This commit was manufactured by cvs2svn to create tag 'LEVITTE_after_const'.

2004-03-15 23:15:27 +00:00
1328 changed files with 45412 additions and 141717 deletions
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,4 +1,5 @@
 openssl.pc
 Makefile.ssl
 MINFO
 makefile.one
 tmp
@@ -11,10 +12,5 @@ maketest.log
 cctest
 cctest.c
 cctest.a
-*.flc
+libcrypto.so.*
-semantic.cache
+libssl.so.*
 Makefile
 *.so*
 *.dll*
 *.sl*
 *.dylib*
--- a/1273
+++ b/1273
--- a/1184
+++ b/1184
--- a/224
+++ b/224
@@ -31,9 +31,6 @@ OpenSSL  -  Frequently Asked Questions
 * Why does my browser give a warning about a mismatched hostname?
 * How do I install a CA certificate into a browser?
 * Why is OpenSSL x509 DN output not conformant to RFC2253?
 * What is a "128 bit certificate"? Can I create one with OpenSSL?
 * Why does OpenSSL set the authority key identifier extension incorrectly?
 * How can I set up a bundle of commercial root CA certificates?
 [BUILD] Questions about building and testing OpenSSL
@@ -49,16 +46,12 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the OpenSSL test suite fail on MacOS X?
 * Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
 * Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
 * Why does the OpenSSL test suite fail in sha512t on x86 CPU?
 * Why does compiler fail to compile sha512.c?
 * Test suite still fails, what to do?
 [PROG] Questions about programming with OpenSSL
 * Is OpenSSL thread-safe?
 * I've compiled a program under Windows and it crashes: why?
 * How do I read or write a DER encoded buffer using the ASN1 functions?
 * OpenSSL uses DER but I need BER format: does OpenSSL support BER?
 * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
 * I've called <some function> and it fails, why?
 * I just get a load of numbers for the error output, what do they mean?
@@ -67,9 +60,6 @@ OpenSSL  -  Frequently Asked Questions
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 * Why doesn't my server application receive a client certificate?
 * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
 * I think I've detected a memory leak, is this a bug?
 * Why does Valgrind complain about the use of uninitialized data?
 * Why doesn't a memory BIO work when a file does?
 ===============================================================================
@@ -78,7 +68,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8l was released on Nov 5th, 2009.
+OpenSSL 0.9.7c was released on September 30, 2003.
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -149,8 +139,8 @@ less Unix-centric, it might have been used much earlier.
 With version 0.9.6 OpenSSL was extended to interface to external crypto
 hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 the changes were merged into the main development line,
+version 0.9.7 (not yet released) the changes were merged into the main
-so that the special release is no longer necessary.
+development line, so that the special release is no longer necessary.
 * How do I check the authenticity of the OpenSSL distribution?
@@ -160,8 +150,7 @@ Use MD5 to check that a tarball from a mirror site is identical:
   md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
 You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server, see a
+member public key used to sign it (download it from a key server). Then
 list of keys at <URL: http://www.openssl.org/about/>). Then
 just do:
   pgp TARBALL.asc
@@ -175,8 +164,8 @@ you if you want to use OpenSSL.  For information on intellectual
 property rights, please consult a lawyer.  The OpenSSL team does not
 offer legal advice.
-You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
+You can configure OpenSSL so as not to use RC5 and IDEA by using
- ./config no-idea no-mdc2 no-rc5
+ ./config no-rc5 no-idea
 * Can I use OpenSSL with GPL software?
@@ -392,76 +381,6 @@ interface, the "-nameopt" option could be introduded. See the manual
 page of the "openssl x509" commandline tool for details. The old behaviour
 has however been left as default for the sake of compatibility.
 * What is a "128 bit certificate"? Can I create one with OpenSSL?
 The term "128 bit certificate" is a highly misleading marketing term. It does
 *not* refer to the size of the public key in the certificate! A certificate
 containing a 128 bit RSA key would have negligible security.
 There were various other names such as "magic certificates", "SGC
 certificates", "step up certificates" etc.
 You can't generally create such a certificate using OpenSSL but there is no
 need to any more. Nowadays web browsers using unrestricted strong encryption
 are generally available.
 When there were tight restrictions on the export of strong encryption
 software from the US only weak encryption algorithms could be freely exported
 (initially 40 bit and then 56 bit). It was widely recognised that this was
 inadequate. A relaxation of the rules allowed the use of strong encryption but
 only to an authorised server.
 Two slighly different techniques were developed to support this, one used by
 Netscape was called "step up", the other used by MSIE was called "Server Gated
 Cryptography" (SGC). When a browser initially connected to a server it would
 check to see if the certificate contained certain extensions and was issued by
 an authorised authority. If these test succeeded it would reconnect using
 strong encryption.
 Only certain (initially one) certificate authorities could issue the
 certificates and they generally cost more than ordinary certificates.
 Although OpenSSL can create certificates containing the appropriate extensions
 the certificate would not come from a permitted authority and so would not
 be recognized.
 The export laws were later changed to allow almost unrestricted use of strong
 encryption so these certificates are now obsolete.
 * Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?
 It doesn't: this extension is often the cause of confusion.
 Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose
 certificate C contains AKID.
 The purpose of this extension is to identify the authority certificate B. This
 can be done either by including the subject key identifier of B or its issuer
 name and serial number.
 In this latter case because it is identifying certifcate B it must contain the
 issuer name and serial number of B.
 It is often wrongly assumed that it should contain the subject name of B. If it
 did this would be redundant information because it would duplicate the issuer
 name of C.
 * How can I set up a bundle of commercial root CA certificates?
 The OpenSSL software is shipped without any root CA certificate as the
 OpenSSL project does not have any policy on including or excluding
 any specific CA and does not intend to set up such a policy. Deciding
 about which CAs to support is up to application developers or
 administrators.
 Other projects do have other policies so you can for example extract the CA
 bundle used by Mozilla and/or modssl as described in this article:
  http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html
 [BUILD] =======================================================================
 * Why does the linker complain about undefined symbols?
@@ -551,10 +470,6 @@ This will only compile sha_dgst.c with -O0, the rest with the optimization
 level chosen by the configuration process.  When the above is done, do the
 test and installation and you're set.
 3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It 
 should not be used and is not used in SSL/TLS nor any other recognized
 protocol in either case.
 * Why does the OpenSSL compilation fail with "ar: command not found"?
@@ -676,35 +591,6 @@ Reportedly elder *BSD a.out platforms also suffer from this problem and
 remedy should be same. Provided binary is statically linked and should be
 working across wider range of *BSD branches, not just OpenBSD.
 * Why does the OpenSSL test suite fail in sha512t on x86 CPU?
 If the test program in question fails withs SIGILL, Illegal Instruction
 exception, then you more than likely to run SSE2-capable CPU, such as
 Intel P4, under control of kernel which does not support SSE2
 instruction extentions. See accompanying INSTALL file and
 OPENSSL_ia32cap(3) documentation page for further information.
 * Why does compiler fail to compile sha512.c?
 OpenSSL SHA-512 implementation depends on compiler support for 64-bit
 integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
 couple] lack support for this and therefore are incapable of compiling
 the module in question. The recommendation is to disable SHA-512 by
 adding no-sha512 to ./config [or ./Configure] command line. Another
 possible alternative might be to switch to GCC.
 * Test suite still fails, what to do?
 Another common reason for failure to complete some particular test is
 simply bad code generated by a buggy component in toolchain or deficiency
 in run-time environment. There are few cases documented in PROBLEMS file,
 consult it for possible workaround before you beat the drum. Even if you
 don't find solution or even mention there, do reserve for possibility of
 a compiler bug. Compiler bugs might appear in rather bizarre ways, they
 never make sense, and tend to emerge when you least expect them. In order
 to identify one, drop optimization level, e.g. by editing CFLAG line in
 top-level Makefile, recompile and re-run the test.
 [PROG] ========================================================================
 * Is OpenSSL thread-safe?
@@ -716,9 +602,8 @@ libraries.  If your platform is not one of these, consult the INSTALL
 file.
 Multi-threaded applications must provide two callback functions to
-OpenSSL by calling CRYPTO_set_locking_callback() and
+OpenSSL.  This is described in the threads(3) manpage.
-CRYPTO_set_id_callback().  This is described in the threads(3)
+
 manpage.
 * I've compiled a program under Windows and it crashes: why?
@@ -760,20 +645,6 @@ by:
 Note that debug and release libraries are NOT interchangeable.  If you
 built OpenSSL with /MD your application must use /MD and cannot use /MDd.
 As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
 .DLLs compiled with some specific run-time option [we insist on the
 default /MD] can be deployed with application compiled with different
 option or even different compiler. But there is a catch! Instead of
 re-compiling OpenSSL toolkit, as you would have to with prior versions,
 you have to compile small C snippet with compiler and/or options of
 your choice. The snippet gets installed as
 <install-root>/include/openssl/applink.c and should be either added to
 your application project or simply #include-d in one [and only one]
 of your application source files. Failure to link this shim module
 into your application manifests itself as fatal "no OPENSSL_Applink"
 run-time error. An explicit reminder is due that in this situation
 [mixing compiler options] it is as important to add CRYPTO_malloc_init
 prior first call to OpenSSL.
 * How do I read or write a DER encoded buffer using the ASN1 functions?
@@ -812,20 +683,6 @@ and attempts to free the buffer will have unpredictable results
 because it no longer points to the same address.
 * OpenSSL uses DER but I need BER format: does OpenSSL support BER?
 The short answer is yes, because DER is a special case of BER and OpenSSL
 ASN1 decoders can process BER.
 The longer answer is that ASN1 structures can be encoded in a number of
 different ways. One set of ways is the Basic Encoding Rules (BER) with various
 permissible encodings. A restriction of BER is the Distinguished Encoding
 Rules (DER): these uniquely specify how a given structure is encoded.
 Therefore, because DER is a special case of BER, DER is an acceptable encoding
 for BER.
 * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
 This usually happens when you try compiling something using the PKCS#12
@@ -859,11 +716,11 @@ code itself (the hex digits after the second colon).
 * Why do I get errors about unknown algorithms?
-The cause is forgetting to load OpenSSL's table of algorithms with
+This can happen under several circumstances such as reading in an
-OpenSSL_add_all_algorithms(). See the manual page for more information. This
+encrypted private key or attempting to decrypt a PKCS#12 file. The cause
-can cause several problems such as being unable to read in an encrypted
+is forgetting to load OpenSSL's table of algorithms with
-PEM file, unable to decrypt a PKCS#12 file or signature failure when
+OpenSSL_add_all_algorithms(). See the manual page for more information.
-verifying certificates.
+
 * Why can't the OpenSSH configure script detect OpenSSL?
@@ -908,58 +765,5 @@ The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
 Change your code to use the new name when compiling against OpenSSL 0.9.7.
 * I think I've detected a memory leak, is this a bug?
 In most cases the cause of an apparent memory leak is an OpenSSL internal table
 that is allocated when an application starts up. Since such tables do not grow
 in size over time they are harmless.
 These internal tables can be freed up when an application closes using various
 functions.  Currently these include following:
 Thread-local cleanup functions:
  ERR_remove_state()
 Application-global cleanup functions that are aware of usage (and therefore
 thread-safe):
  ENGINE_cleanup() and CONF_modules_unload()
 "Brutal" (thread-unsafe) Application-global cleanup functions:
  ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
 * Why does Valgrind complain about the use of uninitialized data?
 When OpenSSL's PRNG routines are called to generate random numbers the supplied
 buffer contents are mixed into the entropy pool: so it technically does not
 matter whether the buffer is initialized at this point or not.  Valgrind (and
 other test tools) will complain about this. When using Valgrind, make sure the
 OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY)
 to get rid of these warnings.
 * Why doesn't a memory BIO work when a file does?
 This can occur in several cases for example reading an S/MIME email message.
 The reason is that a memory BIO can do one of two things when all the data
 has been read from it.
 The default behaviour is to indicate that no more data is available and that
 the call should be retried, this is to allow the application to fill up the BIO
 again if necessary.
 Alternatively it can indicate that no more data is available and that EOF has
 been reached.
 If a memory BIO is to behave in the same way as a file this second behaviour
 is needed. This must be done by calling:
   BIO_set_mem_eof_return(bio, 0);
 See the manual pages for more details.
 ===============================================================================
--- a/34
+++ b/34
@@ -75,30 +75,14 @@
  no-asm        Do not use assembler code.
  386           Use the 80386 instruction set only (the default x86 code is
-                more efficient, but requires at least a 486). Note: Use
+                more efficient, but requires at least a 486).
                compiler flags for any other CPU specific configuration,
                e.g. "-m32" to build x86 code on an x64 system.
  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extention is
 		detected at run-time, but the decision whether or not the
 		machine code will be executed is taken solely on CPU
 		capability vector. This means that if you happen to run OS
 		kernel which does not support SSE2 extension on Intel P4
 		processor, then your application might be exposed to
 		"illegal instruction" exception. There might be a way
 		to enable support in kernel, e.g. FreeBSD kernel can be
 		compiled with CPU_ENABLE_SSE, and there is a way to
 		disengage SSE2 code pathes upon application start-up,
 		but if you aim for wider "audience" running such kernel,
 		consider no-sse2. Both 386 and no-asm options above imply
 		no-sse2.
  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
                The crypto/<cipher> directory can be removed after running
                "make depend".
-  -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will
+  -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
                be passed through to the compiler to allow you to
                define preprocessor symbols, specify additional libraries,
                library directories or other compiler options.
@@ -158,7 +142,7 @@
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
     message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/support/rt.html and will be forwarded to a
+     via http://www.openssl.org/support/rt2.html and will be forwarded to a
     public mailing list). Include the output of "make report" in your message.
     Please check out the request tracker. Maybe the bug was already
     reported or has already been fixed.
@@ -180,7 +164,7 @@
     in Makefile.ssl and run "make clean; make". Please send a bug
     report to <openssl-bugs@openssl.org>, including the output of
     "make report" in order to be added to the request tracker at
-     http://www.openssl.org/support/rt.html.
+     http://www.openssl.org/support/rt2.html.
  4. If everything tests ok, install OpenSSL with
@@ -302,10 +286,10 @@
 Note on shared libraries
 ------------------------
- Shared libraries have certain caveats.  Binary backward compatibility
+ Shared library is currently an experimental feature.  The only reason to
- can't be guaranteed before OpenSSL version 1.0.  The only reason to
+ have them would be to conserve memory on systems where several program
- use them would be to conserve memory on systems where several programs
+ are using OpenSSL.  Binary backward compatibility can't be guaranteed
- are using OpenSSL.
+ before OpenSSL version 1.0.
 For some systems, the OpenSSL Configure script knows what is needed to
 build shared libraries for libcrypto and libssl.  On these systems,
@@ -330,7 +314,7 @@
 Note on support for multiple builds
 -----------------------------------
- OpenSSL is usually built in its source tree.  Unfortunately, this doesn't
+ OpenSSL is usually built in it's source tree.  Unfortunately, this doesn't
 support building for multiple platforms from the same source tree very well.
 It is however possible to build in a separate tree through the use of lots
 of symbolic links, which should be prepared like this:
--- a/INSTALL.DJGPP
+++ b/INSTALL.DJGPP
@@ -3,45 +3,32 @@
 INSTALLATION ON THE DOS PLATFORM WITH DJGPP
 -------------------------------------------
- OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
+ Openssl has been ported to DOS, but only with long filename support. If
- environment for 16-bit DOS, but only with long filename support.
+ you wish to compile on native DOS with 8+3 filenames, you will have to
- If you wish to compile on native DOS with 8+3 filenames, you will
+ tweak the installation yourself, including renaming files with illegal
- have to tweak the installation yourself, including renaming files
+ or duplicate names.
 with illegal or duplicate names.
 You should have a full DJGPP environment installed, including the
 latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
 requires that PERL and BC also be installed.
- All of these can be obtained from the usual DJGPP mirror sites or
+ All of these can be obtained from the usual DJGPP mirror sites, such
- directly at "http://www.delorie.com/pub/djgpp". For help on which
+ as "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to
- files to download, see the DJGPP "ZIP PICKER" page at
+ have the WATT-32 networking package installed before you try to compile
- "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
+ openssl. This can be obtained from "http://www.bgnett.no/~giva/".
 the WATT-32 networking package installed before you try to compile
 OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
 The Makefile assumes that the WATT-32 code is in the directory
 specified by the environment variable WATT_ROOT. If you have watt-32
 in directory "watt32" under your main DJGPP directory, specify
 WATT_ROOT="/dev/env/DJDIR/watt32".
- To compile OpenSSL, start your BASH shell, then configure for DJGPP by
+ To compile openssl, start your BASH shell. Then configure for DOS by
- running "./Configure" with appropriate arguments:
+ running "./Configure" with appropriate arguments. The basic syntax for
-
+ DOS is:
 ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
- And finally fire up "make". You may run out of DPMI selectors when
+ You may run out of DPMI selectors when running in a DOS box under
- running in a DOS box under Windows. If so, just close the BASH
+ Windows. If so, just close the BASH shell, go back to Windows, and
- shell, go back to Windows, and restart BASH. Then run "make" again.
+ restart BASH. Then run "make" again.
- RUN-TIME CAVEAT LECTOR
+ Building openssl under DJGPP has been tested with DJGPP 2.03,
- --------------
+ GCC 2.952, GCC 2.953, perl 5.005_02 and perl 5.006_01.
 Quoting FAQ:
  "Cryptographic software needs a source of unpredictable data to work
   correctly.  Many open source operating systems provide a "randomness
   device" (/dev/urandom or /dev/random) that serves this purpose."
 As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
 party "randomness" DOS driver. One such driver, NOISE.SYS, can be
 obtained from "http://www.rahul.net/dkaufman/index.html".
--- a/INSTALL.NW
+++ b/INSTALL.NW
@@ -8,62 +8,54 @@ Notes about building OpenSSL for NetWare.
 BUILD PLATFORM:
 ---------------
 The build scripts (batch files, perl scripts, etc) have been developed and
-tested on W2K.  The scripts should run fine on other Windows platforms
+tested on W2K.  The scripts should run fine on other Windows
-(NT, Win9x, WinXP) but they have not been tested.  They may require some
+platforms (NT, Win9x, WinXP) but they haven't been tested.  They may require 
-modifications.
+some modifications.
 Supported NetWare Platforms - NetWare 5.x, NetWare 6.x:
-------------------------------------------------------
+------------------------------------------
-OpenSSL can either use the WinSock interfaces introduced in NetWare 5,
+OpenSSL uses the WinSock interfaces introduced in NetWare 5.  Therefore,
-or the BSD socket interface.  Previous versions of NetWare, 4.x and 3.x,
+previous versions of NetWare, 4.x and 3.x, are not supported.
 are only supported if OpenSSL is build for CLIB and BSD sockets;
 WinSock builds only support NetWare 5 and up.
 On NetWare there are two c-runtime libraries.  There is the legacy CLIB 
-interfaces and the newer LIBC interfaces.  Being ANSI-C libraries, the 
+interfaces and the newer LibC interfaces.  Being ANSI-C libraries, the 
-functionality in CLIB and LIBC is similar but the LIBC interfaces are built 
+functionality in CLIB and LibC is similar but the LibC interfaces are built 
 using Novell Kernal Services (NKS) which is designed to leverage 
 multi-processor environments.
-The NetWare port of OpenSSL can be configured to build using CLIB or LIBC.
+The NetWare port of OpenSSL can configured to build using CLIB or LibC.  The 
-The CLIB build was developed and tested using NetWare 5.0 sp6.0a.  The LIBC 
+CLIB build was developed and tested using NetWare 5.0 sp6.0a.  The LibC 
 build was developed and tested using the NetWare 6.0 FCS.  
-The necessary LIBC functionality ships with NetWare 6.  However, earlier 
+The necessary LibC functionality ships with NetWare 6.  However, earlier 
-NetWare 5.x versions will require updates in order to run the OpenSSL LIBC
+NetWare 5.x versions will require updates in order to run the OpenSSL LibC
-build (NetWare 5.1 SP8 is known to work).
+build.
 As of June 2005, the LIBC build can be configured to use BSD sockets instead
 of WinSock sockets. Call Configure (usually through netware\build.bat) using
 a target of "netware-libc-bsdsock" instead of "netware-libc".
 As of June 2007, support for CLIB and BSD sockets is also now available
 using a target of "netware-clib-bsdsock" instead of "netware-clib";
 also gcc builds are now supported on both Linux and Win32 (post 0.9.8e).
 REQUIRED TOOLS:
 ---------------
 Based upon the configuration and build options used, some or all of the
 following tools may be required:
 * Perl for Win32 - required (http://www.activestate.com/ActivePerl)
   Used to run the various perl scripts on the build platform.
 * Perl 5.8.0 for NetWare v3.20 (or later) - required 
   (http://developer.novell.com) Used to run the test script on NetWare 
   after building.
-* Compiler / Linker - required:
+
-   Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare (commercial):
+* Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare - required:
   Provides command line tools used for building.
   Tools:
   mwccnlm.exe  - C/C++ Compiler for NetWare
   mwldnlm.exe  - Linker for NetWare
   mwasmnlm.exe - x86 assembler for NetWare (if using assembly option)
   gcc / nlmconv Cross-Compiler, available from Novell Forge (free):
         http://forge.novell.com/modules/xfmod/project/?aunixnw
 * Assemblers - optional:
   If you intend to build using the assembly options you will need an
@@ -83,11 +75,11 @@ following tools may be required:
   In order to build you will need a make tool.  Two make tools are
   supported, GNU make (gmake.exe) or Microsoft nmake.exe.
-   make.exe - GNU make for Windows (version 3.75 used for development)
+   gmake.exe - GNU make for Windows (version 3.75 used for development)
-         http://gnuwin32.sourceforge.net/packages/make.htm
+         http://www.gnu.org/software/make/make.html
   nmake.exe - Microsoft make (Version 6.00.8168.0 used for development)
-         http://support.microsoft.com/kb/132084/EN-US/
+
 * Novell Developer Kit (NDK) - required: (http://developer.novell.com)
@@ -103,12 +95,7 @@ following tools may be required:
         Microsoft SDK.  Note: The winsock2.h support headers may change
         with various versions of winsock2.h.  Check the dependencies
         section on the NDK WinSock2 download page for the latest
-         information on dependencies. These components are unsupported by
+         information on dependencies.
         Novell. They are provided as a courtesy, but it is strongly
         suggested that all development be done using LIBC, not CLIB.
         As of June 2005, the WinSock2 components are available at:
         http://forgeftp.novell.com//ws2comp/
      NLM and NetWare libraries for C (including CLIB and XPlat):
@@ -127,15 +114,14 @@ following tools may be required:
   LIBC - BUILDS:
-      Libraries for C (LIBC) - LIBC headers and import files
+      Libraries for C (LibC) - LibC headers and import files
-         If you are going to build a LIBC version of OpenSSL, you will
+			If you are going to build a LibC version of OpenSSL, you will
-         need the LIBC headers and imports.  The March 14, 2002 NDK release or
+			need the LibC headers and imports.  The March 14, 2002 NDK release or
 			later is required.  
-         NOTE: The LIBC SDK includes the necessary WinSock2 support.
+         NOTE: The LibC SDK includes the necessary WinSock2 support.  It
-         It is not necessary to download the WinSock2 NDK when building for
+         It is not necessary to download the WinSock2 Developer when building
-         LIBC. The LIBC SDK also includes the appropriate BSD socket support
+         for LibC.
         if configuring to use BSD sockets.
 BUILDING:
@@ -147,36 +133,35 @@ The set_env.bat file is a template you can use to set up the path
 and environment variables you will need to build.  Modify the
 various lines to point to YOUR tools and run set_env.bat.
-   netware\set_env.bat <target> [compiler]
+	netware\set_env.bat [target]
-      target        - "netware-clib" - CLIB NetWare build
+      target        - "netware-clib" - CLib NetWare build
-                    - "netware-libc" - LIBC NetWare build
+                    - "netware-libc" - LibC NetWare build
      compiler      - "gnuc"         - GNU GCC Compiler
                    - "codewarrior"  - MetroWerks CodeWarrior (default)
 If you don't use set_env.bat, you will need to set up the following
 environment variables:
-   PATH - Set PATH to point to the tools you will use.
+   path - Set path to point to the tools you will use.
-   INCLUDE - The location of the NDK include files.
+   MWCIncludes - The location of the NDK include files.
-            CLIB ex: set INCLUDE=c:\ndk\nwsdk\include\nlm
+			CLIB ex: set MWCIncludes=c:\ndk\nwsdk\include\nlm
-            LIBC ex: set INCLUDE=c:\ndk\libc\include
+			LibC ex: set MWCIncludes=c:\ndk\libc\include
   PRELUDE - The absolute path of the prelude object to link with.  For
-            a CLIB build it is recommended you use the "clibpre.o" files shipped
+			a CLIB build it is recommended you use the "nwpre.obj" file shipped
-            with the Metrowerks PDK for NetWare.  For a LIBC build you should 
+			with the Metrowerks PDK for NetWare.  For a LibC build you should 
-            use the "libcpre.o" file delivered with the LIBC NDK components.
+			use the "libcpre.o" file delivered with the LibC NDK components.
-            CLIB ex: set PRELUDE=c:\ndk\nwsdk\imports\clibpre.o
+			CLIB ex: set PRELUDE=c:\codewar\novell support\metrowerks support\
-            LIBC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o
+                               libraries\runtime\nwpre.obj
 			LibC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o
   IMPORTS - The locaton of the NDK import files.
 			CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports
-            LIBC ex: set IMPORTS=c:\ndk\libc\imports
+			LibC ex: set IMPORTS=c:\ndk\libc\imports
 In order to build, you need to run the Perl scripts to configure the build
@@ -189,10 +174,8 @@ the assembly code.  Always run build.bat from the "openssl" directory.
   netware\build [target] [debug opts] [assembly opts] [configure opts]
-      target        - "netware-clib" - CLIB NetWare build (WinSock Sockets)
+      target        - "netware-clib" - CLib NetWare build
-                    - "netware-clib-bsdsock" - CLIB NetWare build (BSD Sockets)
+                    - "netware-libc" - LibC NetWare build
                    - "netware-libc" - LIBC NetWare build (WinSock Sockets)
                    - "netware-libc-bsdsock" - LIBC NetWare build (BSD Sockets)
      debug opts    - "debug"  - build debug
@@ -201,41 +184,35 @@ the assembly code.  Always run build.bat from the "openssl" directory.
                      "no-asm"   - don't use assembly
      configure opts- all unrecognized arguments are passed to the
-                      perl 'configure' script. See that script for
+                       perl configure script
                      internal documentation regarding options that
                      are available.
   examples:
 		CLIB build, debug, without assembly:
 			netware\build.bat netware-clib debug no-asm
-      LIBC build, non-debug, using NASM assembly, add mdc2 support:
+		LibC build, non-debug, using NASM assembly:
-         netware\build.bat netware-libc nw-nasm enable-mdc2
+			netware\build.bat netware-libc nw-nasm
      LIBC build, BSD sockets, non-debug, without assembly:
         netware\build.bat netware-libc-bsdsock no-asm
 Running build.bat generates a make file to be processed by your make 
 tool (gmake or nmake):
-   CLIB ex: gmake -f netware\nlm_clib_dbg.mak 
+   CLIB ex: gmake -f netware\nlm_clib.mak 
-   LIBC ex: gmake -f netware\nlm_libc.mak 
+   LibC ex: gmake -f netware\nlm_libc.mak 
   LIBC ex: gmake -f netware\nlm_libc_bsdsock.mak 
 You can also run the build scripts manually if you do not want to use the
 build.bat file.  Run the following scripts in the "\openssl"
 subdirectory (in the order listed below):
-   perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock]
+   perl configure no-asm [other config opts] [netware-clib|netware-libc]
      configures no assembly build for specified netware environment
-      (CLIB or LIBC).
+		(CLIB or LibC).
   perl util\mkfiles.pl >MINFO
      generates a listing of source files (used by mk1mf)
-   perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock >netware\nlm.mak
+   perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc >netware\nlm.mak
      generates the makefile for NetWare
   gmake -f netware\nlm.mak
@@ -260,12 +237,12 @@ The output from the build is placed in the following directories:
      tmp_nw_clib         - temporary build files
      outinc_nw_clib      - necesary include files
-   LIBC Debug build:
+   LibC Debug build:
      out_nw_libc.dbg     - static libs & test nlm(s)
      tmp_nw_libc.dbg     - temporary build files
      outinc_nw_libc      - necessary include files
-   LIBC Non-debug build:
+   LibC Non-debug build:
      out_nw_libc         - static libs & test nlm(s)
      tmp_nw_libc         - temporary build files
      outinc_nw_libc      - necesary include files
@@ -291,7 +268,7 @@ To run cpy_tests.bat:
      NetWare drive    - drive letter of mapped drive
      CLIB ex: netware\cpy_tests out_nw_clib m:
-      LIBC ex: netware\cpy_tests out_nw_libc m:
+      LibC ex: netware\cpy_tests out_nw_libc m:
 The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server
@@ -313,6 +290,13 @@ The do_tests.pl script generates a log file "\openssl\test_out\tests.log"
 which should be reviewed for errors.  Any errors will be denoted by the word
 "ERROR" in the log.
 NOTE:  Currently (11/2002), the LibC test nlms report an error while loading
       when launched from the perl script (do_tests.pl).  The problems are 
       being addressed by the LibC development team and should be fixed in the
       next release.  Until the problems are corrected, the LibC test nlms 
       will have to be executed manually.  
 DEVELOPING WITH THE OPENSSL SDK:
 --------------------------------
 Now that everything is built and tested, you are ready to use the OpenSSL
@@ -366,9 +350,9 @@ clean up the resources!
 Multi-threaded Development
 ---------------------------
-The NetWare version of OpenSSL is thread-safe, however multi-threaded
+The NetWare version of OpenSSL is thread-safe however, multi-threaded
 applications must provide the necessary locking function callbacks.  This
-is described in doc\threads.doc.  The file "openssl-x.x.x\crypto\threads\mttest.c"
+is described in doc\threads.doc.  The file "openssl\crypto\threads\mttest.c"
 is a multi-threaded test program and demonstrates the locking functions.
@@ -438,7 +422,7 @@ Makefile "vclean"
 ------------------
 The generated makefile has a "vclean" target which cleans up the build
 directories.  If you have been building successfully and suddenly
-experience problems, use "vclean" (gmake -f netware\nlm_xxxx.mak vclean) and retry.
+experience problems, use "vclean" (gmake -f netware\nlm.mak vclean) and retry.
 "Undefined Symbol" Linker errors
@@ -451,4 +435,3 @@ the import files.  The issues should be fixed in the September 2001 release
 of the NDK.  If you experience the problems you can temporarily
 work around it by manually adding the missing symbols to your version of 
 "clib.imp".  
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -3,7 +3,6 @@
 ----------------------------------
 [Instructions for building for Windows CE can be found in INSTALL.WCE]
 [Instructions for building for Win64 can be found in INSTALL.W64]
 Heres a few comments about building OpenSSL in Windows environments.  Most
 of this is tested on Win32 but it may also work in Win 3.1 with some
@@ -49,9 +48,7 @@
 Firstly you should run Configure:
- > perl Configure VC-WIN32 --prefix=c:/some/openssl/dir
+ > perl Configure VC-WIN32
 Where the prefix argument specifies where OpenSSL will be installed to.
 Next you need to build the Makefiles and optionally the assembly language
 files:
@@ -79,12 +76,8 @@ Where the prefix argument specifies where OpenSSL will be installed to.
 If all is well it should compile and you will have some DLLs and executables
 in out32dll. If you want to try the tests then do:
- > nmake -f ms\ntdll.mak test
+ > cd out32dll
-
+ > ..\ms\test
 To install OpenSSL to the specified location do:
 > nmake -f ms\ntdll.mak install
 Tweaks:
@@ -94,12 +87,6 @@ To install OpenSSL to the specified location do:
 compiled in. Note that mk1mf.pl expects the platform to be the last argument
 on the command line, so 'debug' must appear before that, as all other options.
 By default in 0.9.8 OpenSSL will compile builtin ENGINES into the libeay32.dll
 shared library. If you specify the "no-static-engine" option on the command
 line to Configure the shared library build (ms\ntdll.mak) will compile the
 engines as separate DLLs.
 The default Win32 environment is to leave out any Windows NT specific
 features.
@@ -110,8 +97,6 @@ To install OpenSSL to the specified location do:
 You can also build a static version of the library using the Makefile
 ms\nt.mak
 Borland C++ builder 5
 ---------------------
@@ -301,21 +286,3 @@ To install OpenSSL to the specified location do:
 (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
 rely on CRYPTO_malloc_init() solving your problem, and you should
 consistently use the multithreaded library.
 Linking your application
 ------------------------
 If you link with static OpenSSL libraries [those built with ms/nt.mak],
 then you're expected to additionally link your application with
 WSOCK32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing
 non-interactive service applications might feel concerned about linking
 with latter two, as they are justly associated with interactive desktop,
 which is not available to service processes. The toolkit is designed
 to detect in which context it's currently executed, GUI, console app
 or service, and act accordingly, namely whether or not to actually make
 GUI calls.
 If you link with OpenSSL .DLLs, then you're expected to include into
 your application code small "shim" snippet, which provides glue between
 OpenSSL BIO layer and your compiler run-time. Look up OPENSSL_Applink
 reference page for further details.
--- a/INSTALL.W64
+++ b/INSTALL.W64
@@ -1,66 +0,0 @@
 INSTALLATION ON THE WIN64 PLATFORM
 ----------------------------------
 Caveat lector
 -------------
 As of moment of this writing Win64 support is classified "initial"
 for the following reasons.
 - No assembler modules are engaged upon initial 0.9.8 release.
 - API might change within 0.9.8 life-span, *but* in a manner which
   doesn't break backward binary compatibility. Or in other words,
   application programs compiled with initial 0.9.8 headers will
   be expected to work with future minor release .DLL without need
   to re-compile, even if future minor release features modified API.
 - Above mentioned API modifications have everything to do with
   elimination of a number of limitations, which are normally
   considered inherent to 32-bit platforms. Which in turn is why they
   are treated as limitations on 64-bit platform such as Win64:-)
   The current list comprises [but not necessarily limited to]:
   - null-terminated strings may not be longer than 2G-1 bytes,
     longer strings are treated as zero-length;
   - dynamically and *internally* allocated chunks can't be larger
     than 2G-1 bytes;
   - inability to encrypt/decrypt chunks of data larger than 4GB
     [it's possibly to *hash* chunks of arbitrary size through];
   Neither of these is actually big deal and hardly encountered
   in real-life applications.
 Compiling procedure
 -------------------
 You will need Perl. You can run under Cygwin or you can download
 ActiveState Perl from http://www.activestate.com/ActivePerl.
 You will need Microsoft Platform SDK, available for download at
 http://www.microsoft.com/msdownload/platformsdk/sdkupdate/. As per
 April 2005 Platform SDK is equipped with Win64 compilers, as well
 as assemblers, but it might change in the future.
 To build for Win64/x64:
 > perl Configure VC-WIN64A
 > ms\do_win64a
 > nmake -f ms\ntdll.mak
 > cd out32dll
 > ..\ms\test
 To build for Win64/IA64:
 > perl Configure VC-WIN64I
 > ms\do_win64i
 > nmake -f ms\ntdll.mak
 > cd out32dll
 > ..\ms\test
 Naturally test-suite itself has to be executed on the target platform.
 Installation
 ------------
 TBD, for now see INSTALL.W32.
--- a/INSTALL.WCE
+++ b/INSTALL.WCE
@@ -11,11 +11,8 @@
 You also need Perl for Win32.  You will need ActiveState Perl, available
 from http://www.activestate.com/ActivePerl.
- Windows CE support in OpenSSL relies on wcecompat and therefore it's
+ Windows CE support in OpenSSL relies on wcecompat.  All Windows CE specific
- appropriate to check http://www.essemer.com.au/windowsce/ for updates in
+ issues should be directed to www.essemer.com.au.
 case of compilation problems. As for the moment of this writing version
 1.1 is available and actually required for WCE 4.2 and newer platforms.
 All Windows CE specific issues should be directed to www.essemer.com.au.
 The C Runtime Library implementation for Windows CE that is included with
 Microsoft eMbedded Visual C++ 3.0 is incomplete and in some places
--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/MacOS/GetHTTPS.src/ErrorHandling.hpp
+++ b/MacOS/GetHTTPS.src/ErrorHandling.hpp
@@ -29,7 +29,7 @@ OSErr AppendErrorMessageToHandle(Handle inoutHandle);
-//	A bunch of evil macros that would be unnecessary if I were always using C++ !
+//	A bunch of evil macros that would be uneccessary if I were always using C++ !
 #define SetErrorMessageAndBailIfNil(theArg,theMessage)								\
 {																					\
--- a/Makefile.org
+++ b/Makefile.org
@@ -57,15 +57,15 @@ OPENSSLDIR=/usr/local/ssl
 # equal 4.
 # PKCS1_CHECK - pkcs1 tests.
-CC= cc
+CC= gcc
-CFLAG= -O
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 DEPFLAG= 
 PEX_LIBS= 
 EX_LIBS= 
 EXE_EXT= 
 ARFLAGS=
 AR=ar $(ARFLAGS) r
 ARD=ar $(ARFLAGS) d
 RANLIB= ranlib
 PERL= perl
 TAR= tar
@@ -80,77 +80,115 @@ MAKEDEPPROG=makedepend
 AS=$(CC) -c
 ASFLAG=$(CFLAG)
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
 #BN_ASM= bn_asm.o
 #BN_ASM= asm/bn86-elf.o	# elf, linux-elf
 #BN_ASM= asm/bn86-sol.o # solaris
 #BN_ASM= asm/bn86-out.o # a.out, FreeBSD
 #BN_ASM= asm/bn86bsdi.o # bsdi
 #BN_ASM= asm/alpha.o    # DEC Alpha
 #BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
 #BN_ASM= asm/r3000.o    # SGI MIPS cpu
 #BN_ASM= asm/sparc.o    # Sun solaris/SunOS
 #BN_ASM= asm/bn-win32.o # Windows 95/NT
 #BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
 #BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
 # For x86 assembler: Set PROCESSOR to 386 if you want to support
 # the 80386.
 PROCESSOR=
-# CPUID module collects small commonly used assembler snippets
+# Set DES_ENC to des_enc.o if you want to use the C version
-CPUID_OBJ= 
+#There are 4 x86 assember options.
-BN_ASM= bn_asm.o
+DES_ENC= asm/dx86-out.o asm/yx86-out.o
-DES_ENC= des_enc.o fcrypt_b.o
+#DES_ENC= des_enc.o fcrypt_b.o          # C
-AES_ASM_OBJ=aes_core.o aes_cbc.o
+#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
-BF_ENC= bf_enc.o
+#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
-CAST_ENC= c_enc.o
+#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
-RC4_ENC= rc4_enc.o
+#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
-RC5_ENC= rc5_enc.o
+
-MD5_ASM_OBJ= 
+# Set BF_ENC to bf_enc.o if you want to use the C version
-SHA1_ASM_OBJ= 
+#There are 4 x86 assember options.
-RMD160_ASM_OBJ= 
+BF_ENC= asm/bx86-out.o
 #BF_ENC= bf_enc.o
 #BF_ENC= asm/bx86-elf.o # elf
 #BF_ENC= asm/bx86-sol.o # solaris
 #BF_ENC= asm/bx86-out.o # a.out, FreeBSD
 #BF_ENC= asm/bx86bsdi.o # bsdi
 # Set CAST_ENC to c_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 CAST_ENC= asm/cx86-out.o
 #CAST_ENC= c_enc.o
 #CAST_ENC= asm/cx86-elf.o # elf
 #CAST_ENC= asm/cx86-sol.o # solaris
 #CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
 #CAST_ENC= asm/cx86bsdi.o # bsdi
 # Set RC4_ENC to rc4_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 RC4_ENC= asm/rx86-out.o
 #RC4_ENC= rc4_enc.o
 #RC4_ENC= asm/rx86-elf.o # elf
 #RC4_ENC= asm/rx86-sol.o # solaris
 #RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
 #RC4_ENC= asm/rx86bsdi.o # bsdi
 # Set RC5_ENC to rc5_enc.o if you want to use the C version
 #There are 4 x86 assember options.
 RC5_ENC= asm/r586-out.o
 #RC5_ENC= rc5_enc.o
 #RC5_ENC= asm/r586-elf.o # elf
 #RC5_ENC= asm/r586-sol.o # solaris
 #RC5_ENC= asm/r586-out.o # a.out, FreeBSD
 #RC5_ENC= asm/r586bsdi.o # bsdi
 # Also need MD5_ASM defined
 MD5_ASM_OBJ= asm/mx86-out.o
 #MD5_ASM_OBJ= asm/mx86-elf.o        # elf
 #MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
 #MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
 #MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
 # Also need SHA1_ASM defined
 SHA1_ASM_OBJ= asm/sx86-out.o
 #SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
 #SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
 #SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
 #SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
 # Also need RMD160_ASM defined
 RMD160_ASM_OBJ= asm/rm86-out.o
 #RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
 #RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
 #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
 #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
 # KRB5 stuff
 KRB5_INCLUDES=
 LIBKRB5=
-# Zlib stuff
+DIRS=   crypto ssl engines apps test tools
-ZLIB_INCLUDE=
+SHLIBDIRS= crypto ssl
 LIBZLIB=
 # This is the location of fipscanister.o and friends.
 # The FIPS module build will place it $(INSTALLTOP)/lib
 # but since $(INSTALLTOP) can only take the default value
 # when the module is built it will be in /usr/local/ssl/lib
 # $(INSTALLTOP) for this build make be different so hard
 # code the path.
 FIPSLIBDIR=/usr/local/ssl/lib/
 # This is set to "y" if fipscanister.o is compiled internally as
 # opposed to coming from an external validated location.
 FIPSCANISTERINTERNAL=n
 # The location of the library which contains fipscanister.o
 # normally it will be libcrypto unless fipsdso is set in which
 # case it will be libfips. If not compiling in FIPS mode at all
 # this is empty making it a useful test for a FIPS compile.
 FIPSCANLIB=
 # Shared library base address. Currently only used on Windows.
 #
 BASEADDR=
 DIRS=   crypto fips ssl engines apps test tools
 SHLIBDIRS= crypto ssl fips
 # dirs in crypto to build
 SDIRS=  \
 	objects \
 	md2 md4 md5 sha mdc2 hmac ripemd \
-	des aes rc2 rc4 rc5 idea bf cast camellia seed \
+	des rc2 rc4 rc5 idea bf cast \
-	bn ec rsa dsa ecdsa dh ecdh dso engine \
+	bn ec rsa dsa ecdsa dh ecdh dso engine aes \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-	store cms pqueue jpake
+	store
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
 # tests to perform.  "alltests" is a special word indicating that all tests
 # should be performed.
 TESTS = alltests
-MAKEFILE= Makefile
+MAKEFILE= Makefile.ssl
 NEWMAKE=  make
 MAKE=     $(NEWMAKE) -f Makefile.ssl
 MANDIR=$(OPENSSLDIR)/man
 MAN1=1
@@ -165,7 +203,6 @@ WDIRS=  windows
 LIBS=   libcrypto.a libssl.a
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
 SHARED_FIPS=
 SHARED_LIBS=
 SHARED_LIBS_LINK_EXTS=
 SHARED_LDFLAGS=
@@ -178,223 +215,48 @@ WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+all: Makefile.ssl build_all openssl.pc
-# as we stick to -e, CLEARENV ensures that local variables in lower
+BUILD_CMD=if echo " $(DIRS) " | grep " $$i " >/dev/null 2>/dev/null; then \
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+	if [ -d "$$i" ]; then \
-# shell, which [annoyingly enough] terminates unset with error if VAR
+		(cd $$i && echo "making all in $$i..." && \
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
-# which terminates unset with error if no variable was present:-(
+	else \
-CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\
+		$(MAKE) $$i; \
-		$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES}	\
+	fi; fi
 		$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC}		\
 		$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL}	\
 		$${EXHEADER+EXHEADER} $${HEADER+HEADER}		\
 		$${GENERAL+GENERAL} $${CFLAGS+CFLAGS}		\
 		$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}		\
 		$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS}		\
 		$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}	\
 		$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
 BUILDENV=	PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
 		CC='${CC}' CFLAG='${CFLAG}' 			\
 		AS='${CC}' ASFLAG='${CFLAG} -c'			\
 		AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}'	\
 		SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib'	\
 		INSTALL_PREFIX='${INSTALL_PREFIX}'		\
 		INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}'	\
 		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
 		DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}'	\
 		MAKEDEPPROG='${MAKEDEPPROG}'			\
 		SHARED_LDFLAGS='${SHARED_LDFLAGS}'		\
 		KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}'	\
 		EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}'	\
 		SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}'	\
 		PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}'	\
 		CPUID_OBJ='${CPUID_OBJ}'			\
 		BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' 	\
 		AES_ASM_OBJ='${AES_ASM_OBJ}'			\
 		BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}'	\
 		RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}'	\
 		SHA1_ASM_OBJ='${SHA1_ASM_OBJ}'			\
 		MD5_ASM_OBJ='${MD5_ASM_OBJ}'			\
 		RMD160_ASM_OBJ='${RMD160_ASM_OBJ}'		\
 		FIPSLIBDIR='${FIPSLIBDIR}'			\
 		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
 		FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}'	\
 		FIPS_EX_OBJ='${FIPS_EX_OBJ}'	\
 		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
 # which in turn eliminates ambiguities in variable treatment with -e.
 # BUILD_CMD is a generic macro to build a given target in a given
 # subdirectory.  The target must be given through the shell variable
 # `target' and the subdirectory to build in must be given through `dir'.
 # This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
 # BUILD_ONE_CMD instead.
 #
 # BUILD_ONE_CMD is a macro to build a given target in a given
 # subdirectory if that subdirectory is part of $(DIRS).  It requires
 # exactly the same shell variables as BUILD_CMD.
 #
 # RECURSIVE_BUILD_CMD is a macro to build a given target in all
 # subdirectories defined in $(DIRS).  It requires that the target
 # is given through the shell variable `target'.
 BUILD_CMD=  if [ -d "$$dir" ]; then \
 	    (	[ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
 		cd $$dir && echo "making $$target in $$dir..." && \
 		$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
 	    ) || exit 1; \
 	    fi
 RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
 BUILD_ONE_CMD=\
 	if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
 		$(BUILD_CMD); \
 	fi
 reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
 FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
 	../crypto/aes/aes_ecb.o \
 	../crypto/aes/aes_ofb.o \
 	../crypto/bn/bn_add.o \
 	../crypto/bn/bn_blind.o \
 	../crypto/bn/bn_ctx.o \
 	../crypto/bn/bn_div.o \
 	../crypto/bn/bn_exp2.o \
 	../crypto/bn/bn_exp.o \
 	../crypto/bn/bn_gcd.o \
 	../crypto/bn/bn_lib.o \
 	../crypto/bn/bn_mod.o \
 	../crypto/bn/bn_mont.o \
 	../crypto/bn/bn_mul.o \
 	../crypto/bn/bn_prime.o \
 	../crypto/bn/bn_rand.o \
 	../crypto/bn/bn_recp.o \
 	../crypto/bn/bn_shift.o \
 	../crypto/bn/bn_sqr.o \
 	../crypto/bn/bn_word.o \
 	../crypto/bn/bn_x931p.o \
 	../crypto/buffer/buf_str.o \
 	../crypto/cryptlib.o \
 	../crypto/des/cfb64ede.o \
 	../crypto/des/cfb64enc.o \
 	../crypto/des/cfb_enc.o \
 	../crypto/des/ecb3_enc.o \
 	../crypto/des/ecb_enc.o \
 	../crypto/des/ofb64ede.o \
 	../crypto/des/ofb64enc.o \
 	../crypto/des/fcrypt.o \
 	../crypto/des/set_key.o \
 	../crypto/dsa/dsa_utl.o \
 	../crypto/dsa/dsa_sign.o \
 	../crypto/dsa/dsa_vrf.o \
 	../crypto/err/err.o \
 	../crypto/evp/digest.o \
 	../crypto/evp/enc_min.o \
 	../crypto/evp/e_aes.o \
 	../crypto/evp/e_des3.o \
 	../crypto/evp/p_sign.o \
 	../crypto/evp/p_verify.o \
 	../crypto/mem_clr.o \
 	../crypto/mem.o \
 	../crypto/rand/md_rand.o \
 	../crypto/rand/rand_egd.o \
 	../crypto/rand/randfile.o \
 	../crypto/rand/rand_lib.o \
 	../crypto/rand/rand_os2.o \
 	../crypto/rand/rand_unix.o \
 	../crypto/rand/rand_win.o \
 	../crypto/rsa/rsa_lib.o \
 	../crypto/rsa/rsa_none.o \
 	../crypto/rsa/rsa_oaep.o \
 	../crypto/rsa/rsa_pk1.o \
 	../crypto/rsa/rsa_pss.o \
 	../crypto/rsa/rsa_ssl.o \
 	../crypto/rsa/rsa_x931.o \
 	../crypto/sha/sha1dgst.o \
 	../crypto/sha/sha256.o \
 	../crypto/sha/sha512.o \
 	../crypto/uid.o
 sub_all: build_all
 build_all: build_libs build_apps build_tests build_tools
-build_libs: build_crypto build_fips build_ssl build_shared build_engines
+build_libs: build_crypto build_ssl build_engines
 build_crypto:
-	if [ -n "$(FIPSCANLIB)" ]; then \
+	@i=crypto; $(BUILD_CMD)
 		EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
 		ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
 	else \
 		ARX='${AR}' ; \
 	fi ; export ARX ; \
 		dir=crypto; target=all; $(BUILD_ONE_CMD)
 build_fips:
 	@dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
 build_ssl:
-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
+	@i=ssl; $(BUILD_CMD)
 build_engines:
-	@dir=engines; target=all; $(BUILD_ONE_CMD)
+	@i=engines; $(BUILD_CMD)
 build_apps:
-	@dir=apps; target=all; $(BUILD_ONE_CMD)
+	@i=apps; $(BUILD_CMD)
 build_tests:
-	@dir=test; target=all; $(BUILD_ONE_CMD)
+	@i=test; $(BUILD_CMD)
 build_tools:
-	@dir=tools; target=all; $(BUILD_ONE_CMD)
+	@i=tools; $(BUILD_CMD)
-all_testapps: build_libs build_testapps
+libcrypto$(SHLIB_EXT): libcrypto.a
 build_testapps:
 	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
 build_shared:	$(SHARED_LIBS)
 libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+		$(MAKE) SHLIBDIRS=crypto build-shared; \
 			$(ARD) libcrypto.a fipscanister.o ; \
 			$(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
 			$(AR) libcrypto.a fips/fipscanister.o ; \
 		else \
 			if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
 				FIPSLD_CC=$(CC); CC=fips/fipsld; \
 				export CC FIPSLD_CC; \
 			fi; \
 			$(MAKE) -e SHLIBDIRS='crypto' build-shared; \
 		fi \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \
 	fi
 libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		shlibdeps=-lcrypto; \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
 		[ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
 		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \
 	fi
 fips/fipscanister.o:	build_fips
 libfips$(SHLIB_EXT):		fips/fipscanister.o
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
 		FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \
 		$(MAKE) -f Makefile.shared -e $(BUILDENV) \
 			CC=$${CC} LIBNAME=fips THIS=$@ \
 			LIBEXTRAS=fips/fipscanister.o \
 			LIBDEPS="$(EX_LIBS)" \
 			LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \
 	fi
 libfips.a:
 	dir=fips; target=all; $(BUILD_ONE_CMD)
 clean-shared:
 	@set -e; for i in $(SHLIBDIRS); do \
 		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
@@ -411,7 +273,7 @@ clean-shared:
 link-shared:
 	@ set -e; for i in ${SHLIBDIRS}; do \
-		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+		$(NEWMAKE) -f $(HERE)/Makefile.shared \
 			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
 			symlink.$(SHLIB_TARGET); \
@@ -425,41 +287,18 @@ do_$(SHLIB_TARGET):
 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
-		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+		$(NEWMAKE) -f Makefile.shared \
 			CC="$(CC)" LDFLAGS="$(LDFLAGS)" \
 			SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \
 			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
 			LIBDEPS="$$libs $(EX_LIBS)" \
 			LIBRPATH="$(INSTALLTOP)/lib" \
 			link_a.$(SHLIB_TARGET); \
 		libs="-l$$i $$libs"; \
 	done
-libcrypto.pc: Makefile
+openssl.pc: Makefile.ssl
 	@ ( echo 'prefix=$(INSTALLTOP)'; \
 	    echo 'exec_prefix=$${prefix}'; \
 	    echo 'libdir=$${exec_prefix}/lib'; \
 	    echo 'includedir=$${prefix}/include'; \
 	    echo ''; \
 	    echo 'Name: OpenSSL-libcrypto'; \
 	    echo 'Description: OpenSSL cryptography library'; \
 	    echo 'Version: '$(VERSION); \
 	    echo 'Requires: '; \
 	    echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
 libssl.pc: Makefile
 	@ ( echo 'prefix=$(INSTALLTOP)'; \
 	    echo 'exec_prefix=$${prefix}'; \
 	    echo 'libdir=$${exec_prefix}/lib'; \
 	    echo 'includedir=$${prefix}/include'; \
 	    echo ''; \
 	    echo 'Name: OpenSSL'; \
 	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
 	    echo 'Version: '$(VERSION); \
 	    echo 'Requires: '; \
 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
 openssl.pc: Makefile
 	@ ( echo 'prefix=$(INSTALLTOP)'; \
 	    echo 'exec_prefix=$${prefix}'; \
 	    echo 'libdir=$${exec_prefix}/lib'; \
@@ -472,19 +311,25 @@ openssl.pc: Makefile
 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-Makefile: Makefile.org Configure config
+Makefile.ssl: Makefile.org
-	@echo "Makefile is older than Makefile.org, Configure or config."
+	@echo "Makefile.ssl is older than Makefile.org."
 	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
 	@false
 libclean:
-	rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
+	rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
 clean:	libclean
 	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
-	@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS) ;\
-	rm -f $(LIBS)
+	do \
-	rm -f openssl.pc libssl.pc libcrypto.pc
+	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making clean in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
 		rm -f $(LIBS); \
 	fi; \
 	done;
 	rm -f openssl.pc
 	rm -f speed.* .pure
 	rm -f $(TARFILE)
 	@set -e; for i in $(ONEDIRS) ;\
@@ -497,30 +342,50 @@ makefile.one: files
 	sh util/do_ms.sh
 files:
-	$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
-	@set -e; target=files; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making 'files' in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
 	fi; \
 	done;
 links:
 	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
 	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
-	@set -e; target=links; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS); do \
-	@if [ -z "$(FIPSCANLIB)" ]; then \
+	if [ -d "$$i" ]; then \
-		set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
+		(cd $$i && echo "making links in $$i..." && \
-	fi
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
 	fi; \
 	done;
 gentests:
 	@(cd test && echo "generating dummy tests (if needed)..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
 dclean:
 	rm -f *.bak
-	@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dclean in $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
 	fi; \
 	done;
 rehash: rehash.time
 rehash.time: certs
-	@(OPENSSL="`pwd`/util/opensslwrap.sh"; \
+	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
 	  OPENSSL_DEBUG_MEMORY=on; \
 		export OPENSSL OPENSSL_DEBUG_MEMORY; \
 		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
 		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
 		SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
 		LIBPATH="`pwd`:$$LIBPATH"; \
 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
 		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 		$(PERL) tools/c_rehash certs)
 	touch rehash.time
@@ -528,26 +393,48 @@ test:   tests
 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
-	util/opensslwrap.sh version -a
+	@LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
 	DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
 	SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
 	LIBPATH="`pwd`:$$LIBPATH"; \
 	if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
 	export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 	apps/openssl version -a
 report:
 	@$(PERL) util/selftest.pl
 depend:
-	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making dependencies $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
 	fi; \
 	done;
 lint:
-	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making lint $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
 	fi; \
 	done;
 tags:
-	rm -f TAGS
+	@set -e; for i in $(DIRS) ;\
-	find . -name '[^.]*.[ch]' | xargs etags -a
+	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making tags $$i..." && \
 		$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
 	fi; \
 	done;
 errors:
 	$(PERL) util/mkerr.pl -recurse -write
 	(cd engines; $(MAKE) PERL=$(PERL) errors)
 	$(PERL) util/ck_errf.pl */*.c */*/*.c
 stacks:
 	$(PERL) util/mkstack.pl -write
@@ -563,18 +450,11 @@ crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
 crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
 	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
 apps/openssl-vms.cnf: apps/openssl.cnf
 	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
 crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
 	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
@@ -609,25 +489,30 @@ dist:
 	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
 dist_pem_h:
-	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
-install: all install_docs install_sw
+install: all install_docs
 install_sw:
 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/engines \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/private \
-	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/lib
 	@set -e; for i in $(EXHEADER) ;\
 	do \
 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+	@set -e; for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i; echo "installing $$i..."; \
 		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' install ); \
 	fi; \
 	done
 	@set -e; for i in $(LIBS) ;\
 	do \
 		if [ -f "$$i" ]; then \
@@ -649,19 +534,19 @@ install_sw:
 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
 				else \
-					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+					c=`echo $$i | sed 's/^lib/cyg/'`; \
 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
 					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
 				fi ); \
 			fi; \
 		done; \
 		(	here="`pwd`"; \
 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-			$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
+			$(NEWMAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
 		if [ "$(INSTALLTOP)" != "/usr" ]; then \
 			echo 'OpenSSL shared libraries have been installed in:'; \
 			echo '  $(INSTALLTOP)'; \
@@ -669,10 +554,6 @@ install_sw:
 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
 		fi; \
 	fi
 	cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
 	cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
 	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
@@ -685,12 +566,12 @@ install_docs:
 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
 	here="`pwd`"; \
 	filecase=; \
-	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
 		filecase=-i; \
 	fi; \
 	set -e; for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
 		sh -c "$$pod2man \
@@ -698,8 +579,8 @@ install_docs:
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
+			grep -v $$filecase "^$$fn\$$" | \
-			(grep -v "[	]"; true) | \
+			grep -v "[	]" | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -707,7 +588,7 @@ install_docs:
 	done; \
 	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
 		sh -c "$$pod2man \
@@ -715,8 +596,8 @@ install_docs:
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
+			grep -v $$filecase "^$$fn\$$" | \
-			(grep -v "[	]"; true) | \
+			grep -v "[	]" | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -7,7 +7,6 @@
 # CC contains the current compiler.  This one MUST be defined
 CC=cc
 CFLAGS=$(CFLAG)
 # LDFLAGS contains flags to be used when temporary object files (when building
 # shared libraries) are created, or when an application is linked.
 # SHARED_LDFLAGS contains flags to be used when the shared library is created.
@@ -67,8 +66,8 @@ LIBDEPS=
 #------------------------------------------------------------------------------
 # The rest is private to this makefile.
-SET_X=:
+#DEBUG=:
-#SET_X=set -x
+DEBUG=set -x
 top:
 	echo "Trying to use this makefile interactively?  Don't."
@@ -88,53 +87,45 @@ CALC_VERSIONS=	\
 	fi
 LINK_APP=	\
-  ( $(SET_X);   \
+  ( $(DEBUG);   \
    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
    LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
+    $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS )
 LINK_SO=	\
-  ( $(SET_X);   \
+  ( $(DEBUG);   \
-    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+    nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
    SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
    LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $${SHAREDCMD} $${SHAREDFLAGS} \
+    $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS ) && \
-	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
+  $(SYMLINK_SO); ( $(DEBUG); rm -f lib$(LIBNAME).exp )
  ) && $(SYMLINK_SO)
 SYMLINK_SO=	\
 	if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
 		prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
 		if [ -n "$$SHLIB_COMPAT" ]; then \
 			for x in $$SHLIB_COMPAT; do \
-				( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
+				( $(DEBUG); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
 				  ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
 				prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
 			done; \
 		fi; \
 		if [ -n "$$SHLIB_SOVER" ]; then \
-			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+			( $(DEBUG); rm -f $$SHLIB$$SHLIB_SUFFIX; \
 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
 		fi; \
 	fi
 LINK_SO_A=	SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
 LINK_SO_O=	SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
 LINK_SO_A_VIA_O=	\
  SHOBJECTS=lib$(LIBNAME).o; \
  ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
-  ( $(SET_X); \
+  ( $(DEBUG); \
    ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
  $(LINK_SO) && rm -f $(LIBNAME).o
 LINK_SO_A_UNPACKED=	\
  UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
  (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
@@ -147,11 +138,15 @@ DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
 DO_GNU_SO=$(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \
-
+	SHAREDCMD='$(CC)'
-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+DO_GNU_APP=LDCMD=$(CC);\
 	LDFLAGS="-Wl,-rpath,$(LIBRPATH)"; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME=$(APPNAME)
 #This is rather special.  It's a special target with which one can link
 #applications without bothering with any features that have anything to
@@ -159,6 +154,10 @@ DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
 #libraries.  It's mostly here to avoid a lot of conditionals everywhere
 #else...
 link_app.:
 	LDCMD=$(CC); \
 	LDFLAGS=""; \
 	LIBDEPS="$(LIBDEPS)"; \
 	APPNAME="$(APPNAME)"; \
 	$(LINK_APP)
 link_o.gnu:
@@ -168,45 +167,16 @@ link_a.gnu:
 link_app.gnu:
 	@ $(DO_GNU_APP); $(LINK_APP)
 link_o.bsd:
 	@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
 	$(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS=" "; \
 	ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
 	NOALLSYMSFLAGS=; \
 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
 	fi; $(LINK_SO_O)
 link_a.bsd:
 	@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
 	$(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS=" "; \
 	ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
 	NOALLSYMSFLAGS=; \
 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
 	fi; $(LINK_SO_A)
 link_app.bsd:
 	@if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
 	LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBPATH)"; \
 	fi; $(LINK_APP)
 # For Darwin AKA Mac OS/X (dyld)
 # link_o.darwin produces .so, because we let it use dso_dlfcn module,
 # which has .so extension hard-coded. One can argue that one should
 # develop special dso module for MacOS X. At least manual encourages
 # to use native NSModule(3) API and refers to dlfcn as termporary hack.
 link_o.darwin:
 	@ $(CALC_VERSIONS); \
-	SHLIB=`expr "$$THIS" : '.*/\([^/\.]*\)\.'`; \
+	SHLIB=lib$(LIBNAME); \
-	SHLIB=$${SHLIB:-lib$(LIBNAME)}; \
+	SHLIB_SUFFIX=.dylib; \
-	SHLIB_SUFFIX=`expr "$$THIS" : '.*\(\.[^\.]*\)$$'`; \
+	LIBDEPS="$(LIBDEPS) -lc"; \
 	SHLIB_SUFFIX=$${SHLIB_SUFFIX:-.so}; \
 	ALLSYMSFLAGS='-all_load'; \
 	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
+	SHAREDFLAGS="-dynamiclib"; \
 	SHAREDCMD='$(CC)'; \
 	if [ -n "$(LIBVERSION)" ]; then \
 		SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
 	fi; \
@@ -218,55 +188,54 @@ link_a.darwin:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME); \
 	SHLIB_SUFFIX=.dylib; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='-all_load'; \
 	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
+	SHAREDFLAGS="-dynamiclib"; \
 	SHAREDCMD='$(CC)'; \
 	if [ -n "$(LIBVERSION)" ]; then \
 		SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
 	fi; \
 	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
 		SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
 	fi; \
 	SHAREDFLAGS="$$SHAREDFLAGS -install_name ${INSTALLTOP}/lib/$$SHLIB${SHLIB_EXT}"; \
 	$(LINK_SO_A)
-link_app.darwin:	# is there run-path on darwin?
+link_app.darwin:
 	LDCMD=$(CC);\
 	LDFLAGS=""; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME="$(APPNAME)"; \
 	$(LINK_APP)
 link_o.cygwin:
 	@ $(CALC_VERSIONS); \
 	INHIBIT_SYMLINKS=yes; \
 	SHLIB=cyg$(LIBNAME); \
 	base=-Wl,--enable-auto-image-base; \
 	if expr $(PLATFORM) : 'mingw' > /dev/null; then \
 		SHLIB=$(LIBNAME)eay32; base=; \
 	fi; \
 	SHLIB_SUFFIX=.dll; \
-	LIBVERSION="$(LIBVERSION)"; \
+	LIBDEPS="$(LIBDEPS) -lc"; \
-	SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
+	SHLIB_SOVER=-$(LIBVERSION); \
 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
+	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
 	SHAREDCMD='${CC}'; \
 	$(LINK_SO_O)
 link_a.cygwin:
 	@ $(CALC_VERSIONS); \
 	INHIBIT_SYMLINKS=yes; \
 	SHLIB=cyg$(LIBNAME); \
 	base=-Wl,--enable-auto-image-base; \
 	if expr $(PLATFORM) : 'mingw' > /dev/null; then \
 		SHLIB=$(LIBNAME)eay32; \
 		base=;  [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
 	fi; \
 	SHLIB_SUFFIX=.dll; \
-	SHLIB_SOVER=-$(LIBVERSION); \
+	LIBDEPS="$(LIBDEPS) -lc"; \
 	SHLIB_SOVER=; \
 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
+	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
-	[ -f apps/$$SHLIB$$SHLIB_SUFFIX ] && rm apps/$$SHLIB$$SHLIB_SUFFIX; \
+	SHAREDCMD='${CC}'; \
-	[ -f test/$$SHLIB$$SHLIB_SUFFIX ] && rm test/$$SHLIB$$SHLIB_SUFFIX; \
+	$(LINK_SO_A)
 	$(LINK_SO_A) || exit 1; \
 	cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX apps/; \
 	cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX test/
 link_app.cygwin:
 	LDCMD=$(CC);\
 	LDFLAGS=""; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME="$(APPNAME).exe"
 	$(LINK_APP)
 link_o.alpha-osf1:
@@ -275,6 +244,7 @@ link_o.alpha-osf1:
 	else \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
@@ -284,9 +254,10 @@ link_o.alpha-osf1:
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
+		SHAREDFLAGS="-shared"; \
 		SHAREDCMD='$(CC)'; \
 		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
+			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
 		fi; \
 	fi; \
 	$(LINK_SO_O)
@@ -296,6 +267,7 @@ link_a.alpha-osf1:
 	else \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
@@ -305,9 +277,10 @@ link_a.alpha-osf1:
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
+		SHAREDFLAGS="-shared"; \
 		SHAREDCMD='$(CC)'; \
 		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
+			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
 		fi; \
 	fi; \
 	$(LINK_SO_A)
@@ -315,7 +288,128 @@ link_app.alpha-osf1:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
-		LDFLAGS="$(CFLAGS) -rpath $(LIBRPATH)"; \
+		LDCMD=$(CC);\
 		LDFLAGS=""; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"
 	fi; \
 	$(LINK_APP)
 # The difference between alpha-osf1-shared and tru64-shared is the `-msym'
 # option passed to the linker.
 link_o.tru64:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_SO); \
 	else \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
 		else \
 			SHLIB_HIST="$(LIBVERSION)"; \
 		fi; \
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
 		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
 		fi; \
 	fi; \
 	$(LINK_SO_O)
 link_a.tru64:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_SO); \
 	else \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
 		else \
 			SHLIB_HIST="$(LIBVERSION)"; \
 		fi; \
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
 		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
 		fi; \
 	fi; \
 	$(LINK_SO_A)
 link_app.tru64:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
 		LDCMD=$(CC);\
 		LDFLAGS="-rpath $(LIBRPATH)"; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"; \
 	fi; \
 	$(LINK_APP)
 # The difference between tru64-shared and tru64-shared-rpath is the
 # -rpath ${LIBRPATH} passed to the linker.
 link_o.tru64-rpath:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_SO); \
 	else \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
 		else \
 			SHLIB_HIST="$(LIBVERSION)"; \
 		fi; \
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
 		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
 		fi; \
 	fi; \
 	$(LINK_SO_O)
 link_a.tru64-rpath:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_SO); \
 	else \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
 		else \
 			SHLIB_HIST="$(LIBVERSION)"; \
 		fi; \
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
 		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
 		fi; \
 	fi; \
 	$(LINK_SO_A)
 link_app.tru64-rpath:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
 		LDCMD=$(CC);\
 		LDFLAGS="-rpath $(LIBRPATH)"; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"; \
 	fi; \
 	$(LINK_APP)
@@ -325,12 +419,14 @@ link_o.solaris:
 	else \
 		$(CALC_VERSIONS); \
 		MINUSZ='-z '; \
-		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+		(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		ALLSYMSFLAGS="$${MINUSZ}allextract"; \
 		NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
+		SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -R $(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_O)
 link_a.solaris:
@@ -342,16 +438,21 @@ link_a.solaris:
 		(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=;\
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		ALLSYMSFLAGS="$${MINUSZ}allextract"; \
 		NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
+		SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -R $(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_A)
 link_app.solaris:
 	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
-		LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
+		LDCMD=$(CC);\
 		LDFLAGS="-R $(LIBRPATH)"; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"; \
 	fi; \
 	$(LINK_APP)
@@ -363,9 +464,11 @@ link_o.svr3:
 		$(CALC_VERSIONS); \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		ALLSYMSFLAGS=''; \
 		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+		SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_O)
 link_a.svr3:
@@ -375,13 +478,22 @@ link_a.svr3:
 		$(CALC_VERSIONS); \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		ALLSYMSFLAGS=''; \
 		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+		SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_A_UNPACKED)
 link_app.svr3:
-	@${DETECT_GNU_LD} && $(DO_GNU_APP); \
+	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
 		LDCMD=$(CC);\
 		LDFLAGS=""; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"; \
 	fi; \
 	$(LINK_APP)
 # UnixWare 7 and OpenUNIX 8 native compilers used
@@ -391,12 +503,14 @@ link_o.svr5:
 	else \
 		$(CALC_VERSIONS); \
 		SHARE_FLAG='-G'; \
-		($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
+		(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		ALLSYMSFLAGS=''; \
 		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+		SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_O)
 link_a.svr5:
@@ -408,13 +522,22 @@ link_a.svr5:
 		(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		ALLSYMSFLAGS=''; \
 		NOALLSYMSFLAGS=''; \
-		SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+		SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_A_UNPACKED)
 link_app.svr5:
-	@${DETECT_GNU_LD} && $(DO_GNU_APP); \
+	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
 		LDCMD=$(CC);\
 		LDFLAGS=""; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"; \
 	fi; \
 	$(LINK_APP)
 link_o.irix:
@@ -424,11 +547,13 @@ link_o.irix:
 		$(CALC_VERSIONS); \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		MINUSWL=""; \
 		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
 		ALLSYMSFLAGS="$${MINUSWL}-all"; \
-		NOALLSYMSFLAGS="$${MINUSWL}-none"; \
+		NOALLSYMSFLAGS="$${MINUSWL}-notall"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
+		SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_O)
 link_a.irix:
@@ -438,98 +563,150 @@ link_a.irix:
 		$(CALC_VERSIONS); \
 		SHLIB=lib$(LIBNAME).so; \
 		SHLIB_SUFFIX=; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		MINUSWL=""; \
 		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
 		ALLSYMSFLAGS="$${MINUSWL}-all"; \
-		NOALLSYMSFLAGS="$${MINUSWL}-none"; \
+		NOALLSYMSFLAGS="$${MINUSWL}-notall"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
+		SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \
 		SHAREDCMD='$(CC)'; \
 	fi; \
 	$(LINK_SO_A)
 link_app.irix:
-	@LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
+	@ if ${DETECT_GNU_LD}; then \
 		$(DO_GNU_APP); \
 	else \
 		LDCMD=$(CC);\
 		LDFLAGS="-Wl,-rpath,$(LIBRPATH)"; \
 		LIBDEPS="$(LIBDEPS) -lc"; \
 		APPNAME="$(APPNAME)"; \
 	fi; \
 	$(LINK_APP)
-# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
+# HP-UX includes the full pathname of libs we depend on, so we would get
-# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
-# rules imply that we can only link one level down in catalog structure,
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
-# but that's what takes place for the moment of this writing. +cdp option
+# anyway.
-# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
+# The object modules are loaded from lib$i.a using the undocumented -Fl
-# editor context only [it's simply ignored in other cases, which are all
+# option.
 # ELFs by the way].
 #
-link_o.hpux:
+# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
-	@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
+#          by temporarily specifying "+s"!
-	$(CALC_VERSIONS); \
+#
 link_o.hpux32:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).sl; \
 	expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
-	ALLSYMSFLAGS='-Wl,-Fl'; \
+	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='-Fl'; \
 	NOALLSYMSFLAGS=''; \
-	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+	SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
+	SHAREDCMD='/usr/ccs/bin/ld'; \
 	fi; \
 	rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
 	$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_a.hpux:
+link_a.hpux32:
-	@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
+	@ $(CALC_VERSIONS); \
 	$(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).sl; \
 	expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
-	ALLSYMSFLAGS='-Wl,-Fl'; \
+	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='-Fl'; \
 	NOALLSYMSFLAGS=''; \
-	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+	SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
+	SHAREDCMD='/usr/ccs/bin/ld'; \
 	fi; \
 	rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
 	$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_app.hpux:
+link_app.hpux32:
-	@if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
+	LDCMD=$(CC);\
-	LDFLAGS="$(CFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
+	LDFLAGS="-Wl,+b,$(LIBRPATH)"; \
-	fi; \
+	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME="$(APPNAME)"
 	$(LINK_APP)
 # HP-UX includes the full pathname of libs we depend on, so we would get
 # ./libcrypto (with ./ as path information) compiled into libssl, hence
 # we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
 # anyway.
 #
 # HP-UX in 64bit mode has "+s" enabled by default; it will search for
 # shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
 #
 link_o.hpux64:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).sl; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='+forceload'; \
 	NOALLSYMSFLAGS=''; \
 	SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
 	SHAREDCMD='/usr/ccs/bin/ld'; \
 	$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
 link_a.hpux64:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).sl; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='+forceload'; \
 	NOALLSYMSFLAGS=''; \
 	SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \
 	SHAREDCMD='/usr/ccs/bin/ld'; \
 	$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
 link_app.hpux64:
 	LDCMD=$(CC);\
 	LDFLAGS="-Wl,+b,$(LIBRPATH)"; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME="$(APPNAME)"
 	$(LINK_APP)
 link_o.aix:
 	@ $(CALC_VERSIONS); \
 	OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
 	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	ALLSYMSFLAGS=''; \
 	NOALLSYMSFLAGS=''; \
 	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
 	$(LINK_SO_O);
 link_a.aix:
 	@ $(CALC_VERSIONS); \
 	OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
 	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='-bnogc'; \
 	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
+	SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE -blibpath:$(LIBRPATH)'; \
 	SHAREDCMD='$(CC)'; \
 	$(LINK_SO_O)
 link_a.aix:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS='-bnogc'; \
 	NOALLSYMSFLAGS=''; \
 	SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE -blibpath:$(LIBRPATH)'; \
 	SHAREDCMD='$(CC)'; \
 	$(LINK_SO_A_VIA_O)
 link_app.aix:
-	LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
+	LDCMD=$(CC);\
 	LDFLAGS="-blibpath:$(LIBRPATH)"; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME="$(APPNAME)"
 	$(LINK_APP)
 link_o.reliantunix:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS=; \
 	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='$(CFLAGS) -G'; \
+	SHAREDFLAGS='-G'; \
 	SHAREDCMD='$(CC)'; \
 	$(LINK_SO_O)
 link_a.reliantunix:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	ALLSYMSFLAGS=; \
 	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS='$(CFLAGS) -G'; \
+	SHAREDFLAGS='-G'; \
 	SHAREDCMD='$(CC)'; \
 	$(LINK_SO_A_UNPACKED)
 link_app.reliantunix:
 	LDCMD=$(CC);\
 	LDFLAGS=""; \
 	LIBDEPS="$(LIBDEPS) -lc"; \
 	APPNAME="$(APPNAME)"
 	$(LINK_APP)
 # Targets to build symbolic links when needed
@@ -543,22 +720,18 @@ symlink.darwin:
 	SHLIB=lib$(LIBNAME); \
 	SHLIB_SUFFIX=.dylib; \
 	$(SYMLINK_SO)
-symlink.hpux:
+symlink.hpux32 symlink.hpux64:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).sl; \
 	expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
 	$(SYMLINK_SO)
 # The following lines means those specific architectures do no symlinks
-symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
+symlink.cygwin symlib.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
 # Compatibility targets
 link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
 link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
 link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
-symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
+symlink.bsd-gcc-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
 link_o.bsd-shared: link_o.bsd
 link_a.bsd-shared: link_a.bsd
 link_app.bsd-shared: link_app.bsd
 link_o.darwin-shared: link_o.darwin
 link_a.darwin-shared: link_a.darwin
 link_app.darwin-shared: link_app.darwin
@@ -595,10 +768,14 @@ link_o.irix-shared: link_o.irix
 link_a.irix-shared: link_a.irix
 link_app.irix-shared: link_app.irix
 symlink.irix-shared: symlink.irix
-link_o.hpux-shared: link_o.hpux
+link_o.hpux-shared: link_o.hpux32
-link_a.hpux-shared: link_a.hpux
+link_a.hpux-shared: link_a.hpux32
-link_app.hpux-shared: link_app.hpux
+link_app.hpux-shared: link_app.hpux32
-symlink.hpux-shared: symlink.hpux
+symlink.hpux-shared: symlink.hpux32
 link_o.hpux64-shared: link_o.hpux64
 link_a.hpux64-shared: link_a.hpux64
 link_app.hpux64-shared: link_app.hpux64
 symlink.hpux64-shared: symlink.hpux64
 link_o.aix-shared: link_o.aix
 link_a.aix-shared: link_a.aix
 link_app.aix-shared: link_app.aix
--- a/196
+++ b/196
@@ -5,202 +5,6 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:
      o Ban renegotiation.
  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
      o Fix various build issues.
      o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
  Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j:
      o Fix security issue (CVE-2008-5077)
      o Merge FIPS 140-2 branch code.
  Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h:
      o CryptoAPI ENGINE support.
      o Various precautionary measures.
      o Fix for bugs affecting certificate request creation.
      o Support for local machine keyset attribute in PKCS#12 files.
  Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g:
      o Backport of CMS functionality to 0.9.8.
      o Fixes for bugs introduced with 0.9.8f.
  Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f:
      o Add gcc 4.2 support.
      o Add support for AES and SSE2 assembly lanugauge optimization
        for VC++ build.
      o Support for RFC4507bis and server name extensions if explicitly 
        selected at compile time.
      o DTLS improvements.
      o RFC4507bis support.
      o TLS Extensions support.
  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e:
      o Various ciphersuite selection fixes.
      o RFC3779 support.
  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
      o Changes to ciphersuite selection algorithm
  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
      o New cipher Camellia
  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:
      o Cipher string fixes.
      o Fixes for VC++ 2005.
      o Updated ECC cipher suite support.
      o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
      o Zlib compression usage fixes.
      o Built in dynamic engine compilation support on Win32.
      o Fixes auto dynamic engine loading in Win32.
  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
      o Fix potential SSL 2.0 rollback, CVE-2005-2969
      o Extended Windows CE support
  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
      o Major work on the BIGNUM library for higher efficiency and to
        make operations more streamlined and less contradictory.  This
        is the result of a major audit of the BIGNUM library.
      o Addition of BIGNUM functions for fields GF(2^m) and NIST
        curves, to support the Elliptic Crypto functions.
      o Major work on Elliptic Crypto; ECDH and ECDSA added, including
        the use through EVP, X509 and ENGINE.
      o New ASN.1 mini-compiler that's usable through the OpenSSL
        configuration file.
      o Added support for ASN.1 indefinite length constructed encoding.
      o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
      o Complete rework of shared library construction and linking
        programs with shared or static libraries, through a separate
        Makefile.shared.
      o Rework of the passing of parameters from one Makefile to another.
      o Changed ENGINE framework to load dynamic engine modules
        automatically from specifically given directories.
      o New structure and ASN.1 functions for CertificatePair.
      o Changed the ZLIB compression method to be stateful.
      o Changed the key-generation and primality testing "progress"
        mechanism to take a structure that contains the ticker
        function and an argument.
      o New engine module: GMP (performs private key exponentiation).
      o New engine module: VIA PadLOck ACE extension in VIA C3
        Nehemiah processors.
      o Added support for IPv6 addresses in certificate extensions.
        See RFC 1884, section 2.2.
      o Added support for certificate policy mappings, policy
        constraints and name constraints.
      o Added support for multi-valued AVAs in the OpenSSL
        configuration file.
      o Added support for multiple certificates with the same subject
        in the 'openssl ca' index file.
      o Make it possible to create self-signed certificates using
        'openssl ca -selfsign'.
      o Make it possible to generate a serial number file with
        'openssl ca -create_serial'.
      o New binary search functions with extended functionality.
      o New BUF functions.
      o New STORE structure and library to provide an interface to all
        sorts of data repositories.  Supports storage of public and
        private keys, certificates, CRLs, numbers and arbitrary blobs.
 	This library is unfortunately unfinished and unused withing
 	OpenSSL.
      o New control functions for the error stack.
      o Changed the PKCS#7 library to support one-pass S/MIME
        processing.
      o Added the possibility to compile without old deprecated
        functionality with the OPENSSL_NO_DEPRECATED macro or the
        'no-deprecated' argument to the config and Configure scripts.
      o Constification of all ASN.1 conversion functions, and other
        affected functions.
      o Improved platform support for PowerPC.
      o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
      o New X509_VERIFY_PARAM structure to support parametrisation
        of X.509 path validation.
      o Major overhaul of RC4 performance on Intel P4, IA-64 and
        AMD64.
      o Changed the Configure script to have some algorithms disabled
        by default.  Those can be explicitely enabled with the new
        argument form 'enable-xxx'.
      o Change the default digest in 'openssl' commands from MD5 to
        SHA-1.
      o Added support for DTLS.
      o New BIGNUM blinding.
      o Added support for the RSA-PSS encryption scheme
      o Added support for the RSA X.931 padding.
      o Added support for BSD sockets on NetWare.
      o Added support for files larger than 2GB.
      o Added initial support for Win64.
      o Added alternate pkg-config files.
  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
      o Visual C++ 2005 fixes.
      o Update Windows build system for FIPS.
  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
      o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
      o Fix SSL 2.0 Rollback, CVE-2005-2969
      o Allow use of fixed-length exponent on DSA signing
      o Default fixed-window RSA, DSA, DH private-key operations
  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
      o More compilation issues fixed.
      o Adaptation to more modern Kerberos API.
      o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
      o Enhanced x86_64 assembler BIGNUM module.
      o More constification.
      o Added processing of proxy certificates (RFC 3820).
  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
      o Several compilation issues fixed.
      o Many memory allocation failure checks added.
      o Improved comparison of X509 Name type.
      o Mandatory basic checks on certificates.
      o Performance improvements.
  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
      o Fix race condition in CRL checking code.
      o Fixes to PKCS#7 (S/MIME) code.
  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
      o Security: Fix null-pointer assignment in do_change_cipher_spec()
      o Allow multiple active certificates with same subject in CA index
      o Multiple X509 verification fixes
      o Speed up HMAC and other operations
  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
      o Security: fix various ASN1 parsing bugs.
--- a/Netware/build.bat
+++ b/Netware/build.bat
@@ -6,16 +6,14 @@ rem
 rem   usage:
 rem      build [target] [debug opts] [assembly opts] [configure opts]
 rem
-rem      target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
+rem      target        - "netware-clib" - CLib NetWare build
-rem                    - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
+rem                    - "netware-libc" - LibC NKS NetWare build
 rem                    - "netware-libc" - LibC NetWare build (WinSock Sockets)
 rem                    - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
 rem 
 rem      debug opts    - "debug"  - build debug
 rem
 rem      assembly opts - "nw-mwasm" - use Metrowerks assembler
-rem                    - "nw-nasm"  - use NASM assembler
+rem      "nw-nasm"  - use NASM assembler
-rem                    - "no-asm"   - don't use assembly
+rem      "no-asm"   - don't use assembly
 rem
 rem      configure opts- all unrecognized arguments are passed to the
 rem                       perl configure script
@@ -76,12 +74,8 @@ if "%1" == "nw-mwasm" set NO_ASM=
 if "%1" == "nw-mwasm" set ARG_PROCESSED=YES
 if "%1" == "netware-clib" set BLD_TARGET=netware-clib
 if "%1" == "netware-clib" set ARG_PROCESSED=YES
 if "%1" == "netware-clib-bsdsock" set BLD_TARGET=netware-clib-bsdsock
 if "%1" == "netware-clib-bsdsock" set ARG_PROCESSED=YES
 if "%1" == "netware-libc" set BLD_TARGET=netware-libc
 if "%1" == "netware-libc" set ARG_PROCESSED=YES
 if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock
 if "%1" == "netware-libc-bsdsock" set ARG_PROCESSED=YES
 rem   If we didn't recognize the argument, consider it an option for config
 if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1
@@ -97,9 +91,7 @@ if "%BLD_TARGET%" == "no_target" goto no_target
 rem build the nlm make file name which includes target and debug info
 set NLM_MAKE=
 if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
 if "%BLD_TARGET%" == "netware-clib-bsdsock" set NLM_MAKE=netware\nlm_clib_bsdsock
 if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
 if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock
 if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
 if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak
@@ -114,14 +106,7 @@ echo Generating x86 for %ASSEMBLER% assembler
 echo Bignum
 cd crypto\bn\asm
-rem perl x86.pl %ASM_MODE% > bn-nw.asm
+perl x86.pl %ASM_MODE% > bn-nw.asm
 perl bn-586.pl %ASM_MODE% > bn-nw.asm
 perl co-586.pl %ASM_MODE% > co-nw.asm
 cd ..\..\..
 echo AES
 cd crypto\aes\asm
 perl aes-586.pl %ASM_MODE% > a-nw.asm
 cd ..\..\..
 echo DES
@@ -171,11 +156,6 @@ cd crypto\rc5\asm
 perl rc5-586.pl %ASM_MODE% > r5-nw.asm
 cd ..\..\..
 echo CPUID
 cd crypto
 perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm
 cd ..\
 rem ===============================================================
 rem
 :do_config
@@ -192,10 +172,8 @@ echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET%
 echo .
 perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE%
 make -f %NLM_MAKE% vclean
 echo .
 echo The makefile "%NLM_MAKE%" has been created use your maketool to
-echo build (ex: make -f %NLM_MAKE%)
+echo build (ex: gmake -f %NLM_MAKE%)
 goto end
 rem ===============================================================
@@ -206,10 +184,8 @@ echo .  No build target specified!!!
 echo .
 echo .  usage: build [target] [debug opts] [assembly opts] [configure opts]
 echo .
-echo .     target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
+echo .     target        - "netware-clib" - CLib NetWare build
-echo .                   - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
+echo .                   - "netware-libc" - LibC NKS NetWare build
 echo .                   - "netware-libc" - LibC NetWare build (WinSock Sockets)
 echo .                   - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
 echo .
 echo .     debug opts    - "debug"  - build debug
 echo .
--- a/Netware/cpy_tests.bat
+++ b/Netware/cpy_tests.bat
@@ -73,7 +73,6 @@ copy %loc%\test\testsid.pem   %2\openssl\test\
 copy %loc%\test\testx509.pem  %2\openssl\test\
 copy %loc%\test\v3-cert1.pem  %2\openssl\test\
 copy %loc%\test\v3-cert2.pem  %2\openssl\test\
 copy %loc%\crypto\evp\evptests.txt %2\openssl\test\
 rem   copy the apps directory stuff
 copy %loc%\apps\client.pem    %2\openssl\apps\
--- a/Netware/do_tests.pl
+++ b/Netware/do_tests.pl
@@ -37,18 +37,13 @@ sub main()
   # open the main log file 
   open(OUT, ">$log_file") || die "unable to open $log_file\n";
   print( OUT "========================================================\n");
   my $outFile = "$output_path\\version.out";
   system("openssl2 version (CLIB_OPT)/>$outFile");
   log_output("CHECKING FOR OPENSSL VERSION:", $outFile);
   algorithm_tests();
   encryption_tests();
   evp_tests();
   pem_tests();
   verify_tests();
   ca_tests();
   ssl_tests();
   ca_tests();
   close(OUT);
@@ -61,10 +56,9 @@ sub algorithm_tests
 {
   my $i;
   my $outFile;
-   my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test,
+   my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test,
-                 sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test,
+                 md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest,
-                 rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest,
+                 dhtest, exptest );
                 ecdsatest, ectest, exptest, casttest, hmactest );
   print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
@@ -72,19 +66,12 @@ sub algorithm_tests
   print( OUT "CRYPTO ALGORITHM TESTS:\n\n");
   foreach $i (@tests)
   {
      if (-e "$base_path\\$i.nlm")
   {
      $outFile = "$output_path\\$i.out";
-         system("$i (CLIB_OPT)/>$outFile");
+      system("$i > $outFile");
      log_desc("Test: $i\.nlm:");
      log_output("", $outFile );
   }
      else
      {
         log_desc("Test: $i\.nlm: file not found");
      }
   }
 }
 ############################################################################
@@ -115,24 +102,24 @@ sub encryption_tests
      # do encryption
      $outFile = "$output_path\\enc.out";
-      system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" );
+      system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher > $outFile" );
      log_output("Encrypting: $input --> $cipher", $outFile);
      # do decryption
      $outFile = "$output_path\\dec.out";
-      system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
+      system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
      log_output("Decrypting: $cipher --> $clear", $outFile);
      # compare files
      $x = compare_files( $input, $clear, 1);
      if ( $x == 0 )
      {
-         print( "\rSUCCESS - files match: $input, $clear\n");
+         print( "SUCCESS - files match: $input, $clear\n");
         print( OUT "SUCCESS - files match: $input, $clear\n");
      }
      else
      {
-         print( "\rERROR: files don't match\n");
+         print( "ERROR: files don't match\n");
         print( OUT "ERROR: files don't match\n");
      }
@@ -142,24 +129,24 @@ sub encryption_tests
      # do encryption B64
      $outFile = "$output_path\\B64enc.out";
-      system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile");
+      system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher > $outFile");
      log_output("Encrypting(B64): $cipher --> $clear", $outFile);
      # do decryption B64
      $outFile = "$output_path\\B64dec.out";
-      system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
+      system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
      log_output("Decrypting(B64): $cipher --> $clear", $outFile);
      # compare files
      $x = compare_files( $input, $clear, 1);
      if ( $x == 0 )
      {
-         print( "\rSUCCESS - files match: $input, $clear\n");
+         print( "SUCCESS - files match: $input, $clear\n");
         print( OUT "SUCCESS - files match: $input, $clear\n");
      }
      else
      {
-         print( "\rERROR: files don't match\n");
+         print( "ERROR: files don't match\n");
         print( OUT "ERROR: files don't match\n");
      }
@@ -205,24 +192,24 @@ sub pem_tests
      if ($i ne "req" )
      {
-         system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile");
+         system("openssl2 $i -in $input -out $tmp_out > $outFile");
         log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
      }
      else
      {
-         system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile");
+         system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config > $outFile");
         log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
      }
      $x = compare_files( $input, $tmp_out);
      if ( $x == 0 )
      {
-         print( "\rSUCCESS - files match: $input, $tmp_out\n");
+         print( "SUCCESS - files match: $input, $tmp_out\n");
         print( OUT "SUCCESS - files match: $input, $tmp_out\n");
      }
      else
      {
-         print( "\rERROR: files don't match\n");
+         print( "ERROR: files don't match\n");
         print( OUT "ERROR: files don't match\n");
      }
      do_wait();
@@ -237,8 +224,7 @@ sub verify_tests
   my $i;
   my $outFile = "$output_path\\verify.out";
-   $cert_path =~ s/\\/\//g;
+   my @cert_files = <$cert_path\\*.pem>;
   my @cert_files = <$cert_path/*.pem>;
   print( "\nRUNNING VERIFY TESTS:\n\n");
@@ -249,7 +235,7 @@ sub verify_tests
   foreach $i (@cert_files)
   {
-      system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile");
+      system("openssl2 verify -CAfile $tmp_cert $i >$outFile");
      log_desc("Verifying cert: $i");
      log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
   }
@@ -260,115 +246,113 @@ sub verify_tests
 sub ssl_tests
 {
   my $outFile = "$output_path\\ssl_tst.out";
   my($CAcert) = "$output_path\\certCA.ss";
   my($Ukey)   = "$output_path\\keyU.ss";
   my($Ucert)  = "$output_path\\certU.ss";
   my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert";
   print( "\nRUNNING SSL TESTS:\n\n");
   print( OUT "\n========================================================\n");
   print( OUT "SSL TESTS:\n\n");
-   system("ssltest -ssl2 (CLIB_OPT)/>$outFile");
+   make_tmp_cert_file();
   system("ssltest -ssl2 >$outFile");
   log_desc("Testing sslv2:");
   log_output("ssltest -ssl2", $outFile);
-   system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -ssl2 -server_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2 with server authentication:");
-   log_output("$ssltest -ssl2 -server_auth", $outFile);
+   log_output("ssltest -ssl2 -server_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -ssl2 -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2 with client authentication:");
-   log_output("$ssltest -ssl2 -client_auth", $outFile);
+   log_output("ssltest -ssl2 -client_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2 with both client and server authentication:");
-   log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile);
+   log_output("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
-   system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
+   system("ssltest -ssl3 >$outFile");
   log_desc("Testing sslv3:");
   log_output("ssltest -ssl3", $outFile);
-   system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -ssl3 -server_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv3 with server authentication:");
-   log_output("$ssltest -ssl3 -server_auth", $outFile);
+   log_output("ssltest -ssl3 -server_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -ssl3 -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv3 with client authentication:");
-   log_output("$ssltest -ssl3 -client_auth", $outFile);
+   log_output("ssltest -ssl3 -client_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv3 with both client and server authentication:");
-   log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);
+   log_output("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
-   system("ssltest (CLIB_OPT)/>$outFile");
+   system("ssltest >$outFile");
   log_desc("Testing sslv2/sslv3:");
   log_output("ssltest", $outFile);
-   system("$ssltest -server_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -server_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2/sslv3 with server authentication:");
-   log_output("$ssltest -server_auth", $outFile);
+   log_output("ssltest -server_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -client_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2/sslv3 with client authentication:");
-   log_output("$ssltest -client_auth ", $outFile);
+   log_output("ssltest -client_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -server_auth -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2/sslv3 with both client and server authentication:");
-   log_output("$ssltest -server_auth -client_auth", $outFile);
+   log_output("ssltest -server_auth -client_auth -CAfile $tmp_cert", $outFile);
-   system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -ssl2 >$outFile");
   log_desc("Testing sslv2 via BIO pair:");
   log_output("ssltest -bio_pair -ssl2", $outFile);
-   system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -dhe1024dsa -v >$outFile");
   log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
   log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
-   system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2 with server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile);
+   log_output("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2 with client authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile);
+   log_output("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile);
+   log_output("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
-   system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -ssl3 >$outFile");
   log_desc("Testing sslv3 via BIO pair:");
   log_output("ssltest -bio_pair -ssl3", $outFile);
-   system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv3 with server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);
+   log_output("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv3 with client authentication  via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);
+   log_output("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);
+   log_output("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
-   system("ssltest -bio_pair (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair >$outFile");
   log_desc("Testing sslv2/sslv3 via BIO pair:");
   log_output("ssltest -bio_pair", $outFile);
-   system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -server_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -server_auth", $outFile);
+   log_output("ssltest -bio_pair -server_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -client_auth", $outFile);
+   log_output("ssltest -bio_pair -client_auth -CAfile $tmp_cert", $outFile);
-   system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile");
+   system("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert >$outFile");
   log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
+   log_output("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert", $outFile);
 }
@@ -396,39 +380,39 @@ sub ca_tests
   print( OUT "\n========================================================\n");
   print( OUT "CA TESTS:\n");
-   system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile");
+   system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile");
   log_desc("Make a certificate request using req:");
   log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
-   system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile");
+   system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile");
   log_desc("Convert the certificate request into a self signed certificate using x509:");
   log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
-   system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile");
+   system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile");
   log_desc("Convert a certificate into a certificate request using 'x509':");
   log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
-   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile");
+   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile");
   log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
-   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile");
+   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile");
   log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
-   system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile");
+   system("openssl2 verify -CAfile $CAcert $CAcert >$outFile");
   log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
-   system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile");
+   system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile");
   log_desc("Make another certificate request using req:");
   log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
-   system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile");
+   system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile");
   log_desc("Sign certificate request with the just created CA via x509:");
   log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
-   system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile");
+   system("openssl2 verify -CAfile $CAcert $Ucert >$outFile");
   log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
-   system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile");
+   system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile");
   log_desc("Certificate details");
   log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
@@ -442,29 +426,6 @@ sub ca_tests
   print(OUT "--\n");
 }
 ############################################################################
 sub evp_tests
 {
   my $i = 'evp_test';
   print( "\nRUNNING EVP TESTS:\n\n");
   print( OUT "\n========================================================\n");
   print( OUT "EVP TESTS:\n\n");
   if (-e "$base_path\\$i.nlm")
   {
       my $outFile = "$output_path\\$i.out";
       system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile");
       log_desc("Test: $i\.nlm:");
       log_output("", $outFile );
   }
   else
   {
       log_desc("Test: $i\.nlm: file not found");
   }
 }
 ############################################################################
 sub log_output( $ $ )
 {
@@ -475,7 +436,7 @@ sub log_output( $ $ )
   if ($desc)
   {
-      print("\r$desc\n");
+      print("$desc\n");
      print(OUT "$desc\n");
   }
@@ -592,7 +553,7 @@ sub do_wait()
 ############################################################################
 sub make_tmp_cert_file()
 {
-   my @cert_files = <$cert_path/*.pem>;
+   my @cert_files = <$cert_path\\*.pem>;
      # delete the file if it already exists
   unlink($tmp_cert);
--- a/Netware/set_env.bat
+++ b/Netware/set_env.bat
@@ -16,7 +16,6 @@ if "a%1" == "a" goto usage
 set LIBC_BUILD=
 set CLIB_BUILD=
 set GNUC=
 if "%1" == "netware-clib" set CLIB_BUILD=Y
 if "%1" == "netware-clib" set LIBC_BUILD=
@@ -24,89 +23,68 @@ if "%1" == "netware-clib" set LIBC_BUILD=
 if "%1" == "netware-libc"  set LIBC_BUILD=Y
 if "%1" == "netware-libc"  set CLIB_BUILD=
 if "%2" == "gnuc" set GNUC=Y
 if "%2" == "codewarrior" set GNUC=
 rem   Location of tools (compiler, linker, etc)
-if "%NDKBASE%" == "" set NDKBASE=c:\Novell
+set TOOLS=d:\i_drive\tools
 rem   If Perl for Win32 is not already in your path, add it here
 set PERL_PATH=
 rem   Define path to the Metrowerks command line tools
 rem   or GNU Crosscompiler gcc / nlmconv
 rem   ( compiler, assembler, linker)
-if "%GNUC%" == "Y" set COMPILER_PATH=c:\usr\i586-netware\bin;c:\usr\bin
+set METROWERKS_PATH=%TOOLS%\codewar\pdk_21\tools\command line tools
-if "%GNUC%" == "" set COMPILER_PATH=c:\prg\cwcmdl40
+rem set METROWERKS_PATH=%TOOLS%\codewar\PDK_40\Other Metrowerks Tools\Command Line Tools
 rem   If using gnu make define path to utility
-rem set GNU_MAKE_PATH=%NDKBASE%\gnu
+set GNU_MAKE_PATH=%TOOLS%\gnu
 set GNU_MAKE_PATH=c:\prg\tools
 rem   If using ms nmake define path to nmake
-rem set MS_NMAKE_PATH=%NDKBASE%\msvc\600\bin
+set MS_NMAKE_PATH=%TOOLS%\msvc\600\bin
 rem   If using NASM assembler define path
-rem set NASM_PATH=%NDKBASE%\nasm
+set NASM_PATH=%TOOLS%\nasm
 set NASM_PATH=c:\prg\tools
 rem   Update path to include tool paths
-set path=%path%;%COMPILER_PATH%
+set path=%path%;%METROWERKS_PATH%
 if not "%GNU_MAKE_PATH%" == "" set path=%path%;%GNU_MAKE_PATH%
 if not "%MS_NMAKE_PATH%" == "" set path=%path%;%MS_NMAKE_PATH%
 if not "%NASM_PATH%"     == "" set path=%path%;%NASM_PATH%
 if not "%PERL_PATH%"     == "" set path=%path%;%PERL_PATH%
-rem   Set INCLUDES to location of Novell NDK includes
+rem   Set MWCIncludes to location of Novell NDK includes
-if "%LIBC_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\libc\include;%NDKBASE%\ndk\libc\include\winsock
+if "%LIBC_BUILD%" == "Y" set MWCIncludes=%TOOLS%\ndk\libc\include;%TOOLS%\ndk\libc\include\winsock;.\engines
-if "%CLIB_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\nwsdk\include\nlm;%NDKBASE%\ws295sdk\include
+if "%CLIB_BUILD%" == "Y" set MWCIncludes=%TOOLS%\ndk\nwsdk\include\nlm;.\engines
 set include=
 rem   Set Imports to location of Novell NDK import files
-if "%LIBC_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\libc\imports
+if "%LIBC_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\libc\imports
-if "%CLIB_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\nwsdk\imports
+if "%CLIB_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\nwsdk\imports
 rem   Set PRELUDE to the absolute path of the prelude object to link with in
-rem   the Metrowerks NetWare PDK - NOTE: for Clib builds "clibpre.o" is 
+rem   the Metrowerks NetWare PDK - NOTE: for Clib builds "nwpre.obj" is 
 rem   recommended, for LibC NKS builds libcpre.o must be used
-if "%GNUC%" == "Y" goto gnuc
+if "%LIBC_BUILD%" == "Y" set PRELUDE=%TOOLS%\ndk\libc\imports\libcpre.o
-if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.o
+if "%CLIB_BUILD%" == "Y" set PRELUDE=%TOOLS%\codewar\pdk_21\novell support\metrowerks support\libraries\runtime\nwpre.obj
 rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o
 if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.o
 echo using MetroWerks CodeWarrior 
 goto info
 :gnuc
 if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.gcc.o
 rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.gcc.o
 if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.gcc.o
 echo using GNU GCC Compiler 
 :info
 echo.
 if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
 if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..." 
 if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
 if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..." 
 goto end
 :usage
 rem ===============================================================
 echo .
-echo No target build specified!
+echo . No target build specified!
 echo .
-echo usage: set_env [target] [compiler]
+echo . usage: set_env [target]
 echo .
-echo target      - "netware-clib" - Clib build
+echo .   target      - "netware-clib" - Clib build
-echo             - "netware-libc" - LibC build
+echo .               - "netware-libc" - LibC build
 echo.
 echo compiler    - "gnuc"         - GNU GCC Compiler
 echo             - "codewarrior"  - MetroWerks CodeWarrior (default)
 echo .
 :end
 echo.
--- a/92
+++ b/92
@@ -12,8 +12,8 @@ along the whole library path before it bothers looking for .a libraries.  This
 means that -L switches won't matter unless OpenSSL is built with shared
 library support.
-The workaround may be to change the following lines in apps/Makefile and
+The workaround may be to change the following lines in apps/Makefile.ssl and
-test/Makefile:
+test/Makefile.ssl:
  LIBCRYPTO=-L.. -lcrypto
  LIBSSL=-L.. -lssl
@@ -48,9 +48,9 @@ will interfere with each other and lead to test failure.
 The solution is simple for now: don't run parallell make when testing.
-* Bugs in gcc triggered
+* Bugs in gcc 3.0 triggered
- According to a problem report, there are bugs in gcc 3.0 that are
+According to a problem report, there are bugs in gcc 3.0 that are
 triggered by some of the code in OpenSSL, more specifically in
 PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
@@ -63,20 +63,6 @@ The solution is simple for now: don't run parallell make when testing.
 We recommend that you upgrade gcc to as high a 3.x version as you can.
 - According to multiple problem reports, some of our message digest
  implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
  and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
  latter - SHA one.
  The recomendation is to upgrade your compiler. This naturally applies to
  other similar cases.
 - There is a subtle Solaris x86-specific gcc run-time environment bug, which
  "falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
  manifests itself as Segmentation Fault upon early application start-up.
  The problem can be worked around by patching the environment according to
  http://www.openssl.org/~appro/values.c.
 * solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
 As subject suggests SHA-1 might perform poorly (4 times slower)
@@ -104,6 +90,15 @@ failures in other parts of the code.
 Workaround: modify the target to +O2 when building with no-asm.
 * Poor support for AIX shared builds.
 do_aix-shared rule is not flexible enough to parameterize through a
 config-line. './Configure aix43-cc shared' is working, but not
 './Configure aix64-gcc shared'. In latter case make fails to create shared
 libraries. It's possible to build 64-bit shared libraries by running
 'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
 supporting even gcc shared builds. See RT#463 for background information.
 * Problems building shared libraries on SCO OpenServer Release 5.0.6
  with gcc 2.95.3
@@ -134,64 +129,3 @@ Any information helping to solve this issue would be deeply
 appreciated.
 NOTE: building non-shared doesn't come with this problem.
 * ULTRIX build fails with shell errors, such as "bad substitution"
  and "test: argument expected"
 The problem is caused by ULTRIX /bin/sh supporting only original
 Bourne shell syntax/semantics, and the trouble is that the vast
 majority is so accustomed to more modern syntax, that very few
 people [if any] would recognize the ancient syntax even as valid.
 This inevitably results in non-trivial scripts breaking on ULTRIX,
 and OpenSSL isn't an exclusion. Fortunately there is workaround,
 hire /bin/ksh to do the job /bin/sh fails to do.
 1. Trick make(1) to use /bin/ksh by setting up following environ-
   ment variables *prior* you execute ./Configure and make:
 	PROG_ENV=POSIX
 	MAKESHELL=/bin/ksh
 	export PROG_ENV MAKESHELL
   or if your shell is csh-compatible:
 	setenv PROG_ENV POSIX
 	setenv MAKESHELL /bin/ksh
 2. Trick /bin/sh to use alternative expression evaluator. Create
   following 'test' script for example in /tmp:
 	#!/bin/ksh
 	${0##*/} "$@"
   Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
   your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
   natively just replace system /bin/test and /bin/[ with the
   above script.
 * hpux64-ia64-cc fails blowfish test.
 Compiler bug, presumably at particular patch level. It should be noted
 that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc
 target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
 * no-engines generates errors.
 Unfortunately, the 'no-engines' configuration option currently doesn't
 work properly.  Use 'no-hw' and you'll will at least get no hardware
 support.  We'll see how we fix that on OpenSSL versions past 0.9.8.
 * 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
  if elder GNU binutils were deployed to link shared libcrypto.so.
 As subject suggests the failure is caused by a bug in elder binutils,
 either as or ld, and was observed on FreeBSD and Linux. There are two
 options. First is naturally to upgrade binutils, the second one - to
 reconfigure with additional no-sse2 [or 386] option passed to ./config.
 * If configured with ./config no-dso, toolkit still gets linked with -ldl,
  which most notably poses a problem when linking with dietlibc.
 We don't have framework to associate -ldl with no-dso, therefore the only
 way is to edit Makefile right after ./config no-dso and remove -ldl from
 EX_LIBS line.
--- a/39
+++ b/39
@@ -1,7 +1,7 @@
- OpenSSL 0.9.8l
+ OpenSSL 0.9.8-dev XX xxx XXXX
- Copyright (c) 1998-2008 The OpenSSL Project
+ Copyright (c) 1998-2002 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.
@@ -36,13 +36,12 @@
     actually logically part of it. It includes routines for the following:
     Ciphers
-        libdes - EAY's libdes DES encryption package which was floating
+        libdes - EAY's libdes DES encryption package which has been floating
-                 around the net for a few years, and was then relicensed by
+                 around the net for a few years.  It includes 15
-                 him as part of SSLeay.  It includes 15 'modes/variations'
+                 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
-                 of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
+                 cbc, cfb and ofb; pcbc and a more general form of cfb and
-                 pcbc and a more general form of cfb and ofb) including desx
+                 ofb) including desx in cbc mode, a fast crypt(3), and
-                 in cbc mode, a fast crypt(3), and routines to read
+                 routines to read passwords from the keyboard.
                 passwords from the keyboard.
        RC4 encryption,
        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
@@ -112,12 +111,6 @@
 should be contacted if that algorithm is to be used; their web page is
 http://www.ascom.ch/.
 The MDC2 algorithm is patented by IBM.
 NTT and Mitsubishi have patents and pending patents on the Camellia
 algorithm, but allow use at no charge without requiring an explicit
 licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
 INSTALLATION
 ------------
@@ -161,7 +154,7 @@
    - Stack Traceback (if the application dumps core)
 Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/support/rt.html) by mail to:
+ (http://www.openssl.org/rt2.html) by mail to:
    openssl-bugs@openssl.org
@@ -180,17 +173,11 @@
 textual explanation of what your patch does.
 Note: For legal reasons, contributions from the US can be accepted only
- if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
+ if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
- (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
+ see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
- please take some time to look at
+ and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
    http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
 and
    http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
 for the details. If "your encryption source code is too large to serve as
 an email attachment", they are glad to receive it by fax instead; hope you
 have a cheap long-distance plan.
- Our preferred format for changes is "diff -u" output. You might
+ The preferred format for changes is "diff -u" output. You might
 generate it like this:
 # cd openssl-work
--- a/44
+++ b/44
@@ -1,41 +1,12 @@
  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2009/11/05 14:09:14 $
+  ______________                           $Date: 2003/02/28 15:17:45 $
  DEVELOPMENT STATE
-    o  OpenSSL 0.9.9:  Under development...
+    o  OpenSSL 0.9.8:  Under development...
    o  OpenSSL 0.9.8l: Released on November   5th, 2009
    o  OpenSSL 0.9.8k: Released on March     25th, 2009
    o  OpenSSL 0.9.8j: Released on January    7th, 2009
    o  OpenSSL 0.9.8i: Released on September 15th, 2008
    o  OpenSSL 0.9.8h: Released on May       28th, 2008
    o  OpenSSL 0.9.8g: Released on October   19th, 2007
    o  OpenSSL 0.9.8f: Released on October   11th, 2007
    o  OpenSSL 0.9.8e: Released on February  23rd, 2007
    o  OpenSSL 0.9.8d: Released on September 28th, 2006
    o  OpenSSL 0.9.8c: Released on September  5th, 2006
    o  OpenSSL 0.9.8b: Released on May        4th, 2006
    o  OpenSSL 0.9.8a: Released on October   11th, 2005
    o  OpenSSL 0.9.8:  Released on July       5th, 2005
    o  OpenSSL 0.9.7m: Released on February  23rd, 2007
    o  OpenSSL 0.9.7l: Released on September 28th, 2006
    o  OpenSSL 0.9.7k: Released on September  5th, 2006
    o  OpenSSL 0.9.7j: Released on May        4th, 2006
    o  OpenSSL 0.9.7i: Released on October   14th, 2005
    o  OpenSSL 0.9.7h: Released on October   11th, 2005
    o  OpenSSL 0.9.7g: Released on April     11th, 2005
    o  OpenSSL 0.9.7f: Released on March     22nd, 2005
    o  OpenSSL 0.9.7e: Released on October   25th, 2004
    o  OpenSSL 0.9.7d: Released on March     17th, 2004
    o  OpenSSL 0.9.7c: Released on September 30th, 2003
    o  OpenSSL 0.9.7b: Released on April     10th, 2003
    o  OpenSSL 0.9.7a: Released on February  19th, 2003
    o  OpenSSL 0.9.7:  Released on December  31st, 2002
    o  OpenSSL 0.9.6m: Released on March     17th, 2004
    o  OpenSSL 0.9.6l: Released on November   4th, 2003
    o  OpenSSL 0.9.6k: Released on September 30th, 2003
    o  OpenSSL 0.9.6j: Released on April     10th, 2003
    o  OpenSSL 0.9.6i: Released on February  19th, 2003
    o  OpenSSL 0.9.6h: Released on December   5th, 2002
    o  OpenSSL 0.9.6g: Released on August     9th, 2002
@@ -54,11 +25,10 @@
    o  OpenSSL 0.9.2b: Released on March     22th, 1999
    o  OpenSSL 0.9.1c: Released on December  23th, 1998
-  [See also http://www.openssl.org/support/rt.html]
+  [See also http://www.openssl.org/support/rt2.html]
  RELEASE SHOWSTOPPERS
    o The Makefiles fail with some SysV makes.
    o 
  AVAILABLE PATCHES
@@ -75,8 +45,16 @@
 	Private key, certificate and CRL API and implementation.
 	Developing and bugfixing PKCS#7 (S/MIME code).
        Various X509 issues: character sets, certificate request extensions.
    o Geoff and Richard are currently working on:
 	ENGINE (the new code that gives hardware support among others).
    o Richard is currently working on:
 	UI (User Interface)
 	UTIL (a new set of library functions to support some higher level
 	      functionality that is currently missing).
 	Shared library support for VMS.
 	Kerberos 5 authentication (Heimdal)
 	Constification
 	Compression
 	Attribute Certificate support
 	Certificate Pair support
 	Storage Engines (primarly an LDAP storage engine)
--- a/3487
+++ b/3487
--- a/VMS/VMSify-conf.pl
+++ b/VMS/VMSify-conf.pl
@@ -1,34 +0,0 @@
 #! /usr/bin/perl
 use strict;
 use warnings;
 my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
 my @file_vars = ( "database", "certificate", "serial", "crlnumber",
 		  "crl", "private_key", "RANDFILE" );
 while(<STDIN>) {
    chomp;
    foreach my $d (@directory_vars) {
 	if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
 	    $_ = "$1sys\\\$disk:\[.$2$3";
 	} elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
 	    $_ = "$1sys\\\$disk:\[.$2$3";
 	}
 	s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
 	while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
 	    $_ = "$1.$3]$4";
 	}
    }
    foreach my $f (@file_vars) {
 	s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
 	while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
 	    $_ = "$1.$3$4";
 	}
 	if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
 	    $_ = "$1]$3.$4";
 	} elsif  (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
 	    $_ = "$1]$3$4";
 	}
   }
    print $_,"\n";
 }
--- a/VMS/tcpip_shr_decc.opt
+++ b/VMS/tcpip_shr_decc.opt
@@ -1 +0,0 @@
 sys$share:tcpip$ipc_shr.exe/share
--- a/apps/.cvsignore
+++ b/apps/.cvsignore
@@ -3,5 +3,3 @@ Makefile.save
 der_chop
 der_chop.bak
 CA.pl
 *.flc
 semantic.cache
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -36,22 +36,14 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 my $openssl;
 if(defined $ENV{OPENSSL}) {
 	$openssl = $ENV{OPENSSL};
 } else {
 	$openssl = "openssl";
 	$ENV{OPENSSL} = $openssl;
 }
 $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";	# 1 year
 $CADAYS="-days 1095";	# 3 years
-$REQ="$openssl req $SSLEAY_CONFIG";
+$REQ="openssl req $SSLEAY_CONFIG";
-$CA="$openssl ca $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
-$VERIFY="$openssl verify";
+$VERIFY="openssl verify";
-$X509="$openssl x509";
+$X509="openssl x509";
-$PKCS12="$openssl pkcs12";
+$PKCS12="openssl pkcs12";
 $CATOP="./demoCA";
 $CAKEY="cakey.pem";
@@ -68,19 +60,19 @@ foreach (@ARGV) {
 	    exit 0;
 	} elsif (/^-newcert$/) {
 	    # create a certificate
-	    system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
+	    system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
-	    print "Certificate is in newcert.pem, private key is in newkey.pem\n"
+	    print "Certificate (and private key) is in newreq.pem\n"
 	} elsif (/^-newreq$/) {
 	    # create a certificate request
-	    system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
+	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
-	    print "Request is in newreq.pem, private key is in newkey.pem\n";
+	    print "Request (and private key) is in newreq.pem\n";
 	} elsif (/^-newreq-nodes$/) {
 	    # create a certificate request
-	    system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
+	    system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
 	    $RET=$?;
-	    print "Request is in newreq.pem, private key is in newkey.pem\n";
+	    print "Request (and private key) is in newreq.pem\n";
 	} elsif (/^-newca$/) {
 		# if explicitly asked for or it doesn't exist then setup the
 		# directory structure that Eric likes to manage things 
@@ -92,11 +84,11 @@ foreach (@ARGV) {
 		mkdir "${CATOP}/crl", $DIRMODE ;
 		mkdir "${CATOP}/newcerts", $DIRMODE;
 		mkdir "${CATOP}/private", $DIRMODE;
-		open OUT, ">${CATOP}/index.txt";
+		open OUT, ">${CATOP}/serial";
 		close OUT;
 		open OUT, ">${CATOP}/crlnumber";
 		print OUT "01\n";
 		close OUT;
 		open OUT, ">${CATOP}/index.txt";
 		close OUT;
 	    }
 	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
 		print "CA certificate filename (or enter to create)\n";
@@ -113,10 +105,8 @@ foreach (@ARGV) {
 		    print "Making CA certificate ...\n";
 		    system ("$REQ -new -keyout " .
 			"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
-		    system ("$CA -create_serial " .
+		    system ("$CA -out ${CATOP}/$CACERT $CADAYS -batch " . 
 			"-out ${CATOP}/$CACERT $CADAYS -batch " . 
 			"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
 			"-extensions v3_ca " .
 			"-infiles ${CATOP}/$CAREQ ");
 		    $RET=$?;
 		}
@@ -124,11 +114,10 @@ foreach (@ARGV) {
 	} elsif (/^-pkcs12$/) {
 	    my $cname = $ARGV[1];
 	    $cname = "My Certificate" unless defined $cname;
-	    system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
+	    system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
 			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
 			"-export -name \"$cname\"");
 	    $RET=$?;
 	    print "PKCS #12 file is in newcert.p12\n";
 	    exit $RET;
 	} elsif (/^-xsign$/) {
 	    system ("$CA -policy policy_anything -infiles newreq.pem");
--- a/apps/CA.sh
+++ b/apps/CA.sh
@@ -30,14 +30,12 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
 DAYS="-days 365"	# 1 year
 CADAYS="-days 1095"	# 3 years
-REQ="$OPENSSL req $SSLEAY_CONFIG"
+REQ="openssl req $SSLEAY_CONFIG"
-CA="$OPENSSL ca $SSLEAY_CONFIG"
+CA="openssl ca $SSLEAY_CONFIG"
-VERIFY="$OPENSSL verify"
+VERIFY="openssl verify"
-X509="$OPENSSL x509"
+X509="openssl x509"
 CATOP=./demoCA
 CAKEY=./cakey.pem
@@ -53,15 +51,15 @@ case $i in
    ;;
 -newcert) 
    # create a certificate
-    $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
+    $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
    RET=$?
-    echo "Certificate is in newcert.pem, private key is in newkey.pem"
+    echo "Certificate (and private key) is in newreq.pem"
    ;;
 -newreq) 
    # create a certificate request
-    $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
+    $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
    RET=$?
-    echo "Request is in newreq.pem, private key is in newkey.pem"
+    echo "Request (and private key) is in newreq.pem"
    ;;
 -newca)     
    # if explicitly asked for or it doesn't exist then setup the directory
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -1,982 +0,0 @@
 #
 #  apps/Makefile
 #
 DIR=		apps
 TOP=		..
 CC=		cc
 INCLUDES=	-I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=		-g -static
 MAKEFILE=	Makefile
 PERL=		perl
 RM=		rm -f
 # KRB5 stuff
 KRB5_INCLUDES=
 LIBKRB5=
 PEX_LIBS=
 EX_LIBS= 
 EXE_EXT= 
 SHLIB_TARGET=
 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
 GENERAL=Makefile makeapps.com install.com
 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl
 PROGRAM= openssl
 SCRIPTS=CA.sh CA.pl
 EXE= $(PROGRAM)$(EXE_EXT)
 E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa rsautl dsa dsaparam ec ecparam \
 	x509 genrsa gendsa s_server s_client speed \
 	s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \
 	pkcs8 spkac smime rand engine ocsp prime
 PROGS= $(PROGRAM).c
 A_OBJ=apps.o
 A_SRC=apps.c
 S_OBJ=	s_cb.o s_socket.o
 S_SRC=	s_cb.c s_socket.c
 RAND_OBJ=app_rand.o
 RAND_SRC=app_rand.c
 E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
 	ca.o pkcs7.o crl2p7.o crl.o \
 	rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
 	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \
 	ocsp.o prime.o cms.o
 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
 	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \
 	ocsp.c prime.c cms.c
 SRC=$(E_SRC)
 EXHEADER=
 HEADER=	apps.h progs.h s_apps.h \
 	testdsa.h testrsa.h \
 	$(EXHEADER)
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
 all:	exe
 exe:	$(EXE)
 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
 	fi; \
 	$(MAKE) -f $(TOP)/Makefile.shared -e \
 		APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
 		link_app.$${shlib_target}
 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
 install:
 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
 	@set -e; for i in $(EXE); \
 	do  \
 	(echo installing $$i; \
 	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
 	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
 	 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
 	 done;
 	@set -e; for i in $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
 	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
 	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
 	 mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
 	 done
 	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
 	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
 	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
 tags:
 	ctags $(SRC)
 tests:
 links:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 depend:
 	@if [ -z "$(THIS)" ]; then \
 	    $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
 	else \
 	    $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
 	fi
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 clean:
 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
 	rm -f req
 $(DLIBSSL):
 	(cd ..; $(MAKE) DIRS=ssl all)
 $(DLIBCRYPTO):
 	(cd ..; $(MAKE) DIRS=crypto all)
 $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(EXE)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
 	elif [ -n "$(FIPSCANLIB)" ]; then \
 	  FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
 	fi; \
 	LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
 	[ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
 	$(MAKE) -f $(TOP)/Makefile.shared -e \
 		CC=$${CC} APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
 		link_app.$${shlib_target}
 	-(cd ..; \
 	  OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
 	  $(PERL) tools/c_rehash certs)
 progs.h: progs.pl
 	$(PERL) progs.pl $(E_EXE) >progs.h
 	$(RM) $(PROGRAM).o
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 app_rand.o: ../include/openssl/evp.h ../include/openssl/fips.h
 app_rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 app_rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
 app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
 app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
 app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 app_rand.o: ../include/openssl/x509v3.h app_rand.c apps.h
 apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 apps.o: ../include/openssl/engine.h ../include/openssl/err.h
 apps.o: ../include/openssl/evp.h ../include/openssl/fips.h
 apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
 apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 apps.o: ../include/openssl/x509v3.h apps.c apps.h
 asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
 asn1pars.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 asn1pars.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
 asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 asn1pars.o: ../include/openssl/x509v3.h apps.h asn1pars.c
 ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ca.o: ../include/openssl/engine.h ../include/openssl/err.h
 ca.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
 ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
 ciphers.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ciphers.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c
 cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 cms.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 cms.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 cms.o: ../include/openssl/evp.h ../include/openssl/fips.h
 cms.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 cms.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 cms.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 cms.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
 cms.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 cms.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 cms.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 cms.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h cms.c
 crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 crl.o: ../include/openssl/err.h ../include/openssl/evp.h
 crl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 crl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
 crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 crl.o: ../include/openssl/x509v3.h apps.h crl.c
 crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
 crl2p7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 crl2p7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
 crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 crl2p7.o: ../include/openssl/x509v3.h apps.h crl2p7.c
 dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
 dgst.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 dgst.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 dgst.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dgst.c
 dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
 dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dh.o: ../include/openssl/err.h ../include/openssl/evp.h
 dh.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 dh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
 dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 dh.o: ../include/openssl/x509v3.h apps.h dh.c
 dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
 dsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 dsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
 dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 dsa.o: ../include/openssl/x509v3.h apps.h dsa.c
 dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
 dsaparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
 dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 dsaparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
 dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
 dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 dsaparam.o: dsaparam.c
 ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ec.o: ../include/openssl/err.h ../include/openssl/evp.h
 ec.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ec.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 ec.o: ../include/openssl/sha.h ../include/openssl/stack.h
 ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ec.o: ../include/openssl/x509v3.h apps.h ec.c
 ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
 ecparam.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ecparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ecparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 ecparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 ecparam.o: ecparam.c
 enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 enc.o: ../include/openssl/err.h ../include/openssl/evp.h
 enc.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 enc.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c
 engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
 engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 engine.o: ../include/openssl/engine.h ../include/openssl/err.h
 engine.o: ../include/openssl/evp.h ../include/openssl/fips.h
 engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 engine.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 engine.o: ../include/openssl/x509v3.h apps.h engine.c
 errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
 errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
 errstr.o: ../include/openssl/evp.h ../include/openssl/fips.h
 errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 errstr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 errstr.o: ../include/openssl/x509v3.h apps.h errstr.c
 gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
 gendh.o: ../include/openssl/evp.h ../include/openssl/fips.h
 gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
 gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
 gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 gendh.o: gendh.c
 gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
 gendsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 gendsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
 gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 gendsa.o: ../include/openssl/x509v3.h apps.h gendsa.c
 genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 genrsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
 genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 genrsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
 genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
 genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 genrsa.o: genrsa.c
 nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
 nseq.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 nseq.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
 nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 nseq.o: ../include/openssl/x509v3.h apps.h nseq.c
 ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
 ocsp.o: ../include/openssl/evp.h ../include/openssl/fips.h
 ocsp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
 openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
 openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
 openssl.o: ../include/openssl/evp.h ../include/openssl/fips.h
 openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 openssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h
 passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
 passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
 passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
 passwd.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
 passwd.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
 passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h
 passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
 passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
 passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 passwd.o: ../include/openssl/x509v3.h apps.h passwd.c
 pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
 pkcs12.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 pkcs12.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
 pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 pkcs12.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 pkcs12.o: pkcs12.c
 pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
 pkcs7.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 pkcs7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 pkcs7.o: ../include/openssl/x509v3.h apps.h pkcs7.c
 pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
 pkcs8.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 pkcs8.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
 pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 pkcs8.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 pkcs8.o: pkcs8.c
 prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 prime.o: ../include/openssl/engine.h ../include/openssl/evp.h
 prime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 prime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 prime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 prime.o: ../include/openssl/sha.h ../include/openssl/stack.h
 prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 prime.o: ../include/openssl/x509v3.h apps.h prime.c
 rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 rand.o: ../include/openssl/err.h ../include/openssl/evp.h
 rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rand.c
 req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 req.o: ../include/openssl/engine.h ../include/openssl/err.h
 req.o: ../include/openssl/evp.h ../include/openssl/fips.h
 req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 req.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 req.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 req.o: ../include/openssl/stack.h ../include/openssl/store.h
 req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 req.o: ../include/openssl/ui.h ../include/openssl/x509.h
 req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
 rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 rsa.o: ../include/openssl/evp.h ../include/openssl/fips.h
 rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 rsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
 rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 rsa.o: ../include/openssl/x509v3.h apps.h rsa.c
 rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
 rsautl.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 rsautl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
 rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 rsautl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 rsautl.o: rsautl.c
 s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
 s_cb.o: ../include/openssl/evp.h ../include/openssl/fips.h
 s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_cb.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 s_cb.o: ../include/openssl/x509v3.h apps.h s_apps.h s_cb.c
 s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
 s_client.o: ../include/openssl/evp.h ../include/openssl/fips.h
 s_client.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_client.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h
 s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 s_client.o: s_apps.h s_client.c timeouts.h
 s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
 s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
 s_server.o: ../include/openssl/evp.h ../include/openssl/fips.h
 s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_server.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
 s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h
 s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h
 s_socket.o: ../include/openssl/fips.h ../include/openssl/hmac.h
 s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
 s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 s_socket.o: s_apps.h s_socket.c
 s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
 s_time.o: ../include/openssl/evp.h ../include/openssl/fips.h
 s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_time.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c
 sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
 sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
 sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
 sess_id.o: ../include/openssl/evp.h ../include/openssl/fips.h
 sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
 sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 sess_id.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c
 smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 smime.o: ../include/openssl/err.h ../include/openssl/evp.h
 smime.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 smime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
 smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 smime.o: ../include/openssl/x509v3.h apps.h smime.c
 speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
 speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
 speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h
 speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 speed.o: ../include/openssl/engine.h ../include/openssl/err.h
 speed.o: ../include/openssl/evp.h ../include/openssl/fips.h
 speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
 speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
 speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 speed.o: speed.c testdsa.h testrsa.h
 spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
 spkac.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 spkac.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
 spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 spkac.o: ../include/openssl/x509v3.h apps.h spkac.c
 verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 verify.o: ../include/openssl/err.h ../include/openssl/evp.h
 verify.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 verify.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
 verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 verify.o: ../include/openssl/x509v3.h apps.h verify.c
 version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 version.o: ../include/openssl/crypto.h ../include/openssl/des.h
 version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
 version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 version.o: ../include/openssl/evp.h ../include/openssl/fips.h
 version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
 version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
 version.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
 version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h
 version.o: ../include/openssl/sha.h ../include/openssl/stack.h
 version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
 version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 version.o: ../include/openssl/x509v3.h apps.h version.c
 x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 x509.o: ../include/openssl/err.h ../include/openssl/evp.h
 x509.o: ../include/openssl/fips.h ../include/openssl/lhash.h
 x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 x509.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
 x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -0,0 +1,998 @@
 #
 #  apps/Makefile.ssl
 #
 DIR=		apps
 TOP=		..
 CC=		cc
 INCLUDES=	-I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=		-g -static
 INSTALL_PREFIX=
 INSTALLTOP=	/usr/local/ssl
 OPENSSLDIR=	/usr/local/ssl
 NEWMAKE=	make
 MAKE=		$(NEWMAKE) -f Makefile.ssl
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 PERL=		perl
 RM=		rm -f
 # KRB5 stuff
 KRB5_INCLUDES=
 LIBKRB5=
 PEX_LIBS=
 EX_LIBS= 
 EXE_EXT= 
 SHLIB_TARGET=
 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
 GENERAL=Makefile makeapps.com install.com
 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl
 PROGRAM= openssl
 SCRIPTS=CA.sh CA.pl der_chop
 EXE= $(PROGRAM)$(EXE_EXT)
 E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa rsautl dsa dsaparam ec ecparam \
 	x509 genrsa gendsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
 	pkcs8 spkac smime rand engine ocsp
 PROGS= $(PROGRAM).c
 A_OBJ=apps.o
 A_SRC=apps.c
 S_OBJ=	s_cb.o s_socket.o
 S_SRC=	s_cb.c s_socket.c
 RAND_OBJ=app_rand.o
 RAND_SRC=app_rand.c
 E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
 	ca.o pkcs7.o crl2p7.o crl.o \
 	rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
 	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o
 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
 	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c
 SRC=$(E_SRC)
 EXHEADER=
 HEADER=	apps.h progs.h s_apps.h \
 	testdsa.h testrsa.h \
 	$(EXHEADER)
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
 all:	exe
 exe:	$(PROGRAM)
 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
 	fi; \
 	$(NEWMAKE) -f $(TOP)/Makefile.shared \
 		APPNAME=req LDFLAGS="$(CFLAG)" \
 		OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
 		LIBRPATH=$(INSTALLTOP)/lib \
 		link_app.$${shlib_target}
 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 install:
 	@set -e; for i in $(EXE); \
 	do  \
 	(echo installing $$i; \
 	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
 	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
 	 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
 	 done;
 	@set -e; for i in $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
 	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
 	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
 	 mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
 	 done
 	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
 	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
 	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
 tags:
 	ctags $(SRC)
 tests:
 links:
 	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 depend:
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 clean:
 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
 	rm -f req
 $(DLIBSSL):
 	(cd ..; $(MAKE) DIRS=ssl all)
 $(DLIBCRYPTO):
 	(cd ..; $(MAKE) DIRS=crypto all)
 $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(PROGRAM)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
 	fi; \
 	if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \
 	  LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \
 	else \
 	  LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
 	fi; \
 	$(NEWMAKE) -f $(TOP)/Makefile.shared \
 		APPNAME=$(PROGRAM) LDFLAGS="$(CFLAG)" \
 		OBJECTS="$(PROGRAM).o $(E_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
 		LIBRPATH=$(INSTALLTOP)/lib \
 		link_app.$${shlib_target}
 	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
 		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
 		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
 		SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
 		LIBPATH="`pwd`:$$LIBPATH"; \
 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
 		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 		$(PERL) tools/c_rehash certs)
 progs.h: progs.pl
 	$(PERL) progs.pl $(E_EXE) >progs.h
 	$(RM) $(PROGRAM).o
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 app_rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 app_rand.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 app_rand.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h
 app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
 app_rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 app_rand.o: ../include/openssl/stack.h ../include/openssl/store.h
 app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 app_rand.o: ../include/openssl/ui.h ../include/openssl/x509.h
 app_rand.o: ../include/openssl/x509_vfy.h app_rand.c apps.h
 apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 apps.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 apps.o: ../include/openssl/engine.h ../include/openssl/err.h
 apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 apps.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
 apps.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 apps.o: ../include/openssl/x509v3.h apps.c apps.h
 asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 asn1pars.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 asn1pars.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
 asn1pars.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 asn1pars.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 asn1pars.o: ../include/openssl/stack.h ../include/openssl/store.h
 asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 asn1pars.o: ../include/openssl/ui.h ../include/openssl/x509.h
 asn1pars.o: ../include/openssl/x509_vfy.h apps.h asn1pars.c
 ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ca.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ca.o: ../include/openssl/engine.h ../include/openssl/err.h
 ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
 ca.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ca.o: ../include/openssl/x509v3.h apps.h ca.c
 ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ciphers.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 ciphers.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 ciphers.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
 ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ciphers.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 ciphers.o: ../include/openssl/stack.h ../include/openssl/store.h
 ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 ciphers.o: ciphers.c
 crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 crl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 crl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 crl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 crl.o: ../include/openssl/engine.h ../include/openssl/err.h
 crl.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 crl.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 crl.o: ../include/openssl/stack.h ../include/openssl/store.h
 crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 crl.o: ../include/openssl/ui.h ../include/openssl/x509.h
 crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
 crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 crl2p7.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 crl2p7.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
 crl2p7.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 crl2p7.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 crl2p7.o: ../include/openssl/stack.h ../include/openssl/store.h
 crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 crl2p7.o: ../include/openssl/ui.h ../include/openssl/x509.h
 crl2p7.o: ../include/openssl/x509_vfy.h apps.h crl2p7.c
 dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 dgst.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 dgst.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
 dgst.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dgst.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dgst.o: ../include/openssl/stack.h ../include/openssl/store.h
 dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dgst.o: ../include/openssl/ui.h ../include/openssl/x509.h
 dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c
 dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 dh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 dh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 dh.o: ../include/openssl/engine.h ../include/openssl/err.h
 dh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dh.o: ../include/openssl/stack.h ../include/openssl/store.h
 dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dh.o: ../include/openssl/ui.h ../include/openssl/x509.h
 dh.o: ../include/openssl/x509_vfy.h apps.h dh.c
 dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 dsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 dsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 dsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dsa.o: ../include/openssl/stack.h ../include/openssl/store.h
 dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
 dsa.o: ../include/openssl/x509_vfy.h apps.h dsa.c
 dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
 dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
 dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
 dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c
 ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ec.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ec.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ec.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 ec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ec.o: ../include/openssl/engine.h ../include/openssl/err.h
 ec.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ec.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ec.o: ../include/openssl/stack.h ../include/openssl/store.h
 ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 ec.o: ../include/openssl/ui.h ../include/openssl/x509.h
 ec.o: ../include/openssl/x509_vfy.h apps.h ec.c
 ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 ecparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
 ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ecparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ecparam.o: ../include/openssl/stack.h ../include/openssl/store.h
 ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 ecparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
 ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c
 enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 enc.o: ../include/openssl/engine.h ../include/openssl/err.h
 enc.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 enc.o: ../include/openssl/stack.h ../include/openssl/store.h
 enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 enc.o: ../include/openssl/ui.h ../include/openssl/x509.h
 enc.o: ../include/openssl/x509_vfy.h apps.h enc.c
 engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
 engine.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 engine.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 engine.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 engine.o: ../include/openssl/err.h ../include/openssl/evp.h
 engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 engine.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 engine.o: ../include/openssl/stack.h ../include/openssl/store.h
 engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 engine.o: engine.c
 errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
 errstr.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 errstr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 errstr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
 errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 errstr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 errstr.o: ../include/openssl/stack.h ../include/openssl/store.h
 errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 errstr.o: errstr.c
 gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
 gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
 gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
 gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c
 gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 gendsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 gendsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 gendsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 gendsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 gendsa.o: ../include/openssl/stack.h ../include/openssl/store.h
 gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 gendsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
 gendsa.o: ../include/openssl/x509_vfy.h apps.h gendsa.c
 genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
 genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
 genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c
 nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 nseq.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 nseq.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
 nseq.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 nseq.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 nseq.o: ../include/openssl/stack.h ../include/openssl/store.h
 nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 nseq.o: ../include/openssl/ui.h ../include/openssl/x509.h
 nseq.o: ../include/openssl/x509_vfy.h apps.h nseq.c
 ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ocsp.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 ocsp.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 ocsp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ocsp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h
 ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 ocsp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 ocsp.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 ocsp.o: ../include/openssl/ui.h ../include/openssl/x509.h
 ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
 openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
 openssl.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 openssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
 openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 openssl.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 openssl.o: ../include/openssl/stack.h ../include/openssl/store.h
 openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 openssl.o: openssl.c progs.h s_apps.h
 passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 passwd.o: ../include/openssl/des.h ../include/openssl/des_old.h
 passwd.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 passwd.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 passwd.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
 passwd.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
 passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
 passwd.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 passwd.o: ../include/openssl/x509_vfy.h apps.h passwd.c
 pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 pkcs12.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
 pkcs12.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs12.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 pkcs12.o: pkcs12.c
 pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 pkcs7.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
 pkcs7.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 pkcs7.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs7.o: ../include/openssl/stack.h ../include/openssl/store.h
 pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 pkcs7.o: ../include/openssl/ui.h ../include/openssl/x509.h
 pkcs7.o: ../include/openssl/x509_vfy.h apps.h pkcs7.c
 pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 pkcs8.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
 pkcs8.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs8.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs8.c
 rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 rand.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 rand.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 rand.o: ../include/openssl/engine.h ../include/openssl/err.h
 rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
 rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rand.o: ../include/openssl/stack.h ../include/openssl/store.h
 rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 rand.o: ../include/openssl/ui.h ../include/openssl/x509.h
 rand.o: ../include/openssl/x509_vfy.h apps.h rand.c
 req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/asn1.h
 req.o: ../include/openssl/bio.h ../include/openssl/bn.h
 req.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 req.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 req.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 req.o: ../include/openssl/err.h ../include/openssl/evp.h
 req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 req.o: ../include/openssl/sha.h ../include/openssl/stack.h
 req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 req.o: ../include/openssl/x509v3.h apps.h req.c
 rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 rsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rsa.o: ../include/openssl/stack.h ../include/openssl/store.h
 rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 rsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
 rsa.o: ../include/openssl/x509_vfy.h apps.h rsa.c
 rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 rsautl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 rsautl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 rsautl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
 rsautl.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 rsautl.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rsautl.o: ../include/openssl/stack.h ../include/openssl/store.h
 rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 rsautl.o: ../include/openssl/ui.h ../include/openssl/x509.h
 rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c
 s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_cb.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 s_cb.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 s_cb.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_cb.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_cb.o: ../include/openssl/stack.h ../include/openssl/store.h
 s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
 s_cb.o: s_cb.c
 s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_client.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 s_client.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 s_client.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s_client.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_client.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_client.o: ../include/openssl/stack.h ../include/openssl/store.h
 s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_client.o: s_apps.h s_client.c
 s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 s_server.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 s_server.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
 s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_server.o: s_apps.h s_server.c
 s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_socket.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 s_socket.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_socket.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_socket.o: ../include/openssl/stack.h ../include/openssl/store.h
 s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_socket.o: s_apps.h s_socket.c
 s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_time.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 s_time.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 s_time.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_time.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_time.o: ../include/openssl/stack.h ../include/openssl/store.h
 s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_time.o: s_apps.h s_time.c
 sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
 sess_id.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 sess_id.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 sess_id.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
 sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 sess_id.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 sess_id.o: ../include/openssl/stack.h ../include/openssl/store.h
 sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 sess_id.o: sess_id.c
 smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 smime.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 smime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 smime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 smime.o: ../include/openssl/engine.h ../include/openssl/err.h
 smime.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 smime.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 smime.o: ../include/openssl/stack.h ../include/openssl/store.h
 smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 smime.o: ../include/openssl/ui.h ../include/openssl/x509.h
 smime.o: ../include/openssl/x509_vfy.h apps.h smime.c
 speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
 speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
 speed.o: ../include/openssl/des_old.h ../include/openssl/dh.h
 speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 speed.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 speed.o: ../include/openssl/err.h ../include/openssl/evp.h
 speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
 speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
 speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
 speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
 speed.o: ../include/openssl/store.h ../include/openssl/symhacks.h
 speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h
 spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 spkac.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 spkac.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 spkac.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
 spkac.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 spkac.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 spkac.o: ../include/openssl/stack.h ../include/openssl/store.h
 spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 spkac.o: ../include/openssl/ui.h ../include/openssl/x509.h
 spkac.o: ../include/openssl/x509_vfy.h apps.h spkac.c
 verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 verify.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 verify.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 verify.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 verify.o: ../include/openssl/engine.h ../include/openssl/err.h
 verify.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 verify.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 verify.o: ../include/openssl/stack.h ../include/openssl/store.h
 verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 verify.o: ../include/openssl/ui.h ../include/openssl/x509.h
 verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 verify.o: verify.c
 version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 version.o: ../include/openssl/crypto.h ../include/openssl/des.h
 version.o: ../include/openssl/des_old.h ../include/openssl/dh.h
 version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 version.o: ../include/openssl/err.h ../include/openssl/evp.h
 version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
 version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
 version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 version.o: ../include/openssl/rc4.h ../include/openssl/rsa.h
 version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 version.o: ../include/openssl/stack.h ../include/openssl/store.h
 version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
 version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 version.o: version.c
 x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 x509.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 x509.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 x509.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 x509.o: ../include/openssl/engine.h ../include/openssl/err.h
 x509.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 x509.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 x509.o: ../include/openssl/stack.h ../include/openssl/store.h
 x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 x509.o: ../include/openssl/ui.h ../include/openssl/x509.h
 x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -115,7 +115,6 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <ctype.h>
 #include <assert.h>
 #include <openssl/err.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
@@ -126,20 +125,13 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif
 #define NON_MAIN
 #include "apps.h"
 #undef NON_MAIN
 typedef struct {
-	const char *name;
+	char *name;
 	unsigned long flag;
 	unsigned long mask;
 } NAME_EX_TBL;
@@ -349,6 +341,44 @@ void program_name(char *in, char *out, int size)
 #endif
 #endif
 #ifdef OPENSSL_SYS_WIN32
 int WIN32_rename(char *from, char *to)
 	{
 #ifndef OPENSSL_SYS_WINCE
 	/* Windows rename gives an error if 'to' exists, so delete it
 	 * first and ignore file not found errror
 	 */
 	if((remove(to) != 0) && (errno != ENOENT))
 		return -1;
 #undef rename
 	return rename(from, to);
 #else
 	/* convert strings to UNICODE */
 	{
 	BOOL result = FALSE;
 	WCHAR* wfrom;
 	WCHAR* wto;
 	int i;
 	wfrom = malloc((strlen(from)+1)*2);
 	wto = malloc((strlen(to)+1)*2);
 	if (wfrom != NULL && wto != NULL)
 		{
 		for (i=0; i<(int)strlen(from)+1; i++)
 			wfrom[i] = (short)from[i];
 		for (i=0; i<(int)strlen(to)+1; i++)
 			wto[i] = (short)to[i];
 		result = MoveFile(wfrom, wto);
 		}
 	if (wfrom != NULL)
 		free(wfrom);
 	if (wto != NULL)
 		free(wto);
 	return result;
 	}
 #endif
 	}
 #endif
 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
@@ -380,17 +410,10 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 		/* The start of something good :-) */
 		if (num >= arg->count)
 			{
-			char **tmp_p;
+			arg->count+=20;
-			int tlen = arg->count + 20;
+			arg->data=(char **)OPENSSL_realloc(arg->data,
-			tmp_p = (char **)OPENSSL_realloc(arg->data,
+				sizeof(char *)*arg->count);
-				sizeof(char *)*tlen);
+			if (argc == 0) return(0);
 			if (tmp_p == NULL)
 				return 0;
 			arg->data  = tmp_p;
 			arg->count = tlen;
 			/* initialize newly allocated data */
 			for (i = num; i < arg->count; i++)
 				arg->data[i] = NULL;
 			}
 		arg->data[num++]=p;
@@ -552,7 +575,7 @@ int password_callback(char *buf, int bufsiz, int verify,
 		char *prompt = NULL;
 		prompt = UI_construct_prompt(ui, "pass phrase",
-			prompt_info);
+			cb_data->prompt_info);
 		ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
 		UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
@@ -701,51 +724,6 @@ int add_oid_section(BIO *err, CONF *conf)
 	return 1;
 }
 static int load_pkcs12(BIO *err, BIO *in, const char *desc,
 		pem_password_cb *pem_cb,  void *cb_data,
 		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
 	{
 	const char *pass;
 	char tpass[PEM_BUFSIZE];
 	int len, ret = 0;
 	PKCS12 *p12;
 	p12 = d2i_PKCS12_bio(in, NULL);
 	if (p12 == NULL)
 		{
 		BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);	
 		goto die;
 		}
 	/* See if an empty password will do */
 	if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
 		pass = "";
 	else
 		{
 		if (!pem_cb)
 			pem_cb = (pem_password_cb *)password_callback;
 		len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
 		if (len < 0) 
 			{
 			BIO_printf(err, "Passpharse callback error for %s\n",
 					desc);
 			goto die;
 			}
 		if (len < PEM_BUFSIZE)
 			tpass[len] = 0;
 		if (!PKCS12_verify_mac(p12, tpass, len))
 			{
 			BIO_printf(err,
 	"Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);	
 			goto die;
 			}
 		pass = tpass;
 		}
 	ret = PKCS12_parse(p12, pass, pkey, cert, ca);
 	die:
 	if (p12)
 		PKCS12_free(p12);
 	return ret;
 	}
 X509 *load_cert(BIO *err, const char *file, int format,
 	const char *pass, ENGINE *e, const char *cert_descrip)
 	{
@@ -826,9 +804,11 @@ X509 *load_cert(BIO *err, const char *file, int format,
 			(pem_password_cb *)password_callback, NULL);
 	else if (format == FORMAT_PKCS12)
 		{
-		if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
+		PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
-					NULL, &x, NULL))
+
-			goto end;
+		PKCS12_parse(p12, NULL, NULL, &x, NULL);
 		PKCS12_free(p12);
 		p12 = NULL;
 		}
 	else	{
 		BIO_printf(err,"bad input format specified for %s\n",
@@ -907,10 +887,11 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 #endif
 	else if (format == FORMAT_PKCS12)
 		{
-		if (!load_pkcs12(err, key, key_descrip,
+		PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
-				(pem_password_cb *)password_callback, &cb_data,
+
-				&pkey, NULL, NULL))
+		PKCS12_parse(p12, pass, &pkey, NULL, NULL);
-			goto end;
+		PKCS12_free(p12);
 		p12 = NULL;
 		}
 	else
 		{
@@ -1282,7 +1263,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T
 	return 0;
 }
-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
+void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
 {
 	char *buf;
 	char mline = 0;
@@ -1490,9 +1471,12 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
 			}
 		else
 			{
 			ASN1_INTEGER_set(ai,1);
 			ret=BN_new();
-			if (ret == NULL || !rand_serial(ret, ai))
+			if (ret == NULL)
 				BIO_printf(bio_err, "Out of memory\n");
 			else
 				BN_one(ret);
 			}
 		}
 	else
@@ -1617,9 +1601,8 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
 		{
 		if (errno != ENOENT 
 #ifdef ENOTDIR
-			&& errno != ENOTDIR
+			&& errno != ENOTDIR)
 #endif
 		   )
 			goto err;
 		}
 	else
@@ -1655,33 +1638,6 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
 	return 0;
 	}
 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
 	{
 	BIGNUM *btmp;
 	int ret = 0;
 	if (b)
 		btmp = b;
 	else
 		btmp = BN_new();
 	if (!btmp)
 		return 0;
 	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
 		goto error;
 	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
 		goto error;
 	ret = 1;
 	error:
 	if (!b)
 		BN_free(btmp);
 	return ret;
 	}
 CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
 	{
 	CA_DB *retdb = NULL;
@@ -1788,7 +1744,7 @@ int index_index(CA_DB *db)
 	return 1;
 	}
-int save_index(const char *dbfile, const char *suffix, CA_DB *db)
+int save_index(char *dbfile, char *suffix, CA_DB *db)
 	{
 	char buf[3][BSIZE];
 	BIO *out = BIO_new(BIO_s_file());
@@ -1855,7 +1811,7 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
 	return 0;
 	}
-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
+int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
 	{
 	char buf[5][BSIZE];
 	int i,j;
@@ -1907,9 +1863,8 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf
 		{
 		if (errno != ENOENT 
 #ifdef ENOTDIR
-			&& errno != ENOTDIR
+			&& errno != ENOTDIR)
 #endif
 		   )
 			goto err;
 		}
 	else
@@ -1944,9 +1899,8 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf
 		{
 		if (errno != ENOENT 
 #ifdef ENOTDIR
-			&& errno != ENOTDIR
+			&& errno != ENOTDIR)
 #endif
 		   )
 			goto err;
 		}
 	else
@@ -1995,7 +1949,7 @@ void free_index(CA_DB *db)
 		}
 	}
-int parse_yesno(const char *str, int def)
+int parse_yesno(char *str, int def)
 	{
 	int ret = def;
 	if (str)
@@ -2014,7 +1968,7 @@ int parse_yesno(const char *str, int def)
 		case 'y': /* yes */
 		case 'Y': /* YES */
 		case '1': /* 1 */
-			ret = 1;
+			ret = 0;
 			break;
 		default:
 			ret = def;
@@ -2160,410 +2114,3 @@ error:
 	return NULL;
 }
 /* This code MUST COME AFTER anything that uses rename() */
 #ifdef OPENSSL_SYS_WIN32
 int WIN32_rename(const char *from, const char *to)
 	{
 #ifndef OPENSSL_SYS_WINCE
 	/* Windows rename gives an error if 'to' exists, so delete it
 	 * first and ignore file not found errror
 	 */
 	if((remove(to) != 0) && (errno != ENOENT))
 		return -1;
 #undef rename
 	return rename(from, to);
 #else
 	/* convert strings to UNICODE */
 	{
 	BOOL result = FALSE;
 	WCHAR* wfrom;
 	WCHAR* wto;
 	int i;
 	wfrom = malloc((strlen(from)+1)*2);
 	wto = malloc((strlen(to)+1)*2);
 	if (wfrom != NULL && wto != NULL)
 		{
 		for (i=0; i<(int)strlen(from)+1; i++)
 			wfrom[i] = (short)from[i];
 		for (i=0; i<(int)strlen(to)+1; i++)
 			wto[i] = (short)to[i];
 		result = MoveFile(wfrom, wto);
 		}
 	if (wfrom != NULL)
 		free(wfrom);
 	if (wto != NULL)
 		free(wto);
 	return result;
 	}
 #endif
 	}
 #endif
 int args_verify(char ***pargs, int *pargc,
 			int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
 	{
 	ASN1_OBJECT *otmp = NULL;
 	unsigned long flags = 0;
 	int i;
 	int purpose = 0;
 	char **oldargs = *pargs;
 	char *arg = **pargs, *argn = (*pargs)[1];
 	if (!strcmp(arg, "-policy"))
 		{
 		if (!argn)
 			*badarg = 1;
 		else
 			{
 			otmp = OBJ_txt2obj(argn, 0);
 			if (!otmp)
 				{
 				BIO_printf(err, "Invalid Policy \"%s\"\n",
 									argn);
 				*badarg = 1;
 				}
 			}
 		(*pargs)++;
 		}
 	else if (strcmp(arg,"-purpose") == 0)
 		{
 		X509_PURPOSE *xptmp;
 		if (!argn)
 			*badarg = 1;
 		else
 			{
 			i = X509_PURPOSE_get_by_sname(argn);
 			if(i < 0)
 				{
 				BIO_printf(err, "unrecognized purpose\n");
 				*badarg = 1;
 				}
 			else
 				{
 				xptmp = X509_PURPOSE_get0(i);
 				purpose = X509_PURPOSE_get_id(xptmp);
 				}
 			}
 		(*pargs)++;
 		}
 	else if (!strcmp(arg, "-ignore_critical"))
 		flags |= X509_V_FLAG_IGNORE_CRITICAL;
 	else if (!strcmp(arg, "-issuer_checks"))
 		flags |= X509_V_FLAG_CB_ISSUER_CHECK;
 	else if (!strcmp(arg, "-crl_check"))
 		flags |=  X509_V_FLAG_CRL_CHECK;
 	else if (!strcmp(arg, "-crl_check_all"))
 		flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
 	else if (!strcmp(arg, "-policy_check"))
 		flags |= X509_V_FLAG_POLICY_CHECK;
 	else if (!strcmp(arg, "-explicit_policy"))
 		flags |= X509_V_FLAG_EXPLICIT_POLICY;
 	else if (!strcmp(arg, "-x509_strict"))
 		flags |= X509_V_FLAG_X509_STRICT;
 	else if (!strcmp(arg, "-policy_print"))
 		flags |= X509_V_FLAG_NOTIFY_POLICY;
 	else
 		return 0;
 	if (*badarg)
 		{
 		if (*pm)
 			X509_VERIFY_PARAM_free(*pm);
 		*pm = NULL;
 		goto end;
 		}
 	if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
 		{
 		*badarg = 1;
 		goto end;
 		}
 	if (otmp)
 		X509_VERIFY_PARAM_add0_policy(*pm, otmp);
 	if (flags)
 		X509_VERIFY_PARAM_set_flags(*pm, flags);
 	if (purpose)
 		X509_VERIFY_PARAM_set_purpose(*pm, purpose);
 	end:
 	(*pargs)++;
 	if (pargc)
 		*pargc -= *pargs - oldargs;
 	return 1;
 	}
 static void nodes_print(BIO *out, const char *name,
 	STACK_OF(X509_POLICY_NODE) *nodes)
 	{
 	X509_POLICY_NODE *node;
 	int i;
 	BIO_printf(out, "%s Policies:", name);
 	if (nodes)
 		{
 		BIO_puts(out, "\n");
 		for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
 			{
 			node = sk_X509_POLICY_NODE_value(nodes, i);
 			X509_POLICY_NODE_print(out, node, 2);
 			}
 		}
 	else
 		BIO_puts(out, " <empty>\n");
 	}
 void policies_print(BIO *out, X509_STORE_CTX *ctx)
 	{
 	X509_POLICY_TREE *tree;
 	int explicit_policy;
 	int free_out = 0;
 	if (out == NULL)
 		{
 		out = BIO_new_fp(stderr, BIO_NOCLOSE);
 		free_out = 1;
 		}
 	tree = X509_STORE_CTX_get0_policy_tree(ctx);
 	explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
 	BIO_printf(out, "Require explicit Policy: %s\n",
 				explicit_policy ? "True" : "False");
 	nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
 	nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
 	if (free_out)
 		BIO_free(out);
 	}
 #ifndef OPENSSL_NO_JPAKE
 static JPAKE_CTX *jpake_init(const char *us, const char *them,
 							 const char *secret)
 	{
 	BIGNUM *p = NULL;
 	BIGNUM *g = NULL;
 	BIGNUM *q = NULL;
 	BIGNUM *bnsecret = BN_new();
 	JPAKE_CTX *ctx;
 	/* Use a safe prime for p (that we found earlier) */
 	BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
 	g = BN_new();
 	BN_set_word(g, 2);
 	q = BN_new();
 	BN_rshift1(q, p);
 	BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
 	ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
 	BN_free(bnsecret);
 	BN_free(q);
 	BN_free(g);
 	BN_free(p);
 	return ctx;
 	}
 static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
 	{
 	BN_print(conn, p->gx);
 	BIO_puts(conn, "\n");
 	BN_print(conn, p->zkpx.gr);
 	BIO_puts(conn, "\n");
 	BN_print(conn, p->zkpx.b);
 	BIO_puts(conn, "\n");
 	}
 static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
 	{
 	JPAKE_STEP1 s1;
 	JPAKE_STEP1_init(&s1);
 	JPAKE_STEP1_generate(&s1, ctx);
 	jpake_send_part(bconn, &s1.p1);
 	jpake_send_part(bconn, &s1.p2);
 	(void)BIO_flush(bconn);
 	JPAKE_STEP1_release(&s1);
 	}
 static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
 	{
 	JPAKE_STEP2 s2;
 	JPAKE_STEP2_init(&s2);
 	JPAKE_STEP2_generate(&s2, ctx);
 	jpake_send_part(bconn, &s2);
 	(void)BIO_flush(bconn);
 	JPAKE_STEP2_release(&s2);
 	}
 static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
 	{
 	JPAKE_STEP3A s3a;
 	JPAKE_STEP3A_init(&s3a);
 	JPAKE_STEP3A_generate(&s3a, ctx);
 	BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
 	(void)BIO_flush(bconn);
 	JPAKE_STEP3A_release(&s3a);
 	}
 static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
 	{
 	JPAKE_STEP3B s3b;
 	JPAKE_STEP3B_init(&s3b);
 	JPAKE_STEP3B_generate(&s3b, ctx);
 	BIO_write(bconn, s3b.hk, sizeof s3b.hk);
 	(void)BIO_flush(bconn);
 	JPAKE_STEP3B_release(&s3b);
 	}
 static void readbn(BIGNUM **bn, BIO *bconn)
 	{
 	char buf[10240];
 	int l;
 	l = BIO_gets(bconn, buf, sizeof buf);
 	assert(l > 0);
 	assert(buf[l-1] == '\n');
 	buf[l-1] = '\0';
 	BN_hex2bn(bn, buf);
 	}
 static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
 	{
 	readbn(&p->gx, bconn);
 	readbn(&p->zkpx.gr, bconn);
 	readbn(&p->zkpx.b, bconn);
 	}
 static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
 	{
 	JPAKE_STEP1 s1;
 	JPAKE_STEP1_init(&s1);
 	jpake_receive_part(&s1.p1, bconn);
 	jpake_receive_part(&s1.p2, bconn);
 	if(!JPAKE_STEP1_process(ctx, &s1))
 		{
 		ERR_print_errors(bio_err);
 		exit(1);
 		}
 	JPAKE_STEP1_release(&s1);
 	}
 static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
 	{
 	JPAKE_STEP2 s2;
 	JPAKE_STEP2_init(&s2);
 	jpake_receive_part(&s2, bconn);
 	if(!JPAKE_STEP2_process(ctx, &s2))
 		{
 		ERR_print_errors(bio_err);
 		exit(1);
 		}
 	JPAKE_STEP2_release(&s2);
 	}
 static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
 	{
 	JPAKE_STEP3A s3a;
 	int l;
 	JPAKE_STEP3A_init(&s3a);
 	l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
 	assert(l == sizeof s3a.hhk);
 	if(!JPAKE_STEP3A_process(ctx, &s3a))
 		{
 		ERR_print_errors(bio_err);
 		exit(1);
 		}
 	JPAKE_STEP3A_release(&s3a);
 	}
 static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
 	{
 	JPAKE_STEP3B s3b;
 	int l;
 	JPAKE_STEP3B_init(&s3b);
 	l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
 	assert(l == sizeof s3b.hk);
 	if(!JPAKE_STEP3B_process(ctx, &s3b))
 		{
 		ERR_print_errors(bio_err);
 		exit(1);
 		}
 	JPAKE_STEP3B_release(&s3b);
 	}
 void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
 	{
 	JPAKE_CTX *ctx;
 	BIO *bconn;
 	BIO_puts(out, "Authenticating with JPAKE\n");
 	ctx = jpake_init("client", "server", secret);
 	bconn = BIO_new(BIO_f_buffer());
 	BIO_push(bconn, conn);
 	jpake_send_step1(bconn, ctx);
 	jpake_receive_step1(ctx, bconn);
 	jpake_send_step2(bconn, ctx);
 	jpake_receive_step2(ctx, bconn);
 	jpake_send_step3a(bconn, ctx);
 	jpake_receive_step3b(ctx, bconn);
 	/*
 	 * The problem is that you must use the derived key in the
 	 * session key or you are subject to man-in-the-middle
 	 * attacks.
 	 */
 	BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
 		 " be MitMed. See the version in HEAD for how to do it"
 		 " properly)\n");
 	BIO_pop(bconn);
 	BIO_free(bconn);
 	}
 void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
 	{
 	JPAKE_CTX *ctx;
 	BIO *bconn;
 	BIO_puts(out, "Authenticating with JPAKE\n");
 	ctx = jpake_init("server", "client", secret);
 	bconn = BIO_new(BIO_f_buffer());
 	BIO_push(bconn, conn);
 	jpake_receive_step1(ctx, bconn);
 	jpake_send_step1(bconn, ctx);
 	jpake_receive_step2(ctx, bconn);
 	jpake_send_step2(bconn, ctx);
 	jpake_receive_step3a(ctx, bconn);
 	jpake_send_step3b(bconn, ctx);
 	/*
 	 * The problem is that you must use the derived key in the
 	 * session key or you are subject to man-in-the-middle
 	 * attacks.
 	 */
 	BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
 		 " be MitMed. See the version in HEAD for how to do it"
 		 " properly)\n");
 	BIO_pop(bconn);
 	BIO_free(bconn);
 	}
 #endif
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -114,7 +114,9 @@
 #include "e_os.h"
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
@@ -122,9 +124,6 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
 #ifndef OPENSSL_NO_OCSP
 #include <openssl/ocsp.h>
 #endif
 #include <openssl/ossl_typ.h>
 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
@@ -139,7 +138,7 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
 #ifdef OPENSSL_SYS_WIN32
 #define rename(from,to) WIN32_rename((from),(to))
-int WIN32_rename(const char *oldname,const char *newname);
+int WIN32_rename(char *oldname,char *newname);
 #endif
 #ifndef MONOLITH
@@ -149,11 +148,9 @@ int WIN32_rename(const char *oldname,const char *newname);
 #ifndef NON_MAIN
 CONF *config=NULL;
 BIO *bio_err=NULL;
 int in_FIPS_mode=0;
 #else
 extern CONF *config;
 extern BIO *bio_err;
 extern int in_FIPS_mode;
 #endif
 #else
@@ -162,7 +159,6 @@ extern int in_FIPS_mode;
 extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;
 extern int in_FIPS_mode;
 #endif
@@ -234,12 +230,6 @@ extern int in_FIPS_mode;
 #  endif
 #endif
 #ifdef OPENSSL_SYSNAME_WIN32
 #  define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
 #else
 #  define openssl_fdset(a,b) FD_SET(a, b)
 #endif
 typedef struct args_st
 	{
 	char **data;
@@ -266,7 +256,7 @@ void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 #ifdef HEADER_X509_H
 int dump_cert_text(BIO *out, X509 *x);
-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);
+void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
 int set_cert_ex(unsigned long *flags, const char *arg);
 int set_name_ex(unsigned long *flags, const char *arg);
@@ -287,18 +277,12 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
 #endif
 #ifndef OPENSSL_NO_OCSP
 OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
 			char *host, char *path, char *port, int use_ssl,
 			int req_timeout);
 #endif
 int load_config(BIO *err, CONF *cnf);
 char *make_config_name(void);
 /* Functions defined in ca.c and also used in ocsp.c */
 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
-			ASN1_GENERALIZEDTIME **pinvtm, const char *str);
+			ASN1_GENERALIZEDTIME **pinvtm, char *str);
 #define DB_type         0
 #define DB_exp_date     1
@@ -325,23 +309,15 @@ typedef struct ca_db_st
 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
 int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
 CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
 int index_index(CA_DB *db);
-int save_index(const char *dbfile, const char *suffix, CA_DB *db);
+int save_index(char *dbfile, char *suffix, CA_DB *db);
-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
+int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
 void free_index(CA_DB *db);
 int index_name_cmp(const char **a, const char **b);
-int parse_yesno(const char *str, int def);
+int parse_yesno(char *str, int def);
 X509_NAME *parse_name(char *str, long chtype, int multirdn);
 int args_verify(char ***pargs, int *pargc,
 			int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
 void policies_print(BIO *out, X509_STORE_CTX *ctx);
 #ifndef OPENSSL_NO_JPAKE
 void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
 void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
 #endif
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
@@ -362,6 +338,4 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
 #define APP_PASS_LEN	1024
 #define SERIAL_RAND_BITS	64
 #endif
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
-/* A nice addition from Dr Stephen Henson <steve@openssl.org> to 
+/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to 
 * add the -strparse option which parses nested binary structures
 */
@@ -196,7 +196,7 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
+		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
@@ -309,7 +309,6 @@ bad:
 		for (i=0; i<sk_num(osk); i++)
 			{
 			ASN1_TYPE *atmp;
 			int typ;
 			j=atoi(sk_value(osk,i));
 			if (j == 0)
 				{
@@ -328,15 +327,6 @@ bad:
 				ERR_print_errors(bio_err);
 				goto end;
 				}
 			typ = ASN1_TYPE_get(at);
 			if ((typ == V_ASN1_OBJECT)
 				|| (typ == V_ASN1_NULL))
 				{
 				BIO_printf(bio_err, "Can't parse %s type\n",
 					typ == V_ASN1_NULL ? "NULL" : "OBJECT");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
 			/* hmm... this is a little evil but it works */
 			tmpbuf=at->value.asn1_string->data;
 			tmplen=at->value.asn1_string->length;
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -83,7 +83,7 @@
 #    else
 #      include <unixlib.h>
 #    endif
-#  elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) && !defined(__TANDEM)
+#  elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE)
 #    include <sys/file.h>
 #  endif
 #endif
@@ -105,9 +105,6 @@
 #define ENV_DEFAULT_CA		"default_ca"
 #define STRING_MASK	"string_mask"
 #define UTF8_IN			"utf8"
 #define ENV_DIR			"dir"
 #define ENV_CERTS		"certs"
 #define ENV_CRL_DIR		"crl_dir"
@@ -146,7 +143,7 @@
 #define REV_KEY_COMPROMISE	3	/* Value is cert key compromise time */
 #define REV_CA_COMPROMISE	4	/* Value is CA key compromise time */
-static const char *ca_usage[]={
+static char *ca_usage[]={
 "usage: ca args\n",
 "\n",
 " -verbose        - Talk alot while doing things\n",
@@ -177,7 +174,6 @@ static const char *ca_usage[]={
 " -msie_hack      - msie modifications to handle all those universal strings\n",
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -subj arg       - Use arg instead of request's subject\n",
 " -utf8           - input characters are UTF8 (default ASCII)\n",
 " -multivalue-rdn - enable support for multivalued RDNs\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -extfile file   - Configuration file with X509v3 extentions to add\n",
@@ -196,30 +192,30 @@ extern int EF_PROTECT_BELOW;
 extern int EF_ALIGNMENT;
 #endif
-static void lookup_fail(const char *name, const char *tag);
+static void lookup_fail(char *name,char *tag);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
-		   BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate,
+		   BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate,
 		   char *enddate, long days, int batch, char *ext_sect, CONF *conf,
 		   int verbose, unsigned long certopt, unsigned long nameopt,
 		   int default_op, int ext_copy, int selfsign);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn,
+			CA_DB *db, BIGNUM *serial, char *subj, int multirdn, int email_dn,
 			char *startdate, char *enddate, long days, int batch,
 			char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
 			unsigned long nameopt, int default_op, int ext_copy,
 			ENGINE *e);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			 CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn,
+			 CA_DB *db, BIGNUM *serial,char *subj, int multirdn, int email_dn,
 			 char *startdate, char *enddate, long days, char *ext_sect,
 			 CONF *conf, int verbose, unsigned long certopt, 
 			 unsigned long nameopt, int default_op, int ext_copy);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
+	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, int multirdn,
 	int email_dn, char *startdate, char *enddate, long days, int batch,
       	int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
 	unsigned long certopt, unsigned long nameopt, int default_op,
@@ -229,7 +225,7 @@ static int get_certificate_status(const char *ser_status, CA_DB *db);
 static int do_updatedb(CA_DB *db);
 static int check_time_format(char *str);
 char *make_revocation_str(int rev_type, char *rev_arg);
-int make_revoked(X509_REVOKED *rev, const char *str);
+int make_revoked(X509_REVOKED *rev, char *str);
 int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
 static CONF *conf=NULL;
 static CONF *extconf=NULL;
@@ -245,7 +241,6 @@ int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	char *key=NULL,*passargin=NULL;
 	int create_ser = 0;
 	int free_key = 0;
 	int total=0;
 	int total_done=0;
@@ -279,7 +274,6 @@ int MAIN(int argc, char **argv)
 	char *extensions=NULL;
 	char *extfile=NULL;
 	char *subj=NULL;
 	unsigned long chtype = MBSTRING_ASC;
 	int multirdn = 0;
 	char *tmp_email_dn=NULL;
 	char *crl_ext=NULL;
@@ -305,8 +299,7 @@ int MAIN(int argc, char **argv)
 	X509_REVOKED *r=NULL;
 	ASN1_TIME *tmptm;
 	ASN1_INTEGER *tmpser;
-	char *f;
+	char **pp,*p,*f;
 	const char *p, **pp;
 	int i,j;
 	const EVP_MD *dgst=NULL;
 	STACK_OF(CONF_VALUE) *attribs=NULL;
@@ -361,10 +354,6 @@ EF_ALIGNMENT=0;
 			subj= *(++argv);
 			/* preserve=1; */
 			}
 		else if (strcmp(*argv,"-utf8") == 0)
 			chtype = MBSTRING_UTF8;
 		else if (strcmp(*argv,"-create_serial") == 0)
 			create_ser = 1;
 		else if (strcmp(*argv,"-multivalue-rdn") == 0)
 			multirdn=1;
 		else if (strcmp(*argv,"-startdate") == 0)
@@ -557,6 +546,10 @@ bad:
 	ERR_load_crypto_strings();
 #ifndef OPENSSL_NO_ENGINE
 	e = setup_engine(bio_err, engine, 0);
 #endif
 	/*****************************************************************/
 	tofree=NULL;
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
@@ -601,10 +594,6 @@ bad:
 	if (!load_config(bio_err, conf))
 		goto err;
 #ifndef OPENSSL_NO_ENGINE
 	e = setup_engine(bio_err, engine, 0);
 #endif
 	/* Lets get the config section we are using */
 	if (section == NULL)
 		{
@@ -652,23 +641,6 @@ bad:
 		ERR_clear_error();
 	app_RAND_load_file(randfile, bio_err, 0);
 	f = NCONF_get_string(conf, section, STRING_MASK);
 	if (!f)
 		ERR_clear_error();
 	if(f && !ASN1_STRING_set_default_mask_asc(f)) {
 		BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
 		goto err;
 	}
 	if (chtype != MBSTRING_UTF8){
 		f = NCONF_get_string(conf, section, UTF8_IN);
 		if (!f)
 			ERR_clear_error();
 		else if (!strcmp(f, "yes"))
 			chtype = MBSTRING_UTF8;
 	}
 	db_attr.unique_subject = 1;
 	p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
 	if (p)
@@ -678,10 +650,8 @@ bad:
 #endif
 		db_attr.unique_subject = parse_yesno(p,1);
 		}
 	else
 		ERR_clear_error();
 #ifdef RL_DEBUG
-	if (!p)
+	else
 		BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
 #endif
 #ifdef RL_DEBUG
@@ -882,7 +852,7 @@ bad:
 	/* Lets check some fields */
 	for (i=0; i<sk_num(db->db->data); i++)
 		{
-		pp=(const char **)sk_value(db->db->data,i);
+		pp=(char **)sk_value(db->db->data,i);
 		if ((pp[DB_type][0] != DB_TYPE_REV) &&
 			(pp[DB_rev_date][0] != '\0'))
 			{
@@ -895,7 +865,7 @@ bad:
 			BIO_printf(bio_err," in entry %d\n", i+1);
 			goto err;
 			}
-		if (!check_time_format((char *)pp[DB_exp_date]))
+		if (!check_time_format(pp[DB_exp_date]))
 			{
 			BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
 			goto err;
@@ -969,6 +939,7 @@ bad:
 			if (verbose) BIO_printf(bio_err,
 				"Done. %d entries marked as expired\n",i); 
 	      		}
 			goto err;
 	  	}
 	/*****************************************************************/
@@ -1019,27 +990,25 @@ bad:
 			}
 		}
 	if (req)
 		{
 		if ((md == NULL) && ((md=NCONF_get_string(conf,
 			section,ENV_DEFAULT_MD)) == NULL))
 			{
 			lookup_fail(section,ENV_DEFAULT_MD);
 			goto err;
 			}
 	if ((dgst=EVP_get_digestbyname(md)) == NULL)
 		{
 		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
 		goto err;
 		}
 	if (req)
 		{
 		if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
 			section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
 			{
 			if(strcmp(tmp_email_dn,"no") == 0)
 				email_dn=0;
 			}
 		if ((dgst=EVP_get_digestbyname(md)) == NULL)
 			{
 			BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
 			goto err;
 			}
 		if (verbose)
 			BIO_printf(bio_err,"message digest is %s\n",
 				OBJ_nid2ln(dgst->type));
@@ -1126,7 +1095,7 @@ bad:
 			goto err;
 			}
-		if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)
+		if ((serial=load_serial(serialfile, 0, NULL)) == NULL)
 			{
 			BIO_printf(bio_err,"error while loading serial number\n");
 			goto err;
@@ -1158,7 +1127,7 @@ bad:
 			{
 			total++;
 			j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
-				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions,
+				serial,subj,multirdn,email_dn,startdate,enddate,days,extensions,
 				conf,verbose,certopt,nameopt,default_op,ext_copy);
 			if (j < 0) goto err;
 			if (j > 0)
@@ -1182,7 +1151,7 @@ bad:
 			{
 			total++;
 			j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
-				db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
+				db,serial,subj,multirdn,email_dn,startdate,enddate,days,batch,
 				extensions,conf,verbose, certopt, nameopt,
 				default_op, ext_copy, e);
 			if (j < 0) goto err;
@@ -1202,7 +1171,7 @@ bad:
 			{
 			total++;
 			j=certify(&x,infile,pkey,x509p,dgst,attribs,db,
-				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
+				serial,subj,multirdn,email_dn,startdate,enddate,days,batch,
 				extensions,conf,verbose, certopt, nameopt,
 				default_op, ext_copy, selfsign);
 			if (j < 0) goto err;
@@ -1222,7 +1191,7 @@ bad:
 			{
 			total++;
 			j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db,
-				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
+				serial,subj,multirdn,email_dn,startdate,enddate,days,batch,
 				extensions,conf,verbose, certopt, nameopt,
 				default_op, ext_copy, selfsign);
 			if (j < 0) goto err;
@@ -1275,7 +1244,7 @@ bad:
 			x=sk_X509_value(cert_sk,i);
 			j=x->cert_info->serialNumber->length;
-			p=(const char *)x->cert_info->serialNumber->data;
+			p=(char *)x->cert_info->serialNumber->data;
 			if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
 				{
@@ -1396,7 +1365,7 @@ bad:
 		for (i=0; i<sk_num(db->db->data); i++)
 			{
-			pp=(const char **)sk_value(db->db->data,i);
+			pp=(char **)sk_value(db->db->data,i);
 			if (pp[DB_type][0] == DB_TYPE_REV)
 				{
 				if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -1422,6 +1391,16 @@ bad:
 		/* we now have a CRL */
 		if (verbose) BIO_printf(bio_err,"signing CRL\n");
 		if (md != NULL)
 			{
 			if ((dgst=EVP_get_digestbyname(md)) == NULL)
 				{
 				BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
 				goto err;
 				}
 			}
 		else
 			{
 #ifndef OPENSSL_NO_DSA
 			if (pkey->type == EVP_PKEY_DSA) 
 				dgst=EVP_dss1();
@@ -1430,7 +1409,10 @@ bad:
 #ifndef OPENSSL_NO_ECDSA
 			if (pkey->type == EVP_PKEY_EC)
 				dgst=EVP_ecdsa();
 			else
 #endif
 				dgst=EVP_md5();
 			}
 		/* Add any extensions asked for */
@@ -1520,20 +1502,19 @@ err:
 	if (x509) X509_free(x509);
 	X509_CRL_free(crl);
 	NCONF_free(conf);
 	NCONF_free(extconf);
 	OBJ_cleanup();
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
-static void lookup_fail(const char *name, const char *tag)
+static void lookup_fail(char *name, char *tag)
 	{
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}
 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-	     BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
+	     BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
 	     int ext_copy, int selfsign)
@@ -1589,7 +1570,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	else
 		BIO_printf(bio_err,"Signature ok\n");
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn,
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, multirdn, email_dn,
 		startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
 		certopt, nameopt, default_op, ext_copy, selfsign);
@@ -1601,7 +1582,7 @@ err:
 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-	     BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
+	     BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
 	     int ext_copy, ENGINE *e)
@@ -1643,7 +1624,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
 		goto err;
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate,
 		days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
 		ext_copy, 0);
@@ -1655,7 +1636,7 @@ err:
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	     STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
-	     unsigned long chtype, int multirdn,
+	     int multirdn,
 	     int email_dn, char *startdate, char *enddate, long days, int batch,
 	     int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1671,7 +1652,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	X509_NAME_ENTRY *tne,*push;
 	EVP_PKEY *pktmp;
 	int ok= -1,i,j,last,nid;
-	const char *p;
+	char *p;
 	CONF_VALUE *cv;
 	char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
 	char buf[25];
@@ -1688,7 +1669,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	if (subj)
 		{
-		X509_NAME *n = parse_name(subj, chtype, multirdn);
+		X509_NAME *n = parse_name(subj, MBSTRING_ASC, multirdn);
 		if (!n)
 			{
@@ -2225,7 +2206,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-	     BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
+	     BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate,
 	     long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
 	     unsigned long nameopt, int default_op, int ext_copy)
 	{
@@ -2366,7 +2347,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 	X509_REQ_set_pubkey(req,pktmp);
 	EVP_PKEY_free(pktmp);
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate,
 		   days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op,
 			ext_copy, 0);
 err:
@@ -2679,7 +2660,7 @@ err:
 	return (cnt);
 	}
-static const char *crl_reasons[] = {
+static char *crl_reasons[] = {
 	/* CRL reason strings */
 	"unspecified",
 	"keyCompromise",
@@ -2707,8 +2688,7 @@ static const char *crl_reasons[] = {
 char *make_revocation_str(int rev_type, char *rev_arg)
 	{
-	char *other = NULL, *str;
+	char *reason = NULL, *other = NULL, *str;
 	const char *reason = NULL;
 	ASN1_OBJECT *otmp;
 	ASN1_UTCTIME *revtm = NULL;
 	int i;
@@ -2802,7 +2782,7 @@ char *make_revocation_str(int rev_type, char *rev_arg)
 */
-int make_revoked(X509_REVOKED *rev, const char *str)
+int make_revoked(X509_REVOKED *rev, char *str)
 	{
 	char *tmp = NULL;
 	int reason_code = -1;
@@ -2882,29 +2862,20 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
 	p=(char *)str->data;
 	for (j=str->length; j>0; j--)
 		{
 #ifdef CHARSET_EBCDIC
 		if ((*p >= 0x20) && (*p <= 0x7e))
 			BIO_printf(bp,"%c",os_toebcdic[*p]);
 #else
 		if ((*p >= ' ') && (*p <= '~'))
 			BIO_printf(bp,"%c",*p);
 #endif
 		else if (*p & 0x80)
 			BIO_printf(bp,"\\0x%02X",*p);
 		else if ((unsigned char)*p == 0xf7)
 			BIO_printf(bp,"^?");
 #ifdef CHARSET_EBCDIC
 		else	BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]);
 #else
 		else	BIO_printf(bp,"^%c",*p+'@');
 #endif
 		p++;
 		}
 	BIO_printf(bp,"'\n");
 	return 1;
 	}
-int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str)
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str)
 	{
 	char *tmp = NULL;
 	char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -69,7 +69,7 @@
 #undef PROG
 #define PROG	ciphers_main
-static const char *ciphers_usage[]={
+static char *ciphers_usage[]={
 "usage: ciphers args\n",
 " -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
 " -ssl2       - SSL2 mode\n",
@@ -84,7 +84,7 @@ int MAIN(int argc, char **argv)
 	{
 	int ret=1,i;
 	int verbose=0;
-	const char **pp;
+	char **pp;
 	const char *p;
 	int badops=0;
 	SSL_CTX *ctx=NULL;
--- a/apps/cms.c
+++ b/apps/cms.c
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -72,7 +72,7 @@
 #undef POSTFIX
 #define	POSTFIX	".rvk"
-static const char *crl_usage[]={
+static char *crl_usage[]={
 "usage: crl args\n",
 "\n",
 " -inform arg     - input format - default PEM (DER or PEM)\n",
@@ -85,7 +85,6 @@ static const char *crl_usage[]={
 " -issuer         - print issuer DN\n",
 " -lastupdate     - lastUpdate field\n",
 " -nextupdate     - nextUpdate field\n",
 " -crlnumber      - print CRL number\n",
 " -noout          - no CRL output\n",
 " -CAfile  name   - verify CRL using certificates in file \"name\"\n",
 " -CApath  dir    - verify CRL using certificates in \"dir\"\n",
@@ -108,15 +107,15 @@ int MAIN(int argc, char **argv)
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
 	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
-	int fingerprint = 0, crlnumber = 0;
+	int fingerprint = 0;
-	const char **pp;
+	char **pp;
 	X509_STORE *store = NULL;
 	X509_STORE_CTX ctx;
 	X509_LOOKUP *lookup = NULL;
 	X509_OBJECT xobj;
 	EVP_PKEY *pkey;
 	int do_ver = 0;
-	const EVP_MD *md_alg,*digest=EVP_sha1();
+	const EVP_MD *md_alg,*digest=EVP_md5();
 	apps_startup();
@@ -207,8 +206,6 @@ int MAIN(int argc, char **argv)
 			noout= ++num;
 		else if (strcmp(*argv,"-fingerprint") == 0)
 			fingerprint= ++num;
 		else if (strcmp(*argv,"-crlnumber") == 0)
 			crlnumber= ++num;
 		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
 			{
 			/* ok */
@@ -284,21 +281,7 @@ bad:
 				{
 				print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
 				}
-			if (crlnumber == i)
+
 				{
 				ASN1_INTEGER *crlnum;
 				crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number,
 							      NULL, NULL);
 				BIO_printf(bio_out,"crlNumber=");
 				if (crlnum)
 					{
 					i2a_ASN1_INTEGER(bio_out, crlnum);
 					ASN1_INTEGER_free(crlnum);
 					}
 				else
 					BIO_puts(bio_out, "<NONE>");
 				BIO_printf(bio_out,"\n");
 				}
 			if (hash == i)
 				{
 				BIO_printf(bio_out,"%08lx\n",
@@ -372,11 +355,7 @@ bad:
 	if (text) X509_CRL_print(out, x);
-	if (noout) 
+	if (noout) goto end;
 		{
 		ret = 0;
 		goto end;
 		}
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
--- a/apps/der_chop.in
+++ b/apps/der_chop.in
@@ -0,0 +1,305 @@
 #!/usr/local/bin/perl
 #
 # der_chop ... this is one total hack that Eric is really not proud of
 #              so don't look at it and don't ask for support
 #
 # The "documentation" for this (i.e. all the comments) are my fault --tjh
 #
 # This program takes the "raw" output of derparse/asn1parse and 
 # converts it into tokens and then runs regular expression matches
 # to try to figure out what to grab to get the things that are needed
 # and it is possible that this will do the wrong thing as it is a *hack*
 #
 # SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET)
 # [I know ... promises promises :-)]
 #
 # To convert a Netscape Certificate:
 #    der_chop < ServerCert.der > cert.pem
 # To convert a Netscape Key (and encrypt it again to protect it)
 #    rsa -inform NET -in ServerKey.der -des > key.pem
 #
 # 23-Apr-96 eay    Added the extra ASN.1 string types, I still think this
 #		   is an evil hack.  If nothing else the parsing should
 #		   be relative, not absolute.
 # 19-Apr-96 tjh    hacked (with eay) into 0.5.x format
 #
 # Tim Hudson
 # tjh@cryptsoft.com
 #
 require 'getopts.pl';
 $debug=0;
 # this was the 0.4.x way of doing things ...
 $cmd="derparse";
 $x509_cmd="x509";
 $crl_cmd="crl";
 $rc4_cmd="rc4";
 $md2_cmd="md2";
 $md4_cmd="md4";
 $rsa_cmd="rsa -des -inform der ";
 # this was the 0.5.x way of doing things ...
 $cmd="openssl asn1parse";
 $x509_cmd="openssl x509";
 $crl_cmd="openssl crl";
 $rc4_cmd="openssl rc4";
 $md2_cmd="openssl md2";
 $md4_cmd="openssl md4";
 $rsa_cmd="openssl rsa -des -inform der ";
 &Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
 $depth=($opt_d =~ /^\d+$/)?$opt_d:0;
 &init_der();
 if ($#ARGV != -1)
 	{
 	foreach $file (@ARGV)
 		{
 		print STDERR "doing $file\n";
 		&dofile($file);
 		}
 	}
 else
 	{
 	$file="/tmp/a$$.DER";
 	open(OUT,">$file") || die "unable to open $file:$!\n";
 	for (;;)
 		{
 		$i=sysread(STDIN,$b,1024*10);
 		last if ($i <= 0);
 		$i=syswrite(OUT,$b,$i);
 		}
 	&dofile($file);
 	unlink($file);
 	}
 sub dofile
 	{
 	local($file)=@_;
 	local(@p);
 	$b=&load_file($file);
 	@p=&load_file_parse($file);
 	foreach $_ (@p)
 		{
 		($off,$d,$hl,$len)=&parse_line($_);
 		$d-=$depth;
 		next if ($d != 0);
 		next if ($len == 0);
 		$o=substr($b,$off,$len+$hl);
 		($str,@data)=&der_str($o);
 		print "$str\n" if ($opt_v);
 		if ($str =~ /^$crl/)
 			{
 			open(OUT,"|$crl_cmd -inform d -hash -issuer") ||
 				die "unable to run $crl_cmd:$!\n";
 			print OUT $o;
 			close(OUT);
 			}
 		elsif ($str =~ /^$x509/)
 			{
 			open(OUT,"|$x509_cmd -inform d -hash -subject -issuer")
 				|| die "unable to run $x509_cmd:$!\n";
 			print OUT $o;
 			close(OUT);
 			}
 		elsif ($str =~ /^$rsa/)
 			{
 			($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
 			next unless ($type eq "rsaEncryption");
 			($off,$d,$hl,$len)=&parse_line($data[5]);
 			$os=substr($o,$off+$hl,$len);
 			open(OUT,"|$rsa_cmd")
 				|| die "unable to run $rsa_cmd:$!\n";
 			print OUT $os;
 			close(OUT);
 			}
 		elsif ($str =~ /^0G-1D-1G/)
 			{
 			($off,$d,$hl,$len)=&parse_line($data[1]);
 			$os=substr($o,$off+$hl,$len);
 			print STDERR "<$os>\n" if $opt_v;
 			&do_certificate($o,@data)
 				if (($os eq "certificate") &&
 				    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
 			&do_private_key($o,@data)
 				if (($os eq "private-key") &&
 				    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
 			}
 		}
 	}
 sub der_str
 	{
 	local($str)=@_;
 	local(*OUT,*IN,@a,$t,$d,$ret);
 	local($file)="/tmp/b$$.DER";
 	local(@ret);
 	open(OUT,">$file");
 	print OUT $str;
 	close(OUT);
 	open(IN,"$cmd -inform 'd' -in $file |") ||
 		die "unable to run $cmd:$!\n";
 	$ret="";
 	while (<IN>)
 		{
 		chop;
 		push(@ret,$_);
 		print STDERR "$_\n" if ($debug);
 		@a=split(/\s*:\s*/);
 		($d)=($a[1] =~ /d=\s*(\d+)/);
 		$a[2] =~ s/\s+$//;
 		$t=$DER_s2i{$a[2]};
 		$ret.="$d$t-";
 		}
 	close(IN);
 	unlink($file);
 	chop $ret;
 	$ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g;
 	$ret =~ s/(-3G-4B-4L)+/-RCERT/g;
 	return($ret,@ret);
 	}
 sub init_der
 	{
 	$crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C";
 	$x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C";
 	$rsa= "0G-1B-1G-2F-2E-1D";
 	%DER_i2s=(
 		# SSLeay 0.4.x has this list
 		"A","EOC",
 		"B","INTEGER",
 		"C","BIT STRING",
 		"D","OCTET STRING",
 		"E","NULL",
 		"F","OBJECT",
 		"G","SEQUENCE",
 		"H","SET",
 		"I","PRINTABLESTRING",
 		"J","T61STRING",
 		"K","IA5STRING",
 		"L","UTCTIME",
 		"M","NUMERICSTRING",
 		"N","VIDEOTEXSTRING",
 		"O","GENERALIZEDTIME",
 		"P","GRAPHICSTRING",
 		"Q","ISO64STRING",
 		"R","GENERALSTRING",
 		"S","UNIVERSALSTRING",
 		# SSLeay 0.5.x changed some things ... and I'm
 		# leaving in the old stuff but adding in these
 		# to handle the new as well --tjh
 		# - Well I've just taken them out and added the extra new
 		# ones :-) - eay
 		);
 	foreach (keys %DER_i2s)
 		{ $DER_s2i{$DER_i2s{$_}}=$_; }
 	}
 sub parse_line
 	{
 	local($_)=@_;
 	return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/);
 	}
 #  0:d=0 hl=4 l=377 cons: univ: SEQUENCE          
 #  4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING      
 # 17:d=1 hl=4 l=360 cons: univ: SEQUENCE          
 # 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE          
 # 23:d=3 hl=2 l=  8 prim: univ: OBJECT_IDENTIFIER :rc4
 # 33:d=3 hl=2 l=  0 prim: univ: NULL              
 # 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING
 sub do_private_key
 	{
 	local($data,@struct)=@_;
 	local($file)="/tmp/b$$.DER";
 	local($off,$d,$hl,$len,$_,$b,@p,$s);
 	($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
 	if ($type eq "rc4")
 		{
 		($off,$d,$hl,$len)=&parse_line($struct[6]);
 		open(OUT,"|$rc4_cmd >$file") ||
 			die "unable to run $rc4_cmd:$!\n";
 		print OUT substr($data,$off+$hl,$len);
 		close(OUT);
 		$b=&load_file($file);
 		unlink($file);
 		($s,@p)=&der_str($b);
 		die "unknown rsa key type\n$s\n"
 			if ($s ne '0G-1B-1G-2F-2E-1D');
 		local($off,$d,$hl,$len)=&parse_line($p[5]);
 		$b=substr($b,$off+$hl,$len);
 		($s,@p)=&der_str($b);
 		open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n";
 		print OUT $b;
 		close(OUT);
 		}
 	else
 		{
 		print "'$type' is unknown\n";
 		exit(1);
 		}
 	}
 sub do_certificate
 	{
 	local($data,@struct)=@_;
 	local($file)="/tmp/b$$.DER";
 	local($off,$d,$hl,$len,$_,$b,@p,$s);
 	($off,$d,$hl,$len)=&parse_line($struct[2]);
 	$b=substr($data,$off,$len+$hl);
 	open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n";
 	print OUT $b;
 	close(OUT);
 	}
 sub load_file
 	{
 	local($file)=@_;
 	local(*IN,$r,$b,$i);
 	$r="";
 	open(IN,"<$file") || die "unable to open $file:$!\n";
 	for (;;)
 		{
 		$i=sysread(IN,$b,10240);
 		last if ($i <= 0);
 		$r.=$b;
 		}
 	close(IN);
 	return($r);
 	}
 sub load_file_parse
 	{
 	local($file)=@_;
 	local(*IN,$r,@ret,$_,$i,$n,$b);
 	open(IN,"$cmd -inform d -in $file|")
 		|| die "unable to run der_parse\n";
 	while (<IN>)
 		{
 		chop;
 		push(@ret,$_);
 		}
 	return($r,@ret);
 	}
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -66,7 +66,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/hmac.h>
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -76,7 +75,7 @@
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow);
+	  const char *file);
 int MAIN(int, char **);
@@ -84,7 +83,7 @@ int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	unsigned char *buf=NULL;
-	int i,err=1;
+	int i,err=0;
 	const EVP_MD *md=NULL,*m;
 	BIO *in=NULL,*inp;
 	BIO *bmd=NULL;
@@ -101,16 +100,12 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
 	unsigned int sig_flags = 0;
 	char *passargin = NULL, *passin = NULL;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif
 	char *hmac_key=NULL;
 	int non_fips_allow = 0;
 	apps_startup();
-ERR_load_crypto_strings();
+
 	if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
@@ -150,12 +145,6 @@ ERR_load_crypto_strings();
 			if (--argc < 1) break;
 			keyfile=*(++argv);
 			}
 		else if (!strcmp(*argv,"-passin"))
 			{
 			if (--argc < 1)
 				break;
 			passargin=*++argv;
 			}
 		else if (strcmp(*argv,"-verify") == 0)
 			{
 			if (--argc < 1) break;
@@ -169,27 +158,6 @@ ERR_load_crypto_strings();
 			keyfile=*(++argv);
 			do_verify = 1;
 			}
 		else if (strcmp(*argv,"-x931") == 0)
 			sig_flags = EVP_MD_CTX_FLAG_PAD_X931;
 		else if (strcmp(*argv,"-pss_saltlen") == 0)
 			{
 			int saltlen;
 			if (--argc < 1) break;
 			saltlen=atoi(*(++argv));
 			if (saltlen == -1)
 				sig_flags = EVP_MD_CTX_FLAG_PSS_MREC;
 			else if (saltlen == -2)
 				sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN;
 			else if (saltlen < -2 || saltlen >= 0xFFFE)
 				{
 				BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen);
 				goto end;
 				}
 			else
 				sig_flags = saltlen;
 			sig_flags <<= 16;
 			sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS;
 			}
 		else if (strcmp(*argv,"-signature") == 0)
 			{
 			if (--argc < 1) break;
@@ -213,16 +181,6 @@ ERR_load_crypto_strings();
 			out_bin = 1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
 		else if (strcmp(*argv,"-non-fips-allow") == 0)
 			non_fips_allow=1;
 		else if (!strcmp(*argv,"-fips-fingerprint"))
 			hmac_key = "etaonrishdlcupfm";
 		else if (!strcmp(*argv,"-hmac"))
 			{
 			if (--argc < 1)
 				break;
 			hmac_key=*++argv;
 			}
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			md=m;
 		else
@@ -254,38 +212,23 @@ ERR_load_crypto_strings();
 		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
 		BIO_printf(bio_err,"-hmac key       create hashed MAC with key\n");
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 #endif
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_md4,LN_md4);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_md2,LN_md2);
-#ifndef OPENSSL_NO_SHA
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha1,LN_sha1);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_sha,LN_sha);
-#ifndef OPENSSL_NO_SHA256
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha224,LN_sha224);
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha256,LN_sha256);
 #endif
 #ifndef OPENSSL_NO_SHA512
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha384,LN_sha384);
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha512,LN_sha512);
 #endif
 #endif
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_mdc2,LN_mdc2);
-		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_ripemd160,LN_ripemd160);
 		err=1;
 		goto end;
@@ -301,13 +244,7 @@ ERR_load_crypto_strings();
 		{
 		BIO_set_callback(in,BIO_debug_callback);
 		/* needed for windows 3.1 */
-		BIO_set_callback_arg(in,(char *)bio_err);
+		BIO_set_callback_arg(in,bio_err);
 		}
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
 		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 		}
 	if ((in == NULL) || (bmd == NULL))
@@ -351,7 +288,7 @@ ERR_load_crypto_strings();
 			sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
 				e, "key file");
 		else
-			sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
+			sigkey = load_key(bio_err, keyfile, keyform, 0, NULL,
 				e, "key file");
 		if (!sigkey)
 			{
@@ -382,40 +319,21 @@ ERR_load_crypto_strings();
 		}
 	}
 	if (non_fips_allow)
 		{
 		EVP_MD_CTX *md_ctx;
 		BIO_get_md_ctx(bmd,&md_ctx);
 		EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 		}
 	if (sig_flags)
 		{
 		EVP_MD_CTX *md_ctx;
 		BIO_get_md_ctx(bmd,&md_ctx);
 		EVP_MD_CTX_set_flags(md_ctx, sig_flags);
 		}
 	/* we use md as a filter, reading from 'in' */
-	if (!BIO_set_md(bmd,md))
+	BIO_set_md(bmd,md);
 		{
 		BIO_printf(bio_err, "Error setting digest %s\n", pname);
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	inp=BIO_push(bmd,in);
 	if (argc == 0)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
-			  siglen,"","(stdin)",bmd,hmac_key,non_fips_allow);
+			  siglen,"","(stdin)");
 		}
 	else
 		{
 		name=OBJ_nid2sn(md->type);
 		err = 0;
 		for (i=0; i<argc; i++)
 			{
 			char *tmp,*tofree=NULL;
@@ -429,15 +347,14 @@ ERR_load_crypto_strings();
 				}
 			if(!out_bin)
 				{
-				size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;
+				size_t len = strlen(name)+strlen(argv[i])+5;
 				tmp=tofree=OPENSSL_malloc(len);
-				BIO_snprintf(tmp,len,"%s%s(%s)= ",
+				BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
 							 hmac_key ? "HMAC-" : "",name,argv[i]);
 				}
 			else
 				tmp="";
 			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
-				siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow);
+				siglen,tmp,argv[i]);
 			if(r)
 			    err=r;
 			if(tofree)
@@ -452,8 +369,6 @@ end:
 		OPENSSL_free(buf);
 		}
 	if (in != NULL) BIO_free(in);
 	if (passin)
 		OPENSSL_free(passin);
 	BIO_free_all(out);
 	EVP_PKEY_free(sigkey);
 	if(sigbuf) OPENSSL_free(sigbuf);
@@ -464,23 +379,11 @@ end:
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow)
+	  const char *file)
 	{
-	unsigned int len;
+	int len;
 	int i;
 	EVP_MD_CTX *md_ctx;
 	HMAC_CTX hmac_ctx;
 	if (hmac_key)
 		{
 		EVP_MD *md;
 		BIO_get_md(bmd,&md);
 		HMAC_CTX_init(&hmac_ctx);
 		HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);
 		BIO_get_md_ctx(bmd,&md_ctx);
 		BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
 		}
 	for (;;)
 		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
@@ -523,11 +426,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			return 1;
 			}
 		}
 	else if(hmac_key)
 		{
 		HMAC_Final(&hmac_ctx,buf,&len);
 		HMAC_CTX_cleanup(&hmac_ctx);
 		}
 	else
 		len=BIO_gets(bp,(char *)buf,BUFSIZE);
@@ -535,7 +433,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	else 
 		{
 		BIO_write(out,title,strlen(title));
-		for (i=0; i<(int)len; i++)
+		for (i=0; i<len; i++)
 			{
 			if (sep && (i != 0))
 				BIO_printf(out, ":");
@@ -543,10 +441,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 			}
 		BIO_printf(out, "\n");
 		}
 	if (hmac_key)
 		{
 		BIO_set_md_ctx(bmd,md_ctx);
 		}
 	return 0;
 	}
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -57,7 +57,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DH */
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <stdlib.h>
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -109,7 +109,6 @@
 *
 */
 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DH */
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <stdlib.h>
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -56,7 +56,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
 #ifndef OPENSSL_NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
@@ -69,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/bn.h>
 #undef PROG
 #define PROG	dsa_main
@@ -84,10 +82,6 @@
 * -aes128	- encrypt output if PEM format
 * -aes192	- encrypt output if PEM format
 * -aes256	- encrypt output if PEM format
 * -camellia128 - encrypt output if PEM format
 * -camellia192 - encrypt output if PEM format
 * -camellia256 - encrypt output if PEM format
 * -seed        - encrypt output if PEM format
 * -text	- print a text version
 * -modulus	- print the DSA public key
 */
@@ -96,7 +90,9 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
@@ -213,13 +209,6 @@ bad:
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
 		BIO_printf(bio_err," -noout          don't print key out\n");
@@ -238,26 +227,36 @@ bad:
 		goto end;
 	}
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-	if (out == NULL)
+	if ((in == NULL) || (out == NULL))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-	BIO_printf(bio_err,"read DSA key\n");
+	if (infile == NULL)
-	{
+		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		EVP_PKEY	*pkey;
 		if (pubin)
 			pkey = load_pubkey(bio_err, infile, informat, 1,
 				passin, e, "Public Key");
 	else
-			pkey = load_key(bio_err, infile, informat, 1,
+		{
-				passin, e, "Private Key");
+		if (BIO_read_filename(in,infile) <= 0)
 			{
 			perror(infile);
 			goto end;
 			}
 		}
-		if (pkey != NULL)
+	BIO_printf(bio_err,"read DSA key\n");
-		dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey);
+	if	(informat == FORMAT_ASN1) {
-		EVP_PKEY_free(pkey);
+		if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL);
 		else dsa=d2i_DSAPrivateKey_bio(in,NULL);
 	} else if (informat == FORMAT_PEM) {
 		if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
 		else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);
 	} else
 		{
 		BIO_printf(bio_err,"bad input format specified for key\n");
 		goto end;
 		}
 	if (dsa == NULL)
 		{
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -56,7 +56,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
 * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -3,7 +3,7 @@
 * Written by Nils Larsch for the OpenSSL project.
 */
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -56,7 +56,6 @@
 *
 */
 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_EC
 #include <stdio.h>
 #include <stdlib.h>
@@ -85,12 +84,9 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE 	*e = NULL;
 #endif
 	int 	ret = 1;
 	EC_KEY 	*eckey = NULL;
 	const EC_GROUP *group;
 	int 	i, badops = 0;
 	const EVP_CIPHER *enc = NULL;
 	BIO 	*in = NULL, *out = NULL;
@@ -244,7 +240,7 @@ bad:
 				" the ec parameters are encoded\n");
 		BIO_printf(bio_err, "                 in the asn1 der "
 				"encoding\n");
-		BIO_printf(bio_err, "                 possible values:"
+		BIO_printf(bio_err, "                 possilbe values:"
 				" named_curve (default)\n");
 		BIO_printf(bio_err,"                                  "
 				"explicit\n");
@@ -253,9 +249,7 @@ bad:
 	ERR_load_crypto_strings();
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 
 		{
@@ -330,13 +324,14 @@ bad:
 			}
 		}
 	group = EC_KEY_get0_group(eckey);
 	if (new_form)
-		EC_KEY_set_conv_form(eckey, form);
+		{
 		EC_GROUP_set_point_conversion_form(eckey->group, form);
 		eckey->conv_form = form;
 		}
 	if (new_asn1_flag)
-		EC_KEY_set_asn1_flag(eckey, asn1_flag);
+		EC_GROUP_set_asn1_flag(eckey->group, asn1_flag);
 	if (text) 
 		if (!EC_KEY_print(out, eckey, 0))
@@ -347,16 +342,13 @@ bad:
 			}
 	if (noout) 
 		{
 		ret = 0;
 		goto end;
 		}
 	BIO_printf(bio_err, "writing EC key\n");
 	if (outformat == FORMAT_ASN1) 
 		{
 		if (param_out)
-			i = i2d_ECPKParameters_bio(out, group);
+			i = i2d_ECPKParameters_bio(out, eckey->group);
 		else if (pubin || pubout) 
 			i = i2d_EC_PUBKEY_bio(out, eckey);
 		else 
@@ -365,7 +357,7 @@ bad:
 	else if (outformat == FORMAT_PEM) 
 		{
 		if (param_out)
-			i = PEM_write_bio_ECPKParameters(out, group);
+			i = PEM_write_bio_ECPKParameters(out, eckey->group);
 		else if (pubin || pubout)
 			i = PEM_write_bio_EC_PUBKEY(out, eckey);
 		else 
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -3,7 +3,7 @@
 * Written by Nils Larsch for the OpenSSL project.
 */
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -68,8 +68,6 @@
 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
 *
 */
 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_EC
 #include <assert.h>
 #include <stdio.h>
@@ -129,9 +127,7 @@ int MAIN(int argc, char **argv)
 	char	*infile = NULL, *outfile = NULL, *prog;
 	BIO 	*in = NULL, *out = NULL;
 	int 	informat, outformat, noout = 0, C = 0, ret = 1;
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE	*e = NULL;
 #endif
 	char	*engine = NULL;
 	BIGNUM	*ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
@@ -339,19 +335,18 @@ bad:
 			}
 		}
 #ifndef OPENSSL_NO_ENGINE
 	e = setup_engine(bio_err, engine, 0);
 #endif
 	if (list_curves)
 		{
 		EC_builtin_curve *curves = NULL;
 		size_t crv_len = 0;
 		size_t n = 0;
 		size_t len;
 		crv_len = EC_get_builtin_curves(NULL, 0);
-		curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));
+		curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
 		if (curves == NULL)
 			goto end;
@@ -374,7 +369,10 @@ bad:
 			if (sname == NULL)
 				sname = "";
-			BIO_printf(out, "  %-10s: ", sname);
+			len = BIO_printf(out, "  %-10s: ", sname);
 			if (len + strlen(comment) > 80)
 				BIO_printf(out, "\n%80s\n", comment);
 			else
 				BIO_printf(out, "%s\n", comment);
 			} 
@@ -413,7 +411,7 @@ bad:
 			goto end;
 			}
-		group = EC_GROUP_new_by_curve_name(nid);
+		group = EC_GROUP_new_by_nid(nid);
 		if (group == NULL)
 			{
 			BIO_printf(bio_err, "unable to create curve (%s)\n", 
@@ -649,11 +647,11 @@ bad:
 		assert(need_rand);
-		if (EC_KEY_set_group(eckey, group) == 0)
+		eckey->group = group;
 			goto end;
 		if (!EC_KEY_generate_key(eckey))
 			{
 			eckey->group = NULL;
 			EC_KEY_free(eckey);
 			goto end;
 			}
@@ -666,9 +664,11 @@ bad:
 			{
 			BIO_printf(bio_err, "bad output format specified "
 				"for outfile\n");
 			eckey->group = NULL;
 			EC_KEY_free(eckey);
 			goto end;
 			}
 		eckey->group = NULL;
 		EC_KEY_free(eckey);
 		}
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -114,11 +114,9 @@ int MAIN(int argc, char **argv)
 	unsigned char salt[PKCS5_SALT_LEN];
 	char *str=NULL, *passarg = NULL, *pass = NULL;
 	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
 	char *md=NULL;
 	int enc=1,printkey=0,i,base64=0;
 	int debug=0,olb64=0,nosalt=0;
 	const EVP_CIPHER *cipher=NULL,*c;
 	EVP_CIPHER_CTX *ctx = NULL;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
@@ -126,8 +124,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 	char *engine = NULL;
 #endif
 	const EVP_MD *dgst=NULL;
 	int non_fips_allow = 0;
 	apps_startup();
@@ -257,13 +253,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			hiv= *(++argv);
 			}
 		else if (strcmp(*argv,"-md") == 0)
 			{
 			if (--argc < 1) goto bad;
 			md= *(++argv);
 			}
 		else if (strcmp(*argv,"-non-fips-allow") == 0)
 			non_fips_allow = 1;
 		else if	((argv[0][0] == '-') &&
 			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
 			{
@@ -282,10 +271,8 @@ bad:
 			BIO_printf(bio_err,"%-14s encrypt\n","-e");
 			BIO_printf(bio_err,"%-14s decrypt\n","-d");
 			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
-			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
+			BIO_printf(bio_err,"%-14s key is the next argument\n","-k");
-			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
+			BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile");
 			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
 			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
@@ -309,20 +296,6 @@ bad:
        e = setup_engine(bio_err, engine, 0);
 #endif
 	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
 		{
 		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
 		goto end;
 		}
 	if (dgst == NULL)
 		{
 		if (in_FIPS_mode)
 			dgst = EVP_sha1();
 		else
 			dgst = EVP_md5();
 		}
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -346,7 +319,7 @@ bad:
 			}
 		/* It must be large enough for a base64 encoded line */
-		if (base64 && n < 80) n=80;
+		if (n < 80) n=80;
 		bsize=(int)n;
 		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
@@ -371,16 +344,12 @@ bad:
 		{
 		BIO_set_callback(in,BIO_debug_callback);
 		BIO_set_callback(out,BIO_debug_callback);
-		BIO_set_callback_arg(in,(char *)bio_err);
+		BIO_set_callback_arg(in,bio_err);
-		BIO_set_callback_arg(out,(char *)bio_err);
+		BIO_set_callback_arg(out,bio_err);
 		}
 	if (inf == NULL)
 	        {
 		if (bufsize != NULL)
 			setvbuf(stdin, (char *)NULL, _IONBF, 0);
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	        }
 	else
 		{
 		if (BIO_read_filename(in,inf) <= 0)
@@ -431,8 +400,6 @@ bad:
 	if (outf == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 		if (bufsize != NULL)
 			setvbuf(stdout, (char *)NULL, _IONBF, 0);
 #ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
@@ -459,7 +426,7 @@ bad:
 		if (debug)
 			{
 			BIO_set_callback(b64,BIO_debug_callback);
-			BIO_set_callback_arg(b64,(char *)bio_err);
+			BIO_set_callback_arg(b64,bio_err);
 			}
 		if (olb64)
 			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
@@ -516,7 +483,7 @@ bad:
 				sptr = salt;
 			}
-			EVP_BytesToKey(cipher,dgst,sptr,
+			EVP_BytesToKey(cipher,EVP_md5(),sptr,
 				(unsigned char *)str,
 				strlen(str),1,key,iv);
 			/* zero the complete buffer or the string
@@ -533,8 +500,7 @@ bad:
 			BIO_printf(bio_err,"invalid hex iv value\n");
 			goto end;
 			}
-		if ((hiv == NULL) && (str == NULL)
+		if ((hiv == NULL) && (str == NULL))
 		    && EVP_CIPHER_iv_length(cipher) != 0)
 			{
 			/* No IV was explicitly set and no IV was generated
 			 * during EVP_BytesToKey. Hence the IV is undefined,
@@ -550,40 +516,17 @@ bad:
 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
 			goto end;
-
+		BIO_set_cipher(benc,cipher,key,iv,enc);
 		/* Since we may be changing parameters work on the encryption
 		 * context rather than calling BIO_set_cipher().
 		 */
 		BIO_get_cipher_ctx(benc, &ctx);
 		if (non_fips_allow)
 			EVP_CIPHER_CTX_set_flags(ctx,
 				EVP_CIPH_FLAG_NON_FIPS_ALLOW);
 		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
 			{
 			BIO_printf(bio_err, "Error setting cipher %s\n",
 				EVP_CIPHER_name(cipher));
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (nopad)
 			EVP_CIPHER_CTX_set_padding(ctx, 0);
 		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
 			{
-			BIO_printf(bio_err, "Error setting cipher %s\n",
+			EVP_CIPHER_CTX *ctx;
-				EVP_CIPHER_name(cipher));
+			BIO_get_cipher_ctx(benc, &ctx);
-			ERR_print_errors(bio_err);
+			EVP_CIPHER_CTX_set_padding(ctx, 0);
 			goto end;
 			}
 		if (debug)
 			{
 			BIO_set_callback(benc,BIO_debug_callback);
-			BIO_set_callback_arg(benc,(char *)bio_err);
+			BIO_set_callback_arg(benc,bio_err);
 			}
 		if (printkey)
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -56,6 +56,7 @@
 *
 */
 #ifndef OPENSSL_NO_ENGINE
 #include <stdio.h>
 #include <stdlib.h>
@@ -65,14 +66,13 @@
 #endif
 #include "apps.h"
 #include <openssl/err.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #include <openssl/ssl.h>
 #undef PROG
 #define PROG	engine_main
-static const char *engine_usage[]={
+static char *engine_usage[]={
 "usage: engine opts [engine ...]\n",
 " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
 "               -vv will additionally display each command's description\n",
@@ -252,7 +252,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
                        /* Now decide on the output */
                        if(xpos == 0)
                                /* Do an indent */
-                                xpos = BIO_puts(bio_out, indent);
+                                xpos = BIO_printf(bio_out, indent);
                        else
                                /* Otherwise prepend a ", " */
                                xpos += BIO_printf(bio_out, ", ");
@@ -263,7 +263,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
 					(xpos + (int)strlen(name) > line_wrap))
                                        {
                                        BIO_printf(bio_out, "\n");
-                                        xpos = BIO_puts(bio_out, indent);
+                                        xpos = BIO_printf(bio_out, indent);
                                        }
                                xpos += BIO_printf(bio_out, "%s", name);
                                }
@@ -344,7 +344,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	int ret=1,i;
-	const char **pp;
+	char **pp;
 	int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
 	ENGINE *e;
 	STACK *engines = sk_new_null();
@@ -394,15 +394,11 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-pre") == 0)
 			{
 			argc--; argv++;
 			if (argc == 0)
 				goto skip_arg_loop;
 			sk_push(pre_cmds,*argv);
 			}
 		else if (strcmp(*argv,"-post") == 0)
 			{
 			argc--; argv++;
 			if (argc == 0)
 				goto skip_arg_loop;
 			sk_push(post_cmds,*argv);
 			}
 		else if ((strncmp(*argv,"-h",2) == 0) ||
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -57,7 +57,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
 * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -56,7 +56,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
 #ifndef OPENSSL_NO_DSA
 #include <stdio.h>
 #include <string.h>
@@ -140,10 +139,6 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
 #ifndef OPENSSL_NO_SEED
 		else if (strcmp(*argv,"-seed") == 0)
 			enc=EVP_seed_cbc();
 #endif
 #ifndef OPENSSL_NO_AES
 		else if (strcmp(*argv,"-aes128") == 0)
 			enc=EVP_aes_128_cbc();
@@ -151,14 +146,6 @@ int MAIN(int argc, char **argv)
 			enc=EVP_aes_192_cbc();
 		else if (strcmp(*argv,"-aes256") == 0)
 			enc=EVP_aes_256_cbc();
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		else if (strcmp(*argv,"-camellia128") == 0)
 			enc=EVP_camellia_128_cbc();
 		else if (strcmp(*argv,"-camellia192") == 0)
 			enc=EVP_camellia_192_cbc();
 		else if (strcmp(*argv,"-camellia256") == 0)
 			enc=EVP_camellia_256_cbc();
 #endif
 		else if (**argv != '-' && dsaparams == NULL)
 			{
@@ -182,18 +169,10 @@ bad:
 #ifndef OPENSSL_NO_IDEA
 		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf(bio_err," -seed\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 #endif
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -1,440 +0,0 @@
 /* apps/genpkey.c */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <string.h>
 #include "apps.h"
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
 static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
 				const char *file, ENGINE *e);
 static int genpkey_cb(EVP_PKEY_CTX *ctx);
 #define PROG genpkey_main
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	char **args, *outfile = NULL;
 	char *passarg = NULL;
 	BIO *in = NULL, *out = NULL;
 	const EVP_CIPHER *cipher = NULL;
 	int outformat;
 	int text = 0;
 	EVP_PKEY *pkey=NULL;
 	EVP_PKEY_CTX *ctx = NULL;
 	char *pass = NULL;
 	int badarg = 0;
 	int ret = 1, rv;
 	int do_param = 0;
 	if (bio_err == NULL)
 		bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	if (!load_config(bio_err, NULL))
 		goto end;
 	outformat=FORMAT_PEM;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
 	while (!badarg && *args && *args[0] == '-')
 		{
 		if (!strcmp(*args,"-outform"))
 			{
 			if (args[1])
 				{
 				args++;
 				outformat=str2fmt(*args);
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args,"-pass"))
 			{
 			if (!args[1]) goto bad;
 			passarg= *(++args);
 			}
 #ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*args,"-engine") == 0)
 			{
 			if (!args[1])
 				goto bad;
        		e = setup_engine(bio_err, *(++args), 0);
 			}
 #endif
 		else if (!strcmp (*args, "-paramfile"))
 			{
 			if (!args[1])
 				goto bad;
 			args++;
 			if (do_param == 1)
 				goto bad;
 			if (!init_keygen_file(bio_err, &ctx, *args, e))
 				goto end;
 			}
 		else if (!strcmp (*args, "-out"))
 			{
 			if (args[1])
 				{
 				args++;
 				outfile = *args;
 				}
 			else badarg = 1;
 			}
 		else if (strcmp(*args,"-algorithm") == 0)
 			{
 			if (!args[1])
 				goto bad;
 			if (!init_gen_str(bio_err, &ctx, *(++args),e, do_param))
 				goto end;
 			}
 		else if (strcmp(*args,"-pkeyopt") == 0)
 			{
 			if (!args[1])
 				goto bad;
 			if (!ctx)
 				{
 				BIO_puts(bio_err, "No keytype specified\n");
 				goto bad;
 				}
 			else if (pkey_ctrl_string(ctx, *(++args)) <= 0)
 				{
 				BIO_puts(bio_err, "parameter setting error\n");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
 			}
 		else if (strcmp(*args,"-genparam") == 0)
 			{
 			if (ctx)
 				goto bad;
 			do_param = 1;
 			}
 		else if (strcmp(*args,"-text") == 0)
 			text=1;
 		else
 			{
 			cipher = EVP_get_cipherbyname(*args + 1);
 			if (!cipher)
 				{
 				BIO_printf(bio_err, "Unknown cipher %s\n",
 								*args + 1);
 				badarg = 1;
 				}
 			if (do_param == 1)
 				badarg = 1;
 			}
 		args++;
 		}
 	if (!ctx)
 		badarg = 1;
 	if (badarg)
 		{
 		bad:
 		BIO_printf(bio_err, "Usage: genpkey [options]\n");
 		BIO_printf(bio_err, "where options may be\n");
 		BIO_printf(bio_err, "-out file          output file\n");
 		BIO_printf(bio_err, "-outform X         output format (DER or PEM)\n");
 		BIO_printf(bio_err, "-pass arg          output file pass phrase source\n");
 		BIO_printf(bio_err, "-<cipher>          use cipher <cipher> to encrypt the key\n");
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err, "-engine e          use engine e, possibly a hardware device.\n");
 #endif
 		BIO_printf(bio_err, "-paramfile file    parameters file\n");
 		BIO_printf(bio_err, "-algorithm alg     the public key algorithm\n");
 		BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n"
 				            "                   to value <value>\n");
 		BIO_printf(bio_err, "-genparam          generate parameters, not key\n");
 		BIO_printf(bio_err, "-text              print the in text\n");
 		BIO_printf(bio_err, "NB: options order may be important!  See the manual page.\n");
 		goto end;
 		}
 	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
 		{
 		BIO_puts(bio_err, "Error getting password\n");
 		goto end;
 		}
 	if (outfile)
 		{
 		if (!(out = BIO_new_file (outfile, "wb")))
 			{
 			BIO_printf(bio_err,
 				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
 		}
 	else
 		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
 			}
 #endif
 		}
 	EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
 	EVP_PKEY_CTX_set_app_data(ctx, bio_err);
 	if (do_param)
 		{
 		if (EVP_PKEY_paramgen(ctx, &pkey) <= 0)
 			{
 			BIO_puts(bio_err, "Error generating parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	else
 		{
 		if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
 			{
 			BIO_puts(bio_err, "Error generating key\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	if (do_param)
 		rv = PEM_write_bio_Parameters(out, pkey);
 	else if (outformat == FORMAT_PEM) 
 		rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0,
 								NULL, pass);
 	else if (outformat == FORMAT_ASN1)
 		rv = i2d_PrivateKey_bio(out, pkey);
 	else
 		{
 		BIO_printf(bio_err, "Bad format specified for key\n");
 		goto end;
 		}
 	if (rv <= 0)
 		{
 		BIO_puts(bio_err, "Error writing key\n");
 		ERR_print_errors(bio_err);
 		}
 	if (text)
 		{
 		if (do_param)
 			rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
 		else
 			rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
 		if (rv <= 0)
 			{
 			BIO_puts(bio_err, "Error printing key\n");
 			ERR_print_errors(bio_err);
 			}
 		}
 	ret = 0;
 	end:
 	if (pkey)
 		EVP_PKEY_free(pkey);
 	if (ctx)
 		EVP_PKEY_CTX_free(ctx);
 	if (out)
 		BIO_free_all(out);
 	BIO_free(in);
 	if (pass)
 		OPENSSL_free(pass);
 	return ret;
 	}
 static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
 				const char *file, ENGINE *e)
 	{
 	BIO *pbio;
 	EVP_PKEY *pkey = NULL;
 	EVP_PKEY_CTX *ctx = NULL;
 	if (*pctx)
 		{
 		BIO_puts(err, "Parameters already set!\n");
 		return 0;
 		}
 	pbio = BIO_new_file(file, "r");
 	if (!pbio)
 		{
 		BIO_printf(err, "Can't open parameter file %s\n", file);
 		return 0;
 		}
 	pkey = PEM_read_bio_Parameters(pbio, NULL);
 	BIO_free(pbio);
 	if (!pkey)
 		{
 		BIO_printf(bio_err, "Error reading parameter file %s\n", file);
 		return 0;
 		}
 	ctx = EVP_PKEY_CTX_new(pkey, e);
 	if (!ctx)
 		goto err;
 	if (EVP_PKEY_keygen_init(ctx) <= 0)
 		goto err;
 	EVP_PKEY_free(pkey);
 	*pctx = ctx;
 	return 1;
 	err:
 	BIO_puts(err, "Error initializing context\n");
 	ERR_print_errors(err);
 	if (ctx)
 		EVP_PKEY_CTX_free(ctx);
 	if (pkey)
 		EVP_PKEY_free(pkey);
 	return 0;
 	}
 int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
 			const char *algname, ENGINE *e, int do_param)
 	{
 	EVP_PKEY_CTX *ctx = NULL;
 	const EVP_PKEY_ASN1_METHOD *ameth;
 	ENGINE *tmpeng = NULL;
 	int pkey_id;
 	if (*pctx)
 		{
 		BIO_puts(err, "Algorithm already set!\n");
 		return 0;
 		}
 	ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
 #ifndef OPENSSL_NO_ENGINE
 	if (!ameth && e)
 		ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
 #endif
 	if (!ameth)
 		{
 		BIO_printf(bio_err, "Algorithm %s not found\n", algname);
 		return 0;
 		}
 	ERR_clear_error();
 	EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
 #ifndef OPENSSL_NO_ENGINE
 	if (tmpeng)
 		ENGINE_finish(tmpeng);
 #endif
 	ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
 	if (!ctx)
 		goto err;
 	if (do_param)
 		{
 		if (EVP_PKEY_paramgen_init(ctx) <= 0)
 			goto err;
 		}
 	else
 		{
 		if (EVP_PKEY_keygen_init(ctx) <= 0)
 			goto err;
 		}
 	*pctx = ctx;
 	return 1;
 	err:
 	BIO_printf(err, "Error initializing %s context\n", algname);
 	ERR_print_errors(err);
 	if (ctx)
 		EVP_PKEY_CTX_free(ctx);
 	return 0;
 	}
 static int genpkey_cb(EVP_PKEY_CTX *ctx)
 	{
 	char c='*';
 	BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
 	int p;
 	p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
 	if (p == 0) c='.';
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write(b,&c,1);
 	(void)BIO_flush(b);
 #ifdef LINT
 	p=n;
 #endif
 	return 1;
 	}
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -56,7 +56,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
 * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
@@ -93,9 +92,9 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 #endif
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
 	long l;
 	int use_x931 = 0;
 	const EVP_CIPHER *enc=NULL;
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
@@ -105,10 +104,6 @@ int MAIN(int argc, char **argv)
 #endif
 	char *inrand=NULL;
 	BIO *out=NULL;
 	BIGNUM *bn = BN_new();
 	RSA *rsa = RSA_new();
 	if(!bn || !rsa) goto err;
 	apps_startup();
 	BN_GENCB_set(&cb, genrsa_cb, bio_err);
@@ -139,8 +134,6 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
 		else if (strcmp(*argv,"-x931") == 0)
 			use_x931 = 1;
 #ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
@@ -163,10 +156,6 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
 #ifndef OPENSSL_NO_SEED
 		else if (strcmp(*argv,"-seed") == 0)
 			enc=EVP_seed_cbc();
 #endif
 #ifndef OPENSSL_NO_AES
 		else if (strcmp(*argv,"-aes128") == 0)
 			enc=EVP_aes_128_cbc();
@@ -174,14 +163,6 @@ int MAIN(int argc, char **argv)
 			enc=EVP_aes_192_cbc();
 		else if (strcmp(*argv,"-aes256") == 0)
 			enc=EVP_aes_256_cbc();
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		else if (strcmp(*argv,"-camellia128") == 0)
 			enc=EVP_camellia_128_cbc();
 		else if (strcmp(*argv,"-camellia192") == 0)
 			enc=EVP_camellia_192_cbc();
 		else if (strcmp(*argv,"-camellia256") == 0)
 			enc=EVP_camellia_256_cbc();
 #endif
 		else if (strcmp(*argv,"-passout") == 0)
 			{
@@ -202,17 +183,9 @@ bad:
 #ifndef OPENSSL_NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt the generated key with IDEA in cbc mode\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf(bio_err," -seed\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf(bio_err," -out file       output the key to 'file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
@@ -269,21 +242,13 @@ bad:
 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-	if (use_x931)
+	if(((rsa = RSA_new()) == NULL) || !RSA_generate_key_ex(rsa, num, f4, &cb))
 		{
 		BIGNUM *pubexp;
 		pubexp = BN_new();
 		if (!BN_set_word(pubexp, f4))
 			goto err;
 		if (!RSA_X931_generate_key_ex(rsa, num, pubexp, &cb))
 			goto err;
 		BN_free(pubexp);
 		}
 	else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
 		goto err;
 	app_RAND_write_file(NULL, bio_err);
 	if (rsa == NULL) goto err;
 	/* We need to do the following for when the base number size is <
 	 * long, esp windows 3.1 :-(. */
 	l=0L;
@@ -307,9 +272,8 @@ bad:
 	ret=0;
 err:
-	if (bn) BN_free(bn);
+	if (rsa != NULL) RSA_free(rsa);
-	if (rsa) RSA_free(rsa);
+	if (out != NULL) BIO_free_all(out);
 	if (out) BIO_free_all(out);
 	if(passout) OPENSSL_free(passout);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -142,10 +142,27 @@ $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "RSA;RSAUTL;DSA;DSAPARAM;EC;ECPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
-	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP;PRIME"
+	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
 	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
 	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,EC.OBJ,ECPARAM.OBJ,-
 	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
 	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",OPENSSL,"
 $!$ APP_FILES := VERIFY;ASN1PARS;REQ;DGST;DH;ENC;GENDH;ERRSTR;CA;-
 $!	       PKCS7;CRL2P7;CRL;-
 $!	       RSA;DSA;DSAPARAM;-
 $!	       X509;GENRSA;GENDSA;-
 $!	       S_SERVER,'OBJ_DIR'S_SOCKET.OBJ,'OBJ_DIR'S_CB.OBJ;-
 $!	       S_CLIENT,'OBJ_DIR'S_SOCKET.OBJ,'OBJ_DIR'S_CB.OBJ;-
 $!	       SPEED;-
 $!	       S_TIME,'OBJ_DIR'S_CB.OBJ;VERSION;SESS_ID;CIPHERS;NSEQ
 $!$ TCPIP_PROGRAMS = ",,"
 $!$ IF COMPILER .EQS. "VAXC" THEN -
 $!     TCPIP_PROGRAMS = ",S_SERVER,S_CLIENT,SESS_ID,CIPHERS,S_TIME,"
 $!
 $! Setup exceptional compilations
 $!
@@ -633,7 +650,7 @@ $ CCDEFS = "MONOLITH"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
@@ -662,7 +679,7 @@ $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -694,7 +711,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -726,7 +743,7 @@ $!    Use GNU C...
 $!
 $     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
 $     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -1,5 +1,5 @@
 /* nseq.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
 */
 /* ====================================================================
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1,5 +1,5 @@
 /* ocsp.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
@@ -56,14 +56,14 @@
 *
 */
 #ifndef OPENSSL_NO_OCSP
-#define USE_SOCKETS
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "apps.h" /* needs to be included before the openssl headers! */
+#include "apps.h"
-#include <openssl/e_os2.h>
+#include <openssl/pem.h>
-#include <openssl/ssl.h>
+#include <openssl/ocsp.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 /* Maximum leeway in validity period: default 5 minutes */
 #define MAX_VALIDITY_PERIOD	(5 * 60)
@@ -85,8 +85,6 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
 static BIO *init_responder(char *port);
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
 static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
 				OCSP_REQUEST *req, int req_timeout);
 #undef PROG
 #define PROG ocsp_main
@@ -113,11 +111,11 @@ int MAIN(int argc, char **argv)
 	BIO *acbio = NULL, *cbio = NULL;
 	BIO *derbio = NULL;
 	BIO *out = NULL;
 	int req_timeout = -1;
 	int req_text = 0, resp_text = 0;
 	long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
 	char *CAfile = NULL, *CApath = NULL;
 	X509_STORE *store = NULL;
 	SSL_CTX *ctx = NULL;
 	STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
 	char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
 	unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
@@ -140,7 +138,6 @@ int MAIN(int argc, char **argv)
 	if (!load_config(bio_err, NULL))
 		goto end;
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 	args = argv + 1;
 	reqnames = sk_new_null();
 	ids = sk_OCSP_CERTID_new_null();
@@ -155,22 +152,6 @@ int MAIN(int argc, char **argv)
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-timeout"))
 			{
 			if (args[1])
 				{
 				args++;
 				req_timeout = atol(*args);
 				if (req_timeout < 0)
 					{
 					BIO_printf(bio_err,
 						"Illegal timeout value %s\n",
 						*args);
 					badarg = 1;
 					}
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args, "-url"))
 			{
 			if (args[1])
@@ -720,14 +701,47 @@ int MAIN(int argc, char **argv)
 	else if (host)
 		{
 #ifndef OPENSSL_NO_SOCK
-		resp = process_responder(bio_err, req, host, path,
+		cbio = BIO_new_connect(host);
 						port, use_ssl, req_timeout);
 		if (!resp)
 			goto end;
 #else
 		BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
 		goto end;
 #endif
 		if (!cbio)
 			{
 			BIO_printf(bio_err, "Error creating connect BIO\n");
 			goto end;
 			}
 		if (port) BIO_set_conn_port(cbio, port);
 		if (use_ssl == 1)
 			{
 			BIO *sbio;
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 			ctx = SSL_CTX_new(SSLv23_client_method());
 #elif !defined(OPENSSL_NO_SSL3)
 			ctx = SSL_CTX_new(SSLv3_client_method());
 #elif !defined(OPENSSL_NO_SSL2)
 			ctx = SSL_CTX_new(SSLv2_client_method());
 #else
 			BIO_printf(bio_err, "SSL is disabled\n");
 			goto end;
 #endif
 			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
 			sbio = BIO_new_ssl(ctx, 1);
 			cbio = BIO_push(sbio, cbio);
 			}
 		if (BIO_do_connect(cbio) <= 0)
 			{
 			BIO_printf(bio_err, "Error connecting BIO\n");
 			goto end;
 			}
 		resp = OCSP_sendreq_bio(cbio, path, req);
 		BIO_free_all(cbio);
 		cbio = NULL;
 		if (!resp)
 			{
 			BIO_printf(bio_err, "Error querying OCSP responsder\n");
 			goto end;
 			}
 		}
 	else if (respin)
 		{
@@ -876,6 +890,7 @@ end:
 		OPENSSL_free(host);
 		OPENSSL_free(port);
 		OPENSSL_free(path);
 		SSL_CTX_free(ctx);
 		}
 	OPENSSL_EXIT(ret);
@@ -1099,7 +1114,6 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
 	char *itmp, *row[DB_NUMBER],**rrow;
 	for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
 	bn = ASN1_INTEGER_to_BN(ser,NULL);
 	OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */
 	if (BN_is_zero(bn))
 		itmp = BUF_strdup("00");
 	else
@@ -1206,141 +1220,8 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
 		return 0;
 	BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
 	i2d_OCSP_RESPONSE_bio(cbio, resp);
-	(void)BIO_flush(cbio);
+	BIO_flush(cbio);
 	return 1;
 	}
 static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
 				OCSP_REQUEST *req, int req_timeout)
 	{
 	int fd;
 	int rv;
 	OCSP_REQ_CTX *ctx = NULL;
 	OCSP_RESPONSE *rsp = NULL;
 	fd_set confds;
 	struct timeval tv;
 	if (req_timeout != -1)
 		BIO_set_nbio(cbio, 1);
 	rv = BIO_do_connect(cbio);
 	if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio)))
 		{
 		BIO_puts(err, "Error connecting BIO\n");
 		return NULL;
 		}
 	if (req_timeout == -1)
 		return OCSP_sendreq_bio(cbio, path, req);
 	if (BIO_get_fd(cbio, &fd) <= 0)
 		{
 		BIO_puts(err, "Can't get connection fd\n");
 		goto err;
 		}
 	if (rv <= 0)
 		{
 		FD_ZERO(&confds);
 		openssl_fdset(fd, &confds);
 		tv.tv_usec = 0;
 		tv.tv_sec = req_timeout;
 		rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
 		if (rv == 0)
 			{
 			BIO_puts(err, "Timeout on connect\n");
 			return NULL;
 			}
 		}
 	ctx = OCSP_sendreq_new(cbio, path, req, -1);
 	if (!ctx)
 		return NULL;
 	for (;;)
 		{
 		rv = OCSP_sendreq_nbio(&rsp, ctx);
 		if (rv != -1)
 			break;
 		FD_ZERO(&confds);
 		openssl_fdset(fd, &confds);
 		tv.tv_usec = 0;
 		tv.tv_sec = req_timeout;
 		if (BIO_should_read(cbio))
 			rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
 		else if (BIO_should_write(cbio))
 			rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
 		else
 			{
 			BIO_puts(err, "Unexpected retry condition\n");
 			goto err;
 			}
 		if (rv == 0)
 			{
 			BIO_puts(err, "Timeout on request\n");
 			break;
 			}
 		if (rv == -1)
 			{
 			BIO_puts(err, "Select error\n");
 			break;
 			}
 		}
 	err:
 	if (ctx)
 		OCSP_REQ_CTX_free(ctx);
 	return rsp;
 	}
 OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
 			char *host, char *path, char *port, int use_ssl,
 			int req_timeout)
 	{
 	BIO *cbio = NULL;
 	SSL_CTX *ctx = NULL;
 	OCSP_RESPONSE *resp = NULL;
 	cbio = BIO_new_connect(host);
 	if (!cbio)
 		{
 		BIO_printf(err, "Error creating connect BIO\n");
 		goto end;
 		}
 	if (port) BIO_set_conn_port(cbio, port);
 	if (use_ssl == 1)
 		{
 		BIO *sbio;
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 		ctx = SSL_CTX_new(SSLv23_client_method());
 #elif !defined(OPENSSL_NO_SSL3)
 		ctx = SSL_CTX_new(SSLv3_client_method());
 #elif !defined(OPENSSL_NO_SSL2)
 		ctx = SSL_CTX_new(SSLv2_client_method());
 #else
 		BIO_printf(err, "SSL is disabled\n");
 			goto end;
 #endif
 		if (ctx == NULL)
 			{
 			BIO_printf(err, "Error creating SSL context.\n");
 			goto end;
 			}
 		SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
 		sbio = BIO_new_ssl(ctx, 1);
 		cbio = BIO_push(sbio, cbio);
 		}
 	resp = query_responder(err, cbio, path, req, req_timeout);
 	if (!resp)
 		BIO_printf(bio_err, "Error querying OCSP responsder\n");
 	end:
 	if (ctx)
 		SSL_CTX_free(ctx);
 	if (cbio)
 		BIO_free_all(cbio);
 	return resp;
 	}
 #endif
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -3,13 +3,8 @@
 # This is mostly being used for generation of certificate requests.
 #
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
-
+oid_file		= $ENV::HOME/.oid
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
 # To use this configuration file with the "-extfile" option of the
@@ -38,36 +33,23 @@ dir		= sys\$disk:[.demoCA		# Where everything is kept
 certs		= $dir.certs]		# Where the issued certs are kept
 crl_dir		= $dir.crl]		# Where the issued crl are kept
 database	= $dir]index.txt	# database index file.
 #unique_subject	= no			# Set to 'no' to allow creation of
 					# several ctificates with same subject.
 new_certs_dir	= $dir.newcerts]	# default place for new certs.
 certificate	= $dir]cacert.pem 	# The CA certificate
 serial		= $dir]serial.		# The current serial number
 crlnumber	= $dir]crlnumber.	# the current crl number
 					# must be commented out to leave a V1 CRL
 crl		= $dir]crl.pem 		# The current CRL
 private_key	= $dir.private]cakey.pem# The private key
 RANDFILE	= $dir.private].rand	# private random number file
 x509_extensions	= usr_cert		# The extentions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
 name_opt 	= ca_default		# Subject Name options
 cert_opt 	= ca_default		# Certificate field options
 # Extension copying option: use with caution.
 # copy_extensions = copy
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crlnumber must also be commented out to leave a V1 CRL.
 # crl_extensions	= crl_ext
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
-default_md	= sha1			# which md to use.
+default_md	= md5			# which md to use.
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
@@ -104,19 +86,16 @@ distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert
-# Passwords for private keys if not present they will be prompted for
+# This sets the permitted types in a DirectoryString. There are several
-# input_password = secret
+# options. 
 # output_password = secret
 # This sets a mask for permitted string types. There are several options. 
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString.
 # utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# nobmp : PrintableString, T61String (no BMPStrings).
 # MASK:XXXX a literal mask value.
 # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
 # so use this option with caution!
-string_mask = nombstr
+dirstring_type = nobmp
 # req_extensions = v3_req # The extensions to add to a certificate request
@@ -145,7 +124,7 @@ commonName			= Common Name (eg, YOUR name)
 commonName_max			= 64
 emailAddress			= Email Address
-emailAddress_max		= 64
+emailAddress_max		= 40
 # SET-ex3			= SET extension number 3
@@ -188,14 +167,11 @@ nsComment			= "OpenSSL Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
+authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 # An alternative to produce certificates that aren't
 # deprecated according to PKIX.
 # subjectAltName=email:move
 # Copy subject details
 # issuerAltName=issuer:copy
@@ -258,56 +234,3 @@ basicConstraints = CA:true
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
 [ proxy_cert_ext ]
 # These extensions should be added when creating a proxy certificate
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 # nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 # For normal client use this is typical
 # nsCertType = client, email
 # and for everything including object signing:
 # nsCertType = client, email, objsign
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "OpenSSL Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 # An alternative to produce certificates that aren't
 # deprecated according to PKIX.
 # subjectAltName=email:move
 # Copy subject details
 # issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 # This really needs to be in place for it to be a proxy certificate.
 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -147,7 +147,6 @@ char *default_config_file=NULL;
 #ifdef MONOLITH
 CONF *config=NULL;
 BIO *bio_err=NULL;
 int in_FIPS_mode=0;
 #endif
@@ -221,8 +220,7 @@ int main(int Argc, char *Argv[])
 #define PROG_NAME_SIZE	39
 	char pname[PROG_NAME_SIZE+1];
 	FUNCTION f,*fp;
-	MS_STATIC const char *prompt;
+	MS_STATIC char *prompt,buf[1024];
 	MS_STATIC char buf[1024];
 	char *to_free=NULL;
 	int n,i,ret=0;
 	int argc;
@@ -233,19 +231,6 @@ int main(int Argc, char *Argv[])
 	arg.data=NULL;
 	arg.count=0;
 	in_FIPS_mode = 0;
 #ifdef OPENSSL_FIPS
 	if(getenv("OPENSSL_FIPS")) {
 		if (!FIPS_mode_set(1)) {
 			ERR_load_crypto_strings();
 			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
 			EXIT(1);
 		}
 		in_FIPS_mode = 1;
 		}
 #endif
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
@@ -459,11 +444,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		for (fp=functions; fp->name != NULL; fp++)
 			{
 			nl=0;
 #ifdef OPENSSL_NO_CAMELLIA
 			if (((i++) % 5) == 0)
 #else
 			if (((i++) % 4) == 0)
 #endif
 				{
 				BIO_printf(bio_err,"\n");
 				nl=1;
@@ -484,11 +465,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
 					}
 				}
 #ifdef OPENSSL_NO_CAMELLIA
 			BIO_printf(bio_err,"%-15s",fp->name);
 #else
 			BIO_printf(bio_err,"%-18s",fp->name);
 #endif
 			}
 		BIO_printf(bio_err,"\n\n");
 		ret=0;
@@ -511,7 +488,7 @@ static LHASH *prog_init(void)
 	{
 	LHASH *ret;
 	FUNCTION *f;
-	size_t i;
+	int i;
 	/* Purely so it looks nice when the user hits ? */
 	for(i=0,f=functions ; f->name != NULL ; ++f,++i)
@@ -529,12 +506,12 @@ static LHASH *prog_init(void)
 /* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
 static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
 	{
-	return(strncmp(((const FUNCTION *)a_void)->name,
+	return(strncmp(((FUNCTION *)a_void)->name,
-			((const FUNCTION *)b_void)->name,8));
+			((FUNCTION *)b_void)->name,8));
 	}
 /* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
 static unsigned long MS_CALLBACK hash(const void *a_void)
 	{
-	return(lh_strhash(((const FUNCTION *)a_void)->name));
+	return(lh_strhash(((FUNCTION *)a_void)->name));
 	}
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -67,7 +67,7 @@ cert_opt 	= ca_default		# Certificate field options
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
-default_md	= sha1			# which md to use.
+default_md	= md5			# which md to use.
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
@@ -188,7 +188,7 @@ nsComment			= "OpenSSL Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
+authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
@@ -258,56 +258,3 @@ basicConstraints = CA:true
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
 [ proxy_cert_ext ]
 # These extensions should be added when creating a proxy certificate
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # Here are some examples of the usage of nsCertType. If it is omitted
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
 # nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
 # For normal client use this is typical
 # nsCertType = client, email
 # and for everything including object signing:
 # nsCertType = client, email, objsign
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # This will be displayed in Netscape's comment listbox.
 nsComment			= "OpenSSL Generated Certificate"
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 # An alternative to produce certificates that aren't
 # deprecated according to PKIX.
 # subjectAltName=email:move
 # Copy subject details
 # issuerAltName=issuer:copy
 #nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
 # This really needs to be in place for it to be a proxy certificate.
 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -359,13 +359,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	for (i = 0; i < 1000; i++)
 		{
 		EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
-		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,
+		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,
 		                       (i & 1) ? passwd_len : sizeof buf);
 		if (i % 3)
 			EVP_DigestUpdate(&md2, salt_out, salt_len);
 		if (i % 7)
 			EVP_DigestUpdate(&md2, passwd, passwd_len);
-		EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd,
+		EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,
 		                       (i & 1) ? sizeof buf : passwd_len);
 		EVP_DigestFinal_ex(&md2, buf, NULL);
 		}
@@ -474,8 +474,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	if ((strlen(passwd) > pw_maxlen))
 		{
 		if (!quiet)
-			/* XXX: really we should know how to print a size_t, not cast it */
+			BIO_printf(bio_err, "Warning: truncating password to %u characters\n", pw_maxlen);
 			BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen);
 		passwd[pw_maxlen] = 0;
 		}
 	assert(strlen(passwd) <= pw_maxlen);
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,9 +1,11 @@
 /* pkcs12.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project.
 */
 /* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -56,9 +58,6 @@
 *
 */
 #include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -84,7 +83,7 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int opti
 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
 			  int passlen, int options, char *pempass);
 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
 int alg_print(BIO *x, X509_ALGOR *alg);
 int cert_load(BIO *in, STACK_OF(X509) *sk);
@@ -100,7 +99,6 @@ int MAIN(int argc, char **argv)
    char **args;
    char *name = NULL;
    char *csp_name = NULL;
    int add_lmk = 0;
    PKCS12 *p12 = NULL;
    char pass[50], macpass[50];
    int export_cert = 0;
@@ -111,7 +109,7 @@ int MAIN(int argc, char **argv)
    int maciter = PKCS12_DEFAULT_ITER;
    int twopass = 0;
    int keytype = 0;
-    int cert_pbe;
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    int ret = 1;
    int macver = 1;
@@ -128,13 +126,6 @@ int MAIN(int argc, char **argv)
    apps_startup();
 #ifdef OPENSSL_FIPS
    if (FIPS_mode())
 	cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    else
 #endif
    cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
    enc = EVP_des_ede3_cbc();
    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
@@ -161,22 +152,14 @@ int MAIN(int argc, char **argv)
    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 		else if (!strcmp (*args, "-export")) export_cert = 1;
 		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
 		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
 #ifndef OPENSSL_NO_IDEA
 		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
 #endif
-#ifndef OPENSSL_NO_SEED
+		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
 		else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();
 #endif
 #ifndef OPENSSL_NO_AES
 		else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
 		else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
 		else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
 		else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
 		else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
 #endif
 		else if (!strcmp (*args, "-noiter")) iter = 1;
 		else if (!strcmp (*args, "-maciter"))
@@ -191,7 +174,6 @@ int MAIN(int argc, char **argv)
 				args++;
 				if (!strcmp(*args, "NONE"))
 					cert_pbe = -1;
 				else
 				cert_pbe=OBJ_txt2nid(*args);
 				if(cert_pbe == NID_undef) {
 					BIO_printf(bio_err,
@@ -232,9 +214,7 @@ int MAIN(int argc, char **argv)
 			args++;	
 			name = *args;
 		    } else badarg = 1;
-		} else if (!strcmp (*args, "-LMK"))
+		} else if (!strcmp (*args, "-CSP")) {
 			add_lmk = 1;
 		else if (!strcmp (*args, "-CSP")) {
 		    if (args[1]) {
 			args++;	
 			csp_name = *args;
@@ -319,16 +299,9 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_IDEA
 	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 	BIO_printf (bio_err, "-seed         encrypt private keys with seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 	BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
 	BIO_printf (bio_err, "              encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
 	BIO_printf (bio_err, "              encrypt PEM output with cbc camellia\n");
 #endif
 	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
 	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
@@ -348,8 +321,6 @@ int MAIN(int argc, char **argv)
 	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
  	BIO_printf(bio_err,  "-CSP name     Microsoft CSP name\n");
 	BIO_printf(bio_err,  "-LMK          Add local machine keyset attribute to private key\n");
    	goto end;
    }
@@ -489,7 +460,7 @@ int MAIN(int argc, char **argv)
 					X509_keyid_set1(ucert, NULL, 0);
 					X509_alias_set1(ucert, NULL, 0);
 					/* Remove from list */
-					(void)sk_X509_delete(certs, i);
+					sk_X509_delete(certs, i);
 					break;
 					}
 				}
@@ -554,11 +525,8 @@ int MAIN(int argc, char **argv)
 		    X509_free(sk_X509_value(chain2, 0));
 		    sk_X509_free(chain2);
 		} else {
 			if (vret >= 0)
 			BIO_printf (bio_err, "Error %s getting chain.\n",
 					X509_verify_cert_error_string(vret));
 			else
 				ERR_print_errors(bio_err);
 			goto export_end;
 		}			
    	}
@@ -571,12 +539,6 @@ int MAIN(int argc, char **argv)
 		X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
 		}
 	if (csp_name && key)
 		EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
 				MBSTRING_ASC, (unsigned char *)csp_name, -1);
 	if (add_lmk && key)
 		EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
@@ -659,7 +621,7 @@ int MAIN(int argc, char **argv)
    CRYPTO_push_info("verify MAC");
 #endif
 	/* If we enter empty password try no password first */
-	if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+	if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
 		/* If mac and crypto pass the same set it to NULL too */
 		if(!twopass) cpass = NULL;
 	} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
@@ -703,10 +665,9 @@ int MAIN(int argc, char **argv)
 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 	     int passlen, int options, char *pempass)
 {
-	STACK_OF(PKCS7) *asafes = NULL;
+	STACK_OF(PKCS7) *asafes;
 	STACK_OF(PKCS12_SAFEBAG) *bags;
 	int i, bagnid;
 	int ret = 0;
 	PKCS7 *p7;
 	if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
@@ -724,22 +685,16 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
 			}
 			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
 		} else continue;
-		if (!bags) goto err;
+		if (!bags) return 0;
 	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
 						 options, pempass)) {
 			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
-			goto err;
+			return 0;
 		}
 		sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
 		bags = NULL;
 	}
 	ret = 1;
 	err:
 	if (asafes)
 	sk_PKCS7_pop_free (asafes, PKCS7_free);
-	return ret;
+	return 1;
 }
 int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@@ -834,7 +789,7 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 {
 	X509_STORE_CTX store_ctx;
 	STACK_OF(X509) *chn;
-	int i = 0;
+	int i;
 	/* FIXME: Should really check the return status of X509_STORE_CTX_init
 	 * for an error, but how that fits into the return value of this
@@ -842,17 +797,13 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
 	if (X509_verify_cert(&store_ctx) <= 0) {
 		i = X509_STORE_CTX_get_error (&store_ctx);
 		if (i == 0)
 			/* avoid returning 0 if X509_verify_cert() did not
 			 * set an appropriate error value in the context */
 			i = -1;
 		chn = NULL;
 		goto err;
-	} else
+	}
 	chn =  X509_STORE_CTX_get1_chain(&store_ctx);
 	i = 0;
 	*chain = chn;
 err:
 	X509_STORE_CTX_cleanup(&store_ctx);
 	*chain = chn;
 	return i;
 }	
@@ -863,13 +814,11 @@ int alg_print (BIO *x, X509_ALGOR *alg)
 	const unsigned char *p;
 	p = alg->parameter->value.sequence->data;
 	pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
 	if (!pbe)
 		return 1;
 	BIO_printf (bio_err, "%s, Iteration %ld\n", 
 		OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
 		ASN1_INTEGER_get(pbe->iter));
 	PBEPARAM_free (pbe);
-	return 1;
+	return 0;
 }
 /* Load all certificates from a given file */
@@ -901,7 +850,7 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
 /* Generalised attribute print: handle PKCS#8 and bag attributes */
-int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
+int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
 {
 	X509_ATTRIBUTE *attr;
 	ASN1_TYPE *av;
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -1,6 +1,6 @@
 /* pkcs8.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999-2004.
+ * project 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -100,70 +100,43 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
-	while (!badarg && *args && *args[0] == '-')
+	while (!badarg && *args && *args[0] == '-') {
-		{
+		if (!strcmp(*args,"-v2")) {
-		if (!strcmp(*args,"-v2"))
+			if (args[1]) {
 			{
 			if (args[1])
 				{
 				args++;
 				cipher=EVP_get_cipherbyname(*args);
-				if (!cipher)
+				if(!cipher) {
 					{
 					BIO_printf(bio_err,
 						 "Unknown cipher %s\n", *args);
 					badarg = 1;
 				}
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp(*args,"-v1")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp(*args,"-v1"))
 			{
 			if (args[1])
 				{
 				args++;
 				pbe_nid=OBJ_txt2nid(*args);
-				if (pbe_nid == NID_undef)
+				if(pbe_nid == NID_undef) {
 					{
 					BIO_printf(bio_err,
 						 "Unknown PBE algorithm %s\n", *args);
 					badarg = 1;
 				}
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp(*args,"-inform")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp(*args,"-inform"))
 			{
 			if (args[1])
 				{
 				args++;
 				informat=str2fmt(*args);
-				}
+			} else badarg = 1;
-			else badarg = 1;
+		} else if (!strcmp(*args,"-outform")) {
-			}
+			if (args[1]) {
 		else if (!strcmp(*args,"-outform"))
 			{
 			if (args[1])
 				{
 				args++;
 				outformat=str2fmt(*args);
-				}
+			} else badarg = 1;
-			else badarg = 1;
+		} else if (!strcmp (*args, "-topk8")) topk8 = 1;
-			}
+		else if (!strcmp (*args, "-noiter")) iter = 1;
-		else if (!strcmp (*args, "-topk8"))
+		else if (!strcmp (*args, "-nocrypt")) nocrypt = 1;
-			topk8 = 1;
+		else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;
-		else if (!strcmp (*args, "-noiter"))
+		else if (!strcmp (*args, "-nsdb")) p8_broken = PKCS8_NS_DB;
-			iter = 1;
+		else if (!strcmp (*args, "-embed")) p8_broken = PKCS8_EMBEDDED_PARAM;
 		else if (!strcmp (*args, "-nocrypt"))
 			nocrypt = 1;
 		else if (!strcmp (*args, "-nooct"))
 			p8_broken = PKCS8_NO_OCTET;
 		else if (!strcmp (*args, "-nsdb"))
 			p8_broken = PKCS8_NS_DB;
 		else if (!strcmp (*args, "-embed"))
 			p8_broken = PKCS8_EMBEDDED_PARAM;
 		else if (!strcmp(*args,"-passin"))
 			{
 			if (!args[1]) goto bad;
@@ -181,30 +154,21 @@ int MAIN(int argc, char **argv)
 			engine= *(++args);
 			}
 #endif
-		else if (!strcmp (*args, "-in"))
+		else if (!strcmp (*args, "-in")) {
-			{
+			if (args[1]) {
 			if (args[1])
 				{
 				args++;
 				infile = *args;
-				}
+			} else badarg = 1;
-			else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
-			}
+			if (args[1]) {
 		else if (!strcmp (*args, "-out"))
 			{
 			if (args[1])
 				{
 				args++;
 				outfile = *args;
-				}
+			} else badarg = 1;
-			else badarg = 1;
+		} else badarg = 1;
 			}
 		else badarg = 1;
 		args++;
 	}
-	if (badarg)
+	if (badarg) {
 		{
 		bad:
 		BIO_printf(bio_err, "Usage pkcs8 [options]\n");
 		BIO_printf(bio_err, "where options are\n");
@@ -225,45 +189,35 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
-		return 1;
+		return (1);
 	}
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
-	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		{
 		BIO_printf(bio_err, "Error getting passwords\n");
-		return 1;
+		return (1);
 	}
-	if ((pbe_nid == -1) && !cipher)
+	if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC;
 		pbe_nid = NID_pbeWithMD5AndDES_CBC;
-	if (infile)
+	if (infile) {
-		{
+		if (!(in = BIO_new_file(infile, "rb"))) {
 		if (!(in = BIO_new_file(infile, "rb")))
 			{
 			BIO_printf(bio_err,
 				 "Can't open input file %s\n", infile);
 			return (1);
 		}
-		}
+	} else in = BIO_new_fp (stdin, BIO_NOCLOSE);
 	else
 		in = BIO_new_fp (stdin, BIO_NOCLOSE);
-	if (outfile)
+	if (outfile) {
-		{
+		if (!(out = BIO_new_file (outfile, "wb"))) {
 		if (!(out = BIO_new_file (outfile, "wb")))
 			{
 			BIO_printf(bio_err,
 				 "Can't open output file %s\n", outfile);
 			return (1);
 		}
-		}
+	} else {
 	else
 		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@@ -277,40 +231,32 @@ int MAIN(int argc, char **argv)
 		BIO_free(in); /* Not needed in this section */
 		pkey = load_key(bio_err, infile, informat, 1,
 			passin, e, "key");
-		if (!pkey)
+		if (!pkey) {
 			{
 			BIO_free_all(out);
-			return 1;
+			return (1);
 		}
-		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
+		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
 			{
 			BIO_printf(bio_err, "Error converting key\n");
 			ERR_print_errors(bio_err);
 			EVP_PKEY_free(pkey);
 			BIO_free_all(out);
-			return 1;
+			return (1);
 		}
-		if (nocrypt)
+		if(nocrypt) {
 			{
 			if(outformat == FORMAT_PEM) 
 				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
 			else if(outformat == FORMAT_ASN1)
 				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
-			else
+			else {
 				{
 				BIO_printf(bio_err, "Bad format specified for key\n");
 				PKCS8_PRIV_KEY_INFO_free(p8inf);
 				EVP_PKEY_free(pkey);
 				BIO_free_all(out);
 				return (1);
 			}
-			}
+		} else {
-		else
+			if(passout) p8pass = passout;
-			{
+			else {
 			if (passout)
 				p8pass = passout;
 			else
 				{
 				p8pass = pass;
 				if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
 				{
@@ -323,8 +269,7 @@ int MAIN(int argc, char **argv)
 			app_RAND_load_file(NULL, bio_err, 0);
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
 					p8pass, strlen(p8pass),
-					NULL, 0, iter, p8inf)))
+					NULL, 0, iter, p8inf))) {
 				{
 				BIO_printf(bio_err, "Error encrypting key\n");
 				ERR_print_errors(bio_err);
 				PKCS8_PRIV_KEY_INFO_free(p8inf);
@@ -337,8 +282,7 @@ int MAIN(int argc, char **argv)
 				PEM_write_bio_PKCS8(out, p8);
 			else if(outformat == FORMAT_ASN1)
 				i2d_PKCS8_bio(out, p8);
-			else
+			else {
 				{
 				BIO_printf(bio_err, "Bad format specified for key\n");
 				PKCS8_PRIV_KEY_INFO_free(p8inf);
 				EVP_PKEY_free(pkey);
@@ -347,51 +291,40 @@ int MAIN(int argc, char **argv)
 			}
 			X509_SIG_free(p8);
 		}
 		PKCS8_PRIV_KEY_INFO_free (p8inf);
 		EVP_PKEY_free(pkey);
 		BIO_free_all(out);
-		if (passin)
+		if(passin) OPENSSL_free(passin);
-			OPENSSL_free(passin);
+		if(passout) OPENSSL_free(passout);
 		if (passout)
 			OPENSSL_free(passout);
 		return (0);
 	}
-	if (nocrypt)
+	if(nocrypt) {
 		{
 		if(informat == FORMAT_PEM) 
 			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
 		else if(informat == FORMAT_ASN1)
 			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
-		else
+		else {
 			{
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			return (1);
 		}
-		}
+	} else {
 	else
 		{
 		if(informat == FORMAT_PEM) 
 			p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
 		else if(informat == FORMAT_ASN1)
 			p8 = d2i_PKCS8_bio(in, NULL);
-		else
+		else {
 			{
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			return (1);
 		}
-		if (!p8)
+		if (!p8) {
 			{
 			BIO_printf (bio_err, "Error reading key\n");
 			ERR_print_errors(bio_err);
 			return (1);
 		}
-		if (passin)
+		if(passin) p8pass = passin;
-			p8pass = passin;
+		else {
 		else
 			{
 			p8pass = pass;
 			EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
 		}
@@ -399,25 +332,21 @@ int MAIN(int argc, char **argv)
 		X509_SIG_free(p8);
 	}
-	if (!p8inf)
+	if (!p8inf) {
 		{
 		BIO_printf(bio_err, "Error decrypting key\n");
 		ERR_print_errors(bio_err);
 		return (1);
 	}
-	if (!(pkey = EVP_PKCS82PKEY(p8inf)))
+	if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
 		{
 		BIO_printf(bio_err, "Error converting key\n");
 		ERR_print_errors(bio_err);
 		return (1);
 	}
-	if (p8inf->broken)
+	if (p8inf->broken) {
 		{
 		BIO_printf(bio_err, "Warning: broken key encoding: ");
-		switch (p8inf->broken)
+		switch (p8inf->broken) {
 			{
 			case PKCS8_NO_OCTET:
 			BIO_printf(bio_err, "No Octet String in PrivateKey\n");
 			break;
@@ -441,8 +370,7 @@ int MAIN(int argc, char **argv)
 		PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
 	else if(outformat == FORMAT_ASN1)
 		i2d_PrivateKey_bio(out, pkey);
-	else
+	else {
 		{
 		BIO_printf(bio_err, "Bad format specified for key\n");
 			return (1);
 	}
@@ -451,10 +379,8 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY_free(pkey);
 	BIO_free_all(out);
 	BIO_free(in);
-	if (passin)
+	if(passin) OPENSSL_free(passin);
-		OPENSSL_free(passin);
+	if(passout) OPENSSL_free(passout);
 	if (passout)
 		OPENSSL_free(passout);
 	return (0);
 }
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -1,284 +0,0 @@
 /* apps/pkey.c */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <string.h>
 #include "apps.h"
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #define PROG pkey_main
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
 	BIO *in = NULL, *out = NULL;
 	const EVP_CIPHER *cipher = NULL;
 	int informat, outformat;
 	int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0;
 	EVP_PKEY *pkey=NULL;
 	char *passin = NULL, *passout = NULL;
 	int badarg = 0;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif
 	int ret = 1;
 	if (bio_err == NULL)
 		bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	if (!load_config(bio_err, NULL))
 		goto end;
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
 	while (!badarg && *args && *args[0] == '-')
 		{
 		if (!strcmp(*args,"-inform"))
 			{
 			if (args[1])
 				{
 				args++;
 				informat=str2fmt(*args);
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args,"-outform"))
 			{
 			if (args[1])
 				{
 				args++;
 				outformat=str2fmt(*args);
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp(*args,"-passin"))
 			{
 			if (!args[1]) goto bad;
 			passargin= *(++args);
 			}
 		else if (!strcmp(*args,"-passout"))
 			{
 			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
 #ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*args,"-engine") == 0)
 			{
 			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
 #endif
 		else if (!strcmp (*args, "-in"))
 			{
 			if (args[1])
 				{
 				args++;
 				infile = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp (*args, "-out"))
 			{
 			if (args[1])
 				{
 				args++;
 				outfile = *args;
 				}
 			else badarg = 1;
 			}
 		else if (strcmp(*args,"-pubin") == 0)
 			{
 			pubin=1;
 			pubout=1;
 			pubtext=1;
 			}
 		else if (strcmp(*args,"-pubout") == 0)
 			pubout=1;
 		else if (strcmp(*args,"-text_pub") == 0)
 			{
 			pubtext=1;
 			text=1;
 			}
 		else if (strcmp(*args,"-text") == 0)
 			text=1;
 		else if (strcmp(*args,"-noout") == 0)
 			noout=1;
 		else
 			{
 			cipher = EVP_get_cipherbyname(*args + 1);
 			if (!cipher)
 				{
 				BIO_printf(bio_err, "Unknown cipher %s\n",
 								*args + 1);
 				badarg = 1;
 				}
 			}
 		args++;
 		}
 	if (badarg)
 		{
 		bad:
 		BIO_printf(bio_err, "Usage pkey [options]\n");
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-in file        input file\n");
 		BIO_printf(bio_err, "-inform X       input format (DER or PEM)\n");
 		BIO_printf(bio_err, "-passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err, "-outform X      output format (DER or PEM)\n");
 		BIO_printf(bio_err, "-out file       output file\n");
 		BIO_printf(bio_err, "-passout arg    output file pass phrase source\n");
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 #endif
 		return 1;
 		}
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
 	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
 		{
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
 		}
 	if (outfile)
 		{
 		if (!(out = BIO_new_file (outfile, "wb")))
 			{
 			BIO_printf(bio_err,
 				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
 		}
 	else
 		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
 			}
 #endif
 		}
 	if (pubin)
 		pkey = load_pubkey(bio_err, infile, informat, 1,
 			passin, e, "Public Key");
 	else
 		pkey = load_key(bio_err, infile, informat, 1,
 			passin, e, "key");
 	if (!pkey)
 		goto end;
 	if (!noout)
 		{
 		if (outformat == FORMAT_PEM) 
 			{
 			if (pubout)
 				PEM_write_bio_PUBKEY(out,pkey);
 			else
 				PEM_write_bio_PrivateKey(out, pkey, cipher,
 							NULL, 0, NULL, passout);
 			}
 		else if (outformat == FORMAT_ASN1)
 			{
 			if (pubout)
 				i2d_PUBKEY_bio(out, pkey);
 			else
 				i2d_PrivateKey_bio(out, pkey);
 			}
 		else
 			{
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			goto end;
 			}
 		}
 	if (text)
 		{
 		if (pubtext)
 			EVP_PKEY_print_public(out, pkey, 0, NULL);
 		else
 			EVP_PKEY_print_private(out, pkey, 0, NULL);
 		}
 	ret = 0;
 	end:
 	EVP_PKEY_free(pkey);
 	BIO_free_all(out);
 	BIO_free(in);
 	if (passin)
 		OPENSSL_free(passin);
 	if (passout)
 		OPENSSL_free(passout);
 	return ret;
 	}
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@@ -1,201 +0,0 @@
 /* apps/pkeyparam.c */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <string.h>
 #include "apps.h"
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #define PROG pkeyparam_main
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	char **args, *infile = NULL, *outfile = NULL;
 	BIO *in = NULL, *out = NULL;
 	int text = 0, noout = 0;
 	EVP_PKEY *pkey=NULL;
 	int badarg = 0;
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 	char *engine=NULL;
 #endif
 	int ret = 1;
 	if (bio_err == NULL)
 		bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	if (!load_config(bio_err, NULL))
 		goto end;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
 	while (!badarg && *args && *args[0] == '-')
 		{
 		if (!strcmp (*args, "-in"))
 			{
 			if (args[1])
 				{
 				args++;
 				infile = *args;
 				}
 			else badarg = 1;
 			}
 		else if (!strcmp (*args, "-out"))
 			{
 			if (args[1])
 				{
 				args++;
 				outfile = *args;
 				}
 			else badarg = 1;
 			}
 #ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*args,"-engine") == 0)
 			{
 			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
 #endif
 		else if (strcmp(*args,"-text") == 0)
 			text=1;
 		else if (strcmp(*args,"-noout") == 0)
 			noout=1;
 		args++;
 		}
 	if (badarg)
 		{
 #ifndef OPENSSL_NO_ENGINE
 		bad:
 #endif
 		BIO_printf(bio_err, "Usage pkeyparam [options]\n");
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-in file        input file\n");
 		BIO_printf(bio_err, "-out file       output file\n");
 		BIO_printf(bio_err, "-text           print parameters as text\n");
 		BIO_printf(bio_err, "-noout          don't output encoded parameters\n");
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 #endif
 		return 1;
 		}
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
 	if (infile)
 		{
 		if (!(in = BIO_new_file (infile, "r")))
 			{
 			BIO_printf(bio_err,
 				 "Can't open input file %s\n", infile);
 			goto end;
 			}
 		}
 	else
 		in = BIO_new_fp (stdin, BIO_NOCLOSE);
 	if (outfile)
 		{
 		if (!(out = BIO_new_file (outfile, "w")))
 			{
 			BIO_printf(bio_err,
 				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
 		}
 	else
 		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
 			}
 #endif
 		}
 	pkey = PEM_read_bio_Parameters(in, NULL);
 	if (!pkey)
 		{
 		BIO_printf(bio_err, "Error reading paramters\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	if (!noout)
 		PEM_write_bio_Parameters(out,pkey);
 	if (text)
 		EVP_PKEY_print_params(out, pkey, 0, NULL);
 	ret = 0;
 	end:
 	EVP_PKEY_free(pkey);
 	BIO_free_all(out);
 	BIO_free(in);
 	return ret;
 	}
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -1,570 +0,0 @@
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include "apps.h"
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #define KEY_PRIVKEY	1
 #define KEY_PUBKEY	2
 #define KEY_CERT	3
 static void usage(void);
 #undef PROG
 #define PROG pkeyutl_main
 static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 				char *keyfile, int keyform, int key_type,
 				char *passargin, int pkey_op, ENGINE *e);
 static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
 							const char *file);
 static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
 		unsigned char *out, size_t *poutlen,
 		unsigned char *in, size_t inlen);
 int MAIN(int argc, char **);
 int MAIN(int argc, char **argv)
 {
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL, *sigfile = NULL;
 	ENGINE *e = NULL;
 	int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
 	int keyform = FORMAT_PEM, peerform = FORMAT_PEM;
 	char badarg = 0, rev = 0;
 	char hexdump = 0, asn1parse = 0;
 	EVP_PKEY_CTX *ctx = NULL;
 	char *passargin = NULL;
 	int keysize = -1;
 	unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
 	size_t buf_outlen;
 	int buf_inlen = 0, siglen = -1;
 	int ret = 1, rv = -1;
 	argc--;
 	argv++;
 	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
 	if (!load_config(bio_err, NULL))
 		goto end;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	while(argc >= 1)
 		{
 		if (!strcmp(*argv,"-in"))
 			{
 			if (--argc < 1) badarg = 1;
                        infile= *(++argv);
 			}
 		else if (!strcmp(*argv,"-out"))
 			{
 			if (--argc < 1) badarg = 1;
 			outfile= *(++argv);
 			}
 		else if (!strcmp(*argv,"-sigfile"))
 			{
 			if (--argc < 1) badarg = 1;
 			sigfile= *(++argv);
 			}
 		else if(!strcmp(*argv, "-inkey"))
 			{
 			if (--argc < 1)
 				badarg = 1;
 			else
 				{
 				ctx = init_ctx(&keysize,
 						*(++argv), keyform, key_type,
 						passargin, pkey_op, e);
 				if (!ctx)
 					{
 					BIO_puts(bio_err,
 						"Error initializing context\n");
 					ERR_print_errors(bio_err);
 					badarg = 1;
 					}
 				}
 			}
 		else if (!strcmp(*argv,"-peerkey"))
 			{
 			if (--argc < 1)
 				badarg = 1;
 			else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
 				badarg = 1;
 			}
 		else if (!strcmp(*argv,"-passin"))
 			{
 			if (--argc < 1) badarg = 1;
 			passargin= *(++argv);
 			}
 		else if (strcmp(*argv,"-peerform") == 0)
 			{
 			if (--argc < 1) badarg = 1;
 			peerform=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-keyform") == 0)
 			{
 			if (--argc < 1) badarg = 1;
 			keyform=str2fmt(*(++argv));
 			}
 #ifndef OPENSSL_NO_ENGINE
 		else if(!strcmp(*argv, "-engine"))
 			{
 			if (--argc < 1)
 				badarg = 1;
 			else
 				e = setup_engine(bio_err, *(++argv), 0);
 			}
 #endif
 		else if(!strcmp(*argv, "-pubin"))
 			key_type = KEY_PUBKEY;
 		else if(!strcmp(*argv, "-certin"))
 			key_type = KEY_CERT;
 		else if(!strcmp(*argv, "-asn1parse"))
 			asn1parse = 1;
 		else if(!strcmp(*argv, "-hexdump"))
 			hexdump = 1;
 		else if(!strcmp(*argv, "-sign"))
 			pkey_op = EVP_PKEY_OP_SIGN;
 		else if(!strcmp(*argv, "-verify"))
 			pkey_op = EVP_PKEY_OP_VERIFY;
 		else if(!strcmp(*argv, "-verifyrecover"))
 			pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
 		else if(!strcmp(*argv, "-rev"))
 			rev = 1;
 		else if(!strcmp(*argv, "-encrypt"))
 			pkey_op = EVP_PKEY_OP_ENCRYPT;
 		else if(!strcmp(*argv, "-decrypt"))
 			pkey_op = EVP_PKEY_OP_DECRYPT;
 		else if(!strcmp(*argv, "-derive"))
 			pkey_op = EVP_PKEY_OP_DERIVE;
 		else if (strcmp(*argv,"-pkeyopt") == 0)
 			{
 			if (--argc < 1)
 				badarg = 1;
 			else if (!ctx)
 				{
 				BIO_puts(bio_err,
 					"-pkeyopt command before -inkey\n");
 				badarg = 1;
 				}
 			else if (pkey_ctrl_string(ctx, *(++argv)) <= 0)
 				{
 				BIO_puts(bio_err, "parameter setting error\n");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
 			}
 		else badarg = 1;
 		if(badarg)
 			{
 			usage();
 			goto end;
 			}
 		argc--;
 		argv++;
 		}
 	if (!ctx)
 		{
 		usage();
 		goto end;
 		}
 	if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY))
 		{
 		BIO_puts(bio_err, "Signature file specified for non verify\n");
 		goto end;
 		}
 	if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY))
 		{
 		BIO_puts(bio_err, "No signature file specified for verify\n");
 		goto end;
 		}
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
 	if (pkey_op != EVP_PKEY_OP_DERIVE)
 		{
 		if(infile)
 			{
 			if(!(in = BIO_new_file(infile, "rb")))
 				{
 				BIO_puts(bio_err,
 					"Error Opening Input File\n");
 				ERR_print_errors(bio_err);	
 				goto end;
 				}
 			}
 		else
 			in = BIO_new_fp(stdin, BIO_NOCLOSE);
 		}
 	if(outfile)
 		{
 		if(!(out = BIO_new_file(outfile, "wb")))
 			{
 			BIO_printf(bio_err, "Error Creating Output File\n");
 			ERR_print_errors(bio_err);	
 			goto end;
 			}
 		}
 	else
 		{
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 		    out = BIO_push(tmpbio, out);
 		}
 #endif
 	}
 	if (sigfile)
 		{
 		BIO *sigbio = BIO_new_file(sigfile, "rb");
 		if (!sigbio)
 			{
 			BIO_printf(bio_err, "Can't open signature file %s\n",
 								sigfile);
 			goto end;
 			}
 		siglen = bio_to_mem(&sig, keysize * 10, sigbio);
 		BIO_free(sigbio);
 		if (siglen <= 0)
 			{
 			BIO_printf(bio_err, "Error reading signature data\n");
 			goto end;
 			}
 		}
 	if (in)
 		{
 		/* Read the input data */
 		buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
 		if(buf_inlen <= 0)
 			{
 			BIO_printf(bio_err, "Error reading input Data\n");
 			exit(1);
 			}
 		if(rev)
 			{
 			size_t i;
 			unsigned char ctmp;
 			size_t l = (size_t)buf_inlen;
 			for(i = 0; i < l/2; i++)
 				{
 				ctmp = buf_in[i];
 				buf_in[i] = buf_in[l - 1 - i];
 				buf_in[l - 1 - i] = ctmp;
 				}
 			}
 		}
 	if(pkey_op == EVP_PKEY_OP_VERIFY)
 		{
 		rv  = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
 				      buf_in, (size_t)buf_inlen);
 		if (rv == 0)
 			BIO_puts(out, "Signature Verification Failure\n");
 		else if (rv == 1)
 			BIO_puts(out, "Signature Verified Successfully\n");
 		if (rv >= 0)
 			goto end;
 		}
 	else
 		{	
 		rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
 			      buf_in, (size_t)buf_inlen);
 		if (rv > 0)
 			{
 			buf_out = OPENSSL_malloc(buf_outlen);
 			if (!buf_out)
 				rv = -1;
 			else
 				rv = do_keyop(ctx, pkey_op,
 						buf_out, (size_t *)&buf_outlen,
 						buf_in, (size_t)buf_inlen);
 			}
 		}
 	if(rv <= 0)
 		{
 		BIO_printf(bio_err, "Public Key operation error\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret = 0;
 	if(asn1parse)
 		{
 		if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
 			ERR_print_errors(bio_err);
 		}
 	else if(hexdump)
 		BIO_dump(out, (char *)buf_out, buf_outlen);
 	else
 		BIO_write(out, buf_out, buf_outlen);
 	end:
 	if (ctx)
 		EVP_PKEY_CTX_free(ctx);
 	BIO_free(in);
 	BIO_free_all(out);
 	if (buf_in)
 		OPENSSL_free(buf_in);
 	if (buf_out)
 		OPENSSL_free(buf_out);
 	if (sig)
 		OPENSSL_free(sig);
 	return ret;
 }
 static void usage()
 {
 	BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
 	BIO_printf(bio_err, "-in file        input file\n");
 	BIO_printf(bio_err, "-out file       output file\n");
 	BIO_printf(bio_err, "-signature file signature file (verify operation only)\n");
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
 	BIO_printf(bio_err, "-pubin          input is a public key\n");
 	BIO_printf(bio_err, "-certin         input is a certificate carrying a public key\n");
 	BIO_printf(bio_err, "-pkeyopt X:Y    public key options\n");
 	BIO_printf(bio_err, "-sign           sign with private key\n");
 	BIO_printf(bio_err, "-verify         verify with public key\n");
 	BIO_printf(bio_err, "-verifyrecover  verify with public key, recover original data\n");
 	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
 	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
 	BIO_printf(bio_err, "-derive         derive shared secret\n");
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
 #ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 #endif
 	BIO_printf(bio_err, "-passin arg     pass phrase source\n");
 }
 static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 				char *keyfile, int keyform, int key_type,
 				char *passargin, int pkey_op, ENGINE *e)
 	{
 	EVP_PKEY *pkey = NULL;
 	EVP_PKEY_CTX *ctx = NULL;
 	char *passin = NULL;
 	int rv = -1;
 	X509 *x;
 	if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) 
 		|| (pkey_op == EVP_PKEY_OP_DERIVE))
 		&& (key_type != KEY_PRIVKEY))
 		{
 		BIO_printf(bio_err, "A private key is needed for this operation\n");
 		goto end;
 		}
 	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
 		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 		}
 	switch(key_type)
 		{
 		case KEY_PRIVKEY:
 		pkey = load_key(bio_err, keyfile, keyform, 0,
 			passin, e, "Private Key");
 		break;
 		case KEY_PUBKEY:
 		pkey = load_pubkey(bio_err, keyfile, keyform, 0,
 			NULL, e, "Public Key");
 		break;
 		case KEY_CERT:
 		x = load_cert(bio_err, keyfile, keyform,
 			NULL, e, "Certificate");
 		if(x)
 			{
 			pkey = X509_get_pubkey(x);
 			X509_free(x);
 			}
 		break;
 		}
 	*pkeysize = EVP_PKEY_size(pkey);
 	if (!pkey)
 		goto end;
 	ctx = EVP_PKEY_CTX_new(pkey, e);
 	EVP_PKEY_free(pkey);
 	if (!ctx)
 		goto end;
 	switch(pkey_op)
 		{
 		case EVP_PKEY_OP_SIGN:
 		rv = EVP_PKEY_sign_init(ctx);
 		break;
 		case EVP_PKEY_OP_VERIFY:
 		rv = EVP_PKEY_verify_init(ctx);
 		break;
 		case EVP_PKEY_OP_VERIFYRECOVER:
 		rv = EVP_PKEY_verify_recover_init(ctx);
 		break;
 		case EVP_PKEY_OP_ENCRYPT:
 		rv = EVP_PKEY_encrypt_init(ctx);
 		break;
 		case EVP_PKEY_OP_DECRYPT:
 		rv = EVP_PKEY_decrypt_init(ctx);
 		break;
 		case EVP_PKEY_OP_DERIVE:
 		rv = EVP_PKEY_derive_init(ctx);
 		break;
 		}
 	if (rv <= 0)
 		{
 		EVP_PKEY_CTX_free(ctx);
 		ctx = NULL;
 		}
 	end:
 	if (passin)
 		OPENSSL_free(passin);
 	return ctx;
 	}
 static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
 							const char *file)
 	{
 	EVP_PKEY *peer = NULL;
 	int ret;
 	if (!ctx)
 		{
 		BIO_puts(err, "-peerkey command before -inkey\n");
 		return 0;
 		}
 	peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
 	if (!peer)
 		{
 		BIO_printf(bio_err, "Error reading peer key %s\n", file);
 		ERR_print_errors(err);
 		return 0;
 		}
 	ret = EVP_PKEY_derive_set_peer(ctx, peer);
 	EVP_PKEY_free(peer);
 	if (ret <= 0)
 		ERR_print_errors(err);
 	return ret;
 	}
 static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
 		unsigned char *out, size_t *poutlen,
 		unsigned char *in, size_t inlen)
 	{
 	int rv = 0;
 	switch(pkey_op)
 		{
 		case EVP_PKEY_OP_VERIFYRECOVER:
 		rv  = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
 		break;
 		case EVP_PKEY_OP_SIGN:
 		rv  = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
 		break;
 		case EVP_PKEY_OP_ENCRYPT:
 		rv  = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
 		break;
 		case EVP_PKEY_OP_DECRYPT:
 		rv  = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
 		break; 
 		case EVP_PKEY_OP_DERIVE:
 		rv  = EVP_PKEY_derive(ctx, out, poutlen);
 		break;
 		}
 	return rv;
 	}
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -1,130 +0,0 @@
 /* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
 #include <string.h>
 #include "apps.h"
 #include <openssl/bn.h>
 #undef PROG
 #define PROG prime_main
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
    {
    int hex=0;
    int checks=20;
    BIGNUM *bn=NULL;
    BIO *bio_out;
    apps_startup();
    if (bio_err == NULL)
 	if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 	    BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
    --argc;
    ++argv;
    while (argc >= 1 && **argv == '-')
 	{
 	if(!strcmp(*argv,"-hex"))
 	    hex=1;
 	else if(!strcmp(*argv,"-checks"))
 	    if(--argc < 1)
 		goto bad;
 	    else
 		checks=atoi(*++argv);
 	else
 	    {
 	    BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
 	    goto bad;
 	    }
 	--argc;
 	++argv;
 	}
    if (argv[0] == NULL)
 	{
 	BIO_printf(bio_err,"No prime specified\n");
 	goto bad;
 	}
   if ((bio_out=BIO_new(BIO_s_file())) != NULL)
 	{
 	BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 	    {
 	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 	    bio_out = BIO_push(tmpbio, bio_out);
 	    }
 #endif
 	}
    if(hex)
 	BN_hex2bn(&bn,argv[0]);
    else
 	BN_dec2bn(&bn,argv[0]);
    BN_print(bio_out,bn);
    BIO_printf(bio_out," is %sprime\n",
 	       BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
    BN_free(bn);
    BIO_free_all(bio_out);
    return 0;
    bad:
    BIO_printf(bio_err,"options are\n");
    BIO_printf(bio_err,"%-14s hex\n","-hex");
    BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");
    return 1;
    }
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -28,7 +28,6 @@ extern int speed_main(int argc,char *argv[]);
 extern int s_time_main(int argc,char *argv[]);
 extern int version_main(int argc,char *argv[]);
 extern int pkcs7_main(int argc,char *argv[]);
 extern int cms_main(int argc,char *argv[]);
 extern int crl2pkcs7_main(int argc,char *argv[]);
 extern int sess_id_main(int argc,char *argv[]);
 extern int ciphers_main(int argc,char *argv[]);
@@ -38,9 +37,10 @@ extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
 extern int rand_main(int argc,char *argv[]);
 #ifndef OPENSSL_NO_ENGINE
 extern int engine_main(int argc,char *argv[]);
 #endif
 extern int ocsp_main(int argc,char *argv[]);
 extern int prime_main(int argc,char *argv[]);
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -48,8 +48,8 @@ extern int prime_main(int argc,char *argv[]);
 typedef struct {
 	int type;
-	const char *name;
+	char *name;
-	int (*func)(int argc,char *argv[]);
+	int (*func)();
 	} FUNCTION;
 FUNCTION functions[] = {
@@ -110,9 +110,6 @@ FUNCTION functions[] = {
 #endif
 	{FUNC_TYPE_GENERAL,"version",version_main},
 	{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
 #ifndef OPENSSL_NO_CMS
 	{FUNC_TYPE_GENERAL,"cms",cms_main},
 #endif
 	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
 	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
 #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
@@ -130,7 +127,6 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"engine",engine_main},
 #endif
 	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
 	{FUNC_TYPE_GENERAL,"prime",prime_main},
 #ifndef OPENSSL_NO_MD2
 	{FUNC_TYPE_MD,"md2",dgst_main},
 #endif
@@ -169,24 +165,6 @@ FUNCTION functions[] = {
 #endif
 #ifndef OPENSSL_NO_AES
 	{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	{FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	{FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	{FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	{FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	{FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	{FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},
 #endif
 	{FUNC_TYPE_CIPHER,"base64",enc_main},
 #ifndef OPENSSL_NO_DES
@@ -201,9 +179,6 @@ FUNCTION functions[] = {
 #ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea",enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
 	{FUNC_TYPE_CIPHER,"seed",enc_main},
 #endif
 #ifndef OPENSSL_NO_RC4
 	{FUNC_TYPE_CIPHER,"rc4",enc_main},
 #endif
@@ -270,18 +245,6 @@ FUNCTION functions[] = {
 #ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
 	{FUNC_TYPE_CIPHER,"seed-cbc",enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
 	{FUNC_TYPE_CIPHER,"seed-ecb",enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
 	{FUNC_TYPE_CIPHER,"seed-cfb",enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
 	{FUNC_TYPE_CIPHER,"seed-ofb",enc_main},
 #endif
 #ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
 #endif
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -16,8 +16,8 @@ print <<'EOF';
 typedef struct {
 	int type;
-	const char *name;
+	char *name;
-	int (*func)(int argc,char *argv[]);
+	int (*func)();
 	} FUNCTION;
 FUNCTION functions[] = {
@@ -29,10 +29,6 @@ foreach (@ARGV)
 	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
 		{ print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } 
 	elsif ( ($_ =~ /^speed$/))
 		{ print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^engine$/))
 		{ print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) 
 		{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
@@ -43,8 +39,6 @@ foreach (@ARGV)
 		{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^pkcs12$/))
 		{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^cms$/))
 		{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
 	else
 		{ print $str; }
 	}
@@ -59,18 +53,14 @@ foreach (
 	"aes-128-cbc", "aes-128-ecb",
 	"aes-192-cbc", "aes-192-ecb",
 	"aes-256-cbc", "aes-256-ecb",
 	"camellia-128-cbc", "camellia-128-ecb",
 	"camellia-192-cbc", "camellia-192-ecb",
 	"camellia-256-cbc", "camellia-256-ecb",
 	"base64",
-	"des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
+	"des", "des3", "desx", "idea", "rc4", "rc4-40",
 	"rc2", "bf", "cast", "rc5",
 	"des-ecb", "des-ede",    "des-ede3",
 	"des-cbc", "des-ede-cbc","des-ede3-cbc",
 	"des-cfb", "des-ede-cfb","des-ede3-cfb",
 	"des-ofb", "des-ede-ofb","des-ede3-ofb",
 	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
 	"seed-cbc","seed-ecb",    "seed-cfb", "seed-ofb",
 	"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
 	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",
 	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
@@ -81,9 +71,7 @@ foreach (
 	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
 	if    ($_ =~ /des/)  { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
 	elsif ($_ =~ /aes/)  { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
 	elsif ($_ =~ /camellia/)  { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
 	elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
 	elsif ($_ =~ /seed/) { $t="#ifndef OPENSSL_NO_SEED\n${t}#endif\n"; }
 	elsif ($_ =~ /rc4/)  { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
 	elsif ($_ =~ /rc2/)  { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
 	elsif ($_ =~ /bf/)   { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -68,8 +68,7 @@
 /* -out file         - write to file
 * -rand file:file   - PRNG seed files
- * -base64           - base64 encode output
+ * -base64           - encode output
 * -hex              - hex encode output
 * num               - write 'num' bytes
 */
@@ -85,7 +84,6 @@ int MAIN(int argc, char **argv)
 	char *outfile = NULL;
 	char *inrand = NULL;
 	int base64 = 0;
 	int hex = 0;
 	BIO *out = NULL;
 	int num = -1;
 #ifndef OPENSSL_NO_ENGINE
@@ -135,13 +133,6 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
 		else if (strcmp(argv[i], "-hex") == 0)
 			{
 			if (!hex)
 				hex = 1;
 			else
 				badopt = 1;
 			}
 		else if (isdigit((unsigned char)argv[i][0]))
 			{
 			if (num < 0)
@@ -157,9 +148,6 @@ int MAIN(int argc, char **argv)
 			badopt = 1;
 		}
 	if (hex && base64)
 		badopt = 1;
 	if (num < 0)
 		badopt = 1;
@@ -172,8 +160,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device.\n");
 #endif
 		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err, "-base64               - base64 encode output\n");
+		BIO_printf(bio_err, "-base64               - encode output\n");
 		BIO_printf(bio_err, "-hex                  - hex encode output\n");
 		goto err;
 		}
@@ -223,18 +210,10 @@ int MAIN(int argc, char **argv)
 		r = RAND_bytes(buf, chunk);
 		if (r <= 0)
 			goto err;
 		if (!hex) 
 		BIO_write(out, buf, chunk);
 		else
 			{
 			for (i = 0; i < chunk; i++)
 				BIO_printf(out, "%02x", buf[i]);
 			}
 		num -= chunk;
 		}
-	if (hex)
+	BIO_flush(out);
 		BIO_puts(out, "\n");
 	(void)BIO_flush(out);
 	app_RAND_write_file(NULL, bio_err);
 	ret = 0;
--- a/apps/req.c
+++ b/apps/req.c
@@ -79,13 +79,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
-#include <openssl/bn.h>
+#include "../crypto/cryptlib.h"
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 #define SECTION		"req"
@@ -136,16 +130,16 @@ static int prompt_info(X509_REQ *req,
 static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
 				STACK_OF(CONF_VALUE) *attr, int attribs,
 				unsigned long chtype);
-static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+static int add_attribute_object(X509_REQ *req, char *text,
-				char *value, int nid, int n_min,
+				char *def, char *value, int nid, int n_min,
 				int n_max, unsigned long chtype);
-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
+static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int nid,int n_min,int n_max, unsigned long chtype, int mval);
 #ifndef OPENSSL_NO_RSA
 static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb);
 #endif
 static int req_check_len(int len,int n_min,int n_max);
-static int check_end(const char *str, const char *end);
+static int check_end(char *str, char *end);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
 #endif
@@ -193,7 +187,7 @@ int MAIN(int argc, char **argv)
 	char *p;
 	char *subj = NULL;
 	int multirdn = 0;
-	const EVP_MD *md_alg=NULL,*digest=EVP_sha1();
+	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 	unsigned long chtype = MBSTRING_ASC;
 #ifndef MONOLITH
 	char *to_free;
@@ -350,7 +344,6 @@ int MAIN(int argc, char **argv)
 				{
 				X509 *xtmp=NULL;
 				EVP_PKEY *dtmp;
 				EC_GROUP *group;
 				pkey_type=TYPE_EC;
 				p+=3;
@@ -361,9 +354,9 @@ int MAIN(int argc, char **argv)
 					}
 				if ((ec_params = EC_KEY_new()) == NULL)
 					goto end;
-				group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
+				if ((ec_params->group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL)) == NULL)
 				if (group == NULL)
 					{
 					if (ec_params)
 						EC_KEY_free(ec_params);
 					ERR_clear_error();
 					(void)BIO_reset(in);
@@ -376,7 +369,7 @@ int MAIN(int argc, char **argv)
 					if ((dtmp=X509_get_pubkey(xtmp))==NULL)
 						goto end;
 					if (dtmp->type == EVP_PKEY_EC)
-						ec_params = EC_KEY_dup(dtmp->pkey.ec);
+						ec_params = ECParameters_dup(dtmp->pkey.eckey);
 					EVP_PKEY_free(dtmp);
 					X509_free(xtmp);
 					if (ec_params == NULL)
@@ -385,16 +378,12 @@ int MAIN(int argc, char **argv)
 						goto end;
 						}
 					}
 				else
 					{
 					if (EC_KEY_set_group(ec_params, group) == 0)
 						goto end;
 					EC_GROUP_free(group);
 					}
 				BIO_free(in);
 				in=NULL;
-				newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params));
+				
 				newkey = EC_GROUP_get_degree(ec_params->group);
 				}
 			else
 #endif
@@ -578,16 +567,13 @@ bad:
 	else
 		{
 		req_conf=config;
-
+		if( verbose )
 		if (req_conf == NULL)
 			{
 			BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file);
 			if (newreq)
 				goto end;
 			}
 		else if( verbose )
 			BIO_printf(bio_err,"Using configuration from %s\n",
 			default_config_file);
 		if (req_conf == NULL)
 			{
 			BIO_printf(bio_err,"Unable to load config info\n");
 			}
 		}
 	if (req_conf != NULL)
@@ -719,7 +705,8 @@ bad:
 			   message */
 			goto end;
 			}
-		else
+		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || 
 			EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
 			{
 			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 			if (randfile == NULL)
@@ -730,9 +717,7 @@ bad:
 	if (newreq && (pkey == NULL))
 		{
 #ifndef OPENSSL_NO_RSA
 		BN_GENCB cb;
 #endif
 		char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 		if (randfile == NULL)
 			ERR_clear_error();
@@ -763,16 +748,12 @@ bad:
 		if (pkey_type == TYPE_RSA)
 			{
 			RSA *rsa = RSA_new();
-			BIGNUM *bn = BN_new();
+			if(!rsa || !RSA_generate_key_ex(rsa, newkey, 0x10001, &cb) ||
 			if(!bn || !rsa || !BN_set_word(bn, 0x10001) ||
 					!RSA_generate_key_ex(rsa, newkey, bn, &cb) ||
 					!EVP_PKEY_assign_RSA(pkey, rsa))
 				{
 				if(bn) BN_free(bn);
 				if(rsa) RSA_free(rsa);
 				goto end;
 				}
 			BN_free(bn);
 			}
 		else
 #endif
@@ -938,9 +919,7 @@ loop:
 				}
 			else
 				{
-				if (!rand_serial(NULL,
+				if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
 					X509_get_serialNumber(x509ss)))
 						goto end;
 				}
 			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
@@ -1292,8 +1271,7 @@ static int prompt_info(X509_REQ *req,
 	char buf[100];
 	int nid, mval;
 	long n_min,n_max;
-	char *type, *value;
+	char *type,*def,*value;
 	const char *def;
 	CONF_VALUE *v;
 	X509_NAME *subj;
 	subj = X509_REQ_get_subject_name(req);
@@ -1519,7 +1497,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
 	}
-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
+static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	     int nid, int n_min, int n_max, unsigned long chtype, int mval)
 	{
 	int i,ret=0;
@@ -1575,8 +1553,8 @@ err:
 	return(ret);
 	}
-static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+static int add_attribute_object(X509_REQ *req, char *text,
-				char *value, int nid, int n_min,
+				char *def, char *value, int nid, int n_min,
 				int n_max, unsigned long chtype)
 	{
 	int i;
@@ -1673,10 +1651,10 @@ static int req_check_len(int len, int n_min, int n_max)
 	}
 /* Check if the end of a string matches 'end' */
-static int check_end(const char *str, const char *end)
+static int check_end(char *str, char *end)
 {
 	int elen, slen;	
-	const char *tmp;
+	char *tmp;
 	elen = strlen(end);
 	slen = strlen(str);
 	if(elen > slen) return 1;
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -56,7 +56,6 @@
 * [including the GNU Public Licence.]
 */
 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <stdlib.h>
@@ -69,7 +68,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/bn.h>
 #undef PROG
 #define PROG	rsa_main
@@ -81,13 +79,9 @@
 * -des		- encrypt output if PEM format with DES in cbc mode
 * -des3	- encrypt output if PEM format
 * -idea	- encrypt output if PEM format
 * -seed	- encrypt output if PEM format
 * -aes128	- encrypt output if PEM format
 * -aes192	- encrypt output if PEM format
 * -aes256	- encrypt output if PEM format
 * -camellia128 - encrypt output if PEM format
 * -camellia192 - encrypt output if PEM format
 * -camellia256 - encrypt output if PEM format
 * -text	- print a text version
 * -modulus	- print the RSA key modulus
 * -check	- verify key consistency
@@ -212,16 +206,9 @@ bad:
 #ifndef OPENSSL_NO_IDEA
 		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
 		BIO_printf(bio_err," -noout          don't print key out\n");
@@ -320,7 +307,7 @@ bad:
 			BIO_printf(out,"RSA key ok\n");
 		else if (r == 0)
 			{
-			unsigned long err;
+			long err;
 			while ((err = ERR_peek_error()) != 0 &&
 				ERR_GET_LIB(err) == ERR_LIB_RSA &&
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -1,5 +1,5 @@
 /* rsautl.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
@@ -56,14 +56,12 @@
 *
 */
 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_RSA
 #include "apps.h"
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #define RSA_SIGN 	1
 #define RSA_VERIFY 	2
@@ -119,35 +117,23 @@ int MAIN(int argc, char **argv)
 	while(argc >= 1)
 	{
 		if (!strcmp(*argv,"-in")) {
-			if (--argc < 1)
+			if (--argc < 1) badarg = 1;
 				badarg = 1;
 			else
                        infile= *(++argv);
 		} else if (!strcmp(*argv,"-out")) {
-			if (--argc < 1)
+			if (--argc < 1) badarg = 1;
 				badarg = 1;
 			else
 			outfile= *(++argv);
 		} else if(!strcmp(*argv, "-inkey")) {
-			if (--argc < 1)
+			if (--argc < 1) badarg = 1;
 				badarg = 1;
 			else
 			keyfile = *(++argv);
 		} else if (!strcmp(*argv,"-passin")) {
-			if (--argc < 1)
+			if (--argc < 1) badarg = 1;
 				badarg = 1;
 			else
 			passargin= *(++argv);
 		} else if (strcmp(*argv,"-keyform") == 0) {
-			if (--argc < 1)
+			if (--argc < 1) badarg = 1;
 				badarg = 1;
 			else
 			keyform=str2fmt(*(++argv));
 #ifndef OPENSSL_NO_ENGINE
 		} else if(!strcmp(*argv, "-engine")) {
-			if (--argc < 1)
+			if (--argc < 1) badarg = 1;
 				badarg = 1;
 			else
 			engine = *(++argv);
 #endif
 		} else if(!strcmp(*argv, "-pubin")) {
@@ -161,7 +147,6 @@ int MAIN(int argc, char **argv)
 		else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
 		else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
 		else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
 		else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
 		else if(!strcmp(*argv, "-sign")) {
 			rsa_mode = RSA_SIGN;
 			need_priv = 1;
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -148,26 +148,22 @@ typedef fd_mask fd_set;
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+int do_server(int port, int *ret, int (*cb) (), char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #endif
 #ifdef HEADER_SSL_H
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
 #endif
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, int port);
 int should_retry(int i);
 int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
-long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret);
 #ifdef HEADER_SSL_H
 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
 void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
 void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
 					unsigned char *data, int len,
 					void *arg);
 #endif
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -229,36 +229,8 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 	return(1);
 	}
-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
-	{
+	     long argl, long ret)
 	if (cert ==  NULL)
 		return 1;
 	if (SSL_CTX_use_certificate(ctx,cert) <= 0)
 		{
 		BIO_printf(bio_err,"error setting certificate\n");
 		ERR_print_errors(bio_err);
 		return 0;
 		}
 	if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
 		{
 		BIO_printf(bio_err,"error setting private key\n");
 		ERR_print_errors(bio_err);
 		return 0;
 		}
 		/* Now we know that a key and cert have been set against
 		 * the SSL context */
 	if (!SSL_CTX_check_private_key(ctx))
 		{
 		BIO_printf(bio_err,"Private key does not match the certificate public key\n");
 		return 0;
 		}
 	return 1;
 	}
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret)
 	{
 	BIO *out;
@@ -283,7 +255,7 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
 	{
-	const char *str;
+	char *str;
 	int w;
 	w=where& ~SSL_ST_MASK;
@@ -346,14 +318,14 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
 		if (len > 0)
 			{
-			switch (((const unsigned char*)buf)[0])
+			switch (((unsigned char*)buf)[0])
 				{
 				case 0:
 					str_details1 = ", ERROR:";
 					str_details2 = " ???";
 					if (len >= 3)
 						{
-						unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
+						unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2];
 						switch (err)
 							{
@@ -422,7 +394,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
 			if (len == 2)
 				{
-				switch (((const unsigned char*)buf)[0])
+				switch (((unsigned char*)buf)[0])
 					{
 				case 1:
 					str_details1 = ", warning";
@@ -433,7 +405,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
 					}
 				str_details2 = " ???";
-				switch (((const unsigned char*)buf)[1])
+				switch (((unsigned char*)buf)[1])
 					{
 				case 0:
 					str_details2 = " close_notify";
@@ -514,7 +486,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
 			if (len > 0)
 				{
-				switch (((const unsigned char*)buf)[0])
+				switch (((unsigned char*)buf)[0])
 					{
 				case 0:
 					str_details1 = ", HelloRequest";
@@ -567,70 +539,11 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
 			{
 			if (i % 16 == 0 && i > 0)
 				BIO_printf(bio, "\n   ");
-			BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
+			BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]);
 			}
 		if (i < len)
 			BIO_printf(bio, " ...");
 		BIO_printf(bio, "\n");
 		}
-	(void)BIO_flush(bio);
+	BIO_flush(bio);
 	}
 void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
 					unsigned char *data, int len,
 					void *arg)
 	{
 	BIO *bio = arg;
 	char *extname;
 	switch(type)
 		{
 		case TLSEXT_TYPE_server_name:
 		extname = "server name";
 		break;
 		case TLSEXT_TYPE_max_fragment_length:
 		extname = "max fragment length";
 		break;
 		case TLSEXT_TYPE_client_certificate_url:
 		extname = "client certificate URL";
 		break;
 		case TLSEXT_TYPE_trusted_ca_keys:
 		extname = "trusted CA keys";
 		break;
 		case TLSEXT_TYPE_truncated_hmac:
 		extname = "truncated HMAC";
 		break;
 		case TLSEXT_TYPE_status_request:
 		extname = "status request";
 		break;
 		case TLSEXT_TYPE_elliptic_curves:
 		extname = "elliptic curves";
 		break;
 		case TLSEXT_TYPE_ec_point_formats:
 		extname = "EC point formats";
 		break;
 		case TLSEXT_TYPE_session_ticket:
 		extname = "server ticket";
 		break;
 		default:
 		extname = "unknown";
 		break;
 		}
 	BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
 			client_server ? "server": "client",
 			extname, type, len);
 	BIO_dump(bio, (char *)data, len);
 	(void)BIO_flush(bio);
 	}
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -134,9 +134,7 @@ typedef unsigned int u_int;
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 #include <openssl/ocsp.h>
 #include "s_apps.h"
 #include "timeouts.h"
 #ifdef OPENSSL_SYS_WINCE
 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
@@ -172,18 +170,11 @@ static int c_nbio=0;
 #endif
 static int c_Pause=0;
 static int c_debug=0;
 #ifndef OPENSSL_NO_TLSEXT
 static int c_tlsextdebug=0;
 static int c_status_req=0;
 #endif
 static int c_msg=0;
 static int c_showcerts=0;
 static void sc_usage(void);
 static void print_stuff(BIO *berr,SSL *con,int full);
 #ifndef OPENSSL_NO_TLSEXT
 static int ocsp_resp_cb(SSL *s, void *arg);
 #endif
 static BIO *bio_c_out=NULL;
 static int c_quiet=0;
 static int c_ign_eof=0;
@@ -196,22 +187,16 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -port port     - use -connect instead\n");
 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-	BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
+	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
-	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
+	BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
 	BIO_printf(bio_err," -key arg      - Private key file to use, in cert file if\n");
 	BIO_printf(bio_err,"                 not specified but cert file is.\n");
 	BIO_printf(bio_err," -keyform arg  - key format (PEM or DER) PEM default\n");
 	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
 	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
 #ifdef WATT32
 	BIO_printf(bio_err," -wdebug       - WATT-32 tcp debugging\n");
 #endif
 	BIO_printf(bio_err," -msg          - Show protocol messages\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
@@ -221,12 +206,9 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
 	BIO_printf(bio_err," -quiet        - no s_client output\n");
 	BIO_printf(bio_err," -ign_eof      - ignore input eof (default when -quiet)\n");
 	BIO_printf(bio_err," -no_ign_eof   - don't ignore input eof\n");
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");    
 	BIO_printf(bio_err," -mtu          - set the MTU\n");
 	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");
@@ -235,53 +217,14 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
 	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
 	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
-	BIO_printf(bio_err,"                 only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
+	BIO_printf(bio_err,"                 only \"smtp\" and \"pop3\" are supported.\n");
 	BIO_printf(bio_err,"                 are supported.\n");
 #ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 #endif
 	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-	BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");
+
 	BIO_printf(bio_err," -sess_in arg  - file to read SSL session from\n");
 #ifndef OPENSSL_NO_TLSEXT
 	BIO_printf(bio_err," -servername host  - Set TLS extension servername in ClientHello\n");
 	BIO_printf(bio_err," -tlsextdebug      - hex dump of all TLS extensions received\n");
 	BIO_printf(bio_err," -status           - request certificate status from server\n");
 	BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
 #endif
 	}
 #ifndef OPENSSL_NO_TLSEXT
 /* This is a context that we pass to callbacks */
 typedef struct tlsextctx_st {
   BIO * biodebug;
   int ack;
 } tlsextctx;
 static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
 	{
 	tlsextctx * p = (tlsextctx *) arg;
 	const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
 	if (SSL_get_servername_type(s) != -1) 
 	        p->ack = !SSL_session_reused(s) && hn != NULL;
 	else 
 		BIO_printf(bio_err,"Can't use SSL_get_servername\n");
 	return SSL_TLSEXT_ERR_OK;
 	}
 #endif
 enum
 {
 	PROTO_OFF	= 0,
 	PROTO_SMTP,
 	PROTO_POP3,
 	PROTO_IMAP,
 	PROTO_FTP,
 	PROTO_XMPP
 };
 int MAIN(int, char **);
 int MAIN(int argc, char **argv)
@@ -298,51 +241,25 @@ int MAIN(int argc, char **argv)
 	int full_log=1;
 	char *host=SSL_HOST_NAME;
 	char *cert_file=NULL,*key_file=NULL;
 	int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
 	char *passarg = NULL, *pass = NULL;
 	X509 *cert = NULL;
 	EVP_PKEY *key = NULL;
 	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
 	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
 	int crlf=0;
 	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
-	int starttls_proto = PROTO_OFF;
+	int starttls_proto = 0;
 	int prexit = 0, vflags = 0;
 	SSL_METHOD *meth=NULL;
 #ifdef sock_type
 #undef sock_type
 #endif
 	int sock_type=SOCK_STREAM;
 	BIO *sbio;
 	char *inrand=NULL;
 	int mbuf_len=0;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine_id=NULL;
 	char *ssl_client_engine_id=NULL;
 	ENGINE *ssl_client_engine=NULL;
 #endif
 	ENGINE *e=NULL;
 #endif
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
 	struct timeval tv;
 #endif
 #ifndef OPENSSL_NO_TLSEXT
 	char *servername = NULL; 
        tlsextctx tlsextcbp = 
        {NULL,0};
 #endif
 	char *sess_in = NULL;
 	char *sess_out = NULL;
 	struct sockaddr peer;
 	int peerlen = sizeof(peer);
 	int enable_timeouts = 0 ;
 	long mtu = 0;
 #ifndef OPENSSL_NO_JPAKE
 	char *jpake_secret = NULL;
 #endif
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_client_method();
 #elif !defined(OPENSSL_NO_SSL3)
@@ -412,21 +329,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			cert_file= *(++argv);
 			}
 		else if	(strcmp(*argv,"-sess_out") == 0)
 			{
 			if (--argc < 1) goto bad;
 			sess_out = *(++argv);
 			}
 		else if	(strcmp(*argv,"-sess_in") == 0)
 			{
 			if (--argc < 1) goto bad;
 			sess_in = *(++argv);
 			}
 		else if	(strcmp(*argv,"-certform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			cert_format = str2fmt(*(++argv));
 			}
 		else if	(strcmp(*argv,"-crl_check") == 0)
 			vflags |= X509_V_FLAG_CRL_CHECK;
 		else if	(strcmp(*argv,"-crl_check_all") == 0)
@@ -442,22 +344,10 @@ int MAIN(int argc, char **argv)
 			}
 		else if	(strcmp(*argv,"-ign_eof") == 0)
 			c_ign_eof=1;
 		else if	(strcmp(*argv,"-no_ign_eof") == 0)
 			c_ign_eof=0;
 		else if	(strcmp(*argv,"-pause") == 0)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
 #ifndef OPENSSL_NO_TLSEXT
 		else if	(strcmp(*argv,"-tlsextdebug") == 0)
 			c_tlsextdebug=1;
 		else if	(strcmp(*argv,"-status") == 0)
 			c_status_req=1;
 #endif
 #ifdef WATT32
 		else if (strcmp(*argv,"-wdebug") == 0)
 			dbug_init();
 #endif
 		else if	(strcmp(*argv,"-msg") == 0)
 			c_msg=1;
 		else if	(strcmp(*argv,"-showcerts") == 0)
@@ -477,33 +367,9 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
 #ifndef OPENSSL_NO_DTLS1
 		else if	(strcmp(*argv,"-dtls1") == 0)
 			{
 			meth=DTLSv1_client_method();
 			sock_type=SOCK_DGRAM;
 			}
 		else if (strcmp(*argv,"-timeout") == 0)
 			enable_timeouts=1;
 		else if (strcmp(*argv,"-mtu") == 0)
 			{
 			if (--argc < 1) goto bad;
 			mtu = atol(*(++argv));
 			}
 #endif
 		else if (strcmp(*argv,"-bugs") == 0)
 			bugs=1;
 		else if	(strcmp(*argv,"-keyform") == 0)
 			{
 			if (--argc < 1) goto bad;
 			key_format = str2fmt(*(++argv));
 			}
 		else if	(strcmp(*argv,"-pass") == 0)
 			{
 			if (--argc < 1) goto bad;
 			passarg = *(++argv);
 			}
 		else if	(strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -529,10 +395,6 @@ int MAIN(int argc, char **argv)
 			off|=SSL_OP_NO_SSLv3;
 		else if (strcmp(*argv,"-no_ssl2") == 0)
 			off|=SSL_OP_NO_SSLv2;
 #ifndef OPENSSL_NO_TLSEXT
 		else if	(strcmp(*argv,"-no_ticket") == 0)
 			{ off|=SSL_OP_NO_TICKET; }
 #endif
 		else if (strcmp(*argv,"-serverpref") == 0)
 			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
 		else if	(strcmp(*argv,"-cipher") == 0)
@@ -549,15 +411,9 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			++argv;
 			if (strcmp(*argv,"smtp") == 0)
-				starttls_proto = PROTO_SMTP;
+				starttls_proto = 1;
 			else if (strcmp(*argv,"pop3") == 0)
-				starttls_proto = PROTO_POP3;
+				starttls_proto = 2;
 			else if (strcmp(*argv,"imap") == 0)
 				starttls_proto = PROTO_IMAP;
 			else if (strcmp(*argv,"ftp") == 0)
 				starttls_proto = PROTO_FTP;
 			else if (strcmp(*argv, "xmpp") == 0)
 				starttls_proto = PROTO_XMPP;
 			else
 				goto bad;
 			}
@@ -567,32 +423,12 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			engine_id = *(++argv);
 			}
 		else if	(strcmp(*argv,"-ssl_client_engine") == 0)
 			{
 			if (--argc < 1) goto bad;
 			ssl_client_engine_id = *(++argv);
 			}
 #endif
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 #ifndef OPENSSL_NO_TLSEXT
 		else if (strcmp(*argv,"-servername") == 0)
 			{
 			if (--argc < 1) goto bad;
 			servername= *(++argv);
 			/* meth=TLSv1_client_method(); */
 			}
 #endif
 #ifndef OPENSSL_NO_JPAKE
 		else if (strcmp(*argv,"-jpake") == 0)
 			{
 			if (--argc < 1) goto bad;
 			jpake_secret = *++argv;
 			}
 #endif
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -614,53 +450,7 @@ bad:
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine_id, 1);
 	if (ssl_client_engine_id)
 		{
 		ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
 		if (!ssl_client_engine)
 			{
 			BIO_printf(bio_err,
 					"Error getting client auth engine\n");
 			goto end;
 			}
 		}
 #endif
 	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
 		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 		}
 	if (key_file == NULL)
 		key_file = cert_file;
 	if (key_file)
 		{
 		key = load_key(bio_err, key_file, key_format, 0, pass, e,
 			       "client certificate private key file");
 		if (!key)
 			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	if (cert_file)
 		{
 		cert = load_cert(bio_err,cert_file,cert_format,
 				NULL, e, "client certificate file");
 		if (!cert)
 			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
 		&& !RAND_status())
@@ -691,28 +481,10 @@ bad:
 		goto end;
 		}
 #ifndef OPENSSL_NO_ENGINE
 	if (ssl_client_engine)
 		{
 		if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
 			{
 			BIO_puts(bio_err, "Error setting client auth engine\n");
 			ERR_print_errors(bio_err);
 			ENGINE_free(ssl_client_engine);
 			goto end;
 			}
 		ENGINE_free(ssl_client_engine);
 		}
 #endif
 	if (bugs)
 		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
 	else
 		SSL_CTX_set_options(ctx,off);
 	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
 	 * Setting read ahead solves this problem.
 	 */
 	if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 	if (cipher != NULL)
@@ -727,7 +499,7 @@ bad:
 #endif
 	SSL_CTX_set_verify(ctx,verify,verify_callback);
-	if (!set_cert_key_stuff(ctx,cert,key))
+	if (!set_cert_stuff(ctx,cert_file,key_file))
 		goto end;
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
@@ -740,51 +512,8 @@ bad:
 	store = SSL_CTX_get_cert_store(ctx);
 	X509_STORE_set_flags(store, vflags);
 #ifndef OPENSSL_NO_TLSEXT
 	if (servername != NULL)
 		{
 		tlsextcbp.biodebug = bio_err;
 		SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
 		SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
 		}
 #endif
 	con=SSL_new(ctx);
 	if (sess_in)
 		{
 		SSL_SESSION *sess;
 		BIO *stmp = BIO_new_file(sess_in, "r");
 		if (!stmp)
 			{
 			BIO_printf(bio_err, "Can't open session file %s\n",
 						sess_in);
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
 		BIO_free(stmp);
 		if (!sess)
 			{
 			BIO_printf(bio_err, "Can't open session file %s\n",
 						sess_in);
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		SSL_set_session(con, sess);
 		SSL_SESSION_free(sess);
 		}
 #ifndef OPENSSL_NO_TLSEXT
 	if (servername != NULL)
 		{
 		if (!SSL_set_tlsext_host_name(con,servername))
 			{
 			BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 #endif
 #ifndef OPENSSL_NO_KRB5
 	if (con  &&  (con->kssl_ctx = kssl_ctx_new()) != NULL)
                {
@@ -795,7 +524,7 @@ bad:
 re_start:
-	if (init_client(&s,host,port,sock_type) == 0)
+	if (init_client(&s,host,port) == 0)
 		{
 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
 		SHUTDOWN(s);
@@ -816,43 +545,6 @@ re_start:
 		}
 #endif                                              
 	if (c_Pause & 0x01) con->debug=1;
 	if ( SSL_version(con) == DTLS1_VERSION)
 		{
 		struct timeval timeout;
 		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
 		if (getsockname(s, &peer, (void *)&peerlen) < 0)
 			{
 			BIO_printf(bio_err, "getsockname:errno=%d\n",
 				get_last_socket_error());
 			SHUTDOWN(s);
 			goto end;
 			}
 		(void)BIO_ctrl_set_connected(sbio, 1, &peer);
 		if ( enable_timeouts)
 			{
 			timeout.tv_sec = 0;
 			timeout.tv_usec = DGRAM_RCV_TIMEOUT;
 			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
 			timeout.tv_sec = 0;
 			timeout.tv_usec = DGRAM_SND_TIMEOUT;
 			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
 			}
 		if ( mtu > 0)
 			{
 			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
 			SSL_set_mtu(con, mtu);
 			}
 		else
 			/* want to do MTU discovery */
 			BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
 		}
 	else
 	sbio=BIO_new_socket(s,BIO_NOCLOSE);
 	if (nbio_test)
@@ -866,42 +558,14 @@ re_start:
 	if (c_debug)
 		{
 		con->debug=1;
-		BIO_set_callback(sbio,bio_dump_callback);
+		BIO_set_callback(sbio,bio_dump_cb);
-		BIO_set_callback_arg(sbio,(char *)bio_c_out);
+		BIO_set_callback_arg(sbio,bio_c_out);
 		}
 	if (c_msg)
 		{
 		SSL_set_msg_callback(con, msg_cb);
 		SSL_set_msg_callback_arg(con, bio_c_out);
 		}
 #ifndef OPENSSL_NO_TLSEXT
 	if (c_tlsextdebug)
 		{
 		SSL_set_tlsext_debug_callback(con, tlsext_cb);
 		SSL_set_tlsext_debug_arg(con, bio_c_out);
 		}
 	if (c_status_req)
 		{
 		SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
 		SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
 		SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
 #if 0
 {
 STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
 OCSP_RESPID *id = OCSP_RESPID_new();
 id->value.byKey = ASN1_OCTET_STRING_new();
 id->type = V_OCSP_RESPID_KEY;
 ASN1_STRING_set(id->value.byKey, "Hello World", -1);
 sk_OCSP_RESPID_push(ids, id);
 SSL_set_tlsext_status_ids(con, ids);
 }
 #endif
 		}
 #endif
 #ifndef OPENSSL_NO_JPAKE
 	if (jpake_secret)
 		jpake_client_auth(bio_c_out, sbio, jpake_secret);
 #endif
 	SSL_set_bio(con,sbio,sbio);
 	SSL_set_connect_state(con);
@@ -921,115 +585,18 @@ SSL_set_tlsext_status_ids(con, ids);
 	sbuf_off=0;
 	/* This is an ugly hack that does a lot of assumptions */
-	/* We do have to handle multi-line responses which may come
+	if (starttls_proto == 1)
 	   in a single packet or not. We therefore have to use
 	   BIO_gets() which does need a buffering BIO. So during
 	   the initial chitchat we do push a buffering BIO into the
 	   chain that is removed again later on to not disturb the
 	   rest of the s_client operation. */
 	if (starttls_proto == PROTO_SMTP)
 		{
-		int foundit=0;
+		BIO_read(sbio,mbuf,BUFSIZZ);
 		BIO *fbio = BIO_new(BIO_f_buffer());
 		BIO_push(fbio, sbio);
 		/* wait for multi-line response to end from SMTP */
 		do
 			{
 			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
 			}
 		while (mbuf_len>3 && mbuf[3]=='-');
 		/* STARTTLS command requires EHLO... */
 		BIO_printf(fbio,"EHLO openssl.client.net\r\n");
 		(void)BIO_flush(fbio);
 		/* wait for multi-line response to end EHLO SMTP response */
 		do
 			{
 			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
 			if (strstr(mbuf,"STARTTLS"))
 				foundit=1;
 			}
 		while (mbuf_len>3 && mbuf[3]=='-');
 		(void)BIO_flush(fbio);
 		BIO_pop(fbio);
 		BIO_free(fbio);
 		if (!foundit)
 			BIO_printf(bio_err,
 				   "didn't found starttls in server response,"
 				   " try anyway...\n");
 		BIO_printf(sbio,"STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
-	else if (starttls_proto == PROTO_POP3)
+	if (starttls_proto == 2)
 		{
 		BIO_read(sbio,mbuf,BUFSIZZ);
 		BIO_printf(sbio,"STLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
 	else if (starttls_proto == PROTO_IMAP)
 		{
 		int foundit=0;
 		BIO *fbio = BIO_new(BIO_f_buffer());
 		BIO_push(fbio, sbio);
 		BIO_gets(fbio,mbuf,BUFSIZZ);
 		/* STARTTLS command requires CAPABILITY... */
 		BIO_printf(fbio,". CAPABILITY\r\n");
 		(void)BIO_flush(fbio);
 		/* wait for multi-line CAPABILITY response */
 		do
 			{
 			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
 			if (strstr(mbuf,"STARTTLS"))
 				foundit=1;
 			}
 		while (mbuf_len>3 && mbuf[0]!='.');
 		(void)BIO_flush(fbio);
 		BIO_pop(fbio);
 		BIO_free(fbio);
 		if (!foundit)
 			BIO_printf(bio_err,
 				   "didn't found STARTTLS in server response,"
 				   " try anyway...\n");
 		BIO_printf(sbio,". STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
 	else if (starttls_proto == PROTO_FTP)
 		{
 		BIO *fbio = BIO_new(BIO_f_buffer());
 		BIO_push(fbio, sbio);
 		/* wait for multi-line response to end from FTP */
 		do
 			{
 			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
 			}
 		while (mbuf_len>3 && mbuf[3]=='-');
 		(void)BIO_flush(fbio);
 		BIO_pop(fbio);
 		BIO_free(fbio);
 		BIO_printf(sbio,"AUTH TLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}
 	if (starttls_proto == PROTO_XMPP)
 		{
 		int seen = 0;
 		BIO_printf(sbio,"<stream:stream "
 		    "xmlns:stream='http://etherx.jabber.org/streams' "
 		    "xmlns='jabber:client' to='%s' version='1.0'>", host);
 		seen = BIO_read(sbio,mbuf,BUFSIZZ);
 		mbuf[seen] = 0;
 		while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
 			{
 			if (strstr(mbuf, "/stream:features>"))
 				goto shut;
 			seen = BIO_read(sbio,mbuf,BUFSIZZ);
 			mbuf[seen] = 0;
 			}
 		BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
 		seen = BIO_read(sbio,sbuf,BUFSIZZ);
 		sbuf[seen] = 0;
 		if (!strstr(sbuf, "<proceed"))
 			goto shut;
 		mbuf[0] = 0;
 		}
 	for (;;)
 		{
@@ -1047,17 +614,6 @@ SSL_set_tlsext_status_ids(con, ids);
 			if (in_init)
 				{
 				in_init=0;
 				if (sess_out)
 					{
 					BIO *stmp = BIO_new_file(sess_out, "w");
 					if (stmp)
 						{
 						PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
 						BIO_free(stmp);
 						}
 					else 
 						BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
 					}
 				print_stuff(bio_c_out,con,full_log);
 				if (full_log > 0) full_log--;
@@ -1065,7 +621,7 @@ SSL_set_tlsext_status_ids(con, ids);
 					{
 					BIO_printf(bio_err,"%s",mbuf);
 					/* We don't need to know any more */
-					starttls_proto = PROTO_OFF;
+					starttls_proto = 0;
 					}
 				if (reconnect)
@@ -1134,16 +690,6 @@ SSL_set_tlsext_status_ids(con, ids);
 				} else 	i=select(width,(void *)&readfds,(void *)&writefds,
 					 NULL,NULL);
 			}
 #elif defined(OPENSSL_SYS_NETWARE)
 			if(!write_tty) {
 				if(read_tty) {
 					tv.tv_sec = 1;
 					tv.tv_usec = 0;
 					i=select(width,(void *)&readfds,(void *)&writefds,
 						NULL,&tv);
 				} else 	i=select(width,(void *)&readfds,(void *)&writefds,
 					NULL,NULL);
 			}
 #else
 			i=select(width,(void *)&readfds,(void *)&writefds,
 				 NULL,NULL);
@@ -1376,12 +922,6 @@ end:
 	if (con != NULL) SSL_free(con);
 	if (con2 != NULL) SSL_free(con2);
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (cert)
 		X509_free(cert);
 	if (key)
 		EVP_PKEY_free(key);
 	if (pass)
 		OPENSSL_free(pass);
 	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
 	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
 	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
@@ -1399,16 +939,14 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 	{
 	X509 *peer=NULL;
 	char *p;
-	static const char *space="                ";
+	static char *space="                ";
 	char buf[BUFSIZ];
 	STACK_OF(X509) *sk;
 	STACK_OF(X509_NAME) *sk2;
 	SSL_CIPHER *c;
 	X509_NAME *xn;
 	int j,i;
 #ifndef OPENSSL_NO_COMP
 	const COMP_METHOD *comp, *expansion;
 #endif
 	if (full)
 		{
@@ -1511,47 +1049,17 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 							 EVP_PKEY_bits(pktmp));
 		EVP_PKEY_free(pktmp);
 	}
 #ifndef OPENSSL_NO_COMP
 	comp=SSL_get_current_compression(s);
 	expansion=SSL_get_current_expansion(s);
 	BIO_printf(bio,"Compression: %s\n",
 		comp ? SSL_COMP_get_name(comp) : "NONE");
 	BIO_printf(bio,"Expansion: %s\n",
 		expansion ? SSL_COMP_get_name(expansion) : "NONE");
 #endif
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)
 		X509_free(peer);
 	/* flush, or debugging output gets mixed with http response */
-	(void)BIO_flush(bio);
+	BIO_flush(bio);
 	}
 #ifndef OPENSSL_NO_TLSEXT
 static int ocsp_resp_cb(SSL *s, void *arg)
 	{
 	const unsigned char *p;
 	int len;
 	OCSP_RESPONSE *rsp;
 	len = SSL_get_tlsext_status_ocsp_resp(s, &p);
 	BIO_puts(arg, "OCSP response: ");
 	if (!p)
 		{
 		BIO_puts(arg, "no response sent\n");
 		return 1;
 		}
 	rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
 	if (!rsp)
 		{
 		BIO_puts(arg, "response parse error\n");
 		BIO_dump_indent(arg, (char *)p, len, 4);
 		return 0;
 		}
 	BIO_puts(arg, "\n======================================\n");
 	OCSP_RESPONSE_print(arg, rsp, 0);
 	BIO_puts(arg, "======================================\n");
 	OCSP_RESPONSE_free(rsp);
 	return 1;
 	}
 #endif  /* ndef OPENSSL_NO_TLSEXT */
--- a/apps/s_server.c
+++ b/apps/s_server.c
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -87,18 +87,14 @@ typedef unsigned int u_int;
 #ifndef OPENSSL_NO_SOCK
 #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
 #include "netdb.h"
 #endif
 static struct hostent *GetHostByName(char *name);
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
 static void ssl_sock_cleanup(void);
 #endif
 static int ssl_sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
+static int init_client_ip(int *sock,unsigned char ip[4], int port);
-static int init_server(int *sock, int port, int type);
+static int init_server(int *sock, int port);
-static int init_server_long(int *sock, int port,char *ip, int type);
+static int init_server_long(int *sock, int port,char *ip);
 static int do_accept(int acc_sock, int *sock, char **host);
 static int host_ip(char *str, unsigned char ip[4]);
@@ -108,7 +104,7 @@ static int host_ip(char *str, unsigned char ip[4]);
 #define SOCKET_PROTOCOL	IPPROTO_TCP
 #endif
-#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+#ifdef OPENSSL_SYS_NETWARE
 static int wsa_init_done=0;
 #endif
@@ -160,7 +156,7 @@ static void ssl_sock_cleanup(void)
 		WSACleanup();
 		}
 	}
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+#elif defined(OPENSSL_SYS_NETWARE)
 static void sock_cleanup(void)
    {
    if (wsa_init_done)
@@ -176,6 +172,7 @@ static int ssl_sock_init(void)
 #ifdef WATT32
 	extern int _watt_do_exit;
 	_watt_do_exit = 0;
 	dbug_init();
 	if (sock_init())
 		return (0);
 #elif defined(OPENSSL_SYS_WINDOWS)
@@ -203,7 +200,7 @@ static int ssl_sock_init(void)
 		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
 #endif /* OPENSSL_SYS_WIN16 */
 		}
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+#elif defined(OPENSSL_SYS_NETWARE)
   WORD wVerReq;
   WSADATA wsaData;
   int err;
@@ -228,7 +225,7 @@ static int ssl_sock_init(void)
 	return(1);
 	}
-int init_client(int *sock, char *host, int port, int type)
+int init_client(int *sock, char *host, int port)
 	{
 	unsigned char ip[4];
 	short p=0;
@@ -238,10 +235,10 @@ int init_client(int *sock, char *host, int port, int type)
 		return(0);
 		}
 	if (p != 0) port=p;
-	return(init_client_ip(sock,ip,port,type));
+	return(init_client_ip(sock,ip,port));
 	}
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
@@ -259,20 +256,13 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 		((unsigned long)ip[3]);
 	them.sin_addr.s_addr=htonl(addr);
 	if (type == SOCK_STREAM)
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	else /* ( type == SOCK_DGRAM) */
 		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 #ifndef OPENSSL_SYS_MPE
 	if (type == SOCK_STREAM)
 		{
 	i=0;
 	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 	if (i < 0) { perror("keepalive"); return(0); }
 		}
 #endif
 	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
@@ -281,14 +271,14 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 	return(1);
 	}
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+int do_server(int port, int *ret, int (*cb)(), char *context)
 	{
 	int sock;
-	char *name = NULL;
+	char *name;
 	int accept_socket;
 	int i;
-	if (!init_server(&accept_socket,port,type)) return(0);
+	if (!init_server(&accept_socket,port)) return(0);
 	if (ret != NULL)
 		{
@@ -296,20 +286,14 @@ int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, uns
 		/* return(1);*/
 		}
 	for (;;)
  		{
 		if (type==SOCK_STREAM)
 		{
 		if (do_accept(accept_socket,&sock,&name) == 0)
 			{
 			SHUTDOWN(accept_socket);
 			return(0);
 			}
 			}
 		else
 			sock = accept_socket;
 		i=(*cb)(name,sock, context);
 		if (name != NULL) OPENSSL_free(name);
 		if (type==SOCK_STREAM)
 		SHUTDOWN2(sock);
 		if (i < 0)
 			{
@@ -319,7 +303,7 @@ int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, uns
 		}
 	}
-static int init_server_long(int *sock, int port, char *ip, int type)
+static int init_server_long(int *sock, int port, char *ip)
 	{
 	int ret=0;
 	struct sockaddr_in server;
@@ -339,11 +323,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
 #else
 		memcpy(&server.sin_addr,ip,4);
 #endif
 		if (type == SOCK_STREAM)
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 		else /* type == SOCK_DGRAM */
 			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
 	if (s == INVALID_SOCKET) goto err;
 #if defined SOL_SOCKET && defined SO_REUSEADDR
@@ -361,7 +341,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
 		goto err;
 		}
 	/* Make it 128 for linux */
-	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
+	if (listen(s,128) == -1) goto err;
 	i=0;
 	*sock=s;
 	ret=1;
@@ -373,9 +353,9 @@ err:
 	return(ret);
 	}
-static int init_server(int *sock, int port, int type)
+static int init_server(int *sock, int port)
 	{
-	return(init_server_long(sock, port, NULL, type));
+	return(init_server_long(sock, port, NULL));
 	}
 static int do_accept(int acc_sock, int *sock, char **host)
@@ -402,7 +382,7 @@ redoit:
 	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -69,7 +69,7 @@
 #undef PROG
 #define PROG	sess_id_main
-static const char *sess_id_usage[]={
+static char *sess_id_usage[]={
 "usage: sess_id args\n",
 "\n",
 " -inform arg     - input format - default PEM (DER or PEM)\n",
@@ -95,7 +95,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL,*context=NULL;
 	int cert=0,noout=0,text=0;
-	const char **pp;
+	char **pp;
 	apps_startup();
@@ -241,7 +241,7 @@ bad:
 	if (!noout && !cert)
 		{
 		if 	(outformat == FORMAT_ASN1)
-			i=i2d_SSL_SESSION_bio(out,x);
+			i=(int)i2d_SSL_SESSION_bio(out,x);
 		else if (outformat == FORMAT_PEM)
 			i=PEM_write_bio_SSL_SESSION(out,x);
 		else	{
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -1,9 +1,9 @@
 /* smime.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project.
 */
 /* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -64,13 +64,10 @@
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/x509v3.h>
 #undef PROG
 #define PROG smime_main
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int smime_cb(int ok, X509_STORE_CTX *ctx);
 #define SMIME_OP	0x10
 #define SMIME_ENCRYPT	(1 | SMIME_OP)
@@ -87,7 +84,7 @@ int MAIN(int argc, char **argv)
 	int operation = 0;
 	int ret = 0;
 	char **args;
-	const char *inmode = "r", *outmode = "w";
+	char *inmode = "r", *outmode = "w";
 	char *infile = NULL, *outfile = NULL;
 	char *signerfile = NULL, *recipfile = NULL;
 	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
@@ -99,7 +96,7 @@ int MAIN(int argc, char **argv)
 	STACK_OF(X509) *encerts = NULL, *other = NULL;
 	BIO *in = NULL, *out = NULL, *indata = NULL;
 	int badarg = 0;
-	int flags = PKCS7_DETACHED;
+	int flags = PKCS7_DETACHED, store_flags = 0;
 	char *to = NULL, *from = NULL, *subject = NULL;
 	char *CAfile = NULL, *CApath = NULL;
 	char *passargin = NULL, *passin = NULL;
@@ -111,44 +108,30 @@ int MAIN(int argc, char **argv)
 	char *engine=NULL;
 #endif
 	X509_VERIFY_PARAM *vpm = NULL;
 	args = argv + 1;
 	ret = 1;
 	apps_startup();
 	if (bio_err == NULL)
 		{
 		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
 		}
 	if (!load_config(bio_err, NULL))
 		goto end;
-	while (!badarg && *args && *args[0] == '-')
+	while (!badarg && *args && *args[0] == '-') {
-		{
+		if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
-		if (!strcmp (*args, "-encrypt"))
+		else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
-			operation = SMIME_ENCRYPT;
+		else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
-		else if (!strcmp (*args, "-decrypt"))
+		else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
-			operation = SMIME_DECRYPT;
+		else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
 		else if (!strcmp (*args, "-sign"))
 			operation = SMIME_SIGN;
 		else if (!strcmp (*args, "-verify"))
 			operation = SMIME_VERIFY;
 		else if (!strcmp (*args, "-pk7out"))
 			operation = SMIME_PK7OUT;
 #ifndef OPENSSL_NO_DES
 		else if (!strcmp (*args, "-des3")) 
 				cipher = EVP_des_ede3_cbc();
 		else if (!strcmp (*args, "-des")) 
 				cipher = EVP_des_cbc();
 #endif
 #ifndef OPENSSL_NO_SEED
 		else if (!strcmp (*args, "-seed")) 
 				cipher = EVP_seed_cbc();
 #endif
 #ifndef OPENSSL_NO_RC2
 		else if (!strcmp (*args, "-rc2-40")) 
 				cipher = EVP_rc2_40_cbc();
@@ -164,14 +147,6 @@ int MAIN(int argc, char **argv)
 				cipher = EVP_aes_192_cbc();
 		else if (!strcmp(*args,"-aes256"))
 				cipher = EVP_aes_256_cbc();
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		else if (!strcmp(*args,"-camellia128"))
 				cipher = EVP_camellia_128_cbc();
 		else if (!strcmp(*args,"-camellia192"))
 				cipher = EVP_camellia_192_cbc();
 		else if (!strcmp(*args,"-camellia256"))
 				cipher = EVP_camellia_256_cbc();
 #endif
 		else if (!strcmp (*args, "-text")) 
 				flags |= PKCS7_TEXT;
@@ -197,225 +172,127 @@ int MAIN(int argc, char **argv)
 				flags |= PKCS7_NOOLDMIMETYPE;
 		else if (!strcmp (*args, "-crlfeol"))
 				flags |= PKCS7_CRLFEOL;
-		else if (!strcmp(*args,"-rand"))
+		else if (!strcmp (*args, "-crl_check"))
-			{
+				store_flags |= X509_V_FLAG_CRL_CHECK;
-			if (args[1])
+		else if (!strcmp (*args, "-crl_check_all"))
-				{
+				store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
 		else if (!strcmp(*args,"-rand")) {
 			if (args[1]) {
 				args++;
 				inrand = *args;
-				}
+			} else badarg = 1;
 			else
 				badarg = 1;
 			need_rand = 1;
 			}
 #ifndef OPENSSL_NO_ENGINE
-		else if (!strcmp(*args,"-engine"))
+		} else if (!strcmp(*args,"-engine")) {
-			{
+			if (args[1]) {
 			if (args[1])
 				{
 				args++;
 				engine = *args;
-				}
+			} else badarg = 1;
 			else badarg = 1;
 			}
 #endif
-		else if (!strcmp(*args,"-passin"))
+		} else if (!strcmp(*args,"-passin")) {
-			{
+			if (args[1]) {
 			if (args[1])
 				{
 				args++;
 				passargin = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-to")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-to"))
 			{
 			if (args[1])
 				{
 				args++;
 				to = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-from")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-from"))
 			{
 			if (args[1])
 				{
 				args++;
 				from = *args;
-				}
+			} else badarg = 1;
-			else badarg = 1;
+		} else if (!strcmp (*args, "-subject")) {
-			}
+			if (args[1]) {
 		else if (!strcmp (*args, "-subject"))
 			{
 			if (args[1])
 				{
 				args++;
 				subject = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-signer")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-signer"))
 			{
 			if (args[1])
 				{
 				args++;
 				signerfile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-recip")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-recip"))
 			{
 			if (args[1])
 				{
 				args++;
 				recipfile = *args;
-				}
+			} else badarg = 1;
-			else badarg = 1;
+		} else if (!strcmp (*args, "-inkey")) {
-			}
+			if (args[1]) {
 		else if (!strcmp (*args, "-inkey"))
 			{
 			if (args[1])
 				{
 				args++;
 				keyfile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-keyform")) {
-				badarg = 1;
+			if (args[1]) {
 		}
 		else if (!strcmp (*args, "-keyform"))
 			{
 			if (args[1])
 				{
 				args++;
 				keyform = str2fmt(*args);
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-certfile")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-certfile"))
 			{
 			if (args[1])
 				{
 				args++;
 				certfile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-CAfile")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-CAfile"))
 			{
 			if (args[1])
 				{
 				args++;
 				CAfile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-CApath")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-CApath"))
 			{
 			if (args[1])
 				{
 				args++;
 				CApath = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-in")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-in"))
 			{
 			if (args[1])
 				{
 				args++;
 				infile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-inform")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-inform"))
 			{
 			if (args[1])
 				{
 				args++;
 				informat = str2fmt(*args);
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-outform")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-outform"))
 			{
 			if (args[1])
 				{
 				args++;
 				outformat = str2fmt(*args);
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-out")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-out"))
 			{
 			if (args[1])
 				{
 				args++;
 				outfile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else if (!strcmp (*args, "-content")) {
-				badarg = 1;
+			if (args[1]) {
 			}
 		else if (!strcmp (*args, "-content"))
 			{
 			if (args[1])
 				{
 				args++;
 				contfile = *args;
-				}
+			} else badarg = 1;
-			else
+		} else badarg = 1;
 				badarg = 1;
 			}
 		else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
 			continue;
 		else
 			badarg = 1;
 		args++;
 	}
-
+	if(operation == SMIME_SIGN) {
-	if (operation == SMIME_SIGN)
+		if(!signerfile) {
 		{
 		if (!signerfile)
 			{
 			BIO_printf(bio_err, "No signer certificate specified\n");
 			badarg = 1;
 		}
 		need_rand = 1;
-		}
+	} else if(operation == SMIME_DECRYPT) {
-	else if (operation == SMIME_DECRYPT)
+		if(!recipfile) {
-		{
+			BIO_printf(bio_err, "No recipient certificate and key specified\n");
 		if (!recipfile && !keyfile)
 			{
 			BIO_printf(bio_err, "No recipient certificate or key specified\n");
 			badarg = 1;
 		}
-		}
+	} else if(operation == SMIME_ENCRYPT) {
-	else if (operation == SMIME_ENCRYPT)
+		if(!*args) {
 		{
 		if (!*args)
 			{
 			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
 			badarg = 1;
 		}
 		need_rand = 1;
-		}
+	} else if(!operation) badarg = 1;
 	else if (!operation)
 		badarg = 1;
-	if (badarg)
+	if (badarg) {
 		{
 		BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
 		BIO_printf (bio_err, "where options are\n");
 		BIO_printf (bio_err, "-encrypt       encrypt message\n");
@@ -427,9 +304,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
 		BIO_printf (bio_err, "-des           encrypt with DES\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf (bio_err, "-seed          encrypt with SEED\n");
 #endif
 #ifndef OPENSSL_NO_RC2
 		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
 		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
@@ -438,10 +312,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
 		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
 		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
 		BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
 		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
@@ -483,14 +353,12 @@ int MAIN(int argc, char **argv)
        e = setup_engine(bio_err, engine, 0);
 #endif
-	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
 		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 	}
-	if (need_rand)
+	if (need_rand) {
 		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@@ -499,28 +367,18 @@ int MAIN(int argc, char **argv)
 	ret = 2;
-	if (operation != SMIME_SIGN)
+	if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
 		flags &= ~PKCS7_DETACHED;
-	if (operation & SMIME_OP)
+	if(operation & SMIME_OP) {
-		{
+		if(flags & PKCS7_BINARY) inmode = "rb";
-		if (flags & PKCS7_BINARY)
+		if(outformat == FORMAT_ASN1) outmode = "wb";
-			inmode = "rb";
+	} else {
-		if (outformat == FORMAT_ASN1)
+		if(flags & PKCS7_BINARY) outmode = "wb";
-			outmode = "wb";
+		if(informat == FORMAT_ASN1) inmode = "rb";
 		}
 	else
 		{
 		if (flags & PKCS7_BINARY)
 			outmode = "wb";
 		if (informat == FORMAT_ASN1)
 			inmode = "rb";
 	}
-	if (operation == SMIME_ENCRYPT)
+	if(operation == SMIME_ENCRYPT) {
-		{
+		if (!cipher) {
 		if (!cipher)
 			{
 #ifndef OPENSSL_NO_RC2			
 			cipher = EVP_rc2_40_cbc();
 #else
@@ -529,11 +387,9 @@ int MAIN(int argc, char **argv)
 #endif
 		}
 		encerts = sk_X509_new_null();
-		while (*args)
+		while (*args) {
 			{
 			if(!(cert = load_cert(bio_err,*args,FORMAT_PEM,
-				NULL, e, "recipient certificate file")))
+				NULL, e, "recipient certificate file"))) {
 				{
 #if 0				/* An appropriate message is already printed */
 				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
 #endif
@@ -545,11 +401,9 @@ int MAIN(int argc, char **argv)
 		}
 	}
-	if (signerfile && (operation == SMIME_SIGN))
+	if(signerfile && (operation == SMIME_SIGN)) {
 		{
 		if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
-			e, "signer certificate")))
+			e, "signer certificate"))) {
 			{
 #if 0			/* An appropri message has already been printed */
 			BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
 #endif
@@ -557,11 +411,9 @@ int MAIN(int argc, char **argv)
 		}
 	}
-	if (certfile)
+	if(certfile) {
 		{
 		if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
-			e, "certificate file")))
+			e, "certificate file"))) {
 			{
 #if 0			/* An appropriate message has already been printed */
 			BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
 #endif
@@ -570,11 +422,9 @@ int MAIN(int argc, char **argv)
 		}
 	}
-	if (recipfile && (operation == SMIME_DECRYPT))
+	if(recipfile && (operation == SMIME_DECRYPT)) {
 		{
 		if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
-			e, "recipient certificate file")))
+			e, "recipient certificate file"))) {
 			{
 #if 0			/* An appropriate message has alrady been printed */
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
 #endif
@@ -583,49 +433,35 @@ int MAIN(int argc, char **argv)
 		}
 	}
-	if (operation == SMIME_DECRYPT)
+	if(operation == SMIME_DECRYPT) {
-		{
+		if(!keyfile) keyfile = recipfile;
-		if (!keyfile)
+	} else if(operation == SMIME_SIGN) {
-			keyfile = recipfile;
+		if(!keyfile) keyfile = signerfile;
-		}
+	} else keyfile = NULL;
 	else if (operation == SMIME_SIGN)
 		{
 		if (!keyfile)
 			keyfile = signerfile;
 		}
 	else keyfile = NULL;
-	if (keyfile)
+	if(keyfile) {
 		{
 		key = load_key(bio_err, keyfile, keyform, 0, passin, e,
 			       "signing key file");
-		if (!key)
+		if (!key) {
 			goto end;
                }
 	}
-	if (infile)
+	if (infile) {
-		{
+		if (!(in = BIO_new_file(infile, inmode))) {
 		if (!(in = BIO_new_file(infile, inmode)))
 			{
 			BIO_printf (bio_err,
 				 "Can't open input file %s\n", infile);
 			goto end;
 		}
-		}
+	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
 	else
 		in = BIO_new_fp(stdin, BIO_NOCLOSE);
-	if (outfile)
+	if (outfile) {
-		{
+		if (!(out = BIO_new_file(outfile, outmode))) {
 		if (!(out = BIO_new_file(outfile, outmode)))
 			{
 			BIO_printf (bio_err,
 				 "Can't open output file %s\n", outfile);
 			goto end;
 		}
-		}
+	} else {
 	else
 		{
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@@ -635,112 +471,93 @@ int MAIN(int argc, char **argv)
 #endif
 	}
-	if (operation == SMIME_VERIFY)
+	if(operation == SMIME_VERIFY) {
-		{
+		if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;
-		if (!(store = setup_verify(bio_err, CAfile, CApath)))
+		X509_STORE_set_flags(store, store_flags);
 			goto end;
 		X509_STORE_set_verify_cb_func(store, smime_cb);
 		if (vpm)
 			X509_STORE_set1_param(store, vpm);
 	}
 	ret = 3;
-	if (operation == SMIME_ENCRYPT)
+	if(operation == SMIME_ENCRYPT) {
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
-	else if (operation == SMIME_SIGN)
+	} else if(operation == SMIME_SIGN) {
 		{
 		/* If detached data and SMIME output enable partial
 		 * signing.
 		 */
 		if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
 			flags |= PKCS7_STREAM;
 		p7 = PKCS7_sign(signer, key, other, in, flags);
 		/* Don't need to rewind for partial signing */
 		if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0)) {
 		  BIO_printf(bio_err, "Can't rewind input file\n");
 		  goto end;
 		}
-	else
+	} else {
 		{
 		if(informat == FORMAT_SMIME) 
 			p7 = SMIME_read_PKCS7(in, &indata);
 		else if(informat == FORMAT_PEM) 
 			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
 		else if(informat == FORMAT_ASN1) 
 			p7 = d2i_PKCS7_bio(in, NULL);
-		else
+		else {
 			{
 			BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
 			goto end;
 		}
-		if (!p7)
+		if(!p7) {
 			{
 			BIO_printf(bio_err, "Error reading S/MIME message\n");
 			goto end;
 		}
-		if (contfile)
+		if(contfile) {
 			{
 			BIO_free(indata);
-			if (!(indata = BIO_new_file(contfile, "rb")))
+			if(!(indata = BIO_new_file(contfile, "rb"))) {
 				{
 				BIO_printf(bio_err, "Can't read content file %s\n", contfile);
 				goto end;
 			}
 		}
 	}
-	if (!p7)
+	if(!p7) {
 		{
 		BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
 		goto end;
 	}
 	ret = 4;
-	if (operation == SMIME_DECRYPT)
+	if(operation == SMIME_DECRYPT) {
-		{
+		if(!PKCS7_decrypt(p7, key, recip, out, flags)) {
 		if (!PKCS7_decrypt(p7, key, recip, out, flags))
 			{
 			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
 			goto end;
 		}
-		}
+	} else if(operation == SMIME_VERIFY) {
 	else if (operation == SMIME_VERIFY)
 		{
 		STACK_OF(X509) *signers;
-		if (PKCS7_verify(p7, other, store, indata, out, flags))
+		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
 			BIO_printf(bio_err, "Verification successful\n");
-		else
+		} else {
 			{
 			BIO_printf(bio_err, "Verification failure\n");
 			goto end;
 		}
 		signers = PKCS7_get0_signers(p7, other, flags);
-		if (!save_certs(signerfile, signers))
+		if(!save_certs(signerfile, signers)) {
 			{
 			BIO_printf(bio_err, "Error writing signers to %s\n",
 								signerfile);
 			ret = 5;
 			goto end;
 		}
 		sk_X509_free(signers);
-		}
+	} else if(operation == SMIME_PK7OUT) {
 	else if (operation == SMIME_PK7OUT)
 		PEM_write_bio_PKCS7(out, p7);
-	else
+	} else {
-		{
+		if(to) BIO_printf(out, "To: %s\n", to);
-		if (to)
+		if(from) BIO_printf(out, "From: %s\n", from);
-			BIO_printf(out, "To: %s\n", to);
+		if(subject) BIO_printf(out, "Subject: %s\n", subject);
 		if (from)
 			BIO_printf(out, "From: %s\n", from);
 		if (subject)
 			BIO_printf(out, "Subject: %s\n", subject);
 		if(outformat == FORMAT_SMIME) 
 			SMIME_write_PKCS7(out, p7, in, flags);
 		else if(outformat == FORMAT_PEM) 
 			PEM_write_bio_PKCS7(out,p7);
 		else if(outformat == FORMAT_ASN1) 
 			i2d_PKCS7_bio(out,p7);
-		else
+		else {
 			{
 			BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
 			goto end;
 		}
@@ -752,8 +569,6 @@ end:
 	if(ret) ERR_print_errors(bio_err);
 	sk_X509_pop_free(encerts, X509_free);
 	sk_X509_pop_free(other, X509_free);
 	if (vpm)
 		X509_VERIFY_PARAM_free(vpm);
 	X509_STORE_free(store);
 	X509_free(cert);
 	X509_free(recip);
@@ -771,8 +586,7 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers)
 {
 	int i;
 	BIO *tmp;
-	if (!signerfile)
+	if(!signerfile) return 1;
 		return 1;
 	tmp = BIO_new_file(signerfile, "w");
 	if(!tmp) return 0;
 	for(i = 0; i < sk_X509_num(signers); i++)
@@ -781,21 +595,3 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers)
 	return 1;
 }
 /* Minimal callback just to output policy info (if any) */
 static int smime_cb(int ok, X509_STORE_CTX *ctx)
 	{
 	int error;
 	error = X509_STORE_CTX_get_error(ctx);
 	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
 		&& ((error != X509_V_OK) || (ok != 2)))
 		return ok;
 	policies_print(NULL, ctx);
 	return ok;
 	}
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -157,16 +157,12 @@
 #include <sys/param.h>
 #endif
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_DES
 #include <openssl/des.h>
 #endif
 #ifndef OPENSSL_NO_AES
 #include <openssl/aes.h>
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 #include <openssl/camellia.h>
 #endif
 #ifndef OPENSSL_NO_MD2
 #include <openssl/md2.h>
 #endif
@@ -201,9 +197,6 @@
 #ifndef OPENSSL_NO_IDEA
 #include <openssl/idea.h>
 #endif
 #ifndef OPENSSL_NO_SEED
 #include <openssl/seed.h>
 #endif
 #ifndef OPENSSL_NO_BF
 #include <openssl/blowfish.h>
 #endif
@@ -216,7 +209,6 @@
 #endif
 #include <openssl/x509.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #include "./testdsa.h"
 #endif
 #ifndef OPENSSL_NO_ECDSA
@@ -268,14 +260,13 @@ static int usertime=1;
 static double Time_F(int s);
 static void print_message(const char *s,long num,int length);
-static void pkey_print_message(const char *str, const char *str2,
+static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
 	long num, int bits, int sec);
 static void print_result(int alg,int run_no,int count,double time_used);
 #ifdef HAVE_FORK
 static int do_multi(int multi);
 #endif
-#define ALGOR_NUM	28
+#define ALGOR_NUM	19
 #define SIZE_NUM	5
 #define RSA_NUM		4
 #define DSA_NUM		3
@@ -285,27 +276,16 @@ static int do_multi(int multi);
 static const char *names[ALGOR_NUM]={
  "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
-  "des cbc","des ede3","idea cbc","seed cbc",
+  "des cbc","des ede3","idea cbc",
  "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
-  "aes-128 cbc","aes-192 cbc","aes-256 cbc",
+  "aes-128 cbc","aes-192 cbc","aes-256 cbc"};
  "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
  "evp","sha256","sha512",
  "aes-128 ige","aes-192 ige","aes-256 ige"};
 static double results[ALGOR_NUM][SIZE_NUM];
 static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
 static double rsa_results[RSA_NUM][2];
 static double dsa_results[DSA_NUM][2];
 #ifndef OPENSSL_NO_ECDSA
 static double ecdsa_results[EC_NUM][2];
 #endif
 #ifndef OPENSSL_NO_ECDH
 static double ecdh_results[EC_NUM][1];
 #endif
 #if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
 static int rnd_fake = 0;
 #endif
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
@@ -465,21 +445,17 @@ static double Time_F(int s)
 #endif /* if defined(OPENSSL_SYS_NETWARE) */
 #ifndef OPENSSL_NO_ECDH
 static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
+static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen)
 	{
 #ifndef OPENSSL_NO_SHA
-	if (*outlen < SHA_DIGEST_LENGTH)
+	if (outlen != SHA_DIGEST_LENGTH)
 		return NULL;
 	else
 		*outlen = SHA_DIGEST_LENGTH;
 	return SHA1(in, inlen, out);
 #else
 	return NULL;
-#endif	/* OPENSSL_NO_SHA */
+#endif
 	}
 #endif	/* OPENSSL_NO_ECDH */
 int MAIN(int, char **);
@@ -515,12 +491,6 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_SHA
 	unsigned char sha[SHA_DIGEST_LENGTH];
 #ifndef OPENSSL_NO_SHA256
 	unsigned char sha256[SHA256_DIGEST_LENGTH];
 #endif
 #ifndef OPENSSL_NO_SHA512
 	unsigned char sha512[SHA512_DIGEST_LENGTH];
 #endif
 #endif
 #ifndef OPENSSL_NO_RIPEMD
 	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
@@ -537,9 +507,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_IDEA
 	IDEA_KEY_SCHEDULE idea_ks;
 #endif
 #ifndef OPENSSL_NO_SEED
 	SEED_KEY_SCHEDULE seed_ks;
 #endif
 #ifndef OPENSSL_NO_BF
 	BF_KEY bf_ks;
 #endif
@@ -549,7 +516,6 @@ int MAIN(int argc, char **argv)
 	static const unsigned char key16[16]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
 #ifndef OPENSSL_NO_AES
 	static const unsigned char key24[24]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
@@ -559,25 +525,13 @@ int MAIN(int argc, char **argv)
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
 		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
 		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	static const unsigned char ckey24[24]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
 		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
 	static const unsigned char ckey32[32]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
 		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
 		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
 #endif
 #ifndef OPENSSL_NO_AES
 #define MAX_BLOCK_SIZE 128
 #else
 #define MAX_BLOCK_SIZE 64
 #endif
 	unsigned char DES_iv[8];
-	unsigned char iv[2*MAX_BLOCK_SIZE/8];
+	unsigned char iv[MAX_BLOCK_SIZE/8];
 #ifndef OPENSSL_NO_DES
 	DES_cblock *buf_as_des_cblock = NULL;
 	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
@@ -590,9 +544,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
 	AES_KEY aes_ks1, aes_ks2, aes_ks3;
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
 #endif
 #define	D_MD2		0
 #define	D_MDC2		1
 #define	D_MD4		2
@@ -604,23 +555,14 @@ int MAIN(int argc, char **argv)
 #define	D_CBC_DES	8
 #define	D_EDE3_DES	9
 #define	D_CBC_IDEA	10
-#define	D_CBC_SEED	11
+#define	D_CBC_RC2	11
-#define	D_CBC_RC2	12
+#define	D_CBC_RC5	12
-#define	D_CBC_RC5	13
+#define	D_CBC_BF	13
-#define	D_CBC_BF	14
+#define	D_CBC_CAST	14
-#define	D_CBC_CAST	15
+#define D_CBC_128_AES	15
-#define D_CBC_128_AES	16
+#define D_CBC_192_AES	16
-#define D_CBC_192_AES	17
+#define D_CBC_256_AES	17
-#define D_CBC_256_AES	18
+#define D_EVP		18
 #define D_CBC_128_CML   19 
 #define D_CBC_192_CML   20
 #define D_CBC_256_CML   21 
 #define D_EVP		22
 #define D_SHA256	23	
 #define D_SHA512	24
 #define D_IGE_128_AES   25
 #define D_IGE_192_AES   26
 #define D_IGE_256_AES   27
 	double d=0.0;
 	long c[ALGOR_NUM][SIZE_NUM];
 #define	R_DSA_512	0
@@ -690,7 +632,7 @@ int MAIN(int argc, char **argv)
 	NID_sect409r1,
 	NID_sect571r1
 	}; 
-	static const char * test_curves_names[EC_NUM] = 
+	static char * test_curves_names[EC_NUM] = 
 	{
 	/* Prime Curves */
 	"secp160r1",
@@ -738,12 +680,8 @@ int MAIN(int argc, char **argv)
 	int rsa_doit[RSA_NUM];
 	int dsa_doit[DSA_NUM];
 #ifndef OPENSSL_NO_ECDSA
 	int ecdsa_doit[EC_NUM];
 #endif
 #ifndef OPENSSL_NO_ECDH
        int ecdh_doit[EC_NUM];
 #endif
 	int doit[ALGOR_NUM];
 	int pr_header=0;
 	const EVP_CIPHER *evp_cipher=NULL;
@@ -927,18 +865,8 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_SHA
 			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
 		else
-			if (strcmp(*argv,"sha") == 0)	doit[D_SHA1]=1,
+			if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
 							doit[D_SHA256]=1,
 							doit[D_SHA512]=1;
 		else
 #ifndef OPENSSL_NO_SHA256
 			if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
 		else
 #endif
 #ifndef OPENSSL_NO_SHA512
 			if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1;
 		else
 #endif
 #endif
 #ifndef OPENSSL_NO_RIPEMD
 			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
@@ -961,15 +889,6 @@ int MAIN(int argc, char **argv)
 			if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1;
 		else	if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1;
 		else	if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
 		else    if (strcmp(*argv,"aes-128-ige") == 0) doit[D_IGE_128_AES]=1;
 		else	if (strcmp(*argv,"aes-192-ige") == 0) doit[D_IGE_192_AES]=1;
 		else	if (strcmp(*argv,"aes-256-ige") == 0) doit[D_IGE_256_AES]=1;
                else
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 			if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1;
 		else    if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1;
 		else    if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1;
 		else
 #endif
 #ifndef OPENSSL_NO_RSA
@@ -1013,11 +932,6 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
 		else
 #endif
 #ifndef OPENSSL_NO_SEED
 		     if (strcmp(*argv,"seed-cbc") == 0) doit[D_CBC_SEED]=1;
 		else if (strcmp(*argv,"seed") == 0) doit[D_CBC_SEED]=1;
 		else
 #endif
 #ifndef OPENSSL_NO_BF
 		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
@@ -1047,15 +961,6 @@ int MAIN(int argc, char **argv)
 			}
 		else
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 			if (strcmp(*argv,"camellia") == 0)
 			{
 			doit[D_CBC_128_CML]=1;
 			doit[D_CBC_192_CML]=1;
 			doit[D_CBC_256_CML]=1;
 			}
 		else
 #endif
 #ifndef OPENSSL_NO_RSA
 			if (strcmp(*argv,"rsa") == 0)
 			{
@@ -1077,7 +982,6 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_ECDSA
 		     if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
 		else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;
 		else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
 		else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
 		else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
@@ -1101,7 +1005,6 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_ECDH
 		     if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
 		else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;
 		else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
 		else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
 		else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
@@ -1145,12 +1048,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_SHA1
 			BIO_printf(bio_err,"sha1     ");
 #endif
 #ifndef OPENSSL_NO_SHA256
 			BIO_printf(bio_err,"sha256   ");
 #endif
 #ifndef OPENSSL_NO_SHA512
 			BIO_printf(bio_err,"sha512   ");
 #endif
 #ifndef OPENSSL_NO_RIPEMD160
 			BIO_printf(bio_err,"rmd160");
 #endif
@@ -1163,9 +1060,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_IDEA
 			BIO_printf(bio_err,"idea-cbc ");
 #endif
 #ifndef OPENSSL_NO_SEED
 			BIO_printf(bio_err,"seed-cbc ");
 #endif
 #ifndef OPENSSL_NO_RC2
 			BIO_printf(bio_err,"rc2-cbc  ");
 #endif
@@ -1175,7 +1069,7 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_BF
 			BIO_printf(bio_err,"bf-cbc");
 #endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
 			BIO_printf(bio_err,"\n");
 #endif
@@ -1184,11 +1078,6 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_AES
 			BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
 			BIO_printf(bio_err,"aes-128-ige aes-192-ige aes-256-ige ");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
 #endif
 #ifndef OPENSSL_NO_RC4
 			BIO_printf(bio_err,"rc4");
@@ -1203,13 +1092,13 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
 #endif
 #ifndef OPENSSL_NO_ECDSA
-			BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
+			BIO_printf(bio_err,"ecdsap160 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
 			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
 			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
 			BIO_printf(bio_err,"ecdsa\n");
 #endif
 #ifndef OPENSSL_NO_ECDH
-			BIO_printf(bio_err,"ecdhp160  ecdhp192  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
+			BIO_printf(bio_err,"ecdhp160  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
 			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
 			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
 			BIO_printf(bio_err,"ecdh\n");
@@ -1218,9 +1107,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_IDEA
 			BIO_printf(bio_err,"idea     ");
 #endif
 #ifndef OPENSSL_NO_SEED
 			BIO_printf(bio_err,"seed     ");
 #endif
 #ifndef OPENSSL_NO_RC2
 			BIO_printf(bio_err,"rc2      ");
 #endif
@@ -1230,19 +1116,15 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
 			BIO_printf(bio_err,"aes      ");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 			BIO_printf(bio_err,"camellia ");
 #endif
 #ifndef OPENSSL_NO_RSA
 			BIO_printf(bio_err,"rsa      ");
 #endif
 #ifndef OPENSSL_NO_BF
 			BIO_printf(bio_err,"blowfish");
 #endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
-    !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \
+    !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \
-    !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \
+    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES)
    !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)
 			BIO_printf(bio_err,"\n");
 #endif
@@ -1336,17 +1218,9 @@ int MAIN(int argc, char **argv)
 	AES_set_encrypt_key(key24,192,&aes_ks2);
 	AES_set_encrypt_key(key32,256,&aes_ks3);
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	Camellia_set_key(key16,128,&camellia_ks1);
 	Camellia_set_key(ckey24,192,&camellia_ks2);
 	Camellia_set_key(ckey32,256,&camellia_ks3);
 #endif
 #ifndef OPENSSL_NO_IDEA
 	idea_set_encrypt_key(key16,&idea_ks);
 #endif
 #ifndef OPENSSL_NO_SEED
 	SEED_set_key(key16,&seed_ks);
 #endif
 #ifndef OPENSSL_NO_RC4
 	RC4_set_key(&rc4_ks,16,key16);
 #endif
@@ -1370,10 +1244,10 @@ int MAIN(int argc, char **argv)
 	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
 	count=10;
 	do	{
-		long it;
+		long i;
 		count*=2;
 		Time_F(START);
-		for (it=count; it; it--)
+		for (i=count; i; i--)
 			DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
 				&sch,DES_ENCRYPT);
 		d=Time_F(STOP);
@@ -1390,7 +1264,6 @@ int MAIN(int argc, char **argv)
 	c[D_CBC_DES][0]=count;
 	c[D_EDE3_DES][0]=count/3;
 	c[D_CBC_IDEA][0]=count;
 	c[D_CBC_SEED][0]=count;
 	c[D_CBC_RC2][0]=count;
 	c[D_CBC_RC5][0]=count;
 	c[D_CBC_BF][0]=count;
@@ -1398,14 +1271,6 @@ int MAIN(int argc, char **argv)
 	c[D_CBC_128_AES][0]=count;
 	c[D_CBC_192_AES][0]=count;
 	c[D_CBC_256_AES][0]=count;
 	c[D_CBC_128_CML][0]=count;
 	c[D_CBC_192_CML][0]=count;
 	c[D_CBC_256_CML][0]=count;
 	c[D_SHA256][0]=count;
 	c[D_SHA512][0]=count;
 	c[D_IGE_128_AES][0]=count;
 	c[D_IGE_192_AES][0]=count;
 	c[D_IGE_256_AES][0]=count;
 	for (i=1; i<SIZE_NUM; i++)
 		{
@@ -1416,8 +1281,6 @@ int MAIN(int argc, char **argv)
 		c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
 		c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
 		c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
 		c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];
 		c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];
 		}
 	for (i=1; i<SIZE_NUM; i++)
 		{
@@ -1429,7 +1292,6 @@ int MAIN(int argc, char **argv)
 		c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1;
 		c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;
 		c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;
 		c[D_CBC_SEED][i]=c[D_CBC_SEED][i-1]*l0/l1;
 		c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;
 		c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
@@ -1437,12 +1299,6 @@ int MAIN(int argc, char **argv)
 		c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
 		c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
 		c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
 		c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1;
 		c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1;
 		c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1;
 		c[D_IGE_128_AES][i]=c[D_IGE_128_AES][i-1]*l0/l1;
 		c[D_IGE_192_AES][i]=c[D_IGE_192_AES][i-1]*l0/l1;
 		c[D_IGE_256_AES][i]=c[D_IGE_256_AES][i-1]*l0/l1;
 		}
 #ifndef OPENSSL_NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;
@@ -1487,7 +1343,7 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ECDSA
 	ecdsa_c[R_EC_P160][0]=count/1000;
 	ecdsa_c[R_EC_P160][1]=count/1000/2;
-	for (i=R_EC_P192; i<=R_EC_P521; i++)
+	for (i=R_EC_P224; i<=R_EC_P521; i++)
 		{
 		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
 		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
@@ -1541,7 +1397,7 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ECDH
 	ecdh_c[R_EC_P160][0]=count/1000;
 	ecdh_c[R_EC_P160][1]=count/1000;
-	for (i=R_EC_P192; i<=R_EC_P521; i++)
+	for (i=R_EC_P224; i<=R_EC_P521; i++)
 		{
 		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
 		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
@@ -1701,37 +1557,6 @@ int MAIN(int argc, char **argv)
 			print_result(D_SHA1,j,count,d);
 			}
 		}
 #ifndef OPENSSL_NO_SHA256
 	if (doit[D_SHA256])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_SHA256][j]); count++)
 				SHA256(buf,lengths[j],sha256);
 			d=Time_F(STOP);
 			print_result(D_SHA256,j,count,d);
 			}
 		}
 #endif
 #ifndef OPENSSL_NO_SHA512
 	if (doit[D_SHA512])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_SHA512][j]); count++)
 				SHA512(buf,lengths[j],sha512);
 			d=Time_F(STOP);
 			print_result(D_SHA512,j,count,d);
 			}
 		}
 #endif
 #endif
 #ifndef OPENSSL_NO_RIPEMD
 	if (doit[D_RMD160])
@@ -1836,93 +1661,6 @@ int MAIN(int argc, char **argv)
 			}
 		}
 	if (doit[D_IGE_128_AES])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_IGE_128_AES],c[D_IGE_128_AES][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_IGE_128_AES][j]); count++)
 				AES_ige_encrypt(buf,buf2,
 					(unsigned long)lengths[j],&aes_ks1,
 					iv,AES_ENCRYPT);
 			d=Time_F(STOP);
 			print_result(D_IGE_128_AES,j,count,d);
 			}
 		}
 	if (doit[D_IGE_192_AES])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_IGE_192_AES],c[D_IGE_192_AES][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_IGE_192_AES][j]); count++)
 				AES_ige_encrypt(buf,buf2,
 					(unsigned long)lengths[j],&aes_ks2,
 					iv,AES_ENCRYPT);
 			d=Time_F(STOP);
 			print_result(D_IGE_192_AES,j,count,d);
 			}
 		}
 	if (doit[D_IGE_256_AES])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_IGE_256_AES],c[D_IGE_256_AES][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_IGE_256_AES][j]); count++)
 				AES_ige_encrypt(buf,buf2,
 					(unsigned long)lengths[j],&aes_ks3,
 					iv,AES_ENCRYPT);
 			d=Time_F(STOP);
 			print_result(D_IGE_256_AES,j,count,d);
 			}
 		}
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	if (doit[D_CBC_128_CML])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_128_CML],c[D_CBC_128_CML][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_128_CML][j]); count++)
 				Camellia_cbc_encrypt(buf,buf,
 				        (unsigned long)lengths[j],&camellia_ks1,
 				        iv,CAMELLIA_ENCRYPT);
 			d=Time_F(STOP);
 			print_result(D_CBC_128_CML,j,count,d);
 			}
 		}
 	if (doit[D_CBC_192_CML])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_192_CML],c[D_CBC_192_CML][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_192_CML][j]); count++)
 				Camellia_cbc_encrypt(buf,buf,
 				        (unsigned long)lengths[j],&camellia_ks2,
 				        iv,CAMELLIA_ENCRYPT);
 			d=Time_F(STOP);
 			print_result(D_CBC_192_CML,j,count,d);
 			}
 		}
 	if (doit[D_CBC_256_CML])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_256_CML],c[D_CBC_256_CML][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_256_CML][j]); count++)
 				Camellia_cbc_encrypt(buf,buf,
 				        (unsigned long)lengths[j],&camellia_ks3,
 				        iv,CAMELLIA_ENCRYPT);
 			d=Time_F(STOP);
 			print_result(D_CBC_256_CML,j,count,d);
 			}
 		}
 #endif
 #ifndef OPENSSL_NO_IDEA
 	if (doit[D_CBC_IDEA])
@@ -1940,21 +1678,6 @@ int MAIN(int argc, char **argv)
 			}
 		}
 #endif
 #ifndef OPENSSL_NO_SEED
 	if (doit[D_CBC_SEED])
 		{
 		for (j=0; j<SIZE_NUM; j++)
 			{
 			print_message(names[D_CBC_SEED],c[D_CBC_SEED][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_SEED][j]); count++)
 				SEED_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&seed_ks,iv,1);
 			d=Time_F(STOP);
 			print_result(D_CBC_SEED,j,count,d);
 			}
 		}
 #endif
 #ifndef OPENSSL_NO_RC2
 	if (doit[D_CBC_RC2])
 		{
@@ -2041,7 +1764,6 @@ int MAIN(int argc, char **argv)
 					EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
 				else
 					EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
 				EVP_CIPHER_CTX_set_padding(&ctx, 0);
 				Time_F(START);
 				if(decrypt)
@@ -2132,7 +1854,7 @@ int MAIN(int argc, char **argv)
 				{
 				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
 					rsa_num, rsa_key[j]);
-				if (ret <= 0)
+				if (ret == 0)
 					{
 					BIO_printf(bio_err,
 						"RSA verify failure\n");
@@ -2263,7 +1985,7 @@ int MAIN(int argc, char **argv)
 		int ret;
 		if (!ecdsa_doit[j]) continue; /* Ignore Curve */ 
-		ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+		ecdsa[j] = EC_KEY_new();
 		if (ecdsa[j] == NULL) 
 			{
 			BIO_printf(bio_err,"ECDSA failure.\n");
@@ -2272,8 +1994,18 @@ int MAIN(int argc, char **argv)
 			} 
 		else 
 			{
 			ecdsa[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
 			/* Could not obtain group information */
 			if (ecdsa[j]->group == NULL) 
 				{
 				BIO_printf(bio_err,"ECDSA failure.Could not obtain group information\n");
 				ERR_print_errors(bio_err);
 				rsa_count=1;
 				} 
 			else 
 				{
 #if 1
-			EC_KEY_precompute_mult(ecdsa[j], NULL);
+				EC_GROUP_precompute_mult(ecdsa[j]->group, NULL);
 #endif
 				/* Perform ECDSA signature test */
 				EC_KEY_generate_key(ecdsa[j]);
@@ -2358,6 +2090,7 @@ int MAIN(int argc, char **argv)
 					}
 				}
 			}
 		}
 	if (rnd_fake) RAND_cleanup();
 #endif
@@ -2370,8 +2103,8 @@ int MAIN(int argc, char **argv)
 	for (j=0; j<EC_NUM; j++)
 		{
 		if (!ecdh_doit[j]) continue;
-		ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+		ecdh_a[j] = EC_KEY_new();
-		ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+		ecdh_b[j] = EC_KEY_new();
 		if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
 			{
 			BIO_printf(bio_err,"ECDH failure.\n");
@@ -2380,6 +2113,17 @@ int MAIN(int argc, char **argv)
 			}
 		else
 			{
 			ecdh_a[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
 			if (ecdh_a[j]->group == NULL)
 				{
 				BIO_printf(bio_err,"ECDH failure.\n");
 				ERR_print_errors(bio_err);
 				rsa_count=1;
 				}
 			else
 				{
 				ecdh_b[j]->group = EC_GROUP_dup(ecdh_a[j]->group);
 				/* generate two ECDH key pairs */
 				if (!EC_KEY_generate_key(ecdh_a[j]) ||
 					!EC_KEY_generate_key(ecdh_b[j]))
@@ -2394,8 +2138,8 @@ int MAIN(int argc, char **argv)
 					 * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
 					 */
 					int field_size, outlen;
-				void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);
+					void *(*kdf)(void *in, size_t inlen, void *out, size_t xoutlen);
-				field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
+					field_size = EC_GROUP_get_degree(ecdh_a[j]->group);
 					if (field_size <= 24 * 8)
 						{
 						outlen = KDF1_SHA1_len;
@@ -2407,10 +2151,10 @@ int MAIN(int argc, char **argv)
 						kdf = NULL;
 						}
 					secret_size_a = ECDH_compute_key(secret_a, outlen,
-					EC_KEY_get0_public_key(ecdh_b[j]),
+						ecdh_b[j]->pub_key,
 						ecdh_a[j], kdf);
 					secret_size_b = ECDH_compute_key(secret_b, outlen,
-					EC_KEY_get0_public_key(ecdh_a[j]),
+						ecdh_a[j]->pub_key,
 						ecdh_b[j], kdf);
 					if (secret_size_a != secret_size_b) 
 						ecdh_checks = 0;
@@ -2441,7 +2185,7 @@ int MAIN(int argc, char **argv)
 					for (count=0,run=1; COND(ecdh_c[j][0]); count++)
 						{
 						ECDH_compute_key(secret_a, outlen,
-					EC_KEY_get0_public_key(ecdh_b[j]),
+						ecdh_b[j]->pub_key,
 						ecdh_a[j], kdf);
 						}
 					d=Time_F(STOP);
@@ -2451,7 +2195,7 @@ int MAIN(int argc, char **argv)
 					rsa_count=count;
 					}
 				}
-
+			}
 		if (rsa_count <= 1)
 			{
@@ -2566,7 +2310,7 @@ show_res:
 				k,rsa_bits[k],rsa_results[k][0],
 				rsa_results[k][1]);
 		else
-			fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+			fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n",
 				rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
 				1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
 		}
@@ -2585,7 +2329,7 @@ show_res:
 			fprintf(stdout,"+F3:%u:%u:%f:%f\n",
 				k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
 		else
-			fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+			fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n",
 				dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
 				1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
 		}
@@ -2692,8 +2436,8 @@ static void print_message(const char *s, long num, int length)
 #endif
 	}
-static void pkey_print_message(const char *str, const char *str2, long num,
+static void pkey_print_message(char *str, char *str2, long num, int bits,
-	int bits, int tm)
+	     int tm)
 	{
 #ifdef SIGALRM
 	BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"
@@ -2717,7 +2461,6 @@ static void print_result(int alg,int run_no,int count,double time_used)
 	results[alg][run_no]=((double)count)/time_used*lengths[run_no];
 	}
 #ifdef HAVE_FORK
 static char *sstrsep(char **string, const char *delim)
    {
    char isdelim[256];
@@ -2749,6 +2492,7 @@ static char *sstrsep(char **string, const char *delim)
    return token;
    }
 #ifdef HAVE_FORK
 static int do_multi(int multi)
 	{
 	int n;
@@ -2760,8 +2504,6 @@ static int do_multi(int multi)
 	for(n=0 ; n < multi ; ++n)
 		{
 		pipe(fd);
 		fflush(stdout);
 		fflush(stderr);
 		if(fork())
 			{
 			close(fd[1]);
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -1,6 +1,6 @@
 /* apps/spkac.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999. Based on an original idea by Massimiliano Pala
 * (madwolf@openca.org).
 */
@@ -87,8 +87,7 @@ int MAIN(int argc, char **argv)
 	int verify=0,noout=0,pubkey=0;
 	char *infile = NULL,*outfile = NULL,*prog;
 	char *passargin = NULL, *passin = NULL;
-	const char *spkac = "SPKAC", *spksect = "default";
+	char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
 	char *spkstr = NULL;
 	char *challenge = NULL, *keyfile = NULL;
 	CONF *conf = NULL;
 	NETSCAPE_SPKI *spki = NULL;
@@ -201,7 +200,7 @@ bad:
 		}
 		spki = NETSCAPE_SPKI_new();
 		if(challenge) ASN1_STRING_set(spki->spkac->challenge,
-						 challenge, (int)strlen(challenge));
+						 challenge, strlen(challenge));
 		NETSCAPE_SPKI_set_pubkey(spki, pkey);
 		NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
 		spkstr = NETSCAPE_SPKI_b64_encode(spki);
@@ -285,7 +284,7 @@ bad:
 	pkey = NETSCAPE_SPKI_get_pubkey(spki);
 	if(verify) {
 		i = NETSCAPE_SPKI_verify(spki, pkey);
-		if (i > 0) BIO_printf(bio_err, "Signature OK\n");
+		if(i) BIO_printf(bio_err, "Signature OK\n");
 		else {
 			BIO_printf(bio_err, "Signature Failure\n");
 			ERR_print_errors(bio_err);
--- a/apps/timeouts.h
+++ b/apps/timeouts.h
@@ -1,67 +0,0 @@
 /* apps/timeouts.h */
 /* 
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
 */
 /* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #ifndef INCLUDED_TIMEOUTS_H
 #define INCLUDED_TIMEOUTS_H
 /* numbers in us */
 #define DGRAM_RCV_TIMEOUT         250000
 #define DGRAM_SND_TIMEOUT         250000
 #endif /* ! INCLUDED_TIMEOUTS_H */
--- a/apps/ts.c
+++ b/apps/ts.c
--- a/apps/tsget
+++ b/apps/tsget
@@ -1,195 +0,0 @@
 #!/usr/bin/perl -w
 # Written by Zoltan Glozik <zglozik@stones.com>.
 # Copyright (c) 2002 The OpenTSA Project.  All rights reserved.
 $::version = '$Id: tsget,v 1.1 2006/02/12 23:11:21 ulf Exp $';
 use strict;
 use IO::Handle;
 use Getopt::Std;
 use File::Basename;
 use WWW::Curl::easy;
 use vars qw(%options);
 # Callback for reading the body.
 sub read_body {
    my ($maxlength, $state) = @_;
    my $return_data = "";
    my $data_len = length ${$state->{data}};
    if ($state->{bytes} < $data_len) {
 	$data_len = $data_len - $state->{bytes};
 	$data_len = $maxlength if $data_len > $maxlength;
 	$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
 	$state->{bytes} += $data_len;
    }
    return $return_data;
 }
 # Callback for writing the body into a variable.
 sub write_body {
    my ($data, $pointer) = @_;
    ${$pointer} .= $data;
    return length($data);
 }
 # Initialise a new Curl object.
 sub create_curl {
    my $url = shift;
    # Create Curl object.
    my $curl = WWW::Curl::easy::new();
    # Error-handling related options.
    $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
    $curl->setopt(CURLOPT_FAILONERROR, 1);
    $curl->setopt(CURLOPT_USERAGENT, "OpenTSA tsget.pl/" . (split / /, $::version)[2]);
    # Options for POST method.
    $curl->setopt(CURLOPT_UPLOAD, 1);
    $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
    $curl->setopt(CURLOPT_HTTPHEADER,
 		["Content-Type: application/timestamp-query",
 		"Accept: application/timestamp-reply"]);
    $curl->setopt(CURLOPT_READFUNCTION, \&read_body);
    $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
    # Options for getting the result.
    $curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body);
    # SSL related options.
    $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
    $curl->setopt(CURLOPT_SSL_VERIFYPEER, 1);	# Verify server's certificate.
    $curl->setopt(CURLOPT_SSL_VERIFYHOST, 2);	# Check server's CN.
    $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
    $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
    $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
    $curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C});
    $curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P});
    $curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r});
    $curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g});
    # Setting destination.
    $curl->setopt(CURLOPT_URL, $url);
    return $curl;
 }
 # Send a request and returns the body back.
 sub get_timestamp {
    my $curl = shift;
    my $body = shift;
    my $ts_body;
    local $::error_buf;
    # Error-handling related options.
    $curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf");
    # Options for POST method.
    $curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0});
    $curl->setopt(CURLOPT_INFILESIZE, length(${$body}));
    # Options for getting the result.
    $curl->setopt(CURLOPT_FILE, \$ts_body);
    # Send the request...
    my $error_code = $curl->perform();
    my $error_string;
    if ($error_code != 0) {
        my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
 	$error_string = "could not get timestamp";
 	$error_string .= ", http code: $http_code" unless $http_code == 0;
 	$error_string .= ", curl code: $error_code";
 	$error_string .= " ($::error_buf)" if defined($::error_buf);
    } else {
        my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
 	if (lc($ct) ne "application/timestamp-reply") {
 	    $error_string = "unexpected content type returned: $ct";
        }
    }
    return ($ts_body, $error_string);
 }
 # Print usage information and exists.
 sub usage {
    print STDERR "usage: $0 -h <server_url> [-e <extension>] [-o <output>] ";
    print STDERR "[-v] [-d] [-k <private_key.pem>] [-p <key_password>] ";
    print STDERR "[-c <client_cert.pem>] [-C <CA_certs.pem>] [-P <CA_path>] ";
    print STDERR "[-r <file:file...>] [-g <EGD_socket>] [<request>]...\n";
    exit 1;
 }
 # ----------------------------------------------------------------------
 #   Main program
 # ----------------------------------------------------------------------
 # Getting command-line options (default comes from TSGET environment variable).
 my $getopt_arg =  "h:e:o:vdk:p:c:C:P:r:g:";
 if (exists $ENV{TSGET}) {
    my @old_argv = @ARGV;
    @ARGV = split /\s+/, $ENV{TSGET};
    getopts($getopt_arg, \%options) or usage;
    @ARGV = @old_argv;
 }
 getopts($getopt_arg, \%options) or usage;
 # Checking argument consistency.
 if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o}))
    || (@ARGV > 1 && exists($options{o}))) {
    print STDERR "Inconsistent command line options.\n";
    usage;
 }
 # Setting defaults.
@ARGV = ("-") unless @ARGV != 0;
 $options{e} = ".tsr" unless defined($options{e});
 # Processing requests.
 my $curl = create_curl $options{h};
 undef $/;   # For reading whole files.
 REQUEST: foreach (@ARGV) {
    my $input = $_;
    my ($base, $path) = fileparse($input, '\.[^.]*');
    my $output_base = $base . $options{e};
    my $output = defined($options{o}) ? $options{o} : $path . $output_base;
    STDERR->printflush("$input: ") if $options{v};
    # Read request.
    my $body;
    if ($input eq "-") {
 	# Read the request from STDIN;
 	$body = <STDIN>;
    } else {
 	# Read the request from file.
        open INPUT, "<" . $input
 	    or warn("$input: could not open input file: $!\n"), next REQUEST;
        $body = <INPUT>;
        close INPUT
 	    or warn("$input: could not close input file: $!\n"), next REQUEST;
    }
    # Send request.
    STDERR->printflush("sending request") if $options{v};
    my ($ts_body, $error) = get_timestamp $curl, \$body;
    if (defined($error)) {
 	die "$input: fatal error: $error\n";
    }
    STDERR->printflush(", reply received") if $options{v};
    # Write response.
    if ($output eq "-") {
 	# Write to STDOUT.
        print $ts_body;
    } else {
 	# Write to file.
        open OUTPUT, ">", $output
 	    or warn("$output: could not open output file: $!\n"), next REQUEST;
        print OUTPUT $ts_body;
        close OUTPUT
 	    or warn("$output: could not close output file: $!\n"), next REQUEST;
    }
    STDERR->printflush(", $output written.\n") if $options{v};
 }
 $curl->cleanup();
 WWW::Curl::easy::global_cleanup();
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -79,14 +79,13 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	ENGINE *e = NULL;
-	int i,ret=1, badarg = 0;
+	int i,ret=1;
 	int purpose = -1;
 	char *CApath=NULL,*CAfile=NULL;
 	char *untfile = NULL, *trustfile = NULL;
 	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
 	X509_VERIFY_PARAM *vpm = NULL;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif
@@ -122,12 +121,18 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				CAfile= *(++argv);
 				}
-			else if (args_verify(&argv, &argc, &badarg, bio_err,
+			else if (strcmp(*argv,"-purpose") == 0)
 									&vpm))
 				{
-				if (badarg)
+				X509_PURPOSE *xptmp;
 				if (argc-- < 1) goto end;
 				i = X509_PURPOSE_get_by_sname(*(++argv));
 				if(i < 0)
 					{
 					BIO_printf(bio_err, "unrecognized purpose\n");
 					goto end;
-				continue;
+					}
 				xptmp = X509_PURPOSE_get0(i);
 				purpose = X509_PURPOSE_get_id(xptmp);
 				}
 			else if (strcmp(*argv,"-untrusted") == 0)
 				{
@@ -148,6 +153,14 @@ int MAIN(int argc, char **argv)
 #endif
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
 			else if (strcmp(*argv,"-ignore_critical") == 0)
 				vflags |= X509_V_FLAG_IGNORE_CRITICAL;
 			else if (strcmp(*argv,"-issuer_checks") == 0)
 				vflags |= X509_V_FLAG_CB_ISSUER_CHECK;
 			else if (strcmp(*argv,"-crl_check") == 0)
 				vflags |= X509_V_FLAG_CRL_CHECK;
 			else if (strcmp(*argv,"-crl_check_all") == 0)
 				vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
 			else if (strcmp(*argv,"-verbose") == 0)
 				v_verbose=1;
 			else if (argv[0][0] == '-')
@@ -165,9 +178,6 @@ int MAIN(int argc, char **argv)
        e = setup_engine(bio_err, engine, 0);
 #endif
 	if (vpm)
 		X509_STORE_set1_param(cert_ctx, vpm);
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
 	if (CAfile) {
@@ -228,7 +238,6 @@ end:
 								X509_PURPOSE_get0_name(ptmp));
 		}
 	}
 	if (vpm) X509_VERIFY_PARAM_free(vpm);
 	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
 	sk_X509_pop_free(untrusted, X509_free);
 	sk_X509_pop_free(trusted, X509_free);
@@ -266,7 +275,7 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
 	ret=0;
 end:
-	if (i > 0)
+	if (i)
 		{
 		fprintf(stdout,"OK\n");
 		ret=1;
@@ -329,14 +338,11 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 	char buf[256];
 	if (!ok)
 		{
 		if (ctx->current_cert)
 		{
 		X509_NAME_oneline(
 				X509_get_subject_name(ctx->current_cert),buf,
 				sizeof buf);
 		printf("%s\n",buf);
 			}
 		printf("error %d at %d depth lookup:%s\n",ctx->error,
 			ctx->error_depth,
 			X509_verify_cert_error_string(ctx->error));
@@ -348,22 +354,15 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
 		/* Continue after extension errors too */
 		if (ctx->error == X509_V_ERR_INVALID_CA) ok=1;
 		if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1;
 		if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
 		if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
 		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
 		if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
 		if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
 		if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
 		if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)
 			policies_print(NULL, ctx);
 		return ok;
 		}
 	if ((ctx->error == X509_V_OK) && (ok == 2))
 		policies_print(NULL, ctx);
 	if (!v_verbose)
 		ERR_clear_error();
 	return(ok);
 	}
--- a/apps/version.c
+++ b/apps/version.c
@@ -115,7 +115,6 @@
 #include "apps.h"
 #include <openssl/evp.h>
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_MD2
 # include <openssl/md2.h>
 #endif
@@ -167,7 +166,7 @@ int MAIN(int argc, char **argv)
 			date=version=cflags=options=platform=dir=1;
 		else
 			{
-			BIO_printf(bio_err,"usage:version -[avbofpd]\n");
+			BIO_printf(bio_err,"usage:version -[avbofp]\n");
 			ret=1;
 			goto end;
 			}
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -73,12 +73,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 #undef PROG
 #define PROG x509_main
@@ -87,7 +81,7 @@
 #define	POSTFIX	".srl"
 #define DEF_DAYS	30
-static const char *x509_usage[]={
+static char *x509_usage[]={
 "usage: x509 args\n",
 " -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
 " -outform arg    - output format - default PEM (one of DER, NET or PEM)\n",
@@ -114,7 +108,6 @@ static const char *x509_usage[]={
 " -alias          - output certificate alias\n",
 " -noout          - no certificate output\n",
 " -ocspid         - print OCSP hash values for the subject name and public key\n",
 " -ocsp_uri       - print OCSP Responder URL(s)\n",
 " -trustout       - output a \"trusted\" certificate\n",
 " -clrtrust       - clear all trusted purposes\n",
 " -clrreject      - clear all rejected purposes\n",
@@ -177,20 +170,18 @@ int MAIN(int argc, char **argv)
 	char *CAkeyfile=NULL,*CAserial=NULL;
 	char *alias=NULL;
 	int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
 	int next_serial=0;
 	int subject_hash=0,issuer_hash=0,ocspid=0;
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
 	int ocsp_uri=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
 	int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
 	int pprint = 0;
-	const char **pp;
+	char **pp;
 	X509_STORE *ctx=NULL;
 	X509_REQ *rq=NULL;
 	int fingerprint=0;
 	char buf[256];
-	const EVP_MD *md_alg,*digest=EVP_sha1();
+	const EVP_MD *md_alg,*digest=EVP_md5();
 	CONF *extconf = NULL;
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
@@ -380,12 +371,8 @@ int MAIN(int argc, char **argv)
 			C= ++num;
 		else if (strcmp(*argv,"-email") == 0)
 			email= ++num;
 		else if (strcmp(*argv,"-ocsp_uri") == 0)
 			ocsp_uri= ++num;
 		else if (strcmp(*argv,"-serial") == 0)
 			serial= ++num;
 		else if (strcmp(*argv,"-next_serial") == 0)
 			next_serial= ++num;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus= ++num;
 		else if (strcmp(*argv,"-pubkey") == 0)
@@ -609,19 +596,12 @@ bad:
 		if ((x=X509_new()) == NULL) goto end;
 		ci=x->cert_info;
-		if (sno == NULL)
+		if (sno)
 			{
 			sno = ASN1_INTEGER_new();
 			if (!sno || !rand_serial(NULL, sno))
 				goto end;
 			if (!X509_set_serialNumber(x, sno))
 				goto end;
 			ASN1_INTEGER_free(sno);
 			sno = NULL;
 			}
-		else if (!X509_set_serialNumber(x, sno)) 
+		else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
 			goto end;
 		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
 		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
@@ -642,7 +622,7 @@ bad:
 		if (xca == NULL) goto end;
 		}
-	if (!noout || text || next_serial)
+	if (!noout || text)
 		{
 		OBJ_create("2.99999.3",
 			"SET.ex3","SET x509v3 extension 3");
@@ -713,36 +693,14 @@ bad:
 			else if (serial == i)
 				{
 				BIO_printf(STDout,"serial=");
-				i2a_ASN1_INTEGER(STDout,
+				i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
 					X509_get_serialNumber(x));
 				BIO_printf(STDout,"\n");
 				}
-			else if (next_serial == i)
+			else if (email == i) 
 				{
 				BIGNUM *bnser;
 				ASN1_INTEGER *ser;
 				ser = X509_get_serialNumber(x);
 				bnser = ASN1_INTEGER_to_BN(ser, NULL);
 				if (!bnser)
 					goto end;
 				if (!BN_add_word(bnser, 1))
 					goto end;
 				ser = BN_to_ASN1_INTEGER(bnser, NULL);
 				if (!ser)
 					goto end;
 				BN_free(bnser);
 				i2a_ASN1_INTEGER(out, ser);
 				ASN1_INTEGER_free(ser);
 				BIO_puts(out, "\n");
 				}
 			else if ((email == i) || (ocsp_uri == i))
 				{
 				int j;
 				STACK *emlst;
 				if (email == i)
 				emlst = X509_get1_email(x);
 				else
 					emlst = X509_get1_ocsp(x);
 				for (j = 0; j < sk_num(emlst); j++)
 					BIO_printf(STDout, "%s\n", sk_value(emlst, j));
 				X509_email_free(emlst);
@@ -1010,9 +968,9 @@ bad:
 	if (checkend)
 		{
-		time_t tcheck=time(NULL) + checkoffset;
+		time_t tnow=time(NULL);
-		if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0)
+		if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
 			{
 			BIO_printf(out,"Certificate will expire\n");
 			ret=1;
@@ -1049,7 +1007,8 @@ bad:
 		ah.data=(char *)x;
 		ah.meth=X509_asn1_meth();
-		i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah);
+		/* no macro for this one yet */
 		i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah);
 		}
 	else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
@@ -1151,7 +1110,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 	/* NOTE: this certificate can/should be self signed, unless it was
 	 * a certificate request in which case it is not. */
 	X509_STORE_CTX_set_cert(&xsc,x);
-	if (!reqfile && X509_verify_cert(&xsc) <= 0)
+	if (!reqfile && !X509_verify_cert(&xsc))
 		goto end;
 	if (!X509_check_private_key(xca,pkey))
--- a/bugs/VC16.bug
+++ b/bugs/VC16.bug
@@ -0,0 +1,18 @@
 Microsoft (R) C/C++ Optimizing Compiler Version 8.00c
 Compile with /O2 chokes the compiler on these files
 crypto\md\md5_dgst.c		warning '@(#)reg86.c:1.26', line 1110
 crypto\des\ofb64ede.c		warning '@(#)grammar.c:1.147', line 168
 crypto\des\ofb64enc.c		warning '@(#)grammar.c:1.147', line 168
 crypto\des\qud_cksm.c		warning '@(#)grammar.c:1.147', line 168
 crypto\rc2\rc2ofb64.c		warning '@(#)grammar.c:1.147', line 168
 crypto\objects\obj_dat.c	warning	'@(#)grammar.c:1.147', line 168
 				fatal	'@(#)grammar.c:1.147', line 168
 crypto\objects\obj_lib.c	warning	'@(#)grammar.c:1.147', line 168
 				fatal	'@(#)grammar.c:1.147', line 168
 ssl\ssl_auth.c			warning	'@(#)grammar.c:1.147', line 168
 				fatal	'@(#)grammar.c:1.147', line 168
 Turning on /G3 with build flags that worked fine for /G2 came up with
 divide by zero errors in 'normal' code in speed.c :-(
--- a/certs/ICE-CA.pem
+++ b/certs/ICE-CA.pem
@@ -0,0 +1,59 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
        Validity
            Not Before: Apr  2 17:35:53 1997 GMT
            Not After : Apr  2 17:35:53 1998 GMT
        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
        Subject Public Key Info:
            Public Key Algorithm: rsa
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
                    8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
                    44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
                    e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
                    49:11:a5:c9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                0.........z.."p......e..
            X509v3 Subject Key Identifier: 
                ..~r..:..B.44fu......3
            X509v3 Key Usage: critical
                ....
            X509v3 Certificate Policies: critical
                0.0...*...
            X509v3 Subject Alternative Name: 
                0!..secude-support@darmstadt.gmd.de
            X509v3 Issuer Alternative Name: 
                0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
            X509v3 Basic Constraints: critical
                0....
            X509v3 CRL Distribution Points: 
                0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
    Signature Algorithm: md5WithRSAEncryption
        17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
        69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
        98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
        88:73:cd:60:28:79:a3:fc:48:7a
 -----BEGIN CERTIFICATE-----
 MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
 cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
 QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
 A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
 aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
 AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
 BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
 IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
 NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
 MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
 VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
 LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
 /zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
 aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
 7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
 -----END CERTIFICATE-----
--- a/certs/ICE-root.pem
+++ b/certs/ICE-root.pem
@@ -0,0 +1,48 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
        Validity
            Not Before: Apr  2 17:33:36 1997 GMT
            Not After : Apr  2 17:33:36 1998 GMT
        Subject: O=European ICE-TEL project, OU=V3-Certification Authority
        Subject Public Key Info:
            Public Key Algorithm: rsa
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
                    82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
                    13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
                    9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
                    e7:c7:9f:41:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                ........z.."p......e..
            X509v3 Key Usage: critical
                ....
            X509v3 Subject Alternative Name: 
                0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
            X509v3 Basic Constraints: critical
                0....
    Signature Algorithm: md5WithRSAEncryption
        76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
        03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
        f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
        7e:22:9f:25:06:60:bd:79:30:3d
 -----BEGIN CERTIFICATE-----
 MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
 cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
 QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
 A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
 aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
 EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
 0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
 ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
 dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
 LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
 iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
 fiKfJQZgvXkwPQ==
 -----END CERTIFICATE-----
--- a/certs/ICE-user.pem
+++ b/certs/ICE-user.pem
@@ -0,0 +1,63 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
        Validity
            Not Before: Apr  2 17:35:59 1997 GMT
            Not After : Apr  2 17:35:59 1998 GMT
        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
        Subject Public Key Info:
            Public Key Algorithm: rsa
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
                    de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
                    31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
                    b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
                    be:3e:a4:61:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                0...~r..:..B.44fu......3
            X509v3 Subject Key Identifier: 
                ...... .*...1.*.......
            X509v3 Key Usage: critical
                ....
            X509v3 Certificate Policies: critical
                0.0...*...0.......
            X509v3 Subject Alternative Name: 
                0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
            X509v3 Issuer Alternative Name: 
                0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
 ..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
            X509v3 Basic Constraints: critical
                0.
            X509v3 CRL Distribution Points: 
                0.0.......gmdca@gmd.de
    Signature Algorithm: md5WithRSAEncryption
        69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
        4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
        c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
        9a:f7:6f:63:9b:94:99:83:d6:a4
 -----BEGIN CERTIFICATE-----
 MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
 cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
 QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
 OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
 Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
 EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
 qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
 BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
 nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
 A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
 HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
 YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
 dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
 VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
 ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
 Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
 ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
 DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
 -----END CERTIFICATE-----
--- a/certs/ICE.crl
+++ b/certs/ICE.crl
@@ -0,0 +1,9 @@
 -----BEGIN X509 CRL-----
 MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
 VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
 NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
 WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
 i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
 KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
 mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
 -----END X509 CRL-----
--- a/certs/README.RootCerts
+++ b/certs/README.RootCerts
@@ -1,4 +0,0 @@
 The OpenSSL project does not (any longer) include root CA certificates.
 Please check out the FAQ:
  * How can I set up a bundle of commercial root CA certificates?
--- a/certs/RegTP-4R.pem
+++ b/certs/RegTP-4R.pem
@@ -0,0 +1,19 @@
 issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
 notBefore=Jan 21 16:04:53 1999 GMT
 notAfter=Jan 21 16:04:53 2004 GMT
 subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
 -----BEGIN CERTIFICATE-----
 MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
 MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
 dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
 MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
 AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
 dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
 IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
 aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
 jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
 5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
 JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
 Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
 JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
 -----END CERTIFICATE-----
--- a/certs/RegTP-5R.pem
+++ b/certs/RegTP-5R.pem
@@ -0,0 +1,19 @@
 issuer= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
 notBefore=Mar 22 08:55:51 2000 GMT
 notAfter=Mar 22 08:55:51 2005 GMT
 subject= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
 -----BEGIN CERTIFICATE-----
 MIICaDCCAdSgAwIBAgIDDIOqMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
 OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
 aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4w
 IhgPMjAwMDAzMjIwODU1NTFaGA8yMDA1MDMyMjA4NTU1MVowbzELMAkGA1UEBhMC
 REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
 bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0Eg
 MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAih5BUycfBpqKhU8RDsaS
 vV5AtzWeXQRColL9CH3t0DKnhjKAlJ8iccFtJNv+d3bh8bb9sh0maRSo647xP7hs
 HTjKgTE4zM5BYNfXvST79OtcMgAzrnDiGjQIIWv8xbfV1MqxxdtZJygrwzRMb9jG
 CAGoJEymoyzAMNG7tSdBWnUCBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
 KyQDAwECBQADgYEAOaK8ihVSBUcL2IdVBxZYYUKwMz5m7H3zqhN8W9w+iafWudH6
 b+aahkbENEwzg3C3v5g8nze7v7ssacQze657LHjP+e7ksUDIgcS4R1pU2eN16bjS
 P/qGPF3rhrIEHoK5nJULkjkZYTtNiOvmQ/+G70TXDi3Os/TwLlWRvu+7YLM=
 -----END CERTIFICATE-----
--- a/certs/RegTP-6R.pem
+++ b/certs/RegTP-6R.pem
@@ -0,0 +1,19 @@
 issuer= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
 notBefore=Feb  1 09:52:17 2001 GMT
 notAfter=Jun  1 09:52:17 2005 GMT
 subject= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
 -----BEGIN CERTIFICATE-----
 MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
 OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
 aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
 IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
 REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
 bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
 MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
 wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
 mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
 ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
 KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
 IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
 XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
 -----END CERTIFICATE-----
--- a/certs/demo/ca-cert.pem
+++ b/certs/demo/ca-cert.pem
--- a/certs/demo/dsa-ca.pem
+++ b/certs/demo/dsa-ca.pem
--- a/certs/demo/dsa-pca.pem
+++ b/certs/demo/dsa-pca.pem
--- a/certs/expired/ICE-CA.pem
+++ b/certs/expired/ICE-CA.pem
@@ -0,0 +1,59 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
        Validity
            Not Before: Apr  2 17:35:53 1997 GMT
            Not After : Apr  2 17:35:53 1998 GMT
        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
        Subject Public Key Info:
            Public Key Algorithm: rsa
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
                    8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
                    44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
                    e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
                    49:11:a5:c9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                0.........z.."p......e..
            X509v3 Subject Key Identifier: 
                ..~r..:..B.44fu......3
            X509v3 Key Usage: critical
                ....
            X509v3 Certificate Policies: critical
                0.0...*...
            X509v3 Subject Alternative Name: 
                0!..secude-support@darmstadt.gmd.de
            X509v3 Issuer Alternative Name: 
                0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
            X509v3 Basic Constraints: critical
                0....
            X509v3 CRL Distribution Points: 
                0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
    Signature Algorithm: md5WithRSAEncryption
        17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
        69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
        98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
        88:73:cd:60:28:79:a3:fc:48:7a
 -----BEGIN CERTIFICATE-----
 MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
 cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
 QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
 A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
 aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
 AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
 BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
 IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
 NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
 MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
 VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
 LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
 /zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
 aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
 7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
 -----END CERTIFICATE-----
--- a/certs/expired/ICE-root.pem
+++ b/certs/expired/ICE-root.pem
@@ -0,0 +1,48 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
        Validity
            Not Before: Apr  2 17:33:36 1997 GMT
            Not After : Apr  2 17:33:36 1998 GMT
        Subject: O=European ICE-TEL project, OU=V3-Certification Authority
        Subject Public Key Info:
            Public Key Algorithm: rsa
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
                    82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
                    13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
                    9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
                    e7:c7:9f:41:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                ........z.."p......e..
            X509v3 Key Usage: critical
                ....
            X509v3 Subject Alternative Name: 
                0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
            X509v3 Basic Constraints: critical
                0....
    Signature Algorithm: md5WithRSAEncryption
        76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
        03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
        f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
        7e:22:9f:25:06:60:bd:79:30:3d
 -----BEGIN CERTIFICATE-----
 MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
 cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
 QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
 A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
 aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
 EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
 0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
 ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
 dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
 LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
 iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
 fiKfJQZgvXkwPQ==
 -----END CERTIFICATE-----
--- a/certs/expired/ICE-user.pem
+++ b/certs/expired/ICE-user.pem
@@ -0,0 +1,63 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
        Validity
            Not Before: Apr  2 17:35:59 1997 GMT
            Not After : Apr  2 17:35:59 1998 GMT
        Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
        Subject Public Key Info:
            Public Key Algorithm: rsa
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
                    de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
                    31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
                    b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
                    be:3e:a4:61:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                0...~r..:..B.44fu......3
            X509v3 Subject Key Identifier: 
                ...... .*...1.*.......
            X509v3 Key Usage: critical
                ....
            X509v3 Certificate Policies: critical
                0.0...*...0.......
            X509v3 Subject Alternative Name: 
                0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
            X509v3 Issuer Alternative Name: 
                0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
 ..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
            X509v3 Basic Constraints: critical
                0.
            X509v3 CRL Distribution Points: 
                0.0.......gmdca@gmd.de
    Signature Algorithm: md5WithRSAEncryption
        69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
        4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
        c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
        9a:f7:6f:63:9b:94:99:83:d6:a4
 -----BEGIN CERTIFICATE-----
 MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
 cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
 QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
 OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
 Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
 EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
 qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
 BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
 nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
 A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
 HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
 YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
 dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
 VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
 ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
 Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
 ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
 DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
 -----END CERTIFICATE-----
--- a/Show More
+++ b/Show More