,$i,4));	# tp[i+1]
-	&lea	($i,&DWP(1,$i));		# i++
-	&jge	(&label("sub"));
-
-	&sbb	("eax",0);			# handle upmost overflow bit
-	&and	($tp,"eax");
-	&not	("eax");
-	&mov	($np,$rp);
-	&and	($np,"eax");
-	&or	($tp,$np);			# tp=carry?tp:rp
-
-&set_label("copy",16);				# copy or in-place refresh
-	&mov	("eax",&DWP(0,$tp,$num,4));
-	&mov	(&DWP(0,$rp,$num,4),"eax");	# rp[i]=tp[i]
-	&mov	(&DWP($frame,"esp",$num,4),$j);	# zap temporary vector
-	&dec	($num);
-	&jge	(&label("copy"));
-
-	&mov	("esp",$_sp);		# pull saved stack pointer
-	&mov	("eax",1);
-&set_label("just_leave");
-&function_end("bn_mul_mont");
-
-&asciz("Montgomery Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>");
-
-&asm_finish();
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
@@ -1,214 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# October 2005.
-#
-# Montgomery multiplication routine for x86_64. While it gives modest
-# 9% improvement of rsa4096 sign on Opteron, rsa512 sign runs more
-# than twice, >2x, as fast. Most common rsa1024 sign is improved by
-# respectful 50%. It remains to be seen if loop unrolling and
-# dedicated squaring routine can provide further improvement...
-
-$output=shift;
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open STDOUT,"| $^X $xlate $output";
-
-# int bn_mul_mont(
-$rp="%rdi";	# BN_ULONG *rp,
-$ap="%rsi";	# const BN_ULONG *ap,
-$bp="%rdx";	# const BN_ULONG *bp,
-$np="%rcx";	# const BN_ULONG *np,
-$n0="%r8";	# const BN_ULONG *n0,
-$num="%r9";	# int num);
-$lo0="%r10";
-$hi0="%r11";
-$bp="%r12";	# reassign $bp
-$hi1="%r13";
-$i="%r14";
-$j="%r15";
-$m0="%rbx";
-$m1="%rbp";
-
-$code=<<___;
-.text
-
-.globl	bn_mul_mont
-.type	bn_mul_mont,\@function,6
-.align	16
-bn_mul_mont:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-
-	mov	${num}d,${num}d
-	lea	2($num),%rax
-	mov	%rsp,%rbp
-	neg	%rax
-	lea	(%rsp,%rax,8),%rsp	# tp=alloca(8*(num+2))
-	and	\$-1024,%rsp		# minimize TLB usage
-
-	mov	%rbp,8(%rsp,$num,8)	# tp[num+1]=%rsp
-	mov	%rdx,$bp		# $bp reassigned, remember?
-
-	mov	($n0),$n0		# pull n0[0] value
-
-	xor	$i,$i			# i=0
-	xor	$j,$j			# j=0
-
-	mov	($bp),$m0		# m0=bp[0]
-	mov	($ap),%rax
-	mulq	$m0			# ap[0]*bp[0]
-	mov	%rax,$lo0
-	mov	%rdx,$hi0
-
-	imulq	$n0,%rax		# "tp[0]"*n0
-	mov	%rax,$m1
-
-	mulq	($np)			# np[0]*m1
-	add	$lo0,%rax		# discarded
-	adc	\$0,%rdx
-	mov	%rdx,$hi1
-
-	lea	1($j),$j		# j++
-.L1st:
-	mov	($ap,$j,8),%rax
-	mulq	$m0			# ap[j]*bp[0]
-	add	$hi0,%rax
-	adc	\$0,%rdx
-	mov	%rax,$lo0
-	mov	($np,$j,8),%rax
-	mov	%rdx,$hi0
-
-	mulq	$m1			# np[j]*m1
-	add	$hi1,%rax
-	lea	1($j),$j		# j++
-	adc	\$0,%rdx
-	add	$lo0,%rax		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	%rax,-16(%rsp,$j,8)	# tp[j-1]
-	cmp	$num,$j
-	mov	%rdx,$hi1
-	jl	.L1st
-
-	xor	%rdx,%rdx
-	add	$hi0,$hi1
-	adc	\$0,%rdx
-	mov	$hi1,-8(%rsp,$num,8)
-	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-.align	4
-.Louter:
-	xor	$j,$j			# j=0
-
-	mov	($bp,$i,8),$m0		# m0=bp[i]
-	mov	($ap),%rax		# ap[0]
-	mulq	$m0			# ap[0]*bp[i]
-	add	(%rsp),%rax		# ap[0]*bp[i]+tp[0]
-	adc	\$0,%rdx
-	mov	%rax,$lo0
-	mov	%rdx,$hi0
-
-	imulq	$n0,%rax		# tp[0]*n0
-	mov	%rax,$m1
-
-	mulq	($np,$j,8)		# np[0]*m1
-	add	$lo0,%rax		# discarded
-	mov	8(%rsp),$lo0		# tp[1]
-	adc	\$0,%rdx
-	mov	%rdx,$hi1
-
-	lea	1($j),$j		# j++
-.align	4
-.Linner:
-	mov	($ap,$j,8),%rax
-	mulq	$m0			# ap[j]*bp[i]
-	add	$hi0,%rax
-	adc	\$0,%rdx
-	add	%rax,$lo0		# ap[j]*bp[i]+tp[j]
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$hi0
-
-	mulq	$m1			# np[j]*m1
-	add	$hi1,%rax
-	lea	1($j),$j		# j++
-	adc	\$0,%rdx
-	add	$lo0,%rax		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	(%rsp,$j,8),$lo0
-	cmp	$num,$j
-	mov	%rax,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-	jl	.Linner
-
-	xor	%rdx,%rdx
-	add	$hi0,$hi1
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# pull upmost overflow bit
-	adc	\$0,%rdx
-	mov	$hi1,-8(%rsp,$num,8)
-	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-	cmp	$num,$i
-	jl	.Louter
-
-	lea	(%rsp),$ap		# borrow ap for tp
-	lea	-1($num),$j		# j=num-1
-
-	mov	($ap),%rax		# tp[0]
-	xor	$i,$i			# i=0 and clear CF!
-	jmp	.Lsub
-.align	16
-.Lsub:	sbb	($np,$i,8),%rax
-	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
-	dec	$j			# doesn't affect CF!
-	mov	8($ap,$i,8),%rax	# tp[i+1]
-	lea	1($i),$i		# i++
-	jge	.Lsub
-
-	sbb	\$0,%rax		# handle upmost overflow bit
-	and	%rax,$ap
-	not	%rax
-	mov	$rp,$np
-	and	%rax,$np
-	lea	-1($num),$j
-	or	$np,$ap			# ap=borrow?tp:rp
-.align	16
-.Lcopy:					# copy or in-place refresh
-	mov	($ap,$j,8),%rax
-	mov	%rax,($rp,$j,8)		# rp[i]=tp[i]
-	mov	$i,(%rsp,$j,8)		# zap temporary vector
-	dec	$j
-	jge	.Lcopy
-
-	mov	8(%rsp,$num,8),%rsp	# restore %rsp
-	mov	\$1,%rax
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	ret
-.size	bn_mul_mont,.-bn_mul_mont
-.asciz	"Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-print $code;
-close STDOUT;
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -303,12 +303,7 @@ struct bn_mont_ctx_st
 	BIGNUM N;      /* The modulus */
 	BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
 	                * (Ni is only stored for bignum algorithm) */
-#if 0
-	/* OpenSSL 0.9.9 preview: */
-	BN_ULONG n0[2];/* least significant word(s) of Ni */
-#else
 	BN_ULONG n0;   /* least significant word of Ni */
-#endif
 	int flags;
 	};

--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -481,7 +481,6 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
 	int cl, int dl);
 BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
 	int cl, int dl);
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);

 #ifdef  __cplusplus
 }
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -122,50 +122,11 @@

 #define MONT_WORD /* use the faster word-based algorithm */

-#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
-/* This condition means we have a specific non-default build:
- * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any
- * BN_BITS2<=32 platform; an explicit "enable-montasm" is required.
- * I.e., if we are here, the user intentionally deviates from the
- * normal stable build to get better Montgomery performance from
- * the 0.9.9-dev backport.
- *
- * In this case only, we also enable BN_from_montgomery_word()
- * (another non-stable feature from 0.9.9-dev).
- */
-#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-#endif
-
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
-#endif
-
-
-
 int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
 			  BN_MONT_CTX *mont, BN_CTX *ctx)
 	{
 	BIGNUM *tmp;
 	int ret=0;
-#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
-	int num = mont->N.top;
-
-	if (num>1 && a->top==num && b->top==num)
-		{
-		if (bn_wexpand(r,num) == NULL) return(0);
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
-		if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num))
-#else
-		if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num))
-#endif
-			{
-			r->neg = a->neg^b->neg;
-			r->top = num;
-			bn_correct_top(r);
-			return(1);
-			}
-		}
-#endif

 	BN_CTX_start(ctx);
 	tmp = BN_CTX_get(ctx);
@@ -181,11 +142,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
 		if (!BN_mul(tmp,a,b,ctx)) goto err;
 		}
 	/* reduce from aRR to aR */
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-	if (!BN_from_montgomery_word(r,tmp,mont)) goto err;
-#else
 	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
-#endif
 	bn_check_top(r);
 	ret=1;
 err:
@@ -193,150 +150,6 @@ err:
 	return(ret);
 	}

-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
-	{
-	BIGNUM *n;
-	BN_ULONG *ap,*np,*rp,n0,v,*nrp;
-	int al,nl,max,i,x,ri;
-
-	n= &(mont->N);
-	/* mont->ri is the size of mont->N in bits (rounded up
-	   to the word size) */
-	al=ri=mont->ri/BN_BITS2;
-
-	nl=n->top;
-	if ((al == 0) || (nl == 0)) { ret->top=0; return(1); }
-
-	max=(nl+al+1); /* allow for overflow (no?) XXX */
-	if (bn_wexpand(r,max) == NULL) return(0);
-
-	r->neg^=n->neg;
-	np=n->d;
-	rp=r->d;
-	nrp= &(r->d[nl]);
-
-	/* clear the top words of T */
-	for (i=r->top; i<max; i++) /* memset? XXX */
-		r->d[i]=0;
-
-	r->top=max;
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
-	n0=mont->n0[0];
-#else
-	n0=mont->n0;
-#endif
-
-#ifdef BN_COUNT
-	fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl);
-#endif
-	for (i=0; i<nl; i++)
-		{
-#ifdef __TANDEM
-                {
-                   long long t1;
-                   long long t2;
-                   long long t3;
-                   t1 = rp[0] * (n0 & 0177777);
-                   t2 = 037777600000l;
-                   t2 = n0 & t2;
-                   t3 = rp[0] & 0177777;
-                   t2 = (t3 * t2) & BN_MASK2;
-                   t1 = t1 + t2;
-                   v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
-                }
-#else
-		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-#endif
-		nrp++;
-		rp++;
-		if (((nrp[-1]+=v)&BN_MASK2) >= v)
-			continue;
-		else
-			{
-			if (((++nrp[0])&BN_MASK2) != 0) continue;
-			if (((++nrp[1])&BN_MASK2) != 0) continue;
-			for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
-			}
-		}
-	bn_correct_top(r);
-
-	/* mont->ri will be a multiple of the word size and below code
-	 * is kind of BN_rshift(ret,r,mont->ri) equivalent */
-	if (r->top <= ri)
-		{
-		ret->top=0;
-		return(1);
-		}
-	al=r->top-ri;
-
-	if (bn_wexpand(ret,ri) == NULL) return(0);
-	x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
-	ret->top=x=(ri&~x)|(al&x);	/* min(ri,al) */
-	ret->neg=r->neg;
-
-	rp=ret->d;
-	ap=&(r->d[ri]);
-
-	{
-	size_t m1,m2;
-
-	v=bn_sub_words(rp,ap,np,ri);
-	/* this ----------------^^ works even in al<ri case
-	 * thanks to zealous zeroing of top of the vector in the
-	 * beginning. */
-
-	/* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
-	/* in other words if subtraction result is real, then
-	 * trick unconditional memcpy below to perform in-place
-	 * "refresh" instead of actual copy. */
-	m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);	/* al<ri */
-	m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);	/* al>ri */
-	m1|=m2;			/* (al!=ri) */
-	m1|=(0-(size_t)v);	/* (al!=ri || v) */
-	m1&=~m2;		/* (al!=ri || v) && !al>ri */
-	nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
-	}
-
-	/* 'i<ri' is chosen to eliminate dependency on input data, even
-	 * though it results in redundant copy in al<ri case. */
-	for (i=0,ri-=4; i<ri; i+=4)
-		{
-		BN_ULONG t1,t2,t3,t4;
-		
-		t1=nrp[i+0];
-		t2=nrp[i+1];
-		t3=nrp[i+2];	ap[i+0]=0;
-		t4=nrp[i+3];	ap[i+1]=0;
-		rp[i+0]=t1;	ap[i+2]=0;
-		rp[i+1]=t2;	ap[i+3]=0;
-		rp[i+2]=t3;
-		rp[i+3]=t4;
-		}
-	for (ri+=4; i<ri; i++)
-		rp[i]=nrp[i], ap[i]=0;
-	bn_correct_top(r);
-	bn_correct_top(ret);
-	bn_check_top(ret);
-
-	return(1);
-	}
-
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
-	     BN_CTX *ctx)
-	{
-	int retn=0;
-	BIGNUM *t;
-
-	BN_CTX_start(ctx);
-	if ((t = BN_CTX_get(ctx)) && BN_copy(t,a))
-		retn = BN_from_montgomery_word(ret,t,mont);
-	BN_CTX_end(ctx);
-	return retn;
-	}
-
-#else /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
-
 int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
 	     BN_CTX *ctx)
 	{
@@ -529,7 +342,6 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
 	BN_CTX_end(ctx);
 	return(retn);
 	}
-#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */

 BN_MONT_CTX *BN_MONT_CTX_new(void)
 	{
@@ -549,11 +361,6 @@ void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
 	BN_init(&(ctx->RR));
 	BN_init(&(ctx->N));
 	BN_init(&(ctx->Ni));
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
-	ctx->n0[0] = ctx->n0[1] = 0;
-#else
-	ctx->n0 = 0;
-#endif
 	ctx->flags=0;
 	}

@@ -587,51 +394,14 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)

 		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
 		BN_zero(R);
-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)",
-         only certain BN_BITS2<=32 platforms actually need this */
-		if (!(BN_set_bit(R,2*BN_BITS2))) goto err;	/* R */
-#else
 		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */
-#endif

 		buf[0]=mod->d[0]; /* tmod = N mod word size */
 		buf[1]=0;
-
-		BN_init(&tmod);
 		tmod.d=buf;
 		tmod.top = buf[0] != 0 ? 1 : 0;
 		tmod.dmax=2;
 		tmod.neg=0;
-
-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)";
-         only certain BN_BITS2<=32 platforms actually need this */
-								tmod.top=0;
-		if ((buf[0] = mod->d[0]))			tmod.top=1;
-		if ((buf[1] = mod->top>1 ? mod->d[1] : 0))	tmod.top=2;
-
-		if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
-			goto err;
-		if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */
-		if (!BN_is_zero(Ri))
-			{
-			if (!BN_sub_word(Ri,1)) goto err;
-			}
-		else /* if N mod word size == 1 */
-			{
-			if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL)
-				goto err;
-			/* Ri-- (mod double word size) */
-			Ri->neg=0;
-			Ri->d[0]=BN_MASK2;
-			Ri->d[1]=BN_MASK2;
-			Ri->top=2;
-			}
-		if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
-		/* Ni = (R*Ri-1)/N,
-		 * keep only couple of least significant words: */
-		mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
-		mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
-#else
 							/* Ri = R^-1 mod N*/
 		if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
 			goto err;
@@ -647,13 +417,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 		if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
 		/* Ni = (R*Ri-1)/N,
 		 * keep only least significant word: */
-# if 0 /* for OpenSSL 0.9.9 mont->n0 */
-		mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
-		mont->n0[1] = 0;
-# else
 		mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0;
-# endif
-#endif
 		}
 #else /* !MONT_WORD */
 		{ /* bignum version */
@@ -689,12 +453,7 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 	if (!BN_copy(&(to->N),&(from->N))) return NULL;
 	if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
 	to->ri=from->ri;
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
-	to->n0[0]=from->n0[0];
-	to->n0[1]=from->n0[1];
-#else
 	to->n0=from->n0;
-#endif
 	return(to);
 	}

--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -389,7 +389,6 @@ BN_ULONG bn_add_part_words(BN_ULONG *r,
 * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
 * a[1]*b[1]
 */
-/* dnX may not be positive, but n2/2+dnX has to be */
 void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
 	int dna, int dnb, BN_ULONG *t)
 	{
@@ -399,7 +398,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
 	BN_ULONG ln,lo,*p;

 # ifdef BN_COUNT
-	fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
+	fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2);
 # endif
 # ifdef BN_MUL_COMBA
 #  if 0
@@ -546,7 +545,6 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,

 /* n+tn is the word length
 * t needs to be n*4 is size, as does r */
-/* tnX may not be negative but less than n */
 void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
 	     int tna, int tnb, BN_ULONG *t)
 	{
@@ -555,8 +553,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
 	BN_ULONG ln,lo,*p;

 # ifdef BN_COUNT
-	fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
-		n, tna, n, tnb);
+	fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n",
+		tna, n, tnb, n);
 # endif
 	if (n < 8)
 		{
@@ -657,19 +655,16 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
 				for (;;)
 					{
 					i/=2;
-					/* these simplified conditions work
-					 * exclusively because difference
-					 * between tna and tnb is 1 or 0 */
-					if (i < tna || i < tnb)
+					if (i <= tna && tna == tnb)
 						{
-						bn_mul_part_recursive(&(r[n2]),
+						bn_mul_recursive(&(r[n2]),
 							&(a[n]),&(b[n]),
 							i,tna-i,tnb-i,p);
 						break;
 						}
-					else if (i == tna || i == tnb)
+					else if (i < tna || i < tnb)
 						{
-						bn_mul_recursive(&(r[n2]),
+						bn_mul_part_recursive(&(r[n2]),
 							&(a[n]),&(b[n]),
 							i,tna-i,tnb-i,p);
 						break;
--- a/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
@@ -99,6 +99,41 @@ static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
 	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
 	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
 	0xFFFFFFFF,0x000001FF};
+#elif BN_BITS2 == 16
+static const BN_ULONG _nist_p_192[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFE,
+	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF};
+static const BN_ULONG _nist_p_224[] = {0x0001,0x0000,0x0000,0x0000,0x0000,
+	0x0000,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF};
+static const BN_ULONG _nist_p_256[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
+	0xFFFF,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0001,0x0000,0xFFFF,
+	0xFFFF};
+static const BN_ULONG _nist_p_384[] = {0xFFFF,0xFFFF,0x0000,0x0000,0x0000,
+	0x0000,0xFFFF,0xFFFF,0xFFFE,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
+	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF};
+static const BN_ULONG _nist_p_521[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
+	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
+	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
+	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0x01FF};
+#elif BN_BITS2 == 8
+static const BN_ULONG _nist_p_192[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF};
+static const BN_ULONG _nist_p_224[] = {0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
+static const BN_ULONG _nist_p_256[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x00,0x00,0x01,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF};
+static const BN_ULONG _nist_p_384[] = {0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+	0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
+static const BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0x01};
 #endif

 const BIGNUM *BN_get0_nist_prime_192(void)
@@ -136,7 +171,18 @@ const BIGNUM *BN_get0_nist_prime_521(void)
 	return &const_nist_521;
 	}

-#define BN_NIST_ADD_ONE(a)	while (!(*(a)=(*(a)+1)&BN_MASK2)) ++(a);
+/* some misc internal functions */
+#if BN_BITS2 != 64
+static BN_ULONG _256_data[BN_NIST_256_TOP*6];
+static int _is_set_256_data = 0;
+static void _init_256_data(void);
+
+static BN_ULONG _384_data[BN_NIST_384_TOP*8];
+static int _is_set_384_data = 0;
+static void _init_384_data(void);
+#endif
+
+#define BN_NIST_ADD_ONE(a)	while (!(++(*(a)))) ++(a);

 static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
        {
@@ -157,10 +203,10 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
        }

 #if BN_BITS2 == 64
-#define bn_cp_64(to, n, from, m)	(to)[n] = (m>=0)?((from)[m]):0;
+#define bn_cp_64(to, n, from, m)	(to)[n] = (from)[m];
 #define bn_64_set_0(to, n)		(to)[n] = (BN_ULONG)0;
 /* TBD */
-#define bn_cp_32(to, n, from, m)	(to)[n] = (m>=0)?((from)[m]):0;
+#define bn_cp_32(to, n, from, m)	(to)[n] = (from)[m];
 #define bn_32_set_0(to, n)		(to)[n] = (BN_ULONG)0;
 #else
 #define bn_cp_64(to, n, from, m) \
@@ -174,8 +220,26 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
 	bn_32_set_0(to, (n)*2+1); \
 	}
 #if BN_BITS2 == 32
-#define bn_cp_32(to, n, from, m)	(to)[n] = (m>=0)?((from)[m]):0;
+#define bn_cp_32(to, n, from, m)	(to)[n] = (from)[m];
 #define bn_32_set_0(to, n)		(to)[n] = (BN_ULONG)0;
+#elif BN_BITS2 == 16
+#define bn_cp_32(to, n, from, m) \
+	{ \
+	(to)[(n)*2]   = (from)[(m)*2];  \
+	(to)[(n)*2+1] = (from)[(m)*2+1];\
+	}
+#define bn_32_set_0(to, n) { (to)[(n)*2] = 0; (to)[(n)*2+1] = 0; }
+#elif BN_BITS2 == 8
+#define bn_cp_32(to, n, from, m) \
+	{ \
+	(to)[(n)*4]   = (from)[(m)*4];  \
+	(to)[(n)*4+1] = (from)[(m)*4+1];\
+	(to)[(n)*4+2] = (from)[(m)*4+2];\
+	(to)[(n)*4+3] = (from)[(m)*4+3];\
+	}
+#define bn_32_set_0(to, n) \
+	{ (to)[(n)*4]   = (BN_ULONG)0; (to)[(n)*4+1] = (BN_ULONG)0; \
+	  (to)[(n)*4+2] = (BN_ULONG)0; (to)[(n)*4+3] = (BN_ULONG)0; }
 #endif
 #endif /* BN_BITS2 != 64 */

@@ -191,13 +255,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	BN_CTX *ctx)
 	{
 	int      top = a->top, i;
-	int      carry;
+	BN_ULONG carry = 0;
 	register BN_ULONG *r_d, *a_d = a->d;
 	BN_ULONG t_d[BN_NIST_192_TOP],
-	         buf[BN_NIST_192_TOP],
-		 c_d[BN_NIST_192_TOP],
-		*res;
-	size_t   mask;
+	         buf[BN_NIST_192_TOP];

 	i = BN_ucmp(field, a);
 	if (i == 0)
@@ -223,28 +284,41 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,

 	nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP);

+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma message save
+# pragma message disable BADSUBSCRIPT
+#endif
+
 	nist_set_192(t_d, buf, 0, 3, 3);
-	carry = bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-	
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))
+		++carry;
+
 	nist_set_192(t_d, buf, 4, 4, 0);
-	carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))
+		++carry;
+
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma message restore
+#endif

 	nist_set_192(t_d, buf, 5, 5, 5)
-	carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))
+		++carry;

-	nist_cp_bn(r_d, res, BN_NIST_192_TOP);
+	while (carry)
+		{
+		if (bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP))
+			--carry; 
+		}
 	r->top = BN_NIST_192_TOP;
 	bn_correct_top(r);
+	if (BN_ucmp(r, field) >= 0)
+		{
+		bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP);
+		bn_correct_top(r);
+		}

+	bn_check_top(r);
 	return 1;
 	}

@@ -262,15 +336,12 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	BN_CTX *ctx)
 	{
-#if BN_BITS2 == 32
+#if BN_BITS2 != 64
 	int	top = a->top, i;
-	int	carry;
+	int	carry = 0;
 	BN_ULONG *r_d, *a_d = a->d;
 	BN_ULONG t_d[BN_NIST_224_TOP],
-	         buf[BN_NIST_224_TOP],
-		 c_d[BN_NIST_224_TOP],
-		*res;
-	size_t   mask;
+	         buf[BN_NIST_224_TOP];

 	i = BN_ucmp(field, a);
 	if (i == 0)
@@ -297,48 +368,65 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);

 	nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
-	carry = bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-	
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP))
+		++carry;
 	nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
-	carry = bn_add_words(r_d, res, t_d, BN_NIST_224_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP))
+		++carry;
 	nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
-#if BRANCH_FREE
-	carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP);
-	bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP);
-	mask = 0-(size_t)carry;
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-#else
-	if (bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP))
-		bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP);
-#endif
-	nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
-#if BRANCH_FREE
-	carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP);
-	bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP);
-	mask = 0-(size_t)carry;
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
-	nist_cp_bn(r_d, res, BN_NIST_224_TOP);
-#else
 	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP))
-		bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP);
-#endif
+		--carry;
+	nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
+	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP))
+		--carry;
+
+	if (carry > 0)
+		while (carry)
+			{
+			if (bn_sub_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP))
+				--carry;
+			}
+	else if (carry < 0)
+		while (carry)
+			{
+			if (bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP))
+				++carry;
+			}
+
 	r->top = BN_NIST_224_TOP;
 	bn_correct_top(r);
-
+	if (BN_ucmp(r, field) >= 0)
+		{
+		bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP);
+		bn_correct_top(r);
+		}
+	bn_check_top(r);
 	return 1;
-#else	/* BN_BITS!=32 */
+#else
 	return 0;
 #endif
 	}

+#if BN_BITS2 != 64
+static void _init_256_data(void)
+	{
+	int	i;
+	BN_ULONG *tmp1 = _256_data;
+	const BN_ULONG *tmp2 = tmp1;
+
+	memcpy(tmp1, _nist_p_256, BN_NIST_256_TOP * sizeof(BN_ULONG));
+	tmp1 += BN_NIST_256_TOP;
+
+	for (i=0; i<5; i++)
+		{
+		bn_add_words(tmp1, _nist_p_256, tmp2, BN_NIST_256_TOP);
+		tmp2  = tmp1;
+		tmp1 += BN_NIST_256_TOP;
+		}
+	_is_set_256_data = 1;
+	}
+#endif
+
 #define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \
 	{ \
 	if (a8 != 0) bn_cp_32(to, 0, from, (a8) - 8) else bn_32_set_0(to, 0)\
@@ -354,16 +442,24 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	BN_CTX *ctx)
 	{
-#if BN_BITS2 == 32
+#if BN_BITS2 != 64
 	int	i, top = a->top;
 	int	carry = 0;
 	register BN_ULONG *a_d = a->d, *r_d;
 	BN_ULONG t_d[BN_NIST_256_TOP],
-	         buf[BN_NIST_256_TOP],
-		 c_d[BN_NIST_256_TOP],
-		*res;
-	size_t   mask;
+	         t_d2[BN_NIST_256_TOP],
+	         buf[BN_NIST_256_TOP];

+	if (!_is_set_256_data)
+		{
+		CRYPTO_w_lock(CRYPTO_LOCK_BN);
+		
+		if (!_is_set_256_data)
+			_init_256_data();
+		
+		CRYPTO_w_unlock(CRYPTO_LOCK_BN);
+		}
+	
 	i = BN_ucmp(field, a);
 	if (i == 0)
 		{
@@ -391,91 +487,98 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	/*S1*/
 	nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0);
 	/*S2*/
-	nist_set_256(c_d,buf, 0, 15, 14, 13, 12, 0, 0, 0);
-	carry = bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask));
-
-	carry = bn_add_words(t_d, res, res, BN_NIST_256_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask));
-
-	carry = bn_add_words(r_d, r_d, res, BN_NIST_256_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+	nist_set_256(t_d2,buf, 0, 15, 14, 13, 12, 0, 0, 0);
+	if (bn_add_words(t_d, t_d, t_d2, BN_NIST_256_TOP))
+		carry = 2;
+	/* left shift */
+		{
+		register BN_ULONG *ap,t,c;
+		ap = t_d;
+		c=0;
+		for (i = BN_NIST_256_TOP; i != 0; --i)
+			{
+			t= *ap;
+			*(ap++)=((t<<1)|c)&BN_MASK2;
+			c=(t & BN_TBIT)?1:0;
+			}
+		if (c)
+			++carry;
+		}

+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP))
+		++carry;
 	/*S3*/
 	nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8);
-	carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP))
+		++carry;
 	/*S4*/
 	nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9);
-	carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP))
+		++carry;
 	/*D1*/
 	nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11);
-#if BRANCH_FREE
-	carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP);
-	bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-	mask = 0-(size_t)carry;
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));	
-#else
-	if (bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP))
-		bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-#endif
+	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
+		--carry;
 	/*D2*/
 	nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12);
-#if BRANCH_FREE
-	carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP);
-	bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-	mask = 0-(size_t)carry;
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));	
-#else
 	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
-		bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-#endif
+		--carry;
 	/*D3*/
 	nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13);
-#if BRANCH_FREE
-	carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP);
-	bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-	mask = 0-(size_t)carry;
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));	
-#else
 	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
-		bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-#endif
+		--carry;
 	/*D4*/
 	nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14);
-#if BRANCH_FREE
-	carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP);
-	bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-	mask = 0-(size_t)carry;
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));	
-
-	nist_cp_bn(r_d, res, BN_NIST_384_TOP);
-#else
 	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
-		bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-#endif
+		--carry;
+	
+	if (carry)
+		{
+		if (carry > 0)
+			bn_sub_words(r_d, r_d, _256_data + BN_NIST_256_TOP *
+				--carry, BN_NIST_256_TOP);
+		else
+			{
+			carry = -carry;
+			bn_add_words(r_d, r_d, _256_data + BN_NIST_256_TOP *
+				--carry, BN_NIST_256_TOP);
+			}
+		}
+
 	r->top = BN_NIST_256_TOP;
 	bn_correct_top(r);
-
+	if (BN_ucmp(r, field) >= 0)
+		{
+		bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP);
+		bn_correct_top(r);
+		}
+	bn_check_top(r);
 	return 1;
-#else	/* BN_BITS!=32 */
+#else
 	return 0;
 #endif
 	}

+#if BN_BITS2 != 64
+static void _init_384_data(void)
+	{
+	int	i;
+	BN_ULONG *tmp1 = _384_data;
+	const BN_ULONG *tmp2 = tmp1;
+
+	memcpy(tmp1, _nist_p_384, BN_NIST_384_TOP * sizeof(BN_ULONG));
+	tmp1 += BN_NIST_384_TOP;
+
+	for (i=0; i<7; i++)
+		{
+		bn_add_words(tmp1, _nist_p_384, tmp2, BN_NIST_384_TOP);
+		tmp2  = tmp1;
+		tmp1 += BN_NIST_384_TOP;
+		}
+	_is_set_384_data = 1;
+	}
+#endif
+
 #define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
 	{ \
 	if (a12 != 0) bn_cp_32(to, 0, from,  (a12) - 12) else bn_32_set_0(to, 0)\
@@ -495,15 +598,22 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	BN_CTX *ctx)
 	{
-#if BN_BITS2 == 32
+#if BN_BITS2 != 64
 	int	i, top = a->top;
 	int	carry = 0;
 	register BN_ULONG *r_d, *a_d = a->d;
 	BN_ULONG t_d[BN_NIST_384_TOP],
-	         buf[BN_NIST_384_TOP],
-		 c_d[BN_NIST_384_TOP],
-		*res;
-	size_t	 mask;
+	         buf[BN_NIST_384_TOP];
+
+	if (!_is_set_384_data)
+		{
+		CRYPTO_w_lock(CRYPTO_LOCK_BN);
+		
+		if (!_is_set_384_data)
+			_init_384_data();
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_BN);
+		}

 	i = BN_ucmp(field, a);
 	if (i == 0)
@@ -536,103 +646,72 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 		register BN_ULONG *ap,t,c;
 		ap = t_d;
 		c=0;
-		for (i = 3; i != 0; --i)
+		for (i = BN_NIST_256_TOP; i != 0; --i)
 			{
 			t= *ap;
 			*(ap++)=((t<<1)|c)&BN_MASK2;
 			c=(t & BN_TBIT)?1:0;
 			}
-		*ap=c;
 		}
-	carry = bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), 
-		t_d, BN_NIST_256_TOP);
-	/*
-	 * we need if (result>=modulus) subtract(result,modulus);
-	 * in n-bit space this can be expressed as
-	 * if (carry || result>=modulus) subtract(result,modulus);
-	 * the catch is that comparison implies subtraction and
-	 * therefore one can write tmp=subtract(result,modulus);
-	 * and then if(carry || !borrow) result=tmp; this's what
-	 * happens below, but without explicit if:-) a.
-	 */
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+	if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), 
+		t_d, BN_NIST_256_TOP))
+		++carry;
 	/*S2 */
-	carry = bn_add_words(r_d, res, buf, BN_NIST_384_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+	if (bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP))
+		++carry;
 	/*S3*/
 	nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21);
-	carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+		++carry;
 	/*S4*/
 	nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0);
-	carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+		++carry;
 	/*S5*/
-	nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0);
-	carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+	nist_set_256(t_d, buf, 0, 0, 0, 0, 23-4, 22-4, 21-4, 20-4);
+	if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), 
+		t_d, BN_NIST_256_TOP))
+		++carry;
 	/*S6*/
 	nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20);
-	carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
-	mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-	mask = ~mask | (0-(size_t)carry);
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+		++carry;
 	/*D1*/
 	nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23);
-#if BRANCH_FREE
-	carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP);
-	bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-	mask = 0-(size_t)carry;
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-#else
-	if (bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP))
-		bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-#endif
+	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+		--carry;
 	/*D2*/
 	nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0);
-#if BRANCH_FREE
-	carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP);
-	bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-	mask = 0-(size_t)carry;
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-#else
 	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
-		bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-#endif
+		--carry;
 	/*D3*/
 	nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0);
-#if BRANCH_FREE
-	carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP);
-	bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-	mask = 0-(size_t)carry;
-	res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
-	nist_cp_bn(r_d, res, BN_NIST_384_TOP);
-#else
 	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
-		bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-#endif
+		--carry;
+	
+	if (carry)
+		{
+		if (carry > 0)
+			bn_sub_words(r_d, r_d, _384_data + BN_NIST_384_TOP *
+				--carry, BN_NIST_384_TOP);
+		else
+			{
+			carry = -carry;
+			bn_add_words(r_d, r_d, _384_data + BN_NIST_384_TOP *
+				--carry, BN_NIST_384_TOP);
+			}
+		}
+
 	r->top = BN_NIST_384_TOP;
 	bn_correct_top(r);
-
+	if (BN_ucmp(r, field) >= 0)
+		{
+		bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP);
+		bn_correct_top(r);
+		}
+	bn_check_top(r);
 	return 1;
-#else	/* BN_BITS!=32 */
+#else
 	return 0;
 #endif
 	}
@@ -644,6 +723,10 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 #define BN_NIST_521_TOP_MASK	(BN_ULONG)0x1FF
 #elif BN_BITS2 == 32
 #define BN_NIST_521_TOP_MASK	(BN_ULONG)0x1FF
+#elif BN_BITS2 == 16
+#define BN_NIST_521_TOP_MASK	(BN_ULONG)0x1FF
+#elif BN_BITS2 == 8
+#define BN_NIST_521_TOP_MASK	(BN_ULONG)0x1
 #endif
 	int	top, ret = 0;
 	BN_ULONG *r_d;
@@ -679,7 +762,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
           (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))
 		{
 		BN_NIST_ADD_ONE(r_d)
-		r->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; 
+		r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; 
 		}
 	bn_correct_top(r);

--- a/crypto/cms/Makefile
+++ b/crypto/cms/Makefile
@@ -1,183 +0,0 @@
-#
-# OpenSSL/crypto/cms/Makefile
-#
-
-DIR=	cms
-TOP=	../..
-CC=	cc
-INCLUDES= -I.. -I$(TOP) -I../../include
-CFLAG=-g
-MAKEFILE=	Makefile
-AR=		ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
-	cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c
-LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
-	cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=  cms.h
-HEADER=	cms_lcl.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-test:
-
-all:	lib
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB) || echo Never mind.
-	@touch lib
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
-
-install:
-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
-	do  \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-cms_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-cms_asn1.o: ../../include/openssl/opensslconf.h
-cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_asn1.o: cms.h cms_asn1.c cms_lcl.h
-cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-cms_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-cms_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-cms_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_att.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-cms_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_att.o: cms.h cms_att.c cms_lcl.h
-cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
-cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-cms_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-cms_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-cms_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-cms_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-cms_err.o: cms_err.c
-cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-cms_io.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-cms_io.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-cms_io.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-cms_io.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-cms_io.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-cms_io.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-cms_io.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cms_io.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
-cms_io.o: cms_io.c cms_lcl.h
-cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-cms_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-cms_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-cms_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-cms_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-cms_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-cms_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-cms_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-cms_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-cms_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-cms_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cms_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
-cms_lib.o: cms_lcl.h cms_lib.c
-cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h
-cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
-cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-cms_sd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-cms_sd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-cms_sd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_sd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_sd.o: ../cryptlib.h cms_lcl.h cms_sd.c
-cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h
-cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
-cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-cms_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-cms_smime.o: ../../include/openssl/objects.h
-cms_smime.o: ../../include/openssl/opensslconf.h
-cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_smime.o: ../cryptlib.h cms_lcl.h cms_smime.c
--- a/crypto/cms/cms.h
+++ b/crypto/cms/cms.h
@@ -1,473 +0,0 @@
-/* crypto/cms/cms.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#ifndef HEADER_CMS_H
-#define HEADER_CMS_H
-
-#include <openssl/x509.h>
-
-#ifdef OPENSSL_NO_CMS
-#error CMS is disabled.
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-typedef struct CMS_ContentInfo_st CMS_ContentInfo;
-typedef struct CMS_SignerInfo_st CMS_SignerInfo;
-typedef struct CMS_CertificateChoices CMS_CertificateChoices;
-typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
-typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
-typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
-typedef struct CMS_Receipt_st CMS_Receipt;
-
-DECLARE_STACK_OF(CMS_SignerInfo)
-DECLARE_STACK_OF(GENERAL_NAMES)
-DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo)
-DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
-
-#define CMS_SIGNERINFO_ISSUER_SERIAL	0
-#define CMS_SIGNERINFO_KEYIDENTIFIER	1
-
-#define CMS_RECIPINFO_TRANS		0
-#define CMS_RECIPINFO_AGREE		1
-#define CMS_RECIPINFO_KEK		2
-#define CMS_RECIPINFO_PASS		3
-#define CMS_RECIPINFO_OTHER		4
-
-/* S/MIME related flags */
-
-#define CMS_TEXT			0x1
-#define CMS_NOCERTS			0x2
-#define CMS_NO_CONTENT_VERIFY		0x4
-#define CMS_NO_ATTR_VERIFY		0x8
-#define CMS_NOSIGS			\
-			(CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
-#define CMS_NOINTERN			0x10
-#define CMS_NO_SIGNER_CERT_VERIFY	0x20
-#define CMS_NOVERIFY			0x20
-#define CMS_DETACHED			0x40
-#define CMS_BINARY			0x80
-#define CMS_NOATTR			0x100
-#define	CMS_NOSMIMECAP			0x200
-#define CMS_NOOLDMIMETYPE		0x400
-#define CMS_CRLFEOL			0x800
-#define CMS_STREAM			0x1000
-#define CMS_NOCRL			0x2000
-#define CMS_PARTIAL			0x4000
-#define CMS_REUSE_DIGEST		0x8000
-#define CMS_USE_KEYID			0x10000
-
-const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
-
-BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
-int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
-
-ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
-int CMS_is_detached(CMS_ContentInfo *cms);
-int CMS_set_detached(CMS_ContentInfo *cms, int detached);
-
-#ifdef HEADER_PEM_H
-DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
-#endif
-
-CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
-int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
-
-CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
-int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
-
-int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
-
-CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-						BIO *data, unsigned int flags);
-
-CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
-					X509 *signcert, EVP_PKEY *pkey,
-					STACK_OF(X509) *certs,
-					unsigned int flags);
-
-int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
-CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
-
-int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags);
-CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
-							unsigned int flags);
-
-int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
-				const unsigned char *key, size_t keylen,
-				BIO *dcont, BIO *out, unsigned int flags);
-
-CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
-					const unsigned char *key, size_t keylen,
-					unsigned int flags);
-
-int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
-				const unsigned char *key, size_t keylen);
-
-int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
-		 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
-
-int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
-			STACK_OF(X509) *certs,
-			X509_STORE *store, unsigned int flags);
-
-STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
-
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
-				const EVP_CIPHER *cipher, unsigned int flags);
-
-int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
-				BIO *dcont, BIO *out,
-				unsigned int flags);
-	
-int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
-int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 
-				unsigned char *key, size_t keylen,
-				unsigned char *id, size_t idlen);
-
-STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
-int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
-CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
-CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
-					X509 *recip, unsigned int flags);
-int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
-int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
-int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
-					EVP_PKEY **pk, X509 **recip,
-					X509_ALGOR **palg);
-int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno);
-
-CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
-					unsigned char *key, size_t keylen,
-					unsigned char *id, size_t idlen,
-					ASN1_GENERALIZEDTIME *date,
-					ASN1_OBJECT *otherTypeId,
-					ASN1_TYPE *otherType);
-
-int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
-					X509_ALGOR **palg,
-					ASN1_OCTET_STRING **pid,
-					ASN1_GENERALIZEDTIME **pdate,
-					ASN1_OBJECT **potherid,
-					ASN1_TYPE **pothertype);
-
-int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 
-				unsigned char *key, size_t keylen);
-
-int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 
-					const unsigned char *id, size_t idlen);
-
-int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
-	
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags);
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
-
-int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
-const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
-
-CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
-int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
-int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
-STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
-
-CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
-int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
-STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
-
-int CMS_SignedData_init(CMS_ContentInfo *cms);
-CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
-			X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
-			unsigned int flags);
-STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
-
-void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
-int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno);
-int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
-int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
-					unsigned int flags);
-void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
-					X509_ALGOR **pdig, X509_ALGOR **psig);
-int CMS_SignerInfo_sign(CMS_SignerInfo *si);
-int CMS_SignerInfo_verify(CMS_SignerInfo *si);
-int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
-
-int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
-int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
-				int algnid, int keysize);
-int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
-
-int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
-int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos);
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos);
-X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
-X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
-int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
-int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len);
-int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len);
-int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len);
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type);
-
-int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
-int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos);
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos);
-X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
-X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
-int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
-int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len);
-int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len);
-int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len);
-void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type);
-
-#ifdef HEADER_X509V3_H
-
-int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
-				int allorfirst,
-				STACK_OF(GENERAL_NAMES) *receiptList,
-				STACK_OF(GENERAL_NAMES) *receiptsTo);
-int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
-void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
-					ASN1_STRING **pcid,
-					int *pallorfirst,
-					STACK_OF(GENERAL_NAMES) **plist,
-					STACK_OF(GENERAL_NAMES) **prto);
-
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CMS_strings(void);
-
-/* Error codes for the CMS functions. */
-
-/* Function codes. */
-#define CMS_F_CHECK_CONTENT				 99
-#define CMS_F_CMS_ADD0_CERT				 164
-#define CMS_F_CMS_ADD0_RECIPIENT_KEY			 100
-#define CMS_F_CMS_ADD1_RECEIPTREQUEST			 158
-#define CMS_F_CMS_ADD1_RECIPIENT_CERT			 101
-#define CMS_F_CMS_ADD1_SIGNER				 102
-#define CMS_F_CMS_ADD1_SIGNINGTIME			 103
-#define CMS_F_CMS_COMPRESS				 104
-#define CMS_F_CMS_COMPRESSEDDATA_CREATE			 105
-#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO		 106
-#define CMS_F_CMS_COPY_CONTENT				 107
-#define CMS_F_CMS_COPY_MESSAGEDIGEST			 108
-#define CMS_F_CMS_DATA					 109
-#define CMS_F_CMS_DATAFINAL				 110
-#define CMS_F_CMS_DATAINIT				 111
-#define CMS_F_CMS_DECRYPT				 112
-#define CMS_F_CMS_DECRYPT_SET1_KEY			 113
-#define CMS_F_CMS_DECRYPT_SET1_PKEY			 114
-#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX		 115
-#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO		 116
-#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL			 117
-#define CMS_F_CMS_DIGEST_VERIFY				 118
-#define CMS_F_CMS_ENCODE_RECEIPT			 161
-#define CMS_F_CMS_ENCRYPT				 119
-#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO		 120
-#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT			 121
-#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT			 122
-#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY		 123
-#define CMS_F_CMS_ENVELOPEDDATA_CREATE			 124
-#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO		 125
-#define CMS_F_CMS_ENVELOPED_DATA_INIT			 126
-#define CMS_F_CMS_FINAL					 127
-#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES		 128
-#define CMS_F_CMS_GET0_CONTENT				 129
-#define CMS_F_CMS_GET0_ECONTENT_TYPE			 130
-#define CMS_F_CMS_GET0_ENVELOPED			 131
-#define CMS_F_CMS_GET0_REVOCATION_CHOICES		 132
-#define CMS_F_CMS_GET0_SIGNED				 133
-#define CMS_F_CMS_MSGSIGDIGEST_ADD1			 162
-#define CMS_F_CMS_RECEIPTREQUEST_CREATE0		 159
-#define CMS_F_CMS_RECEIPT_VERIFY			 160
-#define CMS_F_CMS_RECIPIENTINFO_DECRYPT			 134
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT		 135
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT		 136
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID		 137
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP		 138
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP		 139
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT		 140
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT		 141
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS		 142
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID	 143
-#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY		 144
-#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY		 145
-#define CMS_F_CMS_SET1_SIGNERIDENTIFIER			 146
-#define CMS_F_CMS_SET_DETACHED				 147
-#define CMS_F_CMS_SIGN					 148
-#define CMS_F_CMS_SIGNED_DATA_INIT			 149
-#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN		 150
-#define CMS_F_CMS_SIGNERINFO_SIGN			 151
-#define CMS_F_CMS_SIGNERINFO_VERIFY			 152
-#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT		 153
-#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT		 154
-#define CMS_F_CMS_SIGN_RECEIPT				 163
-#define CMS_F_CMS_STREAM				 155
-#define CMS_F_CMS_UNCOMPRESS				 156
-#define CMS_F_CMS_VERIFY				 157
-
-/* Reason codes. */
-#define CMS_R_ADD_SIGNER_ERROR				 99
-#define CMS_R_CERTIFICATE_ALREADY_PRESENT		 175
-#define CMS_R_CERTIFICATE_HAS_NO_KEYID			 160
-#define CMS_R_CERTIFICATE_VERIFY_ERROR			 100
-#define CMS_R_CIPHER_INITIALISATION_ERROR		 101
-#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR	 102
-#define CMS_R_CMS_DATAFINAL_ERROR			 103
-#define CMS_R_CMS_LIB					 104
-#define CMS_R_CONTENTIDENTIFIER_MISMATCH		 170
-#define CMS_R_CONTENT_NOT_FOUND				 105
-#define CMS_R_CONTENT_TYPE_MISMATCH			 171
-#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA		 106
-#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA		 107
-#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA		 108
-#define CMS_R_CONTENT_VERIFY_ERROR			 109
-#define CMS_R_CTRL_ERROR				 110
-#define CMS_R_CTRL_FAILURE				 111
-#define CMS_R_DECRYPT_ERROR				 112
-#define CMS_R_DIGEST_ERROR				 161
-#define CMS_R_ERROR_GETTING_PUBLIC_KEY			 113
-#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE	 114
-#define CMS_R_ERROR_SETTING_KEY				 115
-#define CMS_R_ERROR_SETTING_RECIPIENTINFO		 116
-#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH		 117
-#define CMS_R_INVALID_KEY_LENGTH			 118
-#define CMS_R_MD_BIO_INIT_ERROR				 119
-#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH	 120
-#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH		 121
-#define CMS_R_MSGSIGDIGEST_ERROR			 172
-#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE		 162
-#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH			 163
-#define CMS_R_NEED_ONE_SIGNER				 164
-#define CMS_R_NOT_A_SIGNED_RECEIPT			 165
-#define CMS_R_NOT_ENCRYPTED_DATA			 122
-#define CMS_R_NOT_KEK					 123
-#define CMS_R_NOT_KEY_TRANSPORT				 124
-#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE		 125
-#define CMS_R_NO_CIPHER					 126
-#define CMS_R_NO_CONTENT				 127
-#define CMS_R_NO_CONTENT_TYPE				 173
-#define CMS_R_NO_DEFAULT_DIGEST				 128
-#define CMS_R_NO_DIGEST_SET				 129
-#define CMS_R_NO_KEY					 130
-#define CMS_R_NO_KEY_OR_CERT				 174
-#define CMS_R_NO_MATCHING_DIGEST			 131
-#define CMS_R_NO_MATCHING_RECIPIENT			 132
-#define CMS_R_NO_MATCHING_SIGNATURE			 166
-#define CMS_R_NO_MSGSIGDIGEST				 167
-#define CMS_R_NO_PRIVATE_KEY				 133
-#define CMS_R_NO_PUBLIC_KEY				 134
-#define CMS_R_NO_RECEIPT_REQUEST			 168
-#define CMS_R_NO_SIGNERS				 135
-#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 136
-#define CMS_R_RECEIPT_DECODE_ERROR			 169
-#define CMS_R_RECIPIENT_ERROR				 137
-#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND		 138
-#define CMS_R_SIGNFINAL_ERROR				 139
-#define CMS_R_SMIME_TEXT_ERROR				 140
-#define CMS_R_STORE_INIT_ERROR				 141
-#define CMS_R_TYPE_NOT_COMPRESSED_DATA			 142
-#define CMS_R_TYPE_NOT_DATA				 143
-#define CMS_R_TYPE_NOT_DIGESTED_DATA			 144
-#define CMS_R_TYPE_NOT_ENCRYPTED_DATA			 145
-#define CMS_R_TYPE_NOT_ENVELOPED_DATA			 146
-#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT		 147
-#define CMS_R_UNKNOWN_CIPHER				 148
-#define CMS_R_UNKNOWN_DIGEST_ALGORIHM			 149
-#define CMS_R_UNKNOWN_ID				 150
-#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 151
-#define CMS_R_UNSUPPORTED_CONTENT_TYPE			 152
-#define CMS_R_UNSUPPORTED_KEK_ALGORITHM			 153
-#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE		 154
-#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE		 155
-#define CMS_R_UNSUPPORTED_TYPE				 156
-#define CMS_R_UNWRAP_ERROR				 157
-#define CMS_R_VERIFICATION_FAILURE			 158
-#define CMS_R_WRAP_ERROR				 159
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -1,346 +0,0 @@
-/* crypto/cms/cms_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include "cms.h"
-#include "cms_lcl.h"
-
-
-ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
-	ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
-	ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
-
-ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
-	ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
-	ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
-
-ASN1_CHOICE(CMS_CertificateChoices) = {
-	ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
-	ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
-	ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
-	ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
-	ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
-} ASN1_CHOICE_END(CMS_CertificateChoices)
-
-ASN1_CHOICE(CMS_SignerIdentifier) = {
-	ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
-	ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
-} ASN1_CHOICE_END(CMS_SignerIdentifier)
-
-ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
-	ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
-	ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
-
-/* Minor tweak to operation: free up signer key, cert */
-static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	if(operation == ASN1_OP_FREE_POST)
-		{
-		CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
-		if (si->pkey)
-			EVP_PKEY_free(si->pkey);
-		if (si->signer)
-			X509_free(si->signer);
-		}
-	return 1;
-	}
-
-ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
-	ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
-	ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
-	ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
-	ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
-	ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
-	ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
-} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
-
-ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
-	ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
-	ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
-
-ASN1_CHOICE(CMS_RevocationInfoChoice) = {
-	ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
-	ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
-} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
-
-ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
-	ASN1_SIMPLE(CMS_SignedData, version, LONG),
-	ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
-	ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-	ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
-	ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
-	ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
-} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
-
-ASN1_SEQUENCE(CMS_OriginatorInfo) = {
-	ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
-	ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
-} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
-
-ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
-	ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
-	ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
-	ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
-
-ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
-	ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
-	ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
-	ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
-
-ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
-	ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
-	ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
-
-ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
-	ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
-	ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
-	ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
-} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
-
-ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
-  ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
-  ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
-} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
-
-ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
-	ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
-	ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
-
-ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
-  ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
-  ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
-
-ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
-  ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
-  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
-  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
-} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
-
-ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
-	ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
-	ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
-	ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
-	ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
-	ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
-} ASN1_SEQUENCE_END(CMS_KeyAgreeRecipientInfo)
-
-ASN1_SEQUENCE(CMS_KEKIdentifier) = {
-	ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
-	ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
-	ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
-} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
-
-ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
-	ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
-	ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
-	ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
-
-ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
-	ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
-	ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
-	ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
-
-ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
-  ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
-  ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
-
-/* Free up RecipientInfo additional data */
-static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	if(operation == ASN1_OP_FREE_PRE)
-		{
-		CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
-		if (ri->type == CMS_RECIPINFO_TRANS)
-			{
-			CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
-			if (ktri->pkey)
-				EVP_PKEY_free(ktri->pkey);
-			if (ktri->recip)
-				X509_free(ktri->recip);
-			}
-		else if (ri->type == CMS_RECIPINFO_KEK)
-			{
-			CMS_KEKRecipientInfo *kekri = ri->d.kekri;
-			if (kekri->key)
-				{
-				OPENSSL_cleanse(kekri->key, kekri->keylen);
-				OPENSSL_free(kekri->key);
-				}
-			}
-		}
-	return 1;
-	}
-
-ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
-	ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
-	ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
-	ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
-	ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
-	ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
-} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
-
-ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
-	ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
-	ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
-	ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
-	ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
-	ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
-} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
-
-ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
-	ASN1_SIMPLE(CMS_DigestedData, version, LONG),
-	ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-	ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
-} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
-
-ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
-	ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
-	ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
-	ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
-
-ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
-	ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
-	ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
-	ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
-	ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
-	ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
-	ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-	ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
-	ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
-	ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
-} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
-
-ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
-	ASN1_SIMPLE(CMS_CompressedData, version, LONG),
-	ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
-
-/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
-
-ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
-
-ASN1_ADB(CMS_ContentInfo) = {
-	ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
-	ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
-	ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
-	ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
-	ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
-	ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
-	ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
-} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
-
-ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = {
-	ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(CMS_ContentInfo)
-} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo)
-
-/* Specials for signed attributes */
-
-/* When signing attributes we want to reorder them to match the sorted
- * encoding.
- */
-
-ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
-ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
-
-/* When verifying attributes we need to use the received order. So 
- * we use SEQUENCE OF and tag it to SET OF
- */
-
-ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
-				V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
-ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
-
-
-
-ASN1_CHOICE(CMS_ReceiptsFrom) = {
-  ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
-  ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
-} ASN1_CHOICE_END(CMS_ReceiptsFrom)
-
-ASN1_SEQUENCE(CMS_ReceiptRequest) = {
-  ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
-  ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
-  ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
-} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
-
-ASN1_SEQUENCE(CMS_Receipt) = {
-  ASN1_SIMPLE(CMS_Receipt, version, LONG),
-  ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
-  ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
-  ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_Receipt)
-
--- a/crypto/cms/cms_att.c
+++ b/crypto/cms/cms_att.c
@@ -1,195 +0,0 @@
-/* crypto/cms/cms_att.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include "cms.h"
-#include "cms_lcl.h"
-
-/* CMS SignedData Attribute utilities */
-
-int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
-{
-	return X509at_get_attr_count(si->signedAttrs);
-}
-
-int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos)
-{
-	return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
-}
-
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos)
-{
-	return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
-}
-
-X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
-{
-	return X509at_get_attr(si->signedAttrs, loc);
-}
-
-X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
-{
-	return X509at_delete_attr(si->signedAttrs, loc);
-}
-
-int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
-{
-	if(X509at_add1_attr(&si->signedAttrs, attr)) return 1;
-	return 0;
-}
-
-int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len)
-{
-	if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len)
-{
-	if(X509at_add1_attr_by_NID(&si->signedAttrs, nid,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len)
-{
-	if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type)
-{
-	return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
-}
-
-int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
-{
-	return X509at_get_attr_count(si->unsignedAttrs);
-}
-
-int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos)
-{
-	return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
-}
-
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos)
-{
-	return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
-}
-
-X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
-{
-	return X509at_get_attr(si->unsignedAttrs, loc);
-}
-
-X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
-{
-	return X509at_delete_attr(si->unsignedAttrs, loc);
-}
-
-int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
-{
-	if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1;
-	return 0;
-}
-
-int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len)
-{
-	if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len)
-{
-	if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len)
-{
-	if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type)
-{
-	return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
-}
-
-/* Specific attribute cases */
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Lutz Jänicke	bfa33c7e91	Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f	2007-10-19 08:25:15 +00:00
Lutz Jänicke	2808478899	Prepare OpenSSL 0.9.8g: cherry pick http://cvs.openssl.org/chngview?cn=16696 Ensure the ticket expected flag is reset when a stateless resumption is successful. Submitted by: steve	2007-10-19 07:44:10 +00:00
Lutz Jänicke	98d2eee05e	Prepare OpenSSL 0.9.8g: cherry pick http://cvs.openssl.org/chngview?cn=16695 New unused field crippled ssl_ctx_st in 0.9.8"f". Submitted by: appro	2007-10-19 07:42:38 +00:00
Lutz Jänicke	13e8459dea	Prepare OpenSSL 0.9.8g: cherry pick http://cvs.openssl.org/chngview?cn=16694 Don't let DTLS ChangeCipherSpec increment handshake sequence number. From HEAD with a twist: server interoperates with non-compliant client. PR: 1587 Submitted by: appro	2007-10-19 07:39:53 +00:00
Lutz Jänicke	8c447031ad	Prepare OpenSSL 0.9.8g: cherry pick http://cvs.openssl.org/chngview?cn=16691 Don't try to lookup zero length session. PR: 1591 Submitted by: steve	2007-10-19 07:36:34 +00:00
Lutz Jänicke	4875e097f1	Prepare OpenSSL 0.9.8g: cherry pick http://cvs.openssl.org/chngview?cn=16682 Copy bn/asm/ia64.S from HEAD. PR: 1594 Submitted by: appro	2007-10-19 07:31:16 +00:00
Lutz Jänicke	9083142ace	Prepare OpenSSL 0.9.8g: cherry pick http://cvs.openssl.org/chngview?cn=16674 Avoid shadow and signed/unsigned warnings. Submitted by: steve	2007-10-19 07:27:51 +00:00
cvs2svn	9f2f46ba02	This commit was manufactured by cvs2svn to create branch 'OpenSSL_0_9_8fg- stable'.	2007-10-11 18:23:19 +00:00