Prepare for a release of 0.9.8-beta6. This is supposed to be the

final beta. The tag will be OpenSSL_0_9_8-beta6
Some new news.
2005-06-21 05:49:47 +00:00 · 2005-06-21 05:46:41 +00:00 · 2005-06-21 05:28:47 +00:00 · 2005-06-21 04:41:31 +00:00 · 2005-06-20 22:11:28 +00:00 · 2005-06-20 20:49:05 +00:00
94 changed files with 2496 additions and 1723 deletions
--- a/8
+++ b/8
@ -2,10 +2,6 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.8 and 0.9.9  [xx XXX xxxx]
-
-  *) 
-
 Changes between 0.9.7h and 0.9.8  [xx XXX xxxx]

  *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
@ -810,6 +806,10 @@

 Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]

+  *) Minimal support for X9.31 signatures and PSS padding modes. This is
+     mainly for FIPS compliance and not fully integrated at this stage.
+     [Steve Henson]
+
  *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
     the exponentiation using a fixed-length exponent.  (Otherwise,
     the information leaked through timing could expose the secret key
--- a/37
+++ b/37
@ -119,7 +119,7 @@ my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o:dx86-cof.o yx86-cof.o:ax8
 my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o:rm86-out.o:r586-out.o";

 my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o::::md5-x86_64.o:::rc4-x86_64.o::";
-my $ia64_asm=":ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o::";
+my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o::";

 my $no_asm="::::::::::";

@ -164,8 +164,8 @@ my %table=(
 "debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "dist",		"cc:-O::(unknown)::::::",

 # Basic configs that should work on any (32 and less bit) box
@ -184,7 +184,7 @@ my %table=(
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=i486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -shared -static-libgcc might appear controversial, but modules taken
 # from static libgcc do not have relocations and linking them into our
 # shared objects doesn't have any negative side-effects. On the contrary,
@ -287,7 +287,7 @@ my %table=(
 # with debugging of the following config.
 "hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC builds...
-"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT::ia64.o::aes-ia64.o:::sha256-ia64.o sha512-ia64.o::rc4-ia64.o:::dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT::bn-ia64.o::aes-ia64.o:::sha256-ia64.o sha512-ia64.o::rc4-ia64.o:::dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 

 # Legacy HPUX 9.X configs...
@ -320,13 +320,14 @@ my %table=(
 #### IA-32 targets...
 "linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 ####
 "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -bpowerpc64-linux is transient option, -m64 should be the one to use...
 "linux-ppc64",	"gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### SPARC Linux setups
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
@ -370,7 +371,7 @@ my %table=(
 "BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 "nextstep",	"cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
@ -397,10 +398,9 @@ my %table=(
 "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
 "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
 "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
 "sco5-cc",  "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -484,17 +484,20 @@ my %table=(

 # NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools
 # netware-clib => legacy CLib c-runtime support
-"netware-clib", "mwccnlm:::::${x86_gcc_opts}:::",
+"netware-clib", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
 # netware-libc => LibC/NKS support
-"netware-libc", "mwccnlm:::::BN_LLONG ${x86_gcc_opts}:::",
-"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall::::${x86_gcc_opts}:::",
+# NetWare defaults socket bio to WinSock sockets. However, the LibC build can be
+# configured to use BSD sockets instead.
+"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",

 # DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM=\"/dev/urandom\\x24\":::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:",

 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
-"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::",
 # K&R C is no longer supported; you need gcc on old Ultrix installations
 ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",

@ -511,7 +514,7 @@ my %table=(
 "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",

 ##### GNU Hurd
-"hurd-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+"hurd-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",

 ##### OS/2 EMX
 "OS2-EMX", "gcc::::::::",
@ -530,7 +533,7 @@ my %table=(

 my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
 		    VC-NT VC-CE VC-WIN32
-		    BC-32 OS2-EMX netware-clib netware-libc);
+		    BC-32 OS2-EMX netware-clib netware-libc netware-libc-bsdsock);

 my $idx = 0;
 my $idx_cc = $idx++;
@ -761,7 +764,7 @@ PROCESS_ARGS:
 			}
 		else
 			{
-			die "target already defined - $target\n" if ($target ne "");
+			die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
 			$target=$_;
 			}

--- a/14
+++ b/14
@ -47,6 +47,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
 * Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
 * Why does the OpenSSL test suite fail in sha512t on x86 CPU?
+* Why does compiler fail to compile sha512.c?

 [PROG] Questions about programming with OpenSSL

@ -142,8 +143,8 @@ less Unix-centric, it might have been used much earlier.

 With version 0.9.6 OpenSSL was extended to interface to external crypto
 hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 (not yet released) the changes were merged into the main
-development line, so that the special release is no longer necessary.
+version 0.9.7 the changes were merged into the main development line,
+so that the special release is no longer necessary.

 * How do I check the authenticity of the OpenSSL distribution?

@ -607,6 +608,15 @@ Intel P4, under control of kernel which does not support SSE2
 instruction extentions. See accompanying INSTALL file and
 OPENSSL_ia32cap(3) documentation page for further information.

+* Why does compiler fail to compile sha512.c?
+
+OpenSSL SHA-512 implementation depends on compiler support for 64-bit
+integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
+couple] lack support for this and therefore are incapable of compiling
+the module in question. The recommendation is to disable SHA-512 by
+adding no-sha512 to ./config [or ./Configure] command line. Another
+possible alternative might be to switch to GCC.
+
 [PROG] ========================================================================

 * Is OpenSSL thread-safe?
--- a/INSTALL.NW
+++ b/INSTALL.NW
@ -32,6 +32,10 @@ The necessary LibC functionality ships with NetWare 6.  However, earlier
 NetWare 5.x versions will require updates in order to run the OpenSSL LibC
 build.

+As of June 2005, the LibC build can be configured to use BSD sockets instead
+of WinSock sockets. Call Configure (usually through netware\build.bat) using
+a target of "netware-libc-bsdsock" instead of "netware-libc".
+

 REQUIRED TOOLS:
 ---------------
@ -95,7 +99,12 @@ following tools may be required:
         Microsoft SDK.  Note: The winsock2.h support headers may change
         with various versions of winsock2.h.  Check the dependencies
         section on the NDK WinSock2 download page for the latest
-         information on dependencies.
+         information on dependencies. These components are unsupported by
+         Novell. They are provided as a courtesy, but it is strongly
+         suggested that all development be done using LIBC, not CLIB.
+
+         As of June 2005, the WinSock2 components are available at:
+         http://forgeftp.novell.com//ws2comp/


      NLM and NetWare libraries for C (including CLIB and XPlat):
@ -121,7 +130,8 @@ following tools may be required:
         
         NOTE: The LibC SDK includes the necessary WinSock2 support.  It
         It is not necessary to download the WinSock2 Developer when building
-         for LibC.
+         for LibC. The LibC SDK also includes the appropriate BSD socket support
+         if configuring to use BSD sockets.


 BUILDING:
@ -172,8 +182,9 @@ the assembly code.  Always run build.bat from the "openssl" directory.

   netware\build [target] [debug opts] [assembly opts] [configure opts]

-      target        - "netware-clib" - CLib NetWare build
-                    - "netware-libc" - LibC NetWare build
+      target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
+                    - "netware-libc" - LibC NetWare build (WinSock Sockets)
+                    - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
 
      debug opts    - "debug"  - build debug

@ -192,25 +203,29 @@ the assembly code.  Always run build.bat from the "openssl" directory.
      LibC build, non-debug, using NASM assembly:
         netware\build.bat netware-libc nw-nasm

+      LibC build, BSD sockets, non-debug, without assembly:
+         netware\build.bat netware-libc-bsdsock no-asm
+
 Running build.bat generates a make file to be processed by your make 
 tool (gmake or nmake):

-   CLIB ex: gmake -f netware\nlm_clib.mak 
+   CLIB ex: gmake -f netware\nlm_clib_dbg.mak 
   LibC ex: gmake -f netware\nlm_libc.mak 
+   LibC ex: gmake -f netware\nlm_libc_bsdsock.mak 


 You can also run the build scripts manually if you do not want to use the
 build.bat file.  Run the following scripts in the "\openssl"
 subdirectory (in the order listed below):

-   perl configure no-asm [other config opts] [netware-clib|netware-libc]
+   perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock]
      configures no assembly build for specified netware environment
      (CLIB or LibC).

   perl util\mkfiles.pl >MINFO
      generates a listing of source files (used by mk1mf)

-   perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc >netware\nlm.mak
+   perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock >netware\nlm.mak
      generates the makefile for NetWare

   gmake -f netware\nlm.mak
@ -288,13 +303,6 @@ The do_tests.pl script generates a log file "\openssl\test_out\tests.log"
 which should be reviewed for errors.  Any errors will be denoted by the word
 "ERROR" in the log.

-NOTE:  Currently (11/2002), the LibC test nlms report an error while loading
-       when launched from the perl script (do_tests.pl).  The problems are 
-       being addressed by the LibC development team and should be fixed in the
-       next release.  Until the problems are corrected, the LibC test nlms 
-       will have to be executed manually.  
-
-
 DEVELOPING WITH THE OPENSSL SDK:
 --------------------------------
 Now that everything is built and tested, you are ready to use the OpenSSL
--- a/Makefile.org
+++ b/Makefile.org
@ -150,12 +150,13 @@ BUILDENV=	PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
 		CC='${CC}' CFLAG='${CFLAG}' 			\
 		AS='${CC}' ASFLAG='${CFLAG} -c'			\
 		AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}'	\
-		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/lib'		\
+		SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib'	\
+		INSTALL_PREFIX='${INSTALL_PREFIX}'		\
 		INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}'	\
-		MAKEDEPEND='$$(TOP)/util/domd $$(TOP) -MD $(MAKEDEPPROG)'\
+		MAKEDEPEND='$${TOP}/util/domd $${TOP} -MD ${MAKEDEPPROG}' \
 		DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}'	\
 		MAKEDEPPROG='${MAKEDEPPROG}'			\
-		LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)"	\
+		LDFLAGS='${LDFLAGS}' SHARED_LDFLAGS='${SHARED_LDFLAGS}'	\
 		KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}'	\
 		EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}'	\
 		SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}'	\
@ -173,7 +174,7 @@ BUILDENV=	PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
 BUILD_CMD=if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
 	if [ -d "$$dir" ]; then \
 		(cd $$dir && echo "making $$target in $$dir..." && \
-		$(MAKE) $(BUILDENV) $$target ) || exit 1; \
+		$(MAKE) $(BUILDENV) BUILDENV="$(BUILDENV)" $$target ) || exit 1; \
 	else \
 		$(MAKE) $$dir; \
 	fi; fi
@ -391,11 +392,15 @@ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt c
 apps/openssl-vms.cnf: apps/openssl.cnf
 	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf

+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE

-update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend

 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
@ -521,8 +526,8 @@ install_docs:
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
-			grep -v $$filecase "^$$fn\$$" | \
-			grep -v "[	]" | \
+			(grep -v $$filecase "^$$fn\$$"; true) | \
+			(grep -v "[	]"; true) | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@ -538,8 +543,8 @@ install_docs:
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
-			grep -v $$filecase "^$$fn\$$" | \
-			grep -v "[	]" | \
+			(grep -v $$filecase "^$$fn\$$"; true) | \
+			(grep -v "[	]"; true) | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
--- a/Makefile.shared
+++ b/Makefile.shared
@ -89,21 +89,23 @@ CALC_VERSIONS=	\

 LINK_APP=	\
  ( $(SET_X);   \
-    LIBDEPS=$${LIBDEPS:-$(LIBDEPS)}; \
-    LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
+    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
+    LIBPATH=`for x in $(LIBDEPS); do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $${LDCMD:=$(CC)} $${LDFLAGS:=$(CFLAGS)} \
-	-o $${APPNAME:=$(APPNAME)} $(OBJECTS) $$LIBDEPS )
+    $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )

 LINK_SO=	\
  ( $(SET_X);   \
-    LIBDEPS=$${LIBDEPS:-$(LIBDEPS)}; \
+    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+    SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
    nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
    LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $${SHAREDCMD:=$(CC)} $${SHAREDFLAGS:=$(CFLAGS) $(SHARED_LDFLAGS)} \
+    $${SHAREDCMD} $${SHAREDFLAGS} \
 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
 	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
  ) && $(SYMLINK_SO); \
--- a/71
+++ b/71
@ -5,6 +5,77 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
+
+      o Major work on the BIGNUM library for higher efficiency and to
+        make operations more streamlined and less contradictory.  This
+        is the result of a major audit of the BIGNUM library.
+      o Addition of BIGNUM functions for fields GF(2^m) and NIST
+        curves, to support the Elliptic Crypto functions.
+      o Major work on Elliptic Crypto; ECDH and ECDSA added, including
+        the use through EVP, X509 and ENGINE.
+      o New ASN.1 mini-compiler that's usable through the OpenSSL
+        configuration file.
+      o Added support for ASN.1 indefinite length constructed encoding.
+      o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
+      o Complete rework of shared library construction and linking
+        programs with shared or static libraries, through a separate
+        Makefile.shared.
+      o Changed ENGINE framework to load dynamic engine modules
+        automatically from specifically given directories.
+      o New structure and ASN.1 functions for CertificatePair.
+      o Changed the ZLIB compression method to be stateful.
+      o Changed the key-generation and primality testing "progress"
+        mechanism to take a structure that contains the ticker
+        function and an argument.
+      o New engine module: GMP (performs private key exponentiation).
+      o New engine module: VIA PadLOck ACE extension in VIA C3
+        Nehemiah processors.
+      o Added support for IPv6 addresses in certificate extensions.
+        See RFC 1884, section 2.2.
+      o Added support for certificate policy mappings, policy
+        constraints and name constraints.
+      o Added support for multi-valued AVAs in the OpenSSL
+        configuration file.
+      o Added support for multiple certificates with the same subject
+        in the 'openssl ca' index file.
+      o Make it possible to create self-signed certificates using
+        'openssl ca -selfsign'.
+      o Make it possible to generate a serial number file with
+        'openssl ca -create_serial'.
+      o New binary search functions with extended functionality.
+      o New BUF functions.
+      o New STORE structure and library to provide an interface to all
+        sorts of data repositories.  Supports storage of public and
+        private keys, certificates, CRLs, numbers and arbitrary blobs.
+	This library is unfortunately unfinished and unused withing
+	OpenSSL.
+      o New control functions for the error stack.
+      o Changed the PKCS#7 library to support one-pass S/MIME
+        processing.
+      o Added the possibility to compile without old deprecated
+        functionality with the OPENSSL_NO_DEPRECATED macro or the
+        'no-deprecated' argument to the config and Configure scripts.
+      o Constification of all ASN.1 conversion functions, and other
+        affected functions.
+      o Improved platform support for PowerPC.
+      o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
+      o New X509_VERIFY_PARAM structure to support parametrisation
+        of X.509 path validation.
+      o Major overhaul of RC4 performance on Intel P4, IA-64 and
+        AMD64.
+      o Changed the Configure script to have some algorithms disabled
+        by default.  Those can be explicitely enabled with the new
+        argument form 'enable-xxx'.
+      o Change the default digest in 'openssl' commands from MD5 to
+        SHA-1.
+      o Added support for DTLS.
+      o New BIGNUM blinding.
+      o Added support for the RSA-PSS encryption scheme
+      o Added support for the RSA X.931 padding.
+      o Added support for BSD sockets on NetWare.
+      o Added support for files larger than 2GB.
+
  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:

      o More compilation issues fixed.
--- a/Netware/build.bat
+++ b/Netware/build.bat
@ -6,14 +6,15 @@ rem
 rem   usage:
 rem      build [target] [debug opts] [assembly opts] [configure opts]
 rem
-rem      target        - "netware-clib" - CLib NetWare build
-rem                    - "netware-libc" - LibC NKS NetWare build
+rem      target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
+rem                    - "netware-libc" - LibC NKS NetWare build (WinSock Sockets)
+rem                    - "netware-libc-bsdsock" - LibC NKS NetWare build (BSD Sockets)
 rem 
 rem      debug opts    - "debug"  - build debug
 rem
 rem      assembly opts - "nw-mwasm" - use Metrowerks assembler
-rem      "nw-nasm"  - use NASM assembler
-rem      "no-asm"   - don't use assembly
+rem                    - "nw-nasm"  - use NASM assembler
+rem                    - "no-asm"   - don't use assembly
 rem
 rem      configure opts- all unrecognized arguments are passed to the
 rem                       perl configure script
@ -76,6 +77,8 @@ if "%1" == "netware-clib" set BLD_TARGET=netware-clib
 if "%1" == "netware-clib" set ARG_PROCESSED=YES
 if "%1" == "netware-libc" set BLD_TARGET=netware-libc
 if "%1" == "netware-libc" set ARG_PROCESSED=YES
+if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock
+if "%1" == "netware-libc-bsdsock" set ARG_PROCESSED=YES

 rem   If we didn't recognize the argument, consider it an option for config
 if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1
@ -92,6 +95,7 @@ rem build the nlm make file name which includes target and debug info
 set NLM_MAKE=
 if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
 if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
+if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock
 if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
 if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak

@ -184,8 +188,9 @@ echo .  No build target specified!!!
 echo .
 echo .  usage: build [target] [debug opts] [assembly opts] [configure opts]
 echo .
-echo .     target        - "netware-clib" - CLib NetWare build
-echo .                   - "netware-libc" - LibC NKS NetWare build
+echo .     target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
+echo .                   - "netware-libc" - LibC NKS NetWare build (WinSock Sockets)
+echo .                   - "netware-libc-bsdsock" - LibC NKS NetWare build (BSD Sockets)
 echo .
 echo .     debug opts    - "debug"  - build debug
 echo .
--- a/Netware/do_tests.pl
+++ b/Netware/do_tests.pl
@ -42,8 +42,8 @@ sub main()
   encryption_tests();
   pem_tests();
   verify_tests();
-   ssl_tests();
   ca_tests();
+   ssl_tests();

   close(OUT);

@ -67,10 +67,17 @@ sub algorithm_tests

   foreach $i (@tests)
   {
-      $outFile = "$output_path\\$i.out";
-      system("$i > $outFile");
-      log_desc("Test: $i\.nlm:");
-      log_output("", $outFile );
+      if (-e "$base_path\\$i.nlm")
+	  {
+         $outFile = "$output_path\\$i.out";
+         system("$i > $outFile");
+         log_desc("Test: $i\.nlm:");
+         log_output("", $outFile );
+	  }
+	  else
+	  {
+         log_desc("Test: $i\.nlm: file not found");
+	  }
   }
 }

@ -246,61 +253,63 @@ sub verify_tests
 sub ssl_tests
 {
   my $outFile = "$output_path\\ssl_tst.out";
+   my($CAcert) = "$output_path\\certCA.ss";
+   my($Ukey)   = "$output_path\\keyU.ss";
+   my($Ucert)  = "$output_path\\certU.ss";
+   my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert";

   print( "\nRUNNING SSL TESTS:\n\n");

   print( OUT "\n========================================================\n");
   print( OUT "SSL TESTS:\n\n");

-   make_tmp_cert_file();
-
   system("ssltest -ssl2 >$outFile");
   log_desc("Testing sslv2:");
   log_output("ssltest -ssl2", $outFile);

-   system("ssltest -ssl2 -server_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -ssl2 -server_auth >$outFile");
   log_desc("Testing sslv2 with server authentication:");
-   log_output("ssltest -ssl2 -server_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -ssl2 -server_auth", $outFile);

-   system("ssltest -ssl2 -client_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -ssl2 -client_auth >$outFile");
   log_desc("Testing sslv2 with client authentication:");
-   log_output("ssltest -ssl2 -client_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -ssl2 -client_auth", $outFile);

-   system("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -ssl2 -server_auth -client_auth >$outFile");
   log_desc("Testing sslv2 with both client and server authentication:");
-   log_output("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile);

   system("ssltest -ssl3 >$outFile");
   log_desc("Testing sslv3:");
   log_output("ssltest -ssl3", $outFile);

-   system("ssltest -ssl3 -server_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -ssl3 -server_auth >$outFile");
   log_desc("Testing sslv3 with server authentication:");
-   log_output("ssltest -ssl3 -server_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -ssl3 -server_auth", $outFile);

-   system("ssltest -ssl3 -client_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -ssl3 -client_auth >$outFile");
   log_desc("Testing sslv3 with client authentication:");
-   log_output("ssltest -ssl3 -client_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -ssl3 -client_auth", $outFile);

-   system("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -ssl3 -server_auth -client_auth >$outFile");
   log_desc("Testing sslv3 with both client and server authentication:");
-   log_output("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);

   system("ssltest >$outFile");
   log_desc("Testing sslv2/sslv3:");
   log_output("ssltest", $outFile);

-   system("ssltest -server_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -server_auth >$outFile");
   log_desc("Testing sslv2/sslv3 with server authentication:");
-   log_output("ssltest -server_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -server_auth", $outFile);

-   system("ssltest -client_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -client_auth >$outFile");
   log_desc("Testing sslv2/sslv3 with client authentication:");
-   log_output("ssltest -client_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -client_auth ", $outFile);

-   system("ssltest -server_auth -client_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -server_auth -client_auth >$outFile");
   log_desc("Testing sslv2/sslv3 with both client and server authentication:");
-   log_output("ssltest -server_auth -client_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -server_auth -client_auth", $outFile);

   system("ssltest -bio_pair -ssl2 >$outFile");
   log_desc("Testing sslv2 via BIO pair:");
@ -310,49 +319,49 @@ sub ssl_tests
   log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
   log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);

-   system("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -bio_pair -ssl2 -server_auth >$outFile");
   log_desc("Testing sslv2 with server authentication via BIO pair:");
-   log_output("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile);

-   system("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -bio_pair -ssl2 -client_auth >$outFile");
   log_desc("Testing sslv2 with client authentication via BIO pair:");
-   log_output("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile);

-   system("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -bio_pair -ssl2 -server_auth -client_auth >$outFile");
   log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
-   log_output("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile);

   system("ssltest -bio_pair -ssl3 >$outFile");
   log_desc("Testing sslv3 via BIO pair:");
   log_output("ssltest -bio_pair -ssl3", $outFile);

-   system("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -bio_pair -ssl3 -server_auth >$outFile");
   log_desc("Testing sslv3 with server authentication via BIO pair:");
-   log_output("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);

-   system("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -bio_pair -ssl3 -client_auth >$outFile");
   log_desc("Testing sslv3 with client authentication  via BIO pair:");
-   log_output("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);

-   system("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -bio_pair -ssl3 -server_auth -client_auth >$outFile");
   log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
-   log_output("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);

   system("ssltest -bio_pair >$outFile");
   log_desc("Testing sslv2/sslv3 via BIO pair:");
   log_output("ssltest -bio_pair", $outFile);

-   system("ssltest -bio_pair -server_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -bio_pair -server_auth >$outFile");
   log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
-   log_output("ssltest -bio_pair -server_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -bio_pair -server_auth", $outFile);

-   system("ssltest -bio_pair -client_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -bio_pair -client_auth >$outFile");
   log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
-   log_output("ssltest -bio_pair -client_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -bio_pair -client_auth", $outFile);

-   system("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert >$outFile");
+   system("$ssltest -bio_pair -server_auth -client_auth >$outFile");
   log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
-   log_output("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert", $outFile);
+   log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
 }


--- a/66
+++ b/66
@ -12,8 +12,8 @@ along the whole library path before it bothers looking for .a libraries.  This
 means that -L switches won't matter unless OpenSSL is built with shared
 library support.

-The workaround may be to change the following lines in apps/Makefile.ssl and
-test/Makefile.ssl:
+The workaround may be to change the following lines in apps/Makefile and
+test/Makefile:

  LIBCRYPTO=-L.. -lcrypto
  LIBSSL=-L.. -lssl
@ -48,20 +48,34 @@ will interfere with each other and lead to test failure.
 The solution is simple for now: don't run parallell make when testing.


-* Bugs in gcc 3.0 triggered
+* Bugs in gcc triggered

-According to a problem report, there are bugs in gcc 3.0 that are
-triggered by some of the code in OpenSSL, more specifically in
-PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
+- According to a problem report, there are bugs in gcc 3.0 that are
+  triggered by some of the code in OpenSSL, more specifically in
+  PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:

 	header+=11;
 	if (*header != '4') return(0); header++;
 	if (*header != ',') return(0); header++;

-What happens is that gcc might optimize a little too agressively, and
-you end up with an extra incrementation when *header != '4'.
+  What happens is that gcc might optimize a little too agressively, and
+  you end up with an extra incrementation when *header != '4'.

-We recommend that you upgrade gcc to as high a 3.x version as you can.
+  We recommend that you upgrade gcc to as high a 3.x version as you can.
+
+- According to multiple problem reports, some of our message digest
+  implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
+  and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
+  latter - SHA one.
+
+  The recomendation is to upgrade your compiler. This naturally applies to
+  other similar cases.
+
+- There is a subtle Solaris x86-specific gcc run-time environment bug, which
+  "falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
+  manifests itself as Segmentation Fault upon early application start-up.
+  The problem can be worked around by patching the environment according to
+  http://www.openssl.org/~appro/values.c.

 * solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.

@ -120,3 +134,37 @@ Any information helping to solve this issue would be deeply
 appreciated.

 NOTE: building non-shared doesn't come with this problem.
+
+* ULTRIX build fails with shell errors, such as "bad substitution"
+  and "test: argument expected"
+
+The problem is caused by ULTRIX /bin/sh supporting only original
+Bourne shell syntax/semantics, and the trouble is that the vast
+majority is so accustomed to more modern syntax, that very few
+people [if any] would recognize the ancient syntax even as valid.
+This inevitably results in non-trivial scripts breaking on ULTRIX,
+and OpenSSL isn't an exclusion. Fortunately there is workaround,
+hire /bin/ksh to do the job /bin/sh fails to do.
+
+1. Trick make(1) to use /bin/ksh by setting up following environ-
+   ment variables *prior* you execute ./Configure and make:
+
+	PROG_ENV=POSIX
+	MAKESHELL=/bin/ksh
+	export PROG_ENV MAKESHELL
+
+   or if your shell is csh-compatible:
+
+	setenv PROG_ENV POSIX
+	setenv MAKESHELL /bin/ksh
+
+2. Trick /bin/sh to use alternative expression evaluator. Create
+   following 'test' script for example in /tmp:
+
+	#!/bin/ksh
+	${0##*/} "$@"
+
+   Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
+   your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
+   natively just replace system /bin/test and /bin/[ with the
+   above script.
--- a/2
+++ b/2
@ -1,5 +1,5 @@

- OpenSSL 0.9.9-dev XX xxx XXXX
+ OpenSSL 0.9.8-beta6 21 Jun 2005

 Copyright (c) 1998-2005 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/8
+++ b/8
@ -1,10 +1,16 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2005/05/19 19:43:28 $
+  ______________                           $Date: 2005/06/21 05:49:47 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.9:  Under development...
+    o  OpenSSL 0.9.8-beta6:  Released on June 21th, 2005
+       OpenVMS/Alpha 7.3-2 w. Compaq C 6.4-005			SUCCESS
+    o  OpenSSL 0.9.8-beta5:  Released on June 13th, 2005
+    o  OpenSSL 0.9.8-beta4:  Released on June 6th, 2005
+    o  OpenSSL 0.9.8-beta3:  Released on May 31th, 2005
+    o  OpenSSL 0.9.8-beta2:  Released on May 24th, 2005
    o  OpenSSL 0.9.8-beta1:  Released on May 19th, 2005
    o  OpenSSL 0.9.7g: Released on April     11th, 2005
    o  OpenSSL 0.9.7f: Released on March     22nd, 2005
--- a/125
+++ b/125
@ -117,7 +117,7 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
 $cpuid_obj    = 
-$bn_obj       = ia64.o
+$bn_obj       = bn-ia64.o
 $des_obj      = 
 $aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
 $bf_obj       = 
@ -326,7 +326,7 @@ $arflags      =

 *** DJGPP
 $cc           = gcc
-$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM="/dev/urandom\x24"
+$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MSDOS
@ -866,7 +866,7 @@ $arflags      =

 *** bsdi-elf-gcc
 $cc           = gcc
-$cflags       = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$cflags       = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@ -1433,7 +1433,7 @@ $arflags      =

 *** debug-linux-elf
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -1460,7 +1460,7 @@ $arflags      =

 *** debug-linux-elf-noefence
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2007,7 +2007,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
 $cpuid_obj    = 
-$bn_obj       = ia64.o
+$bn_obj       = bn-ia64.o
 $des_obj      = 
 $aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
 $bf_obj       = 
@ -2034,7 +2034,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
 $cpuid_obj    = 
-$bn_obj       = ia64.o
+$bn_obj       = bn-ia64.o
 $des_obj      = 
 $aes_obj      = aes-ia64.o
 $bf_obj       = 
@ -2223,7 +2223,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
 $cpuid_obj    = 
-$bn_obj       = ia64.o
+$bn_obj       = bn-ia64.o
 $des_obj      = 
 $aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
 $bf_obj       = 
@ -2250,7 +2250,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
 $cpuid_obj    = 
-$bn_obj       = ia64.o
+$bn_obj       = bn-ia64.o
 $des_obj      = 
 $aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
 $bf_obj       = 
@ -2324,7 +2324,7 @@ $arflags      =

 *** hurd-x86
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2621,7 +2621,7 @@ $arflags      =

 *** linux-aout
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@ -2763,7 +2763,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
 $cpuid_obj    = 
-$bn_obj       = ia64.o
+$bn_obj       = bn-ia64.o
 $des_obj      = 
 $aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
 $bf_obj       = 
@ -2790,7 +2790,34 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
 $cpuid_obj    = 
-$bn_obj       = ia64.o
+$bn_obj       = bn-ia64.o
+$des_obj      = 
+$aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
+$cast_obj     = 
+$rc4_obj      = rc4-ia64.o
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-ia64-icc
+$cc           = icc
+$cflags       = -DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$cpuid_obj    = 
+$bn_obj       = bn-ia64.o
 $des_obj      = 
 $aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
 $bf_obj       = 
@ -3030,8 +3057,8 @@ $cflags       =
 $unistd       = 
 $thread_cflag = 
 $sys_id       = 
-$lflags       = RC4_INDEX MD2_INT
-$bn_ops       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_INDEX MD2_INT
 $cpuid_obj    = 
 $bn_obj       = 
 $des_obj      = 
@ -3057,8 +3084,35 @@ $cflags       =
 $unistd       = 
 $thread_cflag = 
 $sys_id       = 
-$lflags       = BN_LLONG RC4_INDEX MD2_INT
-$bn_ops       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_INDEX MD2_INT
+$cpuid_obj    = 
+$bn_obj       = 
+$des_obj      = 
+$aes_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** netware-libc-bsdsock
+$cc           = mwccnlm
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_INDEX MD2_INT
 $cpuid_obj    = 
 $bn_obj       = 
 $des_obj      = 
@ -3084,8 +3138,8 @@ $cflags       = -nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_EN
 $unistd       = 
 $thread_cflag = 
 $sys_id       = 
-$lflags       = RC4_INDEX MD2_INT
-$bn_ops       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_INDEX MD2_INT
 $cpuid_obj    = 
 $bn_obj       = 
 $des_obj      = 
@ -3348,33 +3402,6 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 

-*** sco3-gcc
-$cc           = gcc
-$cflags       = -O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H
-$unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = 
-$lflags       = -lsocket
-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
-$cpuid_obj    = 
-$bn_obj       = 
-$des_obj      = 
-$aes_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
 *** sco5-cc
 $cc           = cc
 $cflags       = -belf
@ -3620,7 +3647,7 @@ $arflags      =

 *** solaris-x86-gcc
 $cc           = gcc
-$cflags       = -O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM
+$cflags       = -O3 -fomit-frame-pointer -march=i486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3868,7 +3895,7 @@ $unistd       =
 $thread_cflag = (unknown)
 $sys_id       = 
 $lflags       = 
-$bn_ops       = 
+$bn_ops       = BN_LLONG
 $cpuid_obj    = 
 $bn_obj       = 
 $des_obj      = 
@ -3971,7 +3998,7 @@ $arflags      =

 *** unixware-7-gcc
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall
+$cflags       = -DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=i486 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
--- a/apps/Makefile
+++ b/apps/Makefile
@ -86,7 +86,7 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
 	fi; \
-	$(MAKE) -f $(TOP)/Makefile.shared \
+	$(MAKE) -f $(TOP)/Makefile.shared $(BUILDENV) \
 		APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
 		link_app.$${shlib_target}
@ -158,7 +158,7 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	else \
 	  LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
 	fi; \
-	$(MAKE) -f $(TOP)/Makefile.shared \
+	$(MAKE) -f $(TOP)/Makefile.shared $(BUILDENV) \
 		APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
 		link_app.$${shlib_target}
@ -236,17 +236,18 @@ ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 ca.o: ../include/openssl/x509v3.h apps.h ca.c
 ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ciphers.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ciphers.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ciphers.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
-ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
+ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
 ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@ -391,17 +392,18 @@ enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 enc.o: ../include/openssl/x509_vfy.h apps.h enc.c
 engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-engine.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-engine.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-engine.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-engine.o: ../include/openssl/err.h ../include/openssl/evp.h
-engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
+engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+engine.o: ../include/openssl/engine.h ../include/openssl/err.h
+engine.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
 engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@ -410,17 +412,18 @@ engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 engine.o: ../include/openssl/x509_vfy.h apps.h engine.c
 errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-errstr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-errstr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
-errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
+errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
+errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
 errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@ -507,25 +510,27 @@ ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ocsp.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
+ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
 openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-openssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-openssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
+openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
 openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@ -621,25 +626,24 @@ rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 rand.o: ../include/openssl/x509_vfy.h apps.h rand.c
-req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/asn1.h
-req.o: ../include/openssl/bio.h ../include/openssl/bn.h
-req.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-req.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-req.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-req.o: ../include/openssl/err.h ../include/openssl/evp.h
-req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-req.o: ../include/openssl/sha.h ../include/openssl/stack.h
-req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-req.o: ../include/openssl/x509v3.h apps.h req.c
+req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+req.o: ../include/openssl/engine.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/store.h
+req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+req.o: ../include/openssl/ui.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
 rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@ -671,17 +675,18 @@ rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c
 s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_cb.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-s_cb.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s_cb.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
+s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_cb.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 s_cb.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
 s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@ -690,17 +695,18 @@ s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c
 s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_client.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-s_client.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s_client.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_client.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
+s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_client.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 s_client.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
@ -722,28 +728,29 @@ s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
-s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_server.o: s_apps.h s_server.c timeouts.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c timeouts.h
 s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-s_socket.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_socket.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
+s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h
+s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
 s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
@ -752,17 +759,18 @@ s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
 s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 s_socket.o: s_apps.h s_socket.c
 s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-s_time.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s_time.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
+s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_time.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
 s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@ -771,17 +779,18 @@ s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c
 sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-sess_id.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-sess_id.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
-sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
+sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
+sess_id.o: ../include/openssl/evp.h ../include/openssl/kssl.h
+sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
 sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
 sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
--- a/apps/ec.c
+++ b/apps/ec.c
@ -56,6 +56,7 @@
 *
 */

+#include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_EC
 #include <stdio.h>
 #include <stdlib.h>
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@ -68,6 +68,8 @@
 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
 *
 */
+
+#include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_EC
 #include <assert.h>
 #include <stdio.h>
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@ -1,6 +1,4 @@
 /* pkcs12.c */
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
-
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project.
 */
@ -58,6 +56,9 @@
 *
 */

+#include <openssl/opensslconf.h>
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -263,6 +263,9 @@ int MAIN(int argc, char **argv)
 	int starttls_proto = 0;
 	int prexit = 0, vflags = 0;
 	SSL_METHOD *meth=NULL;
+#ifdef sock_type
+#undef sock_type
+#endif
 	int sock_type=SOCK_STREAM;
 	BIO *sbio;
 	char *inrand=NULL;
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -262,6 +262,9 @@ static char *engine_id=NULL;
 static const char *session_id_prefix=NULL;

 static int enable_timeouts = 0;
+#ifdef mtu
+#undef mtu
+#endif
 static long mtu;
 static int cert_chain = 0;

@ -534,6 +537,9 @@ int MAIN(int argc, char *argv[])
 	int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
+#ifdef sock_type
+#undef sock_type
+#endif
    int sock_type=SOCK_STREAM;
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e=NULL;
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@ -87,8 +87,12 @@ typedef unsigned int u_int;

 #ifndef OPENSSL_NO_SOCK

+#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
+#include "netdb.h"
+#endif
+
 static struct hostent *GetHostByName(char *name);
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
 static void ssl_sock_cleanup(void);
 #endif
 static int ssl_sock_init(void);
@ -104,7 +108,7 @@ static int host_ip(char *str, unsigned char ip[4]);
 #define SOCKET_PROTOCOL	IPPROTO_TCP
 #endif

-#ifdef OPENSSL_SYS_NETWARE
+#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
 static int wsa_init_done=0;
 #endif

@ -156,7 +160,7 @@ static void ssl_sock_cleanup(void)
 		WSACleanup();
 		}
 	}
-#elif defined(OPENSSL_SYS_NETWARE)
+#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
 static void sock_cleanup(void)
    {
    if (wsa_init_done)
@ -199,7 +203,7 @@ static int ssl_sock_init(void)
 		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
 #endif /* OPENSSL_SYS_WIN16 */
 		}
-#elif defined(OPENSSL_SYS_NETWARE)
+#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
   WORD wVerReq;
   WSADATA wsaData;
   int err;
@ -398,7 +402,7 @@ redoit:
 	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
--- a/apps/speed.c
+++ b/apps/speed.c
@ -527,6 +527,7 @@ int MAIN(int argc, char **argv)
 	static const unsigned char key16[16]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+#ifndef OPENSSL_NO_AES
 	static const unsigned char key24[24]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
@ -536,6 +537,7 @@ int MAIN(int argc, char **argv)
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
 		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
 		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
+#endif
 #ifndef OPENSSL_NO_AES
 #define MAX_BLOCK_SIZE 128
 #else
--- a/15
+++ b/15
@ -660,7 +660,14 @@ case "$GUESSOS" in
  sparc64-*-*bsd*)	OUT="BSD-sparc64" ;;
  ia64-*-*bsd*)		OUT="BSD-ia64" ;;
  amd64-*-*bsd*)	OUT="BSD-x86_64" ;;
-  *86*-*-*bsd*)		case "`(file -L /usr/lib/libc.so.*) 2>/dev/null`" in
+  *86*-*-*bsd*)		# mimic ld behaviour when it's looking for libc...
+			if [ -L /usr/lib/libc.so ]; then	# [Free|Net]BSD
+			    libc=/usr/lib/libc.so
+			else					# OpenBSD
+			    # ld searches for highest libc.so.* and so do we
+			    libc=`(ls /usr/lib/libc.so.* | tail -1) 2>/dev/null`
+			fi
+			case "`(file -L $libc) 2>/dev/null`" in
 			*ELF*)	OUT="BSD-x86-elf" ;;
 			*)	OUT="BSD-x86"; options="$options no-sse2" ;;
 			esac ;;
@ -675,9 +682,9 @@ case "$GUESSOS" in
 	  OUT="OpenUNIX-8" 
 	fi
 	;;
-  *-*-[Uu]nix[Ww]are7) OUT="unixware-7" ;;
-  *-*-[Uu]nix[Ww]are20*) OUT="unixware-2.0" ;;
-  *-*-[Uu]nix[Ww]are21*) OUT="unixware-2.1" ;;
+  *-*-[Uu]nix[Ww]are7) OUT="unixware-7"; options="$options no-sse2" ;;
+  *-*-[Uu]nix[Ww]are20*) OUT="unixware-2.0"; options="$options no-sse2 no-sha512" ;;
+  *-*-[Uu]nix[Ww]are21*) OUT="unixware-2.1"; options="$options no-sse2 no-sha512" ;;
  *-*-vos)
 	options="$options no-threads no-shared no-asm no-dso"
 	EXE=".pm"
--- a/crypto/Makefile
+++ b/crypto/Makefile
@ -52,30 +52,6 @@ top:

 all: shared

-BUILDENV=	PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
-		CC='${CC}' CFLAG='${CFLAG}' 			\
-		AS='${CC}' ASFLAG='${CFLAG} -c'			\
-		AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}'	\
-		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/lib'		\
-		INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}'	\
-		MAKEDEPEND='$$(TOP)/util/domd $$(TOP) -MD $(MAKEDEPPROG)'\
-		DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}'	\
-		MAKEDEPPROG='${MAKEDEPPROG}'			\
-		LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)"	\
-		KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}'	\
-		EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}'	\
-		SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}'	\
-		PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}'	\
-		CPUID_OBJ='${CPUID_OBJ}'			\
-		BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' 	\
-		AES_ASM_OBJ='${AES_ASM_OBJ}'			\
-		BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}'	\
-		RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}'	\
-		SHA1_ASM_OBJ='${SHA1_ASM_OBJ}'			\
-		MD5_ASM_OBJ='${MD5_ASM_OBJ}'			\
-		RMD160_ASM_OBJ='${RMD160_ASM_OBJ}'		\
-		THIS=$${THIS:-$@}
-
 buildinf.h: ../Makefile
 	( echo "#ifndef MK1MF_BUILD"; \
 	echo '  /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
--- a/crypto/bio/Makefile
+++ b/crypto/bio/Makefile
@ -92,7 +92,7 @@ b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 b_dump.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-b_dump.o: ../../include/openssl/symhacks.h ../cryptlib.h b_dump.c
+b_dump.o: ../../include/openssl/symhacks.h ../cryptlib.h b_dump.c bio_lcl.h
 b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@ -183,14 +183,14 @@ bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bss_fd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bss_fd.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_fd.c
+bss_fd.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_fd.c
 bss_file.o: ../../e_os.h ../../include/openssl/bio.h
 bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bss_file.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bss_file.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_file.c
+bss_file.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_file.c
 bss_log.o: ../../e_os.h ../../include/openssl/bio.h
 bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@ -62,6 +62,9 @@
 #define USE_SOCKETS
 #include "cryptlib.h"
 #include <openssl/bio.h>
+#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
+#include "netdb.h"
+#endif

 #ifndef OPENSSL_NO_SOCK

@ -79,7 +82,7 @@
 #define MAX_LISTEN  32
 #endif

-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
 static int wsa_init_done=0;
 #endif

@ -474,7 +477,7 @@ int BIO_sock_init(void)
 		return (-1);
 #endif

-#if defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
    WORD wVerReq;
    WSADATA wsaData;
    int err;
@ -512,7 +515,7 @@ void BIO_sock_cleanup(void)
 #endif
 		WSACleanup();
 		}
-#elif defined(OPENSSL_SYS_NETWARE)
+#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
   if (wsa_init_done)
        {
        wsa_init_done=0;
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@ -65,6 +65,24 @@
 #ifndef HEADER_BSS_FILE_C
 #define HEADER_BSS_FILE_C

+#if defined(__linux) || defined(__sun) || defined(__hpux)
+/* Following definition aliases fopen to fopen64 on above mentioned
+ * platforms. This makes it possible to open and sequentially access
+ * files larger than 2GB from 32-bit application. It does not allow to
+ * traverse them beyond 2GB with fseek/ftell, but on the other hand *no*
+ * 32-bit platform permits that, not with fseek/ftell. Not to mention
+ * that breaking 2GB limit for seeking would require surgery to *our*
+ * API. But sequential access suffices for practical cases when you
+ * can run into large files, such as fingerprinting, so we can let API
+ * alone. For reference, the list of 32-bit platforms which allow for
+ * sequential access of large files without extra "magic" comprise *BSD,
+ * Darwin, IRIX...
+ */
+#ifndef _FILE_OFFSET_BITS
+#define _FILE_OFFSET_BITS 64
+#endif
+#endif
+
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
--- a/crypto/bn/Makefile
+++ b/crypto/bn/Makefile
@ -79,7 +79,7 @@ co86-out.s: asm/co-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) co-586.pl a.out $(CFLAGS) > ../$@)

 sparcv8.o:	asm/sparcv8.S
-
+	$(CC) $(CFLAGS) -c asm/sparcv8.S
 sparcv8plus.o:	asm/sparcv8plus.S
 	$(CC) $(CFLAGS) -c asm/sparcv8plus.S

--- a/crypto/bn/bn_asm.c
+++ b/crypto/bn/bn_asm.c
@ -237,7 +237,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
 	if (d == 0) return(BN_MASK2);

 	i=BN_num_bits_word(d);
-	assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i));
+	assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));

 	i=BN_BITS2-i;
 	if (h >= d) h-=d;
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@ -73,7 +73,9 @@ static COMP_METHOD zlib_stateful_method={
 # include <windows.h>

 # define Z_CALLCONV _stdcall
-# define ZLIB_SHARED
+# ifndef ZLIB_SHARED
+#  define ZLIB_SHARED
+# endif
 #else
 # define Z_CALLCONV
 #endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@ -194,7 +194,7 @@ $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
 	"ec2_smpl,ec2_mult"
 $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
 	"rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
-	"rsa_asn1,rsa_depr"
+	"rsa_pss,rsa_x931,rsa_asn1,rsa_depr"
 $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ -
 	"dsa_err,dsa_ossl,dsa_depr"
 $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
@ -214,6 +214,7 @@ $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
 	"bss_file,bss_sock,bss_conn,"+ -
 	"bf_null,bf_buff,b_print,b_dump,"+ -
 	"b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ -
+	"bss_dgram,"+ -
 	"bf_lbuf"
 $ LIB_STACK = "stack"
 $ LIB_LHASH = "lhash,lh_stats"
--- a/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
@ -128,7 +128,8 @@ static int dl_load(DSO *dso)
 		DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
 		goto err;
 		}
-	ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L);
+	ptr = shl_load(filename, BIND_IMMEDIATE |
+		(dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
 	if(ptr == NULL)
 		{
 		DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
--- a/crypto/engine/eng_padlock.c
+++ b/crypto/engine/eng_padlock.c
@ -66,11 +66,14 @@
 #include <stdio.h>
 #include <string.h>

+#include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
 #include <openssl/dso.h>
 #include <openssl/engine.h>
 #include <openssl/evp.h>
+#ifndef OPENSSL_NO_AES
 #include <openssl/aes.h>
+#endif
 #include <openssl/rand.h>

 #ifndef OPENSSL_NO_HW
@ -134,7 +137,9 @@ static int padlock_init(ENGINE *e);
 static RAND_METHOD padlock_rand;

 /* Cipher Stuff */
+#ifndef OPENSSL_NO_AES
 static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+#endif

 /* Engine names */
 static const char *padlock_id = "padlock";
@ -143,7 +148,9 @@ static char padlock_name[100];
 /* Available features */
 static int padlock_use_ace = 0;	/* Advanced Cryptography Engine */
 static int padlock_use_rng = 0;	/* Random Number Generator */
+#ifndef OPENSSL_NO_AES
 static int padlock_aes_align_required = 1;
+#endif

 /* ===== Engine "management" functions ===== */

@ -169,8 +176,9 @@ padlock_bind_helper(ENGINE *e)
 	    !ENGINE_set_name(e, padlock_name) ||

 	    !ENGINE_set_init_function(e, padlock_init) ||
-
+#ifndef OPENSSL_NO_AES
 	    (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
+#endif
 	    (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
 		return 0;
 	}
@ -228,6 +236,7 @@ IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn);

 /* ===== Here comes the "real" engine ===== */

+#ifndef OPENSSL_NO_AES
 /* Some AES-related constants */
 #define AES_BLOCK_SIZE		16
 #define AES_KEY_SIZE_128	16
@ -264,6 +273,7 @@ struct padlock_cipher_data
 * so we accept the penatly...
 */
 static volatile struct padlock_cipher_data *padlock_saved_context;
+#endif

 /*
 * =======================================================
@ -355,6 +365,7 @@ padlock_available(void)
 	return padlock_use_ace + padlock_use_rng;
 }

+#ifndef OPENSSL_NO_AES
 /* Our own htonl()/ntohl() */
 static inline void
 padlock_bswapl(AES_KEY *ks)
@ -367,6 +378,7 @@ padlock_bswapl(AES_KEY *ks)
 		key++;
 	}
 }
+#endif

 /* Force key reload from memory to the CPU microcode.
   Loading EFLAGS from the stack clears EFLAGS[30] 
@ -377,6 +389,7 @@ padlock_reload_key(void)
 	asm volatile ("pushfl; popfl");
 }

+#ifndef OPENSSL_NO_AES
 /*
 * This is heuristic key context tracing. At first one
 * believes that one should use atomic swap instructions,
@ -430,6 +443,7 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8")	/* rep xcryp
 PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0")	/* rep xcryptcbc */
 PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")	/* rep xcryptcfb */
 PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")	/* rep xcryptofb */
+#endif

 /* The RNG call itself */
 static inline unsigned int
@ -600,6 +614,7 @@ padlock_bswapl(void *key)
 #endif

 /* ===== AES encryption/decryption ===== */
+#ifndef OPENSSL_NO_AES

 #if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
 #define NID_aes_128_cfb	NID_aes_128_cfb128
@ -1030,6 +1045,8 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
 	return 1;
 }

+#endif /* OPENSSL_NO_AES */
+
 /* ===== Random Number Generator ===== */
 /*
 * This code is not engaged. The reason is that it does not comply
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@ -313,7 +313,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 			/* There will never be more than two '=' */
 			}

-		if ((v == B64_EOF) || (n >= 64))
+		if ((v == B64_EOF && (n&3) == 0) || (n >= 64))
 			{
 			/* This is needed to work correctly on 64 byte input
 			 * lines.  We process the line and then need to
--- a/crypto/evp/evp_test.c
+++ b/crypto/evp/evp_test.c
@ -52,6 +52,7 @@

 #include "../e_os.h"

+#include <openssl/opensslconf.h>
 #include <openssl/evp.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
@ -395,6 +396,27 @@ int main(int argc,char **argv)
 	if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec)
 	   && !test_digest(cipher,plaintext,pn,ciphertext,cn))
 	    {
+#ifdef OPENSSL_NO_AES
+	    if (strstr(cipher, "AES") == cipher)
+		{
+		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
+		continue;
+		}
+#endif
+#ifdef OPENSSL_NO_DES
+	    if (strstr(cipher, "DES") == cipher)
+		{
+		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
+		continue;
+		}
+#endif
+#ifdef OPENSSL_NO_RC4
+	    if (strstr(cipher, "RC4") == cipher)
+		{
+		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
+		continue;
+		}
+#endif
 	    fprintf(stderr,"Can't find %s\n",cipher);
 	    EXIT(3);
 	    }
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@ -2740,8 +2740,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[648]),/* "Microsoft Smartcardlogin" */
 &(nid_objs[136]),/* "Microsoft Trust List Signing" */
 &(nid_objs[649]),/* "Microsoft Universal Principal Name" */
-&(nid_objs[404]),/* "NULL" */
 &(nid_objs[393]),/* "NULL" */
+&(nid_objs[404]),/* "NULL" */
 &(nid_objs[72]),/* "Netscape Base Url" */
 &(nid_objs[76]),/* "Netscape CA Policy Url" */
 &(nid_objs[74]),/* "Netscape CA Revocation Url" */
@ -3450,8 +3450,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 0]),/* OBJ_undef                        0 */
 &(nid_objs[393]),/* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
-&(nid_objs[645]),/* OBJ_itu_t                        0 */
 &(nid_objs[404]),/* OBJ_ccitt                        OBJ_itu_t */
+&(nid_objs[645]),/* OBJ_itu_t                        0 */
 &(nid_objs[434]),/* OBJ_data                         0 9 */
 &(nid_objs[181]),/* OBJ_iso                          1 */
 &(nid_objs[182]),/* OBJ_member_body                  1 2 */
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@ -12,7 +12,7 @@
 * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
 * 0.9.3	  0x0090300f
 * 0.9.3a	  0x0090301f
- * 0.9.4 	  0x0090400f
+ * 0.9.4	  0x0090400f
 * 1.2.3z	  0x102031af
 *
 * For continuity reasons (because 0.9.5 is already out, and is coded
@ -25,11 +25,11 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER	0x00909000L
+#define OPENSSL_VERSION_NUMBER	0x00908006L
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.9-fips-dev XX xxx XXXX"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8-fips-beta6 21 Jun 2005"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.9-dev XX xxx XXXX"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8-beta6 21 Jun 2005"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT

--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@ -168,6 +168,10 @@ my $current_function;
 	    # on pros side, this results in more compact code:-)
 	    $self->{index} =~ s/^[er](.?[0-9xp])[d]?$/r\1/;
 	    $self->{base}  =~ s/^[er](.?[0-9xp])[d]?$/r\1/;
+	    # Solaris /usr/ccs/bin/as can't handle multiplications
+	    # in $self->{label}
+	    $self->{label} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/eg;
+	    $self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;

 	    if (defined($self->{index})) {
 		sprintf "%s(%%%s,%%%s,%d)",
--- a/crypto/perlasm/x86unix.pl
+++ b/crypto/perlasm/x86unix.pl
@ -719,9 +719,9 @@ sub main'initseg
 		$tmp=<<___;
 .section	.init
 	call	$under$f
-	jmp	1f
+	jmp	.Linitalign
 .align	$align
-1:
+.Linitalign:
 ___
 		}
 	elsif ($main'coff)
--- a/crypto/pqueue/Makefile
+++ b/crypto/pqueue/Makefile
@ -22,7 +22,7 @@ LIBOBJ=pqueue.o

 SRC= $(LIBSRC)

-EXHEADER= pqueue.h
+EXHEADER= pqueue.h pq_compat.h
 HEADER=	$(EXHEADER)

 ALL=    $(GENERAL) $(SRC) $(HEADER)
@ -79,5 +79,6 @@ pqueue.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pqueue.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 pqueue.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 pqueue.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pqueue.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-pqueue.o: ../../include/openssl/symhacks.h ../cryptlib.h pqueue.c pqueue.h
+pqueue.o: ../../include/openssl/pq_compat.h ../../include/openssl/safestack.h
+pqueue.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pqueue.o: ../cryptlib.h pqueue.c pqueue.h
--- a/crypto/pqueue/pq_compat.h
+++ b/crypto/pqueue/pq_compat.h
@ -0,0 +1,142 @@
+/* crypto/pqueue/pqueue_compat.h */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "opensslconf.h"
+#include <openssl/bn.h>
+
+/* 
+ * The purpose of this header file is for supporting 64-bit integer
+ * manipulation on 32-bit (and lower) machines.  Currently the only
+ * such environment is VMS, Utrix and those with smaller default integer
+ * sizes than 32 bits.  For all such environment, we fall back to using
+ * BIGNUM.  We may need to fine tune the conditions for systems that
+ * are incorrectly configured.
+ *
+ * The only clients of this code are (1) pqueue for priority, and
+ * (2) DTLS, for sequence number manipulation.
+ */
+
+#if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT)
+
+#define PQ_64BIT_IS_INTEGER 0
+#define PQ_64BIT_IS_BIGNUM 1
+
+#define PQ_64BIT     BIGNUM
+#define PQ_64BIT_CTX BN_CTX
+
+#define pq_64bit_init(x)           BN_init(x)
+#define pq_64bit_free(x)           BN_free(x)
+
+#define pq_64bit_ctx_new(ctx)      BN_CTX_new()
+#define pq_64bit_ctx_free(x)       BN_CTX_free(x)
+
+#define pq_64bit_assign(x, y)      BN_copy(x, y)
+#define pq_64bit_assign_word(x, y) BN_set_word(x, y)
+#define pq_64bit_gt(x, y)          BN_ucmp(x, y) >= 1 ? 1 : 0
+#define pq_64bit_eq(x, y)          BN_ucmp(x, y) == 0 ? 1 : 0
+#define pq_64bit_add_word(x, w)    BN_add_word(x, w)
+#define pq_64bit_sub(r, x, y)      BN_sub(r, x, y)
+#define pq_64bit_sub_word(x, w)    BN_sub_word(x, w)
+#define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx)
+
+#define pq_64bit_bin2num(bn, bytes, len)   BN_bin2bn(bytes, len, bn)
+#define pq_64bit_num2bin(bn, bytes)        BN_bn2bin(bn, bytes)
+#define pq_64bit_get_word(x)               BN_get_word(x)
+#define pq_64bit_is_bit_set(x, offset)     BN_is_bit_set(x, offset)
+#define pq_64bit_lshift(r, x, shift)       BN_lshift(r, x, shift)
+#define pq_64bit_set_bit(x, num)           BN_set_bit(x, num)
+#define pq_64bit_get_length(x)             BN_num_bits((x))
+
+#else
+
+#define PQ_64BIT_IS_INTEGER 1
+#define PQ_64BIT_IS_BIGNUM 0
+
+#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+#define PQ_64BIT BN_ULONG
+#elif defined(THIRTY_TWO_BIT)
+#define PQ_64BIT BN_ULLONG
+#endif
+
+#define PQ_64BIT_CTX      void
+
+#define pq_64bit_init(x)
+#define pq_64bit_free(x)
+#define pq_64bit_ctx_new(ctx)        (ctx)
+#define pq_64bit_ctx_free(x)
+
+#define pq_64bit_assign(x, y)        (*(x) = *(y))
+#define pq_64bit_assign_word(x, y)   (*(x) = y)
+#define pq_64bit_gt(x, y)	         (*(x) > *(y))
+#define pq_64bit_eq(x, y)            (*(x) == *(y))
+#define pq_64bit_add_word(x, w)      (*(x) = (*(x) + (w)))
+#define pq_64bit_sub(r, x, y)        (*(r) = (*(x) - *(y)))
+#define pq_64bit_sub_word(x, w)      (*(x) = (*(x) - (w)))
+#define pq_64bit_mod(r, x, n, ctx)
+
+#define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num)
+#define pq_64bit_num2bin(num, bytes)      long_long_to_bytes(num, bytes)
+#define pq_64bit_get_word(x)              *(x)
+#define pq_64bit_lshift(r, x, shift)      (*(r) = (*(x) << (shift)))
+#define pq_64bit_set_bit(x, num)          do { \
+                                              PQ_64BIT mask = 1; \
+                                              mask = mask << (num); \
+                                              *(x) |= mask; \
+                                          } while(0)
+#endif /* OPENSSL_SYS_VMS */
--- a/crypto/pqueue/pqueue.c
+++ b/crypto/pqueue/pqueue.c
@ -68,12 +68,14 @@ typedef struct _pqueue
 	} pqueue_s;

 pitem *
-pitem_new(BN_ULLONG priority, void *data)
+pitem_new(PQ_64BIT priority, void *data)
 	{
 	pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem));
 	if (item == NULL) return NULL;

-	item->priority = priority;
+	pq_64bit_init(&(item->priority));
+	pq_64bit_assign(&item->priority, &priority);
+
 	item->data = data;
 	item->next = NULL;

@ -84,7 +86,8 @@ void
 pitem_free(pitem *item)
 	{
 	if (item == NULL) return;
-	
+
+	pq_64bit_free(&(item->priority));
 	OPENSSL_free(item);
 	}

@ -121,7 +124,7 @@ pqueue_insert(pqueue_s *pq, pitem *item)
 		next != NULL;
 		curr = next, next = next->next)
 		{
-		if (item->priority < next->priority)
+		if (pq_64bit_gt(&(next->priority), &(item->priority)))
 			{
 			item->next = next;

@ -133,7 +136,7 @@ pqueue_insert(pqueue_s *pq, pitem *item)
 			return item;
 			}
 		/* duplicates not allowed */
-		if (item->priority == next->priority)
+		if (pq_64bit_eq(&(item->priority), &(next->priority)))
 			return NULL;
 		}

@ -161,7 +164,7 @@ pqueue_pop(pqueue_s *pq)
 	}

 pitem *
-pqueue_find(pqueue_s *pq, BN_ULLONG priority)
+pqueue_find(pqueue_s *pq, PQ_64BIT priority)
 	{
 	pitem *next, *prev = NULL;
 	pitem *found = NULL;
@ -172,7 +175,7 @@ pqueue_find(pqueue_s *pq, BN_ULLONG priority)
 	for ( next = pq->items; next->next != NULL; 
 		  prev = next, next = next->next)
 		{
-		if ( next->priority == priority)
+		if ( pq_64bit_eq(&(next->priority), &priority))
 			{
 			found = next;
 			break;
@ -180,7 +183,7 @@ pqueue_find(pqueue_s *pq, BN_ULLONG priority)
 		}
 	
 	/* check the one last node */
-	if ( next->priority == priority)
+	if ( pq_64bit_eq(&(next->priority), &priority))
 		found = next;

 	if ( ! found)
@ -196,6 +199,7 @@ pqueue_find(pqueue_s *pq, BN_ULLONG priority)
 	return found;
 	}

+#if PQ_64BIT_IS_INTEGER
 void
 pqueue_print(pqueue_s *pq)
 	{
@ -207,6 +211,7 @@ pqueue_print(pqueue_s *pq)
 		item = item->next;
 		}
 	}
+#endif

 pitem *
 pqueue_iterator(pqueue_s *pq)
--- a/crypto/pqueue/pqueue.h
+++ b/crypto/pqueue/pqueue.h
@ -64,18 +64,20 @@
 #include <stdlib.h>
 #include <string.h>

+#include <openssl/pq_compat.h>
+
 typedef struct _pqueue *pqueue;

 typedef struct _pitem
 	{
-	BN_ULLONG priority;
+	PQ_64BIT priority;
 	void *data;
 	struct _pitem *next;
 	} pitem;

 typedef struct _pitem *piterator;

-pitem *pitem_new(BN_ULLONG priority, void *data);
+pitem *pitem_new(PQ_64BIT priority, void *data);
 void   pitem_free(pitem *item);

 pqueue pqueue_new(void);
@ -84,7 +86,7 @@ void   pqueue_free(pqueue pq);
 pitem *pqueue_insert(pqueue pq, pitem *item);
 pitem *pqueue_peek(pqueue pq);
 pitem *pqueue_pop(pqueue pq);
-pitem *pqueue_find(pqueue pq, BN_ULLONG priority);
+pitem *pqueue_find(pqueue pq, PQ_64BIT priority);
 pitem *pqueue_iterator(pqueue pq);
 pitem *pqueue_next(piterator *iter);

--- a/crypto/rsa/Makefile
+++ b/crypto/rsa/Makefile
@ -179,6 +179,17 @@ rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c
 rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@ -216,3 +227,13 @@ rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
+rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_x931.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_x931.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_x931.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@ -320,6 +320,12 @@ int RSA_padding_check_X931(unsigned char *to,int tlen,
 	const unsigned char *f,int fl,int rsa_len);
 int RSA_X931_hash_id(int nid);

+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+			const EVP_MD *Hash, const unsigned char *EM, int sLen);
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+			const unsigned char *mHash,
+			const EVP_MD *Hash, int sLen);
+
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int RSA_set_ex_data(RSA *r,int idx,void *arg);
@ -405,7 +411,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
 #define RSA_R_OAEP_DECODING_ERROR			 121
-#define RSA_R_ONE_CHECK_FAILED				 135
+#define RSA_R_SLEN_RECOVERY_FAILED			 135
 #define RSA_R_PADDING_CHECK_FAILED			 114
 #define RSA_R_P_NOT_PRIME				 128
 #define RSA_R_Q_NOT_PRIME				 129
@ -415,7 +421,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
 #define RSA_R_UNKNOWN_PADDING_TYPE			 118
 #define RSA_R_WRONG_SIGNATURE_LENGTH			 119
-#define RSA_R_ZERO_CHECK_FAILED				 136
+#define RSA_R_SLEN_CHECK_FAILED				 136

 #ifdef  __cplusplus
 }
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@ -141,7 +141,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
 {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
 {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
-{ERR_REASON(RSA_R_ONE_CHECK_FAILED)      ,"one check failed"},
+{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  ,"salt length recovery failed"},
 {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
 {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
 {ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
@ -151,7 +151,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
 {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
 {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
-{ERR_REASON(RSA_R_ZERO_CHECK_FAILED)     ,"zero check failed"},
+{ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     ,"salt length check failed"},
 {0,NULL}
 	};

--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@ -402,6 +402,11 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)

 	ret = BN_BLINDING_create_param(NULL, e, rsa->n, ctx,
 			rsa->meth->bn_mod_exp, rsa->_method_mod_n);
+	if (ret == NULL)
+		{
+		RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
+		goto err;
+		}
 	BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());
 err:
 	BN_CTX_end(ctx);
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@ -71,15 +71,40 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
 	{
 	int i;
 	int ret = 0;
-	int hLen, maskedDBLen, emBits, emLen;
+	int hLen, maskedDBLen, MSBits, emLen;
 	const unsigned char *H;
 	unsigned char *DB = NULL;
 	EVP_MD_CTX ctx;
 	unsigned char H_[EVP_MAX_MD_SIZE];
-	emBits = BN_num_bits(rsa->n) - 1;
-	emLen = (emBits + 7) >> 3;
+
 	hLen = EVP_MD_size(Hash);
-	if (emLen < (hLen + sLen + 2))
+	/*
+	 * Negative sLen has special meanings:
+	 *	-1	sLen == hLen
+	 *	-2	salt length is autorecovered from signature
+	 *	-N	reserved
+	 */
+	if      (sLen == -1)	sLen = hLen;
+	else if (sLen == -2)	sLen = -2;
+	else if (sLen < -2)
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+		goto err;
+		}
+
+	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+	emLen = RSA_size(rsa);
+	if (EM[0] & (0xFF << MSBits))
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
+		goto err;
+		}
+	if (MSBits == 0)
+		{
+		EM++;
+		emLen--;
+		}
+	if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */
 		{
 		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);
 		goto err;
@ -89,11 +114,6 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
 		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
 		goto err;
 		}
-	if (EM[0] & (0xFF << (emBits & 0x7)))
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
-		goto err;
-		}
 	maskedDBLen = emLen - hLen - 1;
 	H = EM + maskedDBLen;
 	DB = OPENSSL_malloc(maskedDBLen);
@ -105,27 +125,25 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
 	PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
 	for (i = 0; i < maskedDBLen; i++)
 		DB[i] ^= EM[i];
-	DB[0] &= 0xFF >> (8 - (emBits & 0x7));
-	for (i = 0; i < (emLen - hLen - sLen - 2); i++)
+	if (MSBits)
+		DB[0] &= 0xFF >> (8 - MSBits);
+	for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ;
+	if (DB[i++] != 0x1)
 		{
-		if (DB[i] != 0)	
-			{
-			RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS,
-						RSA_R_ZERO_CHECK_FAILED);
-			goto err;
-			}
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED);
+		goto err;
 		}
-	if (DB[i] != 0x1)
+	if (sLen >= 0 && (maskedDBLen - i) != sLen)
 		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_ONE_CHECK_FAILED);
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
 		goto err;
 		}
 	EVP_MD_CTX_init(&ctx);
 	EVP_DigestInit_ex(&ctx, Hash, NULL);
 	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
 	EVP_DigestUpdate(&ctx, mHash, hLen);
-	if (sLen)
-		EVP_DigestUpdate(&ctx, DB + maskedDBLen - sLen, sLen);
+	if (maskedDBLen - i)
+		EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i);
 	EVP_DigestFinal(&ctx, H_, NULL);
 	EVP_MD_CTX_cleanup(&ctx);
 	if (memcmp(H_, H, hLen))
@ -150,15 +168,37 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
 	{
 	int i;
 	int ret = 0;
-	int hLen, maskedDBLen, emBits, emLen;
+	int hLen, maskedDBLen, MSBits, emLen;
 	unsigned char *H, *salt = NULL, *p;
 	EVP_MD_CTX ctx;
-	emBits = BN_num_bits(rsa->n) - 1;
-	emLen = (emBits + 7) >> 3;
+
 	hLen = EVP_MD_size(Hash);
-	if (sLen < 0)
-		sLen = 0;
-	if (emLen < (hLen + sLen + 2))
+	/*
+	 * Negative sLen has special meanings:
+	 *	-1	sLen == hLen
+	 *	-2	salt length is maximized
+	 *	-N	reserved
+	 */
+	if      (sLen == -1)	sLen = hLen;
+	else if (sLen == -2)	sLen = -2;
+	else if (sLen < -2)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+		goto err;
+		}
+
+	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+	emLen = RSA_size(rsa);
+	if (MSBits == 0)
+		{
+		*EM++ = 0;
+		emLen--;
+		}
+	if (sLen == -2)
+		{
+		sLen = emLen - hLen - 2;
+		}
+	else if (emLen < (hLen + sLen + 2))
 		{
 		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
 		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
@ -203,7 +243,8 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
 		for (i = 0; i < sLen; i++)
 			*p++ ^= salt[i];
 		}
-	EM[0] &= 0xFF >> (8 - (emBits & 0x7));
+	if (MSBits)
+		EM[0] &= 0xFF >> (8 - MSBits);

 	/* H is already in place so just set final 0xbc */

--- a/crypto/rsa/rsa_x931.c
+++ b/crypto/rsa/rsa_x931.c
@ -105,7 +105,7 @@ int RSA_padding_add_X931(unsigned char *to, int tlen,
 int RSA_padding_check_X931(unsigned char *to, int tlen,
 	     const unsigned char *from, int flen, int num)
 	{
-	int i,j;
+	int i = 0,j;
 	const unsigned char *p;

 	p=from;
@ -115,9 +115,9 @@ int RSA_padding_check_X931(unsigned char *to, int tlen,
 		return -1;
 		}

-	j=flen-3;
 	if (*p++ == 0x6B)
 		{
+		j=flen-3;
 		for (i = 0; i < j; i++)
 			{
 			unsigned char c = *p++;
@ -130,15 +130,17 @@ int RSA_padding_check_X931(unsigned char *to, int tlen,
 				return -1;
 				}
 			}
-		}

-	j -= i;
+		j -= i;
+
+		if (i == 0)
+			{
+			RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+			return -1;
+			}

-	if (i == 0)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
-		return -1;
 		}
+	else j = flen - 2;

 	if (p[j] != 0xCC)
 		{
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@ -56,6 +56,7 @@
 * [including the GNU Public Licence.]
 */

+#include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)

 #undef  SHA_0
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@ -4,12 +4,12 @@
 * according to the OpenSSL license [found in ../../LICENSE].
 * ====================================================================
 */
+#include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)

 #include <stdlib.h>
 #include <string.h>

-#include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
 #include <openssl/sha.h>
 #include <openssl/opensslv.h>
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@ -4,6 +4,7 @@
 * according to the OpenSSL license [found in ../../LICENSE].
 * ====================================================================
 */
+#include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
 /*
 * IMPLEMENTATION NOTES.
@ -43,7 +44,6 @@
 #include <stdlib.h>
 #include <string.h>

-#include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
 #include <openssl/sha.h>
 #include <openssl/opensslv.h>
--- a/crypto/sha/sha_dgst.c
+++ b/crypto/sha/sha_dgst.c
@ -56,6 +56,7 @@
 * [including the GNU Public Licence.]
 */

+#include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)

 #undef  SHA_1
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@ -1081,7 +1081,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
 		offset=0;
 	else
 		{
-		if ((*str != '+') && (str[5] != '-'))
+		if ((*str != '+') && (*str != '-'))
 			return 0;
 		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
 		offset+=(str[3]-'0')*10+(str[4]-'0');
--- a/crypto/x86_64cpuid.pl
+++ b/crypto/x86_64cpuid.pl
@ -70,8 +70,8 @@ print<<___ if(!defined($win64a));
 .align	16
 OPENSSL_rdtsc:
 	rdtsc
-	shl	\$32,%rdx
-	or	%rdx,%rax
+	shlq	\$32,%rdx
+	orq	%rdx,%rax
 	ret
 .size	OPENSSL_rdtsc,.-OPENSSL_rdtsc

@ -80,11 +80,11 @@ OPENSSL_rdtsc:
 .align	16
 OPENSSL_atomic_add:
 	movl	(%rdi),%eax
-.Lspin:	lea	(%rsi,%rax),%r8
-lock;	cmpxchg	%r8d,(%rdi)
+.Lspin:	leaq	(%rsi,%rax),%r8
+lock;	cmpxchgl	%r8d,(%rdi)
 	jne	.Lspin
-	mov	%r8d,%eax
-	cdqe
+	movl	%r8d,%eax
+	.byte	0x48,0x98
 	ret
 .size	OPENSSL_atomic_add,.-OPENSSL_atomic_add

@ -108,28 +108,28 @@ OPENSSL_wipe_cpu:
 	pxor	%xmm13,%xmm13
 	pxor	%xmm14,%xmm14
 	pxor	%xmm15,%xmm15
-	xor	%rcx,%rcx
-	xor	%rdx,%rdx
-	xor	%rsi,%rsi
-	xor	%rdi,%rdi
-	xor	%r8,%r8
-	xor	%r9,%r9
-	xor	%r10,%r10
-	xor	%r11,%r11
-	lea	8(%rsp),%rax
+	xorq	%rcx,%rcx
+	xorq	%rdx,%rdx
+	xorq	%rsi,%rsi
+	xorq	%rdi,%rdi
+	xorq	%r8,%r8
+	xorq	%r9,%r9
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	leaq	8(%rsp),%rax
 	ret
 .size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu

 .globl	OPENSSL_ia32_cpuid
 .align	16
 OPENSSL_ia32_cpuid:
-	mov	%rbx,%r8
-	mov	\$1,%eax
+	movq	%rbx,%r8
+	movl	\$1,%eax
 	cpuid
-	shl	\$32,%rcx
-	mov	%edx,%eax
-	mov	%r8,%rbx
-	or	%rcx,%rax
+	shlq	\$32,%rcx
+	movl	%edx,%eax
+	movq	%r8,%rbx
+	orq	%rcx,%rax
 	ret
 .size	OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid

--- a/doc/crypto/OPENSSL_config.pod
+++ b/doc/crypto/OPENSSL_config.pod
@ -35,7 +35,7 @@ calls OPENSSL_add_all_algorithms() by compiling an application with the
 preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
 can be added without source changes.

-The environment variable B<OPENSSL_CONFIG> can be set to specify the location
+The environment variable B<OPENSSL_CONF> can be set to specify the location
 of the configuration file.
 
 Currently ASN1 OBJECTs and ENGINE configuration can be performed future
--- a/doc/crypto/SSLeay_version.pod
+++ b/doc/crypto/SSLeay_version.pod
@ -1,74 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSLeay_version - retrieve version/build information about OpenSSL library
-
-=head1 SYNOPSIS
-
- #include <openssl/crypto.h>
-
- const char *SSLeay_version(int type);
-
-=head1 DESCRIPTION
-
-SSLeay_version() returns a pointer to a constant string describing the
-version of the OpenSSL library or giving information about the library
-build.
-
-The following B<type> values are supported:
-
-=over 4
-
-=item SSLEAY_VERSION
-
-The version of the OpenSSL library including the release date.
-
-=item SSLEAY_CFLAGS
-
-The compiler flags set for the compilation process in the form
-"compiler: ..."  if available or "compiler: information not available"
-otherwise.
-
-=item SSLEAY_BUILT_ON
-
-The date of the build process in the form "built on: ..." if available
-or "built on: date not available" otherwise.
-
-=item SSLEAY_PLATFORM
-
-The "Configure" target of the library build in the form "platform: ..."
-if available or "platform: information not available" otherwise.
-
-=item SSLEAY_DIR
-
-The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
-if available or "OPENSSLDIR: N/A" otherwise.
-
-=back
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item "not available"
-
-An invalid value for B<type> was given.
-
-=item Pointer to constant string
-
-Textual description.
-
-=back
-
-=head1 SEE ALSO
-
-L<crypto(3)|crypto(3)>
-
-=head1 HISTORY
-
-B<SSLEAY_DIR> was added in OpenSSL 0.9.7.
-
-=cut
--- a/doc/crypto/threads.pod
+++ b/doc/crypto/threads.pod
@ -65,9 +65,10 @@ B<CRYPTO_LOCK>, and releases it otherwise.
 B<file> and B<line> are the file number of the function setting the
 lock. They can be useful for debugging.

-id_function(void) is a function that returns a thread ID. It is not
+id_function(void) is a function that returns a thread ID, for example
+pthread_self() if it returns an integer (see NOTES below).  It isn't
 needed on Windows nor on platforms where getpid() returns a different
-ID for each thread (most notably Linux).
+ID for each thread (see NOTES below).

 Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
 of OpenSSL need it for better performance.  To enable this, the following
@ -124,13 +125,13 @@ CRYPTO_get_new_dynlockid() returns the index to the newly created lock.

 The other functions return no values.

-=head1 NOTE
+=head1 NOTES

 You can find out if OpenSSL was configured with thread support:

 #define OPENSSL_THREAD_DEFINES
 #include <openssl/opensslconf.h>
- #if defined(THREADS)
+ #if defined(OPENSSL_THREADS)
   // thread support enabled
 #else
   // no thread support
@ -139,6 +140,22 @@ You can find out if OpenSSL was configured with thread support:
 Also, dynamic locks are currently not used internally by OpenSSL, but
 may do so in the future.

+Defining id_function(void) has it's own issues.  Generally speaking,
+pthread_self() should be used, even on platforms where getpid() gives
+different answers in each thread, since that may depend on the machine
+the program is run on, not the machine where the program is being
+compiled.  For instance, Red Hat 8 Linux and earlier used
+LinuxThreads, whose getpid() returns a different value for each
+thread.  Red Hat 9 Linux and later use NPTL, which is
+Posix-conformant, and has a getpid() that returns the same value for
+all threads in a process.  A program compiled on Red Hat 8 and run on
+Red Hat 9 will therefore see getpid() returning the same value for
+all threads.
+
+There is still the issue of platforms where pthread_self() returns
+something other than an integer.  This is a bit unusual, and this
+manual has no cookbook solution for that case.
+
 =head1 EXAMPLES

 B<crypto/threads/mttest.c> shows examples of the callback functions on
--- a/e_os.h
+++ b/e_os.h
@ -182,10 +182,18 @@ extern "C" {
 #define readsocket(s,b,n)	    read((s),(b),(n))
 #define writesocket(s,b,n)	    write((s),(char *)(b),(n))
 #elif defined(OPENSSL_SYS_NETWARE)
+#if defined(NETWARE_BSDSOCK)
+#define get_last_socket_error() errno
+#define clear_socket_error()    errno=0
+#define closesocket(s)          close(s)
+#define readsocket(s,b,n)       recv((s),(b),(n),0)
+#define writesocket(s,b,n)      send((s),(b),(n),0)
+#else
 #define get_last_socket_error()	WSAGetLastError()
 #define clear_socket_error()	WSASetLastError(0)
 #define readsocket(s,b,n)		recv((s),(b),(n),0)
 #define writesocket(s,b,n)		send((s),(b),(n),0)
+#endif
 #else
 #define get_last_socket_error()	errno
 #define clear_socket_error()	errno=0
@ -219,6 +227,8 @@ extern "C" {
 #    define _setmode setmode
 #    define _O_TEXT O_TEXT
 #    define _O_BINARY O_BINARY
+#    undef DEVRANDOM
+#    define DEVRANDOM "/dev/urandom\x24"
 #  endif /* __DJGPP__ */

 #  ifndef S_IFDIR
@ -436,11 +446,15 @@ extern HINSTANCE _hInstance;
 #    define SHUTDOWN2(fd)		MacSocket_close(fd)

 #  elif defined(OPENSSL_SYS_NETWARE)
-         /* NetWare uses the WinSock2 interfaces
+         /* NetWare uses the WinSock2 interfaces by default, but can be configured for BSD
         */
-#      if defined(NETWARE_CLIB)
-#        include <ws2nlm.h>
-#      elif defined(NETWARE_LIBC)
+#      if defined(NETWARE_BSDSOCK)
+#        include <sys/socket.h>
+#        include <netinet/in.h>
+#        include <sys/time.h>
+#        include <sys/select.h>
+#        define INVALID_SOCKET (int)(~0)
+#      else
 #        include <novsock2.h>
 #      endif
 #      define SSLeay_Write(a,b,c)   send((a),(b),(c),0)
--- a/engines/Makefile
+++ b/engines/Makefile
@ -65,7 +65,7 @@ lib:	$(LIBOBJ)
 	@if [ -n "$(SHARED_LIBS)" ]; then \
 		set -e; \
 		for l in $(LIBNAMES); do \
-			$(MAKE) -f ../Makefile.shared \
+			$(MAKE) -f ../Makefile.shared $(BUILDENV) \
 				LIBNAME=$$l LIBEXTRAS=e_$$l.o \
 				LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
 				link_o.$(SHLIB_TARGET); \
@ -168,6 +168,23 @@ e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h
 e_atalla.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 e_atalla.o: ../include/openssl/symhacks.h e_atalla.c e_atalla_err.c
 e_atalla.o: e_atalla_err.h vendor_defns/atalla.h
+e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+e_chil.o: ../include/openssl/dso.h ../include/openssl/e_os2.h
+e_chil.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+e_chil.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+e_chil.o: ../include/openssl/err.h ../include/openssl/evp.h
+e_chil.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_chil.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_chil.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_chil.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+e_chil.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+e_chil.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+e_chil.o: ../include/openssl/sha.h ../include/openssl/stack.h
+e_chil.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+e_chil.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_chil.c
+e_chil.o: e_chil_err.c e_chil_err.h vendor_defns/hwcryptohook.h
 e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h
@ -184,24 +201,6 @@ e_gmp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
 e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
 e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_gmp.c
-e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-e_chil.o: ../include/openssl/dso.h ../include/openssl/e_os2.h
-e_chil.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-e_chil.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-e_chil.o: ../include/openssl/err.h ../include/openssl/evp.h
-e_chil.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-e_chil.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-e_chil.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-e_chil.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-e_chil.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-e_chil.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-e_chil.o: ../include/openssl/sha.h ../include/openssl/stack.h
-e_chil.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
-e_chil.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-e_chil.o: e_chil.c e_chil_err.c e_chil_err.h
-e_chil.o: vendor_defns/hwcryptohook.h
 e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h
--- a/engines/e_4758cca.c
+++ b/engines/e_4758cca.c
@ -202,8 +202,10 @@ static RAND_METHOD ibm_4758_cca_rand =

 static const char *engine_4758_cca_id = "4758cca";
 static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support";
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE 
 /* Compatibility hack, the dynamic library uses this form in the path */
 static const char *engine_4758_cca_id_alt = "4758_cca";
+#endif

 /* engine implementation */
 /*-----------------------*/
--- a/engines/e_aep.c
+++ b/engines/e_aep.c
@ -479,6 +479,7 @@ static int aep_init(ENGINE *e)

 	if(aep_dso)
 		DSO_free(aep_dso);
+	aep_dso = NULL;
 		
 	p_AEP_OpenConnection    = NULL;
 	p_AEP_ModExp            = NULL;
--- a/engines/e_atalla.c
+++ b/engines/e_atalla.c
@ -384,6 +384,7 @@ static int atalla_init(ENGINE *e)
 err:
 	if(atalla_dso)
 		DSO_free(atalla_dso);
+	atalla_dso = NULL;
 	p_Atalla_GetHardwareConfig = NULL;
 	p_Atalla_RSAPrivateKeyOpFn = NULL;
 	p_Atalla_GetPerformanceStatistics = NULL;
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@ -1,4 +1,4 @@
-/* crypto/engine/hw_ncipher.c -*- mode: C; c-file-style: "eay" -*- */
+/* crypto/engine/e_chil.c -*- mode: C; c-file-style: "eay" -*- */
 /* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
 * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com)
 * for the OpenSSL project 2000.
@ -70,7 +70,7 @@
 #include <openssl/bn.h>

 #ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_NCIPHER
+#ifndef OPENSSL_NO_HW_CHIL

 /* Attribution notice: nCipher have said several times that it's OK for
 * us to implement a general interface to their boxes, and recently declared
@ -86,7 +86,7 @@
 #include "vendor_defns/hwcryptohook.h"
 #endif

-#define HWCRHK_LIB_NAME "hwcrhk engine"
+#define HWCRHK_LIB_NAME "CHIL engine"
 #include "e_chil_err.c"

 static int hwcrhk_destroy(ENGINE *e);
@ -177,7 +177,7 @@ static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
 /* Our internal RSA_METHOD that we provide pointers to */
 static RSA_METHOD hwcrhk_rsa =
 	{
-	"nCipher RSA method",
+	"CHIL RSA method",
 	NULL,
 	NULL,
 	NULL,
@ -198,7 +198,7 @@ static RSA_METHOD hwcrhk_rsa =
 /* Our internal DH_METHOD that we provide pointers to */
 static DH_METHOD hwcrhk_dh =
 	{
-	"nCipher DH method",
+	"CHIL DH method",
 	NULL,
 	NULL,
 	hwcrhk_mod_exp_dh,
@ -212,7 +212,7 @@ static DH_METHOD hwcrhk_dh =

 static RAND_METHOD hwcrhk_rand =
 	{
-	/* "nCipher RAND method", */
+	/* "CHIL RAND method", */
 	NULL,
 	hwcrhk_rand_bytes,
 	NULL,
@ -223,9 +223,12 @@ static RAND_METHOD hwcrhk_rand =

 /* Constants used when creating the ENGINE */
 static const char *engine_hwcrhk_id = "chil";
-static const char *engine_hwcrhk_name = "nCipher hardware engine support";
+static const char *engine_hwcrhk_name = "CHIL hardware engine support";
+
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE 
 /* Compatibility hack, the dynamic library uses this form in the path */
 static const char *engine_hwcrhk_id_alt = "ncipher";
+#endif

 /* Internal stuff for HWCryptoHook */

@ -325,7 +328,7 @@ static HWCryptoHook_InitInfo hwcrhk_globals = {

 /* Now, to our own code */

-/* This internal function is used by ENGINE_ncipher() and possibly by the
+/* This internal function is used by ENGINE_chil() and possibly by the
 * "dynamic" ENGINE support too */
 static int bind_helper(ENGINE *e)
 	{
@ -381,7 +384,7 @@ static int bind_helper(ENGINE *e)
 	}

 #ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_ncipher(void)
+static ENGINE *engine_chil(void)
 	{
 	ENGINE *ret = ENGINE_new();
 	if(!ret)
@ -397,7 +400,7 @@ static ENGINE *engine_ncipher(void)
 void ENGINE_load_chil(void)
 	{
 	/* Copied from eng_[openssl|dyn].c */
-	ENGINE *toadd = engine_ncipher();
+	ENGINE *toadd = engine_chil();
 	if(!toadd) return;
 	ENGINE_add(toadd);
 	ENGINE_free(toadd);
@ -493,7 +496,7 @@ static void release_context(HWCryptoHook_ContextHandle hac)
 	p_hwcrhk_Finish(hac);
 	}

-/* Destructor (complements the "ENGINE_ncipher()" constructor) */
+/* Destructor (complements the "ENGINE_chil()" constructor) */
 static int hwcrhk_destroy(ENGINE *e)
 	{
 	free_HWCRHK_LIBNAME();
@ -1356,5 +1359,5 @@ IMPLEMENT_DYNAMIC_CHECK_FN()
 IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
 #endif /* OPENSSL_NO_DYNAMIC_ENGINE */

-#endif /* !OPENSSL_NO_HW_NCIPHER */
+#endif /* !OPENSSL_NO_HW_CHIL */
 #endif /* !OPENSSL_NO_HW */
--- a/engines/e_cswift.c
+++ b/engines/e_cswift.c
@ -98,6 +98,7 @@ static int cswift_destroy(ENGINE *e);
 static int cswift_init(ENGINE *e);
 static int cswift_finish(ENGINE *e);
 static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);

 /* BIGNUM stuff */
 static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@ -415,7 +416,10 @@ static int cswift_init(ENGINE *e)
 	return 1;
 err:
 	if(cswift_dso)
+	{
 		DSO_free(cswift_dso);
+		cswift_dso = NULL;
+	}
 	p_CSwift_AcquireAccContext = NULL;
 	p_CSwift_AttachKeyParam = NULL;
 	p_CSwift_SimpleRequest = NULL;
@ -565,6 +569,29 @@ err:
 	return to_return;
 	}

+
+int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
+{
+	int mod;
+	int numbytes = BN_num_bytes(in);
+
+	mod = 0;
+	while( ((out->nbytes = (numbytes+mod)) % 32) )
+	{
+		mod++;
+	}
+	out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
+	if(!out->value)
+	{
+		return 0;
+	}
+	BN_bn2bin(in, &out->value[mod]);
+	if(mod)
+		memset(out->value, 0, mod);
+
+	return 1;
+}
+
 /* Un petit mod_exp chinois */
 static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *q, const BIGNUM *dmp1,
@ -574,15 +601,16 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 	SW_LARGENUMBER arg, res;
 	SW_PARAM sw_param;
 	SW_CONTEXT_HANDLE hac;
-	BIGNUM *rsa_p = NULL;
-	BIGNUM *rsa_q = NULL;
-	BIGNUM *rsa_dmp1 = NULL;
-	BIGNUM *rsa_dmq1 = NULL;
-	BIGNUM *rsa_iqmp = NULL;
-	BIGNUM *argument = NULL;
 	BIGNUM *result = NULL;
+	BIGNUM *argument = NULL;
 	int to_return = 0; /* expect failure */
 	int acquired = 0;
+
+	sw_param.up.crt.p.value = NULL;
+	sw_param.up.crt.q.value = NULL;
+	sw_param.up.crt.dmp1.value = NULL;
+	sw_param.up.crt.dmq1.value = NULL;
+	sw_param.up.crt.iqmp.value = NULL;
 
 	if(!get_context(&hac))
 		{
@ -590,44 +618,55 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 		goto err;
 		}
 	acquired = 1;
+
 	/* Prepare the params */
-	BN_CTX_start(ctx);
-	rsa_p = BN_CTX_get(ctx);
-	rsa_q = BN_CTX_get(ctx);
-	rsa_dmp1 = BN_CTX_get(ctx);
-	rsa_dmq1 = BN_CTX_get(ctx);
-	rsa_iqmp = BN_CTX_get(ctx);
-	argument = BN_CTX_get(ctx);
-	result = BN_CTX_get(ctx);
-	if(!result)
+	argument = BN_new();
+	result = BN_new();
+	if(!result || !argument)
 		{
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
 		goto err;
 		}
-	if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
-			!bn_wexpand(rsa_dmp1, dmp1->top) ||
-			!bn_wexpand(rsa_dmq1, dmq1->top) ||
-			!bn_wexpand(rsa_iqmp, iqmp->top) ||
-			!bn_wexpand(argument, a->top) ||
+
+
+	sw_param.type = SW_ALG_CRT;
+	/************************************************************************/
+	/* 04/02/2003                                                           */
+	/* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
+	/* limitation of cswift with values not a multiple of 32                */
+	/************************************************************************/
+	if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
+	{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+	if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
+	{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+	if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
+	{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+	if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
+	{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+	if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
+	{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+	if(	!bn_wexpand(argument, a->top) ||
 			!bn_wexpand(result, p->top + q->top))
 		{
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
 		goto err;
 		}
-	sw_param.type = SW_ALG_CRT;
-	sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
-	sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
-	sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
-	sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
-	sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
-		(unsigned char *)rsa_dmp1->d);
-	sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
-	sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
-		(unsigned char *)rsa_dmq1->d);
-	sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
-	sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
-		(unsigned char *)rsa_iqmp->d);
-	sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
+
 	/* Attach the key params */
 	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
 	switch(sw_status)
@ -666,9 +705,22 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
 	to_return = 1;
 err:
+	if(sw_param.up.crt.p.value)
+		OPENSSL_free(sw_param.up.crt.p.value);
+	if(sw_param.up.crt.q.value)
+		OPENSSL_free(sw_param.up.crt.q.value);
+	if(sw_param.up.crt.dmp1.value)
+		OPENSSL_free(sw_param.up.crt.dmp1.value);
+	if(sw_param.up.crt.dmq1.value)
+		OPENSSL_free(sw_param.up.crt.dmq1.value);
+	if(sw_param.up.crt.iqmp.value)
+		OPENSSL_free(sw_param.up.crt.iqmp.value);
+	if(result)
+		BN_free(result);
+	if(argument)
+		BN_free(argument);
 	if(acquired)
 		release_context(hac);
-	BN_CTX_end(ctx);
 	return to_return;
 	}
 
@ -676,6 +728,27 @@ err:
 static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 	{
 	int to_return = 0;
+	const RSA_METHOD * def_rsa_method;
+
+	/* Try the limits of RSA (2048 bits) */
+	if(BN_num_bytes(rsa->p) > 128 ||
+		BN_num_bytes(rsa->q) > 128 ||
+		BN_num_bytes(rsa->dmp1) > 128 ||
+		BN_num_bytes(rsa->dmq1) > 128 ||
+		BN_num_bytes(rsa->iqmp) > 128)
+	{
+#ifdef RSA_NULL
+		def_rsa_method=RSA_null_method();
+#else
+#if 0
+		def_rsa_method=RSA_PKCS1_RSAref();
+#else
+		def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+		if(def_rsa_method)
+			return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx);
+	}

 	if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
 		{
@ -693,6 +766,26 @@ err:
 static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 	{
+	const RSA_METHOD * def_rsa_method;
+
+	/* Try the limits of RSA (2048 bits) */
+	if(BN_num_bytes(r) > 256 ||
+		BN_num_bytes(a) > 256 ||
+		BN_num_bytes(m) > 256)
+	{
+#ifdef RSA_NULL
+		def_rsa_method=RSA_null_method();
+#else
+#if 0
+		def_rsa_method=RSA_PKCS1_RSAref();
+#else
+		def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+		if(def_rsa_method)
+			return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
+	}
+
 	return cswift_mod_exp(r, a, p, m, ctx);
 	}

@ -937,9 +1030,10 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
 	SW_CONTEXT_HANDLE hac;
 	SW_STATUS swrc;
 	SW_LARGENUMBER largenum;
-	size_t nbytes = 0;
 	int acquired = 0;
 	int to_return = 0; /* assume failure */
+	unsigned char buf32[1024];
+

 	if (!get_context(&hac))
 	{
@ -948,17 +1042,19 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
 	}
 	acquired = 1;

-	while (nbytes < (size_t)num)
+	/************************************************************************/
+	/* 04/02/2003                                                           */
+	/* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
+	/* limitation of cswift with values not a multiple of 32                */
+	/************************************************************************/
+
+	while(num >= sizeof(buf32))
 	{
+		largenum.value = buf;
+		largenum.nbytes = sizeof(buf32);
 		/* tell CryptoSwift how many bytes we want and where we want it.
 		 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
 		 *       - CryptoSwift can only do multiple of 32-bits. */
-		largenum.value = (SW_BYTE *) buf + nbytes;
-		if (4096 > num - nbytes)
-			largenum.nbytes = num - nbytes;
-		else
-			largenum.nbytes = 4096;
-
 		swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
 		if (swrc != SW_OK)
 		{
@ -968,14 +1064,30 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
 			ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
 			goto err;
 		}
-
-		nbytes += largenum.nbytes;
+		buf += sizeof(buf32);
+		num -= sizeof(buf32);
+	}
+	if(num)
+	{
+		largenum.nbytes = sizeof(buf32);
+		largenum.value = buf32;
+		swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+		if (swrc != SW_OK)
+		{
+			char tmpbuf[20];
+			CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+			sprintf(tmpbuf, "%ld", swrc);
+			ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+			goto err;
+		}
+		memcpy(buf, largenum.value, num);
 	}
-	to_return = 1;  /* success */

+	to_return = 1;  /* success */
 err:
 	if (acquired)
 		release_context(hac);
+
 	return to_return;
 }

--- a/engines/e_ubsec.c
+++ b/engines/e_ubsec.c
@ -463,6 +463,7 @@ static int ubsec_init(ENGINE *e)
 err:
 	if(ubsec_dso)
 		DSO_free(ubsec_dso);
+	ubsec_dso = NULL;
 	p_UBSEC_ubsec_bytes_to_bits = NULL;
 	p_UBSEC_ubsec_bits_to_bytes = NULL;
 	p_UBSEC_ubsec_open = NULL;
--- a/makevms.com
+++ b/makevms.com
@ -428,7 +428,7 @@ $ SDIRS := ,-
   BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,-
   BUFFER,BIO,STACK,LHASH,RAND,ERR,-
   EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,-
-   STORE
+   STORE,PQUEUE
 $ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,symhacks.h,-
 		ossl_typ.h
 $ EXHEADER_OBJECTS := objects.h,obj_mac.h
@ -477,6 +477,7 @@ $ EXHEADER_UI := ui.h,ui_compat.h
 $ EXHEADER_KRB5 := krb5_asn.h
 $!EXHEADER_STORE := store.h,str_compat.h
 $ EXHEADER_STORE := store.h
+$ EXHEADER_PQUEUE := pqueue.h,pq_compat.h
 $
 $ I = 0
 $ LOOP_SDIRS: 
@ -495,7 +496,7 @@ $ LOOP_SDIRS_END:
 $!
 $! Copy All The ".H" Files From The [.SSL] Directory.
 $!
-$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h
+$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h
 $ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
 $!
 $! Purge all doubles
--- a/ms/uplink.pl
+++ b/ms/uplink.pl
@ -168,23 +168,23 @@ _DATA	SEGMENT
 PUBLIC	OPENSSL_UplinkTable
 OPENSSL_UplinkTable	DQ	$N
 ___
-for ($i=1;$i<=$N;$i++) {   print "	DQ	FLAT:\$lazy$i\n";   }
+for ($i=1;$i<=$N;$i++) {   print "	DQ	\$lazy$i\n";   }
 print <<___;
 _DATA	ENDS

-TEXT	SEGMENT
-EXTERN	OPENSSL_Uplink:NEAR
+_TEXT	SEGMENT
+EXTERN	OPENSSL_Uplink:PROC
 ___
 for ($i=1;$i<=$N;$i++) {
 print <<___;
 ALIGN	4
-\$lazy$i	PROC NEAR
+\$lazy$i	PROC
 	push	r9
 	push	r8
 	push	rdx
 	push	rcx
 	sub	rsp,40
-	mov	rcx,OFFSET FLAT:OPENSSL_UplinkTable
+	lea	rcx,OFFSET OPENSSL_UplinkTable
 	mov	rdx,$i
 	call	OPENSSL_Uplink
 	add	rsp,40
@ -197,7 +197,7 @@ ALIGN	4
 ___
 }
 print <<___;
-TEXT	ENDS
+_TEXT	ENDS
 END
 ___
 }
--- a/openssl.spec
+++ b/openssl.spec
@ -2,7 +2,7 @@
 %define libmin 9
 %define librel 8
 #%define librev a
-Release: 1
+Release: 2

 %define openssldir /var/ssl

@ -121,7 +121,6 @@ rm -rf $RPM_BUILD_ROOT

 %config %attr(0644,root,root) %{openssldir}/openssl.cnf 
 %dir %attr(0755,root,root) %{openssldir}/certs
-%dir %attr(0755,root,root) %{openssldir}/lib
 %dir %attr(0755,root,root) %{openssldir}/misc
 %dir %attr(0750,root,root) %{openssldir}/private

@ -146,6 +145,8 @@ ldconfig
 ldconfig

 %changelog
+* Sun Jun  6 2005 Richard Levitte <richard@levitte.org>
+- Remove the incorrect installation of '%{openssldir}/lib'.
 * Wed May  7 2003 Richard Levitte <richard@levitte.org>
 - Add /usr/lib/pkgconfig/openssl.pc to the development section.
 * Thu Mar 22 2001 Richard Levitte <richard@levitte.org>
--- a/ssl/Makefile
+++ b/ssl/Makefile
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@ -442,6 +442,7 @@ dtls1_buffer_handshake_fragment(SSL *s, struct hm_header_st* msg_hdr)
 {
    hm_fragment *frag = NULL;
    pitem *item = NULL;
+	PQ_64BIT seq64;

    frag = dtls1_hm_fragment_new(msg_hdr->frag_len);
    if ( frag == NULL)
@ -452,10 +453,15 @@ dtls1_buffer_handshake_fragment(SSL *s, struct hm_header_st* msg_hdr)

    memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));

-    item = pitem_new(msg_hdr->seq, frag);
+    pq_64bit_init(&seq64);
+    pq_64bit_assign_word(&seq64, msg_hdr->seq);
+
+    item = pitem_new(seq64, frag);
    if ( item == NULL)
        goto err;

+    pq_64bit_free(&seq64);
+
    pqueue_insert(s->d1->buffered_messages, item);
    return 1;

@ -1037,6 +1043,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
    {
    pitem *item;
    hm_fragment *frag;
+	PQ_64BIT seq64;

    /* this function is called immediately after a message has 
     * been serialized */
@ -1064,7 +1071,11 @@ dtls1_buffer_message(SSL *s, int is_ccs)
    frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
    frag->msg_header.is_ccs = is_ccs;

-    item = pitem_new(frag->msg_header.seq, frag);
+    pq_64bit_init(&seq64);
+    pq_64bit_assign_word(&seq64, frag->msg_header.seq);
+
+    item = pitem_new(seq64, frag);
+    pq_64bit_free(&seq64);
    if ( item == NULL)
        {
        dtls1_hm_fragment_free(frag);
@ -1090,6 +1101,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
    pitem *item;
    hm_fragment *frag ;
    unsigned long header_length;
+	PQ_64BIT seq64;

    /*
      OPENSSL_assert(s->init_num == 0);
@ -1097,7 +1109,11 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
     */

    /* XDTLS:  the requested message ought to be found, otherwise error */
-    item = pqueue_find(s->d1->sent_messages, seq);
+    pq_64bit_init(&seq64);
+    pq_64bit_assign_word(&seq64, seq);
+
+    item = pqueue_find(s->d1->sent_messages, seq64);
+    pq_64bit_free(&seq64);
    if ( item == NULL)
        {
        fprintf(stderr, "retransmit:  message %d non-existant\n", seq);
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@ -115,6 +115,7 @@

 #include <stdio.h>
 #include "ssl_locl.h"
+#include "kssl_lcl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@ -132,10 +132,20 @@ int dtls1_new(SSL *s)
 	memset(d1,0, sizeof *d1);

 	/* d1->handshake_epoch=0; */
+#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
+	d1->bitmap.length=64;
+#else
 	d1->bitmap.length=sizeof(d1->bitmap.map) * 8;
+#endif
+	pq_64bit_init(&(d1->bitmap.map));
+	pq_64bit_init(&(d1->bitmap.max_seq_num));
+	
+	pq_64bit_init(&(d1->next_bitmap.map));
+	pq_64bit_init(&(d1->next_bitmap.max_seq_num));
+
 	d1->unprocessed_rcds.q=pqueue_new();
-    d1->processed_rcds.q=pqueue_new();
-    d1->buffered_messages = pqueue_new();
+	d1->processed_rcds.q=pqueue_new();
+	d1->buffered_messages = pqueue_new();
 	d1->sent_messages=pqueue_new();

 	if ( s->server)
@ -198,6 +208,12 @@ void dtls1_free(SSL *s)
        }
 	pqueue_free(s->d1->sent_messages);

+	pq_64bit_free(&(s->d1->bitmap.map));
+	pq_64bit_free(&(s->d1->bitmap.max_seq_num));
+
+	pq_64bit_free(&(s->d1->next_bitmap.map));
+	pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
+
 	OPENSSL_free(s->d1);
 	}

--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@ -124,7 +124,7 @@
 static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, 
 	int len, int peek);
 static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
-	BN_ULLONG *seq_num);
+	PQ_64BIT *seq_num);
 static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
 static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, 
    unsigned int *is_next_epoch);
@ -133,13 +133,13 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
 	unsigned short *priority, unsigned long *offset);
 #endif
 static int dtls1_buffer_record(SSL *s, record_pqueue *q,
-	BN_ULLONG priority);
+	PQ_64BIT priority);
 static int dtls1_process_record(SSL *s);
-static BN_ULLONG bytes_to_long_long(unsigned char *bytes);
-static void long_long_to_bytes(BN_ULLONG num, unsigned char *bytes);
+#if PQ_64BIT_IS_INTEGER
+static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);
+#endif
 static void dtls1_clear_timeouts(SSL *s);

-
 /* copy buffered record into SSL structure */
 static int
 dtls1_copy_record(SSL *s, pitem *item)
@ -161,7 +161,7 @@ dtls1_copy_record(SSL *s, pitem *item)


 static int
-dtls1_buffer_record(SSL *s, record_pqueue *queue, BN_ULLONG priority)
+dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority)
 {
    DTLS1_RECORD_DATA *rdata;
 	pitem *item;
@ -275,9 +275,9 @@ static int
 dtls1_get_buffered_record(SSL *s)
 	{
 	pitem *item;
-	BN_ULLONG priority = 
-		(((BN_ULLONG)s->d1->handshake_read_seq) << 32) | 
-		((BN_ULLONG)s->d1->r_msg_hdr.frag_off);
+	PQ_64BIT priority = 
+		(((PQ_64BIT)s->d1->handshake_read_seq) << 32) | 
+		((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
 	
 	if ( ! SSL_in_init(s))  /* if we're not (re)negotiating, 
 							   nothing buffered */
@ -482,7 +482,6 @@ int dtls1_get_record(SSL *s)
 	unsigned char *p;
 	short version;
 	DTLS1_BITMAP *bitmap;
-	BN_ULLONG read_sequence;
    unsigned int is_next_epoch;

 	rr= &(s->s3->rrec);
@ -522,9 +521,9 @@ again:
        /* sequence number is 64 bits, with top 2 bytes = epoch */ 
 		n2s(p,rr->epoch);

-		read_sequence = 0;
-		n2l6(p, read_sequence);
-		long_long_to_bytes(read_sequence, s->s3->read_sequence);
+		memcpy(&(s->s3->read_sequence[2]), p, 6);
+		p+=6;
+
 		n2s(p,rr->length);

 		/* Lets check version */
@ -1406,7 +1405,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 /*	else
 	s2n(s->d1->handshake_epoch, pseq); */

-	l2n6(bytes_to_long_long(s->s3->write_sequence), pseq);
+	memcpy(pseq, &(s->s3->write_sequence[2]), 6);
+	pseq+=6;
 	s2n(wr->length,pseq);

 	/* we should now have
@ -1419,7 +1419,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 	/* buffer the record, making it easy to handle retransmits */
 	if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
 		dtls1_buffer_record(s, wr->data, wr->length, 
-			*((BN_ULLONG *)&(s->s3->write_sequence[0])));
+			*((PQ_64BIT *)&(s->s3->write_sequence[0])));
 #endif

 	ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
@ -1451,27 +1451,60 @@ err:


 static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
-	BN_ULLONG *seq_num)
+	PQ_64BIT *seq_num)
 	{
-	BN_ULLONG mask = 0x0000000000000001L;
-	BN_ULLONG rcd_num;
+#if PQ_64BIT_IS_INTEGER
+	PQ_64BIT mask = 0x0000000000000001L;
+#endif
+	PQ_64BIT rcd_num, tmp;
+
+	pq_64bit_init(&rcd_num);
+	pq_64bit_init(&tmp);
+
+	/* this is the sequence number for the record just read */
+	pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);

-	rcd_num = bytes_to_long_long(s->s3->read_sequence);
 	
-	if (rcd_num >= bitmap->max_seq_num)
+	if (pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
+		pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
 		{
-		*seq_num = rcd_num;
+		pq_64bit_assign(seq_num, &rcd_num);
+		pq_64bit_free(&rcd_num);
+		pq_64bit_free(&tmp);
 		return 1;  /* this record is new */
 		}
-	
-	if (bitmap->max_seq_num - rcd_num > bitmap->length)
-		return 0;  /* stale, outside the window */

+	pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
+
+	if ( pq_64bit_get_word(&tmp) > bitmap->length)
+		{
+		pq_64bit_free(&rcd_num);
+		pq_64bit_free(&tmp);
+		return 0;  /* stale, outside the window */
+		}
+
+#if PQ_64BIT_IS_BIGNUM
+	{
+	int offset;
+	pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
+	pq_64bit_sub_word(&tmp, 1);
+	offset = pq_64bit_get_word(&tmp);
+	if ( pq_64bit_is_bit_set(&(bitmap->map), offset))
+		{
+		pq_64bit_free(&rcd_num);
+		pq_64bit_free(&tmp);
+		return 0;
+		}
+	}
+#else
 	mask <<= (bitmap->max_seq_num - rcd_num - 1);
 	if (bitmap->map & mask)
 		return 0; /* record previously received */
+#endif
 	
-	*seq_num = rcd_num;
+	pq_64bit_assign(seq_num, &rcd_num);
+	pq_64bit_free(&rcd_num);
+	pq_64bit_free(&tmp);
 	return 1;
 	}

@ -1479,23 +1512,49 @@ static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
 static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
 	{
 	unsigned int shift;
-	BN_ULLONG mask = 0x0000000000000001L;
-	BN_ULLONG rcd_num;
+	PQ_64BIT rcd_num;
+	PQ_64BIT tmp;
+	PQ_64BIT_CTX *ctx;

-	rcd_num = bytes_to_long_long(s->s3->read_sequence);
+	pq_64bit_init(&rcd_num);
+	pq_64bit_init(&tmp);

-	if (rcd_num >= bitmap->max_seq_num)
+	pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
+
+	/* unfortunate code complexity due to 64-bit manipulation support
+	 * on 32-bit machines */
+	if ( pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
+		pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
 		{
-		shift = (unsigned int)(rcd_num - bitmap->max_seq_num) + 1;
-		bitmap->max_seq_num = rcd_num + 1;
-		bitmap->map <<= shift;
-		bitmap->map |= 0x0000000000000001L;
+		pq_64bit_sub(&tmp, &rcd_num, &(bitmap->max_seq_num));
+		pq_64bit_add_word(&tmp, 1);
+
+		shift = (unsigned int)pq_64bit_get_word(&tmp);
+
+		pq_64bit_lshift(&(tmp), &(bitmap->map), shift);
+		pq_64bit_assign(&(bitmap->map), &tmp);
+
+		pq_64bit_set_bit(&(bitmap->map), 0);
+		pq_64bit_add_word(&rcd_num, 1);
+		pq_64bit_assign(&(bitmap->max_seq_num), &rcd_num);
+
+		pq_64bit_assign_word(&tmp, 1);
+		pq_64bit_lshift(&tmp, &tmp, bitmap->length);
+		ctx = pq_64bit_ctx_new(&ctx);
+		pq_64bit_mod(&(bitmap->map), &(bitmap->map), &tmp, ctx);
+		pq_64bit_ctx_free(ctx);
 		}
 	else
 		{
-		mask <<= (bitmap->max_seq_num - rcd_num - 1);
-		bitmap->map |= mask;
+		pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
+		pq_64bit_sub_word(&tmp, 1);
+		shift = (unsigned int)pq_64bit_get_word(&tmp);
+
+		pq_64bit_set_bit(&(bitmap->map), shift);
 		}
+
+	pq_64bit_free(&rcd_num);
+	pq_64bit_free(&tmp);
 	}


@ -1656,8 +1715,17 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
 		{
 		seq = s->s3->read_sequence;
 		s->d1->r_epoch++;
-		memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
+
+		pq_64bit_assign(&(s->d1->bitmap.map), &(s->d1->next_bitmap.map));
+		s->d1->bitmap.length = s->d1->next_bitmap.length;
+		pq_64bit_assign(&(s->d1->bitmap.max_seq_num), 
+			&(s->d1->next_bitmap.max_seq_num));
+
+		pq_64bit_free(&(s->d1->next_bitmap.map));
+		pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
 		memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
+		pq_64bit_init(&(s->d1->next_bitmap.map));
+		pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
 		}
 	else
 		{
@ -1668,36 +1736,26 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
 	memset(seq, 0x00, seq_bytes);
 	}

+#if PQ_64BIT_IS_INTEGER
+static PQ_64BIT
+bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num)
+       {
+       PQ_64BIT _num;

-static BN_ULLONG
-bytes_to_long_long(unsigned char *bytes)
-	{
-	BN_ULLONG num;
+       _num = (((PQ_64BIT)bytes[0]) << 56) |
+               (((PQ_64BIT)bytes[1]) << 48) |
+               (((PQ_64BIT)bytes[2]) << 40) |
+               (((PQ_64BIT)bytes[3]) << 32) |
+               (((PQ_64BIT)bytes[4]) << 24) |
+               (((PQ_64BIT)bytes[5]) << 16) |
+               (((PQ_64BIT)bytes[6]) <<  8) |
+               (((PQ_64BIT)bytes[7])      );

-	num = (((BN_ULLONG)bytes[0]) << 56) |
-		(((BN_ULLONG)bytes[1]) << 48) |
-		(((BN_ULLONG)bytes[2]) << 40) |
-		(((BN_ULLONG)bytes[3]) << 32) |
-		(((BN_ULLONG)bytes[4]) << 24) |
-		(((BN_ULLONG)bytes[5]) << 16) |
-		(((BN_ULLONG)bytes[6]) <<  8) |
-		(((BN_ULLONG)bytes[7])      );
+	   *num = _num ;
+       return _num;
+       }
+#endif

-	return num;
-	}
-
-static void
-long_long_to_bytes(BN_ULLONG num, unsigned char *bytes)
-	{
-	bytes[0] = (unsigned char)((num >> 56)&0xff);
-	bytes[1] = (unsigned char)((num >> 48)&0xff);
-	bytes[2] = (unsigned char)((num >> 40)&0xff);
-	bytes[3] = (unsigned char)((num >> 32)&0xff);
-	bytes[4] = (unsigned char)((num >> 24)&0xff);
-	bytes[5] = (unsigned char)((num >> 16)&0xff);
-	bytes[6] = (unsigned char)((num >>  8)&0xff);
-	bytes[7] = (unsigned char)((num      )&0xff);
-	}

 static void
 dtls1_clear_timeouts(SSL *s)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@ -1075,7 +1075,7 @@ int dtls1_send_certificate_request(SSL *s)
 		d=(unsigned char *)buf->data;
 		*(d++)=SSL3_MT_CERTIFICATE_REQUEST;
 		l2n3(n,d);
-		l2n(s->d1->handshake_write_seq,d);
+		s2n(s->d1->handshake_write_seq,d);
 		s->d1->handshake_write_seq++;

 		/* we should now have things packed up, so lets send
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@ -90,9 +90,9 @@ extern "C" {

 typedef struct dtls1_bitmap_st
 	{
-	BN_ULLONG map;
+	PQ_64BIT map;
 	unsigned long length;     /* sizeof the bitmap in bits */
-	BN_ULLONG max_seq_num;  /* max record number seen so far */
+	PQ_64BIT max_seq_num;  /* max record number seen so far */
 	} DTLS1_BITMAP;

 struct hm_header_st
@ -162,9 +162,6 @@ typedef struct dtls1_state_st

 	unsigned short handshake_read_seq;

-	/* only matters for handshake messages */  
-	BN_ULLONG next_expected_seq_num; 
-
 	/* Received handshake records (processed and unprocessed) */
 	record_pqueue unprocessed_rcds;
 	record_pqueue processed_rcds;
--- a/ssl/install.com
+++ b/ssl/install.com
@ -38,7 +38,7 @@ $	IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
 $	IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
 	   CREATE/DIR/LOG WRK_SSLAEXE:
 $
-$	EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h
+$	EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h
 $	E_EXE := ssl_task
 $	LIBS := LIBSSL
 $
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@ -70,7 +70,9 @@

 #define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
 #include <time.h>
+#if 0 /* experimental */
 #undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
+#endif
 #include <string.h>

 #define KRB5_PRIVATE	1
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -128,6 +128,7 @@
 #include "kssl_lcl.h"
 #include <openssl/md5.h>
 #include <openssl/dh.h>
+#include <openssl/pq_compat.h>

 const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;

@ -1441,6 +1442,8 @@ int ssl3_new(SSL *s)
 	memset(s3,0,sizeof *s3);
 	EVP_MD_CTX_init(&s3->finish_dgst1);
 	EVP_MD_CTX_init(&s3->finish_dgst2);
+	pq_64bit_init(&(s3->rrec.seq_num));
+	pq_64bit_init(&(s3->wrec.seq_num));

 	s->s3=s3;

@ -1475,6 +1478,9 @@ void ssl3_free(SSL *s)
 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
 	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
 	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+	pq_64bit_free(&(s->s3->rrec.seq_num));
+	pq_64bit_free(&(s->s3->wrec.seq_num));
+
 	OPENSSL_cleanse(s->s3,sizeof *s->s3);
 	OPENSSL_free(s->s3);
 	s->s3=NULL;
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@ -1886,7 +1886,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 		n2s(p,i);
 		enc_ticket.length = i;

-		if (n < enc_ticket.length + 6)
+		if (n < (int)enc_ticket.length + 6)
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
 				SSL_R_DATA_LENGTH_TOO_LONG);
@ -1899,7 +1899,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 		n2s(p,i);
 		authenticator.length = i;

-		if (n < enc_ticket.length + authenticator.length + 6)
+		if (n < (int)(enc_ticket.length + authenticator.length) + 6)
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
 				SSL_R_DATA_LENGTH_TOO_LONG);
--- a/ssl/ssl-lib.com
+++ b/ssl/ssl-lib.com
@ -174,6 +174,8 @@ $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
 	    "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
 	    "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
 	    "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
+	    "d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
+	    "d1_both,d1_enc,"+ -
 	    "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
 	    "ssl_ciph,ssl_stat,ssl_rsa,"+ -
 	    "ssl_asn1,ssl_txt,ssl_algs,"+ -
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@ -1655,6 +1655,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_CTRL					 232
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 168
 #define SSL_F_SSL_CTX_NEW				 169
+#define SSL_F_SSL_CTX_SET_CIPHER_LIST			 1026
 #define SSL_F_SSL_CTX_SET_PURPOSE			 226
 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT		 219
 #define SSL_F_SSL_CTX_SET_SSL_VERSION			 170
@ -1685,6 +1686,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_SESSION_PRINT_FP			 190
 #define SSL_F_SSL_SESS_CERT_NEW				 225
 #define SSL_F_SSL_SET_CERT				 191
+#define SSL_F_SSL_SET_CIPHER_LIST			 1027
 #define SSL_F_SSL_SET_FD				 192
 #define SSL_F_SSL_SET_PKEY				 193
 #define SSL_F_SSL_SET_PURPOSE				 227
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@ -123,6 +123,7 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #include <openssl/ssl.h>
+#include <openssl/pq_compat.h>

 #ifdef  __cplusplus
 extern "C" {
@ -295,7 +296,7 @@ typedef struct ssl3_record_st
 /*rw*/	unsigned char *input;   /* where the decode bytes are */
 /*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
-/*r */  BN_ULLONG seq_num; /* sequence number, needed by DTLS1 */
+/*r */  PQ_64BIT seq_num;       /* sequence number, needed by DTLS1 */
 	} SSL3_RECORD;

 typedef struct ssl3_buffer_st
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@ -635,14 +635,13 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 	BIO *in;
 	X509 *x=NULL;
 	X509_NAME *xn=NULL;
-	STACK_OF(X509_NAME) *ret,*sk;
+	STACK_OF(X509_NAME) *ret = NULL,*sk;

-	ret=sk_X509_NAME_new_null();
 	sk=sk_X509_NAME_new(xname_cmp);

 	in=BIO_new(BIO_s_file_internal());

-	if ((ret == NULL) || (sk == NULL) || (in == NULL))
+	if ((sk == NULL) || (in == NULL))
 		{
 		SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
 		goto err;
@ -655,6 +654,15 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 		{
 		if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
 			break;
+		if (ret == NULL)
+			{
+			ret = sk_X509_NAME_new_null();
+			if (ret == NULL)
+				{
+				SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			}
 		if ((xn=X509_get_subject_name(x)) == NULL) goto err;
 		/* check for duplicates */
 		xn=X509_NAME_dup(xn);
@ -677,6 +685,8 @@ err:
 	if (sk != NULL) sk_X509_NAME_free(sk);
 	if (in != NULL) BIO_free(in);
 	if (x != NULL) X509_free(x);
+	if (ret != NULL)
+		ERR_clear_error();
 	return(ret);
 	}
 #endif
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@ -740,9 +740,18 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 			if (!found)
 				break;	/* ignore this entry */

-			algorithms |= ca_list[j]->algorithms;
+			/* New algorithms:
+			 *  1 - any old restrictions apply outside new mask
+			 *  2 - any new restrictions apply outside old mask
+			 *  3 - enforce old & new where masks intersect
+			 */
+			algorithms = (algorithms & ~ca_list[j]->mask) |		/* 1 */
+			             (ca_list[j]->algorithms & ~mask) |		/* 2 */
+			             (algorithms & ca_list[j]->algorithms);	/* 3 */
 			mask |= ca_list[j]->mask;
-			algo_strength |= ca_list[j]->algo_strength;
+			algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
+			                (ca_list[j]->algo_strength & ~mask_strength) |
+			                (algo_strength & ca_list[j]->algo_strength);
 			mask_strength |= ca_list[j]->mask_strength;

 			if (!multi) break;
@ -796,7 +805,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	{
 	int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
 	unsigned long disabled_mask;
-	STACK_OF(SSL_CIPHER) *cipherstack;
+	STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
 	const char *rule_p;
 	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
 	SSL_CIPHER **ca_list = NULL;
@ -804,7 +813,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	/*
 	 * Return with error if nothing to do.
 	 */
-	if (rule_str == NULL) return(NULL);
+	if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
+		return NULL;

 	if (init_ciphers)
 		{
@ -911,46 +921,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 		}
 	OPENSSL_free(co_list);	/* Not needed any longer */

-	/*
-	 * The following passage is a little bit odd. If pointer variables
-	 * were supplied to hold STACK_OF(SSL_CIPHER) return information,
-	 * the old memory pointed to is free()ed. Then, however, the
-	 * cipher_list entry will be assigned just a copy of the returned
-	 * cipher stack. For cipher_list_by_id a copy of the cipher stack
-	 * will be created. See next comment...
-	 */
-	if (cipher_list != NULL)
-		{
-		if (*cipher_list != NULL)
-			sk_SSL_CIPHER_free(*cipher_list);
-		*cipher_list = cipherstack;
-		}
-
-	if (cipher_list_by_id != NULL)
-		{
-		if (*cipher_list_by_id != NULL)
-			sk_SSL_CIPHER_free(*cipher_list_by_id);
-		*cipher_list_by_id = sk_SSL_CIPHER_dup(cipherstack);
-		}
-
-	/*
-	 * Now it is getting really strange. If something failed during
-	 * the previous pointer assignment or if one of the pointers was
-	 * not requested, the error condition is met. That might be
-	 * discussable. The strange thing is however that in this case
-	 * the memory "ret" pointed to is "free()ed" and hence the pointer
-	 * cipher_list becomes wild. The memory reserved for
-	 * cipher_list_by_id however is not "free()ed" and stays intact.
-	 */
-	if (	(cipher_list_by_id == NULL) ||
-		(*cipher_list_by_id == NULL) ||
-		(cipher_list == NULL) ||
-		(*cipher_list == NULL))
+	tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
+	if (tmp_cipher_list == NULL)
 		{
 		sk_SSL_CIPHER_free(cipherstack);
-		return(NULL);
+		return NULL;
 		}
-
+	if (*cipher_list != NULL)
+		sk_SSL_CIPHER_free(*cipher_list);
+	*cipher_list = cipherstack;
+	if (*cipher_list_by_id != NULL)
+		sk_SSL_CIPHER_free(*cipher_list_by_id);
+	*cipher_list_by_id = tmp_cipher_list;
 	sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);

 	return(cipherstack);
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@ -183,6 +183,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_CTRL),	"SSL_ctrl"},
 {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY),	"SSL_CTX_check_private_key"},
 {ERR_FUNC(SSL_F_SSL_CTX_NEW),	"SSL_CTX_new"},
+{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST),	"SSL_CTX_set_cipher_list"},
 {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE),	"SSL_CTX_set_purpose"},
 {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT),	"SSL_CTX_set_session_id_context"},
 {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION),	"SSL_CTX_set_ssl_version"},
@ -213,6 +214,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP),	"SSL_SESSION_print_fp"},
 {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW),	"SSL_SESS_CERT_NEW"},
 {ERR_FUNC(SSL_F_SSL_SET_CERT),	"SSL_SET_CERT"},
+{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST),	"SSL_set_cipher_list"},
 {ERR_FUNC(SSL_F_SSL_SET_FD),	"SSL_set_fd"},
 {ERR_FUNC(SSL_F_SSL_SET_PKEY),	"SSL_SET_PKEY"},
 {ERR_FUNC(SSL_F_SSL_SET_PURPOSE),	"SSL_set_purpose"},
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1153,8 +1153,21 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
 	
 	sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
 		&ctx->cipher_list_by_id,str);
-/* XXXX */
-	return((sk == NULL)?0:1);
+	/* ssl_create_cipher_list may return an empty stack if it
+	 * was unable to find a cipher matching the given rule string
+	 * (for example if the rule string specifies a cipher which
+	 * has been disabled). This is not an error as far as 
+	 * ssl_create_cipher_list is concerned, and hence 
+	 * ctx->cipher_list and ctx->cipher_list_by_id has been
+	 * updated. */
+	if (sk == NULL)
+		return 0;
+	else if (sk_SSL_CIPHER_num(sk) == 0)
+		{
+		SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+		return 0;
+		}
+	return 1;
 	}

 /** specify the ciphers to be used by the SSL */
@ -1164,8 +1177,15 @@ int SSL_set_cipher_list(SSL *s,const char *str)
 	
 	sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
 		&s->cipher_list_by_id,str);
-/* XXXX */
-	return((sk == NULL)?0:1);
+	/* see comment in SSL_CTX_set_cipher_list */
+	if (sk == NULL)
+		return 0;
+	else if (sk_SSL_CIPHER_num(sk) == 0)
+		{
+		SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+		return 0;
+		}
+	return 1;
 	}

 /* works well for SSLv2, not so good for SSLv3 */
@ -1377,8 +1397,8 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 	ret->default_passwd_callback=0;
 	ret->default_passwd_callback_userdata=NULL;
 	ret->client_cert_cb=0;
-    ret->app_gen_cookie_cb=0;
-    ret->app_verify_cookie_cb=0;
+	ret->app_gen_cookie_cb=0;
+	ret->app_verify_cookie_cb=0;

 	ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
 			LHASH_COMP_FN(SSL_SESSION_cmp));
--- a/test/Makefile
+++ b/test/Makefile
@ -312,7 +312,7 @@ BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 	else \
 		LIBRARIES="$(LIBSSL) $(LIBCRYPTO)"; \
 	fi; \
-	$(MAKE) -f $(TOP)/Makefile.shared \
+	$(MAKE) -f $(TOP)/Makefile.shared $(BUILDENV) \
 		APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
 		link_app.$${shlib_target}
@ -549,8 +549,11 @@ md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
 md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c
-mdc2test.o: ../e_os.h ../include/openssl/e_os2.h
-mdc2test.o: ../include/openssl/opensslconf.h mdc2test.c
+mdc2test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
+mdc2test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+mdc2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+mdc2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mdc2test.o: ../include/openssl/symhacks.h mdc2test.c
 randtest.o: ../e_os.h ../include/openssl/e_os2.h
 randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
 randtest.o: ../include/openssl/rand.h randtest.c
@ -559,8 +562,11 @@ rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h rc2test.c
 rc4test.o: ../e_os.h ../include/openssl/e_os2.h
 rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
 rc4test.o: ../include/openssl/sha.h rc4test.c
-rc5test.o: ../e_os.h ../include/openssl/e_os2.h
-rc5test.o: ../include/openssl/opensslconf.h rc5test.c
+rc5test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
+rc5test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+rc5test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rc5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+rc5test.o: ../include/openssl/symhacks.h rc5test.c
 rmdtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rmdtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 rmdtest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
@ -603,11 +609,12 @@ ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
 ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssltest.c
+ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssltest.o: ../include/openssl/x509v3.h ssltest.c
--- a/test/tverify.com
+++ b/test/tverify.com
@ -8,22 +8,22 @@ $	copy/concatenate [-.certs]*.pem certs.tmp
 $
 $	old_f :=
 $ loop_certs:
-$	c := NO
+$	verify := NO
+$	more := YES
 $	certs :=
 $ loop_certs2:
 $	f = f$search("[-.certs]*.pem")
 $	if f .nes. "" .and. f .nes. old_f
 $	then
 $	    certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem"
-$	    c := YES
+$	    verify := YES
 $	    if f$length(certs) .lt. 180 then goto loop_certs2
+$	else
+$	    more := NO
 $	endif
 $	certs = certs - " "
 $
-$	if c
-$	then
-$	    mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
-$	    goto loop_certs
-$	endif
+$	if verify then mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
+$	if more then goto loop_certs
 $
 $	delete certs.tmp;*
--- a/util/libeay.num
+++ b/util/libeay.num
@ -2876,483 +2876,489 @@ EVP_sha256                              3315	EXIST::FUNCTION:SHA,SHA256
 FIPS_selftest_hmac                      3316	NOEXIST::FUNCTION:
 FIPS_corrupt_rng                        3317	NOEXIST::FUNCTION:
 BN_mod_exp_mont_consttime               3318	EXIST::FUNCTION:
-EVP_PKEY_cmp                            3319	EXIST::FUNCTION:
-PEM_write_ECPKParameters                3320	EXIST:!WIN16:FUNCTION:EC
-STORE_list_private_key_end              3321	EXIST::FUNCTION:
-i2d_EC_PUBKEY_bio                       3322	EXIST::FUNCTION:BIO,EC
-BUF_memdup                              3323	EXIST::FUNCTION:
-NAME_CONSTRAINTS_it                     3324	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NAME_CONSTRAINTS_it                     3324	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_KEY_copy                             3325	EXIST::FUNCTION:EC
-STORE_ATTR_INFO_get0_cstr               3326	EXIST::FUNCTION:
-STORE_list_crl_end                      3327	EXIST::FUNCTION:
-EC_KEY_set_asn1_flag                    3328	EXIST::FUNCTION:EC
-X509_VERIFY_PARAM_free                  3329	EXIST::FUNCTION:
-EC_POINT_set_compressed_coordinates_GF2m 3330	EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_compr_coords_GF2m          3330	EXIST:VMS:FUNCTION:EC
-ASN1_generate_nconf                     3331	EXIST::FUNCTION:
-ECPKParameters_print                    3332	EXIST::FUNCTION:BIO,EC
-OBJ_bsearch_ex                          3333	EXIST::FUNCTION:
-EC_GROUP_get_curve_GF2m                 3334	EXIST::FUNCTION:EC
-STORE_method_set_store_function         3335	EXIST::FUNCTION:
-d2i_ECPrivateKey_fp                     3336	EXIST::FUNCTION:EC,FP_API
-EC_KEY_up_ref                           3337	EXIST::FUNCTION:EC
-SHA384_Final                            3338	EXIST::FUNCTION:SHA,SHA512
-EC_POINT_point2bn                       3339	EXIST::FUNCTION:EC
-STORE_modify_private_key                3340	EXIST::FUNCTION:
-ENGINE_get_ECDSA                        3341	EXIST::FUNCTION:ENGINE
-ECDSA_verify                            3342	EXIST::FUNCTION:ECDSA
-STORE_list_certificate_next             3343	EXIST::FUNCTION:
-BN_GF2m_mod_sqr_arr                     3344	EXIST::FUNCTION:
-STORE_OBJECT_free                       3345	EXIST::FUNCTION:
-STORE_delete_crl                        3346	EXIST::FUNCTION:
-X509_CERT_PAIR_it                       3347	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CERT_PAIR_it                       3347	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_VERIFY_PARAM_set_purpose           3348	EXIST::FUNCTION:
-EC_GROUP_get_asn1_flag                  3349	EXIST::FUNCTION:EC
-EC_POINT_set_affine_coordinates_GF2m    3350	EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_affine_coords_GF2m         3350	EXIST:VMS:FUNCTION:EC
-X509_VERIFY_PARAM_set1_name             3351	EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_depth             3352	EXIST::FUNCTION:
-OPENSSL_ia32cap_loc                     3353	EXIST::FUNCTION:
-X509_VERIFY_PARAM_set1                  3354	EXIST::FUNCTION:
-PEM_write_ECPrivateKey                  3355	EXIST:!WIN16:FUNCTION:EC
-EC_GROUP_cmp                            3356	EXIST::FUNCTION:EC
-STORE_ATTR_INFO_modify_sha1str          3357	EXIST::FUNCTION:
-i2o_ECPublicKey                         3358	EXIST::FUNCTION:EC
-EVP_PKEY_get_attr_by_NID                3359	EXIST::FUNCTION:
-ASN1_item_ndef_i2d                      3360	EXIST::FUNCTION:
-STORE_method_set_modify_function        3361	EXIST:!VMS:FUNCTION:
-STORE_meth_set_modify_fn                3361	EXIST:VMS:FUNCTION:
-POLICY_CONSTRAINTS_new                  3362	EXIST::FUNCTION:
-STORE_method_get_generate_function      3363	EXIST:!VMS:FUNCTION:
-STORE_meth_get_generate_fn              3363	EXIST:VMS:FUNCTION:
-STORE_list_public_key_endp              3364	EXIST::FUNCTION:
-BN_BLINDING_convert_ex                  3365	EXIST::FUNCTION:
-STORE_get_ex_new_index                  3366	EXIST::FUNCTION:
-X509_policy_node_get0_qualifiers        3367	EXIST:!VMS:FUNCTION:
-X509_pcy_node_get0_qualifiers           3367	EXIST:VMS:FUNCTION:
-EC_GF2m_simple_method                   3368	EXIST::FUNCTION:EC
-STORE_method_get_get_function           3369	EXIST::FUNCTION:
-EC_GROUP_get_curve_name                 3370	EXIST::FUNCTION:EC
-PEM_write_X509_CERT_PAIR                3371	EXIST:!WIN16:FUNCTION:
-ENGINE_set_default_ECDH                 3372	EXIST::FUNCTION:ENGINE
-ERR_set_mark                            3373	EXIST::FUNCTION:
-sk_find_ex                              3374	EXIST::FUNCTION:
-PEM_read_bio_ECPrivateKey               3375	EXIST::FUNCTION:EC
-BN_GF2m_mod_div_arr                     3376	EXIST::FUNCTION:
-i2d_X509_CERT_PAIR                      3377	EXIST::FUNCTION:
-BN_BLINDING_get_thread_id               3378	EXIST::FUNCTION:
-EC_get_builtin_curves                   3379	EXIST::FUNCTION:EC
-NAME_CONSTRAINTS_new                    3380	EXIST::FUNCTION:
-EVP_PKEY_delete_attr                    3381	EXIST::FUNCTION:
-DSA_generate_parameters_ex              3382	EXIST::FUNCTION:DSA
-X509_VERIFY_PARAM_set_time              3383	EXIST::FUNCTION:
-STORE_delete_private_key                3384	EXIST::FUNCTION:
-STORE_method_set_cleanup_function       3385	EXIST:!VMS:FUNCTION:
-STORE_meth_set_cleanup_fn               3385	EXIST:VMS:FUNCTION:
-PEM_read_bio_X509_CERT_PAIR             3386	EXIST::FUNCTION:
-STORE_ATTR_INFO_get0_number             3387	EXIST::FUNCTION:
-BN_generate_prime_ex                    3388	EXIST::FUNCTION:
-STORE_get_number                        3389	EXIST::FUNCTION:
-ECDH_compute_key                        3390	EXIST::FUNCTION:ECDH
-asn1_const_Finish                       3391	EXIST::FUNCTION:
-STORE_method_get_store_function         3392	EXIST::FUNCTION:
-STORE_parse_attrs_endp                  3393	EXIST::FUNCTION:
-STORE_list_private_key_endp             3394	EXIST::FUNCTION:
-BN_BLINDING_set_thread_id               3395	EXIST::FUNCTION:
-STORE_destroy_method                    3396	EXIST::FUNCTION:
-BN_nist_mod_521                         3397	EXIST::FUNCTION:
-EC_KEY_precompute_mult                  3398	EXIST::FUNCTION:EC
-STORE_ATTR_INFO_free                    3399	EXIST::FUNCTION:
-STORE_store_crl                         3400	EXIST::FUNCTION:
-EVP_PKEY_add1_attr_by_OBJ               3401	EXIST::FUNCTION:
-PKCS7_set_digest                        3402	EXIST::FUNCTION:
-ECDH_get_ex_data                        3403	EXIST::FUNCTION:ECDH
-d2i_ECPrivateKey_bio                    3404	EXIST::FUNCTION:BIO,EC
-BN_GF2m_mod_sqr                         3405	EXIST::FUNCTION:
-STORE_list_certificate_start            3406	EXIST::FUNCTION:
-i2d_ECPrivateKey_bio                    3407	EXIST::FUNCTION:BIO,EC
-STORE_modify_crl                        3408	EXIST::FUNCTION:
-BN_GF2m_mod_div                         3409	EXIST::FUNCTION:
-STORE_new_method                        3410	EXIST::FUNCTION:
-ENGINE_register_STORE                   3411	EXIST::FUNCTION:ENGINE
-STORE_method_get_delete_function        3412	EXIST:!VMS:FUNCTION:
-STORE_meth_get_delete_fn                3412	EXIST:VMS:FUNCTION:
-STORE_list_crl_start                    3413	EXIST::FUNCTION:
-ECDH_set_default_method                 3414	EXIST::FUNCTION:ECDH
-STORE_method_get_cleanup_function       3415	EXIST:!VMS:FUNCTION:
-STORE_meth_get_cleanup_fn               3415	EXIST:VMS:FUNCTION:
-ECDSA_SIG_new                           3416	EXIST::FUNCTION:ECDSA
-OPENSSL_DIR_end                         3417	EXIST::FUNCTION:
-ECDSA_SIG_free                          3418	EXIST::FUNCTION:ECDSA
-BIO_dump_indent_fp                      3419	EXIST::FUNCTION:FP_API
-EC_GROUP_get_basis_type                 3420	EXIST::FUNCTION:EC
-pqueue_insert                           3421	EXIST::FUNCTION:
-EC_KEY_print                            3422	EXIST::FUNCTION:BIO,EC
-STORE_revoke_certificate                3423	EXIST::FUNCTION:
-STORE_method_get_list_end_function      3424	EXIST:!VMS:FUNCTION:
-STORE_meth_get_list_end_fn              3424	EXIST:VMS:FUNCTION:
-EC_METHOD_get_field_type                3425	EXIST::FUNCTION:EC
-PEM_write_EC_PUBKEY                     3426	EXIST:!WIN16:FUNCTION:EC
-EC_POINT_point2hex                      3427	EXIST::FUNCTION:EC
-STORE_store_number                      3428	EXIST::FUNCTION:
-DH_generate_parameters_ex               3429	EXIST::FUNCTION:DH
-STORE_Memory                            3430	EXIST::FUNCTION:
-SHA224_Final                            3431	EXIST::FUNCTION:SHA,SHA256
-EC_GROUP_get0_seed                      3432	EXIST::FUNCTION:EC
-EVP_ecdsa                               3433	EXIST::FUNCTION:SHA
+RSA_X931_hash_id                        3319	EXIST::FUNCTION:RSA
+RSA_padding_check_X931                  3320	EXIST::FUNCTION:RSA
+RSA_verify_PKCS1_PSS                    3321	EXIST::FUNCTION:RSA
+RSA_padding_add_X931                    3322	EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_PSS               3323	EXIST::FUNCTION:RSA
+PKCS1_MGF1                              3324	EXIST::FUNCTION:RSA
+BIO_new_dgram                           3325	EXIST::FUNCTION:
+BN_get0_nist_prime_384                  3326	EXIST::FUNCTION:
+ERR_set_mark                            3327	EXIST::FUNCTION:
+X509_STORE_CTX_set0_crls                3328	EXIST::FUNCTION:
+ENGINE_set_STORE                        3329	EXIST::FUNCTION:ENGINE
+ENGINE_register_ECDSA                   3330	EXIST::FUNCTION:ENGINE
+STORE_method_set_list_start_function    3331	EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_start_fn            3331	EXIST:VMS:FUNCTION:
+BN_BLINDING_invert_ex                   3332	EXIST::FUNCTION:
+NAME_CONSTRAINTS_free                   3333	EXIST::FUNCTION:
+STORE_ATTR_INFO_set_number              3334	EXIST::FUNCTION:
+BN_BLINDING_get_thread_id               3335	EXIST::FUNCTION:
+X509_STORE_CTX_set0_param               3336	EXIST::FUNCTION:
+POLICY_MAPPING_it                       3337	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPING_it                       3337	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_parse_attrs_start                 3338	EXIST::FUNCTION:
+POLICY_CONSTRAINTS_free                 3339	EXIST::FUNCTION:
+EVP_PKEY_add1_attr_by_NID               3340	EXIST::FUNCTION:
+BN_nist_mod_192                         3341	EXIST::FUNCTION:
+EC_GROUP_get_trinomial_basis            3342	EXIST::FUNCTION:EC
+STORE_set_method                        3343	EXIST::FUNCTION:
+GENERAL_SUBTREE_free                    3344	EXIST::FUNCTION:
+NAME_CONSTRAINTS_it                     3345	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NAME_CONSTRAINTS_it                     3345	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ECDH_get_default_method                 3346	EXIST::FUNCTION:ECDH
+PKCS12_add_safe                         3347	EXIST::FUNCTION:
+EC_KEY_new_by_curve_name                3348	EXIST::FUNCTION:EC
+STORE_method_get_update_store_function  3349	EXIST:!VMS:FUNCTION:
+STORE_meth_get_update_store_fn          3349	EXIST:VMS:FUNCTION:
+ENGINE_register_ECDH                    3350	EXIST::FUNCTION:ENGINE
+SHA512_Update                           3351	EXIST::FUNCTION:SHA,SHA512
+i2d_ECPrivateKey                        3352	EXIST::FUNCTION:EC
+BN_get0_nist_prime_192                  3353	EXIST::FUNCTION:
+STORE_modify_certificate                3354	EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GF2m    3355	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_affine_coords_GF2m         3355	EXIST:VMS:FUNCTION:EC
+BN_GF2m_mod_exp_arr                     3356	EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_number           3357	EXIST::FUNCTION:
+X509_keyid_get0                         3358	EXIST::FUNCTION:
+ENGINE_load_gmp                         3359	EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
+pitem_new                               3360	EXIST::FUNCTION:
+BN_GF2m_mod_mul_arr                     3361	EXIST::FUNCTION:
+STORE_list_public_key_endp              3362	EXIST::FUNCTION:
+o2i_ECPublicKey                         3363	EXIST::FUNCTION:EC
+EC_KEY_copy                             3364	EXIST::FUNCTION:EC
+BIO_dump_fp                             3365	EXIST::FUNCTION:FP_API
+X509_policy_node_get0_parent            3366	EXIST::FUNCTION:
+EC_GROUP_check_discriminant             3367	EXIST::FUNCTION:EC
+i2o_ECPublicKey                         3368	EXIST::FUNCTION:EC
+EC_KEY_precompute_mult                  3369	EXIST::FUNCTION:EC
+a2i_IPADDRESS                           3370	EXIST::FUNCTION:
+STORE_method_set_initialise_function    3371	EXIST:!VMS:FUNCTION:
+STORE_meth_set_initialise_fn            3371	EXIST:VMS:FUNCTION:
+X509_STORE_CTX_set_depth                3372	EXIST::FUNCTION:
+X509_VERIFY_PARAM_inherit               3373	EXIST::FUNCTION:
+EC_POINT_point2bn                       3374	EXIST::FUNCTION:EC
+STORE_ATTR_INFO_set_dn                  3375	EXIST::FUNCTION:
+X509_policy_tree_get0_policies          3376	EXIST::FUNCTION:
+EC_GROUP_new_curve_GF2m                 3377	EXIST::FUNCTION:EC
+STORE_destroy_method                    3378	EXIST::FUNCTION:
+ENGINE_unregister_STORE                 3379	EXIST::FUNCTION:ENGINE
+EVP_PKEY_get1_EC_KEY                    3380	EXIST::FUNCTION:EC
+STORE_ATTR_INFO_get0_number             3381	EXIST::FUNCTION:
+ENGINE_get_default_ECDH                 3382	EXIST::FUNCTION:ENGINE
+EC_KEY_get_conv_form                    3383	EXIST::FUNCTION:EC
+ASN1_OCTET_STRING_NDEF_it               3384	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_NDEF_it               3384	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_delete_public_key                 3385	EXIST::FUNCTION:
+STORE_get_public_key                    3386	EXIST::FUNCTION:
+STORE_modify_arbitrary                  3387	EXIST::FUNCTION:
+ENGINE_get_static_state                 3388	EXIST::FUNCTION:ENGINE
+pqueue_iterator                         3389	EXIST::FUNCTION:
+ECDSA_SIG_new                           3390	EXIST::FUNCTION:ECDSA
+OPENSSL_DIR_end                         3391	EXIST::FUNCTION:
+BN_GF2m_mod_sqr                         3392	EXIST::FUNCTION:
+EC_POINT_bn2point                       3393	EXIST::FUNCTION:EC
+X509_VERIFY_PARAM_set_depth             3394	EXIST::FUNCTION:
+EC_KEY_set_asn1_flag                    3395	EXIST::FUNCTION:EC
+STORE_get_method                        3396	EXIST::FUNCTION:
+EC_KEY_get_key_method_data              3397	EXIST::FUNCTION:EC
+ECDSA_sign_ex                           3398	EXIST::FUNCTION:ECDSA
+STORE_parse_attrs_end                   3399	EXIST::FUNCTION:
+EC_GROUP_get_point_conversion_form      3400	EXIST:!VMS:FUNCTION:EC
+EC_GROUP_get_point_conv_form            3400	EXIST:VMS:FUNCTION:EC
+STORE_method_set_store_function         3401	EXIST::FUNCTION:
+STORE_ATTR_INFO_in                      3402	EXIST::FUNCTION:
+PEM_read_bio_ECPKParameters             3403	EXIST::FUNCTION:EC
+EC_GROUP_get_pentanomial_basis          3404	EXIST::FUNCTION:EC
+EVP_PKEY_add1_attr_by_txt               3405	EXIST::FUNCTION:
+BN_BLINDING_set_flags                   3406	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_policies         3407	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_name             3408	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_purpose           3409	EXIST::FUNCTION:
+STORE_get_number                        3410	EXIST::FUNCTION:
+ECDSA_sign_setup                        3411	EXIST::FUNCTION:ECDSA
+BN_GF2m_mod_solve_quad_arr              3412	EXIST::FUNCTION:
+EC_KEY_up_ref                           3413	EXIST::FUNCTION:EC
+POLICY_MAPPING_free                     3414	EXIST::FUNCTION:
+BN_GF2m_mod_div                         3415	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_flags             3416	EXIST::FUNCTION:
+EC_KEY_free                             3417	EXIST::FUNCTION:EC
+STORE_method_set_list_next_function     3418	EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_next_fn             3418	EXIST:VMS:FUNCTION:
+PEM_write_bio_ECPrivateKey              3419	EXIST::FUNCTION:EC
+d2i_EC_PUBKEY                           3420	EXIST::FUNCTION:EC
+STORE_method_get_generate_function      3421	EXIST:!VMS:FUNCTION:
+STORE_meth_get_generate_fn              3421	EXIST:VMS:FUNCTION:
+STORE_method_set_list_end_function      3422	EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_end_fn              3422	EXIST:VMS:FUNCTION:
+pqueue_print                            3423	EXIST::FUNCTION:
+EC_GROUP_have_precompute_mult           3424	EXIST::FUNCTION:EC
+EC_KEY_print_fp                         3425	EXIST::FUNCTION:EC,FP_API
+BN_GF2m_mod_arr                         3426	EXIST::FUNCTION:
+PEM_write_bio_X509_CERT_PAIR            3427	EXIST::FUNCTION:
+EVP_PKEY_cmp                            3428	EXIST::FUNCTION:
+X509_policy_level_node_count            3429	EXIST::FUNCTION:
+STORE_new_engine                        3430	EXIST::FUNCTION:
+STORE_list_public_key_start             3431	EXIST::FUNCTION:
+X509_VERIFY_PARAM_new                   3432	EXIST::FUNCTION:
+ECDH_get_ex_data                        3433	EXIST::FUNCTION:ECDH
 EVP_PKEY_get_attr                       3434	EXIST::FUNCTION:
-X509_VERIFY_PARAM_lookup                3435	EXIST::FUNCTION:
-ECDSA_get_ex_data                       3436	EXIST::FUNCTION:ECDSA
-STORE_get_certificate                   3437	EXIST::FUNCTION:
-BN_GF2m_mod                             3438	EXIST::FUNCTION:
-ENGINE_set_ECDH                         3439	EXIST::FUNCTION:ENGINE
-NAME_CONSTRAINTS_free                   3440	EXIST::FUNCTION:
-X509_policy_node_get0_parent            3441	EXIST::FUNCTION:
-BN_GF2m_mod_exp_arr                     3442	EXIST::FUNCTION:
-ENGINE_unregister_ECDH                  3443	EXIST::FUNCTION:ENGINE
-BIO_new_dgram                           3444	EXIST::FUNCTION:
-EVP_PKEY_add1_attr_by_NID               3445	EXIST::FUNCTION:
-EC_KEY_get_conv_form                    3446	EXIST::FUNCTION:EC
-v2i_GENERAL_NAME_ex                     3447	EXIST::FUNCTION:
-STORE_store_private_key                 3448	EXIST::FUNCTION:
-STORE_method_set_revoke_function        3449	EXIST:!VMS:FUNCTION:
-STORE_meth_set_revoke_fn                3449	EXIST:VMS:FUNCTION:
-EC_GROUP_get_seed_len                   3450	EXIST::FUNCTION:EC
-POLICY_MAPPINGS_it                      3451	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_MAPPINGS_it                      3451	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_KEY_check_key                        3452	EXIST::FUNCTION:EC
-X509_STORE_CTX_get_explicit_policy      3453	EXIST:!VMS:FUNCTION:
-X509_STORE_CTX_get_expl_policy          3453	EXIST:VMS:FUNCTION:
-STORE_ATTR_INFO_modify_number           3454	EXIST::FUNCTION:
-STORE_modify_number                     3455	EXIST::FUNCTION:
-OPENSSL_DIR_read                        3456	EXIST::FUNCTION:
-STORE_new_engine                        3457	EXIST::FUNCTION:
-ASN1_const_check_infinite_end           3458	EXIST::FUNCTION:
-STORE_ATTR_INFO_set_sha1str             3459	EXIST::FUNCTION:
-i2d_PKCS7_NDEF                          3460	EXIST::FUNCTION:
-SHA512_Update                           3461	EXIST::FUNCTION:SHA,SHA512
-PKCS12_add_safes                        3462	EXIST::FUNCTION:
-BN_get0_nist_prime_384                  3463	EXIST::FUNCTION:
-BN_is_prime_ex                          3464	EXIST::FUNCTION:
-BN_GENCB_call                           3465	EXIST::FUNCTION:
-EC_KEY_get0_public_key                  3466	EXIST::FUNCTION:EC
-ERR_pop_to_mark                         3467	EXIST::FUNCTION:
-EC_KEY_get_key_method_data              3468	EXIST::FUNCTION:EC
-STORE_parse_attrs_next                  3469	EXIST::FUNCTION:
-v2i_ASN1_BIT_STRING                     3470	EXIST::FUNCTION:
-STORE_create_method                     3471	EXIST::FUNCTION:
-PKCS12_add_key                          3472	EXIST::FUNCTION:
-X509_VERIFY_PARAM_add0_policy           3473	EXIST::FUNCTION:
-STORE_set_method                        3474	EXIST::FUNCTION:
-X509_VERIFY_PARAM_get_depth             3475	EXIST::FUNCTION:
-STORE_list_public_key_start             3476	EXIST::FUNCTION:
-BN_GF2m_mod_mul_arr                     3477	EXIST::FUNCTION:
-d2i_X509_CERT_PAIR                      3478	EXIST::FUNCTION:
-BN_nist_mod_192                         3479	EXIST::FUNCTION:
-i2d_ECPrivateKey_fp                     3480	EXIST::FUNCTION:EC,FP_API
-EC_GROUP_check_discriminant             3481	EXIST::FUNCTION:EC
-ECPKParameters_print_fp                 3482	EXIST::FUNCTION:EC,FP_API
-POLICY_CONSTRAINTS_it                   3483	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_CONSTRAINTS_it                   3483	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-o2i_ECPublicKey                         3484	EXIST::FUNCTION:EC
-STORE_method_set_get_function           3485	EXIST::FUNCTION:
-X509_policy_node_get0_policy            3486	EXIST::FUNCTION:
-ENGINE_set_default_ECDSA                3487	EXIST::FUNCTION:ENGINE
-STORE_get_public_key                    3488	EXIST::FUNCTION:
-d2i_ECDSA_SIG                           3489	EXIST::FUNCTION:ECDSA
-SHA256_Init                             3490	EXIST::FUNCTION:SHA,SHA256
-EC_GROUP_have_precompute_mult           3491	EXIST::FUNCTION:EC
-EVP_PKEY_add1_attr                      3492	EXIST::FUNCTION:
-d2i_EC_PUBKEY_fp                        3493	EXIST::FUNCTION:EC,FP_API
-PEM_read_ECPrivateKey                   3494	EXIST:!WIN16:FUNCTION:EC
-BN_GF2m_mod_inv_arr                     3495	EXIST::FUNCTION:
-STORE_method_set_unlock_store_function  3496	EXIST:!VMS:FUNCTION:
-STORE_meth_set_unlock_store_fn          3496	EXIST:VMS:FUNCTION:
-STORE_list_crl_next                     3497	EXIST::FUNCTION:
-EC_POINT_dup                            3498	EXIST::FUNCTION:EC
-ENGINE_set_STORE                        3499	EXIST::FUNCTION:ENGINE
-STORE_method_get_list_next_function     3500	EXIST:!VMS:FUNCTION:
-STORE_meth_get_list_next_fn             3500	EXIST:VMS:FUNCTION:
-PKCS7_set0_type_other                   3501	EXIST::FUNCTION:
-STORE_ATTR_INFO_set_number              3502	EXIST::FUNCTION:
-STORE_get_private_key                   3503	EXIST::FUNCTION:
-SHA384_Init                             3504	EXIST::FUNCTION:SHA,SHA512
-SHA384_Update                           3505	EXIST::FUNCTION:SHA,SHA512
-EC_GROUP_get_pentanomial_basis          3506	EXIST::FUNCTION:EC
-EC_KEY_free                             3507	EXIST::FUNCTION:EC
-BN_GF2m_mod_mul                         3508	EXIST::FUNCTION:
-X509_CERT_PAIR_new                      3509	EXIST::FUNCTION:
-X509_policy_check                       3510	EXIST::FUNCTION:
-EC_KEY_insert_key_method_data           3511	EXIST::FUNCTION:EC
-ENGINE_register_all_ECDSA               3512	EXIST::FUNCTION:ENGINE
-ECDSA_set_ex_data                       3513	EXIST::FUNCTION:ECDSA
-SHA384                                  3514	EXIST::FUNCTION:SHA,SHA512
-BN_GF2m_mod_inv                         3515	EXIST::FUNCTION:
-PEM_write_bio_ECPKParameters            3516	EXIST::FUNCTION:EC
-STORE_delete_public_key                 3517	EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_flags             3518	EXIST::FUNCTION:
-i2d_ECParameters                        3519	EXIST::FUNCTION:EC
-BN_GF2m_arr2poly                        3520	EXIST::FUNCTION:
-STORE_method_set_delete_function        3521	EXIST:!VMS:FUNCTION:
-STORE_meth_set_delete_fn                3521	EXIST:VMS:FUNCTION:
-EC_GROUP_new_by_curve_name              3522	EXIST::FUNCTION:EC
-X509_policy_level_get0_node             3523	EXIST::FUNCTION:
-d2i_ECPrivateKey                        3524	EXIST::FUNCTION:EC
-STORE_method_set_update_store_function  3525	EXIST:!VMS:FUNCTION:
-STORE_meth_set_update_store_fn          3525	EXIST:VMS:FUNCTION:
-ERR_load_ECDH_strings                   3526	EXIST::FUNCTION:ECDH
-STORE_ATTR_INFO_modify_dn               3527	EXIST::FUNCTION:
-EC_GROUP_set_curve_GF2m                 3528	EXIST::FUNCTION:EC
-X509_STORE_CTX_get0_param               3529	EXIST::FUNCTION:
-SHA224_Update                           3530	EXIST::FUNCTION:SHA,SHA256
-SHA256_Update                           3531	EXIST::FUNCTION:SHA,SHA256
-EC_KEY_set_group                        3532	EXIST::FUNCTION:EC
-PEM_write_bio_EC_PUBKEY                 3533	EXIST::FUNCTION:EC
-pqueue_free                             3534	EXIST::FUNCTION:
-POLICY_MAPPING_new                      3535	EXIST::FUNCTION:
-EC_KEY_new                              3536	EXIST::FUNCTION:EC
-STORE_list_public_key_next              3537	EXIST::FUNCTION:
-X509_CERT_PAIR_free                     3538	EXIST::FUNCTION:
-BN_set_negative                         3539	EXIST::FUNCTION:
-BN_nist_mod_256                         3540	EXIST::FUNCTION:
-BN_get0_nist_prime_256                  3541	EXIST::FUNCTION:
-RSA_generate_key_ex                     3542	EXIST::FUNCTION:RSA
+ECDSA_do_sign                           3435	EXIST::FUNCTION:ECDSA
+ENGINE_unregister_ECDH                  3436	EXIST::FUNCTION:ENGINE
+ECDH_OpenSSL                            3437	EXIST::FUNCTION:ECDH
+EC_KEY_set_conv_form                    3438	EXIST::FUNCTION:EC
+EC_POINT_dup                            3439	EXIST::FUNCTION:EC
+GENERAL_SUBTREE_new                     3440	EXIST::FUNCTION:
+STORE_list_crl_endp                     3441	EXIST::FUNCTION:
+EC_get_builtin_curves                   3442	EXIST::FUNCTION:EC
+X509_policy_node_get0_qualifiers        3443	EXIST:!VMS:FUNCTION:
+X509_pcy_node_get0_qualifiers           3443	EXIST:VMS:FUNCTION:
+STORE_list_crl_end                      3444	EXIST::FUNCTION:
+EVP_PKEY_set1_EC_KEY                    3445	EXIST::FUNCTION:EC
+BN_GF2m_mod_sqrt_arr                    3446	EXIST::FUNCTION:
+i2d_ECPrivateKey_bio                    3447	EXIST::FUNCTION:BIO,EC
+ECPKParameters_print_fp                 3448	EXIST::FUNCTION:EC,FP_API
+pqueue_find                             3449	EXIST::FUNCTION:
+ECDSA_SIG_free                          3450	EXIST::FUNCTION:ECDSA
+PEM_write_bio_ECPKParameters            3451	EXIST::FUNCTION:EC
+STORE_method_set_ctrl_function          3452	EXIST::FUNCTION:
+STORE_list_public_key_end               3453	EXIST::FUNCTION:
+EC_KEY_set_private_key                  3454	EXIST::FUNCTION:EC
+pqueue_peek                             3455	EXIST::FUNCTION:
+STORE_get_arbitrary                     3456	EXIST::FUNCTION:
+STORE_store_crl                         3457	EXIST::FUNCTION:
+X509_policy_node_get0_policy            3458	EXIST::FUNCTION:
+PKCS12_add_safes                        3459	EXIST::FUNCTION:
+BN_BLINDING_convert_ex                  3460	EXIST::FUNCTION:
+X509_policy_tree_free                   3461	EXIST::FUNCTION:
+OPENSSL_ia32cap_loc                     3462	EXIST::FUNCTION:
+BN_GF2m_poly2arr                        3463	EXIST::FUNCTION:
+STORE_ctrl                              3464	EXIST::FUNCTION:
+STORE_ATTR_INFO_compare                 3465	EXIST::FUNCTION:
+BN_get0_nist_prime_224                  3466	EXIST::FUNCTION:
+i2d_ECParameters                        3467	EXIST::FUNCTION:EC
+i2d_ECPKParameters                      3468	EXIST::FUNCTION:EC
+BN_GENCB_call                           3469	EXIST::FUNCTION:
+d2i_ECPKParameters                      3470	EXIST::FUNCTION:EC
+STORE_method_set_generate_function      3471	EXIST:!VMS:FUNCTION:
+STORE_meth_set_generate_fn              3471	EXIST:VMS:FUNCTION:
+ENGINE_set_ECDH                         3472	EXIST::FUNCTION:ENGINE
+NAME_CONSTRAINTS_new                    3473	EXIST::FUNCTION:
+SHA256_Init                             3474	EXIST::FUNCTION:SHA,SHA256
+EC_KEY_get0_public_key                  3475	EXIST::FUNCTION:EC
+PEM_write_bio_EC_PUBKEY                 3476	EXIST::FUNCTION:EC
+STORE_ATTR_INFO_set_cstr                3477	EXIST::FUNCTION:
+STORE_list_crl_next                     3478	EXIST::FUNCTION:
+STORE_ATTR_INFO_in_range                3479	EXIST::FUNCTION:
+ECParameters_print                      3480	EXIST::FUNCTION:BIO,EC
+STORE_method_set_delete_function        3481	EXIST:!VMS:FUNCTION:
+STORE_meth_set_delete_fn                3481	EXIST:VMS:FUNCTION:
+STORE_list_certificate_next             3482	EXIST::FUNCTION:
+ASN1_generate_nconf                     3483	EXIST::FUNCTION:
+BUF_memdup                              3484	EXIST::FUNCTION:
+BN_GF2m_mod_mul                         3485	EXIST::FUNCTION:
+STORE_method_get_list_next_function     3486	EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_next_fn             3486	EXIST:VMS:FUNCTION:
+STORE_ATTR_INFO_get0_dn                 3487	EXIST::FUNCTION:
+STORE_list_private_key_next             3488	EXIST::FUNCTION:
+EC_GROUP_set_seed                       3489	EXIST::FUNCTION:EC
+X509_VERIFY_PARAM_set_trust             3490	EXIST::FUNCTION:
+STORE_ATTR_INFO_free                    3491	EXIST::FUNCTION:
+STORE_get_private_key                   3492	EXIST::FUNCTION:
+EVP_PKEY_get_attr_count                 3493	EXIST::FUNCTION:
+STORE_ATTR_INFO_new                     3494	EXIST::FUNCTION:
+EC_GROUP_get_curve_GF2m                 3495	EXIST::FUNCTION:EC
+STORE_method_set_revoke_function        3496	EXIST:!VMS:FUNCTION:
+STORE_meth_set_revoke_fn                3496	EXIST:VMS:FUNCTION:
+STORE_store_number                      3497	EXIST::FUNCTION:
+BN_is_prime_ex                          3498	EXIST::FUNCTION:
+STORE_revoke_public_key                 3499	EXIST::FUNCTION:
+X509_STORE_CTX_get0_param               3500	EXIST::FUNCTION:
+STORE_delete_arbitrary                  3501	EXIST::FUNCTION:
+PEM_read_X509_CERT_PAIR                 3502	EXIST:!WIN16:FUNCTION:
+X509_STORE_set_depth                    3503	EXIST::FUNCTION:
+ECDSA_get_ex_data                       3504	EXIST::FUNCTION:ECDSA
+SHA224                                  3505	EXIST::FUNCTION:SHA,SHA256
+BIO_dump_indent_fp                      3506	EXIST::FUNCTION:FP_API
+EC_KEY_set_group                        3507	EXIST::FUNCTION:EC
+BUF_strndup                             3508	EXIST::FUNCTION:
+STORE_list_certificate_start            3509	EXIST::FUNCTION:
+BN_GF2m_mod                             3510	EXIST::FUNCTION:
+X509_REQ_check_private_key              3511	EXIST::FUNCTION:
+EC_GROUP_get_seed_len                   3512	EXIST::FUNCTION:EC
+ERR_load_STORE_strings                  3513	EXIST::FUNCTION:
+PEM_read_bio_EC_PUBKEY                  3514	EXIST::FUNCTION:EC
+STORE_list_private_key_end              3515	EXIST::FUNCTION:
+i2d_EC_PUBKEY                           3516	EXIST::FUNCTION:EC
+ECDSA_get_default_method                3517	EXIST::FUNCTION:ECDSA
+ASN1_put_eoc                            3518	EXIST::FUNCTION:
+X509_STORE_CTX_get_explicit_policy      3519	EXIST:!VMS:FUNCTION:
+X509_STORE_CTX_get_expl_policy          3519	EXIST:VMS:FUNCTION:
+X509_VERIFY_PARAM_table_cleanup         3520	EXIST::FUNCTION:
+STORE_modify_private_key                3521	EXIST::FUNCTION:
+X509_VERIFY_PARAM_free                  3522	EXIST::FUNCTION:
+EC_METHOD_get_field_type                3523	EXIST::FUNCTION:EC
+EC_GFp_nist_method                      3524	EXIST::FUNCTION:EC
+STORE_method_set_modify_function        3525	EXIST:!VMS:FUNCTION:
+STORE_meth_set_modify_fn                3525	EXIST:VMS:FUNCTION:
+STORE_parse_attrs_next                  3526	EXIST::FUNCTION:
+ENGINE_load_padlock                     3527	EXIST::FUNCTION:ENGINE
+EC_GROUP_set_curve_name                 3528	EXIST::FUNCTION:EC
+X509_CERT_PAIR_it                       3529	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_PAIR_it                       3529	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_method_get_revoke_function        3530	EXIST:!VMS:FUNCTION:
+STORE_meth_get_revoke_fn                3530	EXIST:VMS:FUNCTION:
+STORE_method_set_get_function           3531	EXIST::FUNCTION:
+STORE_modify_number                     3532	EXIST::FUNCTION:
+STORE_method_get_store_function         3533	EXIST::FUNCTION:
+STORE_store_private_key                 3534	EXIST::FUNCTION:
+BN_GF2m_mod_sqr_arr                     3535	EXIST::FUNCTION:
+RSA_setup_blinding                      3536	EXIST::FUNCTION:RSA
+BIO_s_datagram                          3537	EXIST::FUNCTION:DGRAM
+STORE_Memory                            3538	EXIST::FUNCTION:
+sk_find_ex                              3539	EXIST::FUNCTION:
+EC_GROUP_set_curve_GF2m                 3540	EXIST::FUNCTION:EC
+ENGINE_set_default_ECDSA                3541	EXIST::FUNCTION:ENGINE
+POLICY_CONSTRAINTS_new                  3542	EXIST::FUNCTION:
 BN_GF2m_mod_sqrt                        3543	EXIST::FUNCTION:
-ASN1_put_eoc                            3544	EXIST::FUNCTION:
-X509_policy_tree_get0_policies          3545	EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_trust             3546	EXIST::FUNCTION:
-EC_GROUP_get_trinomial_basis            3547	EXIST::FUNCTION:EC
-ECDSA_sign_setup                        3548	EXIST::FUNCTION:ECDSA
-X509_VERIFY_PARAM_table_cleanup         3549	EXIST::FUNCTION:
-ENGINE_unregister_ECDSA                 3550	EXIST::FUNCTION:ENGINE
-STORE_generate_key                      3551	EXIST::FUNCTION:
-ENGINE_register_ECDH                    3552	EXIST::FUNCTION:ENGINE
-SHA512_Transform                        3553	EXIST::FUNCTION:SHA,SHA512
-X509_STORE_CTX_set_depth                3554	EXIST::FUNCTION:
-STORE_list_crl_endp                     3555	EXIST::FUNCTION:
-EVP_PKEY_get1_EC_KEY                    3556	EXIST::FUNCTION:EC
-STORE_get_ex_data                       3557	EXIST::FUNCTION:
-X509_VERIFY_PARAM_add0_table            3558	EXIST::FUNCTION:
-BN_GF2m_mod_sqrt_arr                    3559	EXIST::FUNCTION:
-EVP_PKEY_add1_attr_by_txt               3560	EXIST::FUNCTION:
-X509_STORE_CTX_set_default              3561	EXIST::FUNCTION:
-i2d_EC_PUBKEY_fp                        3562	EXIST::FUNCTION:EC,FP_API
-BN_BLINDING_invert_ex                   3563	EXIST::FUNCTION:
-EC_POINT_hex2point                      3564	EXIST::FUNCTION:EC
-PEM_read_bio_ECPKParameters             3565	EXIST::FUNCTION:EC
-PEM_write_bio_X509_CERT_PAIR            3566	EXIST::FUNCTION:
-EC_KEY_new_by_curve_name                3567	EXIST::FUNCTION:EC
-STORE_ATTR_INFO_in_range                3568	EXIST::FUNCTION:
-STORE_method_get_initialise_function    3569	EXIST:!VMS:FUNCTION:
-STORE_meth_get_initialise_fn            3569	EXIST:VMS:FUNCTION:
-STORE_ATTR_INFO_get0_dn                 3570	EXIST::FUNCTION:
-STORE_set_ex_data                       3571	EXIST::FUNCTION:
-X509_REQ_check_private_key              3572	EXIST::FUNCTION:
-STORE_ATTR_INFO_get0_sha1str            3573	EXIST::FUNCTION:
-EC_GROUP_set_asn1_flag                  3574	EXIST::FUNCTION:EC
-ECDH_set_method                         3575	EXIST::FUNCTION:ECDH
-ECDSA_do_sign                           3576	EXIST::FUNCTION:ECDSA
-STORE_ATTR_INFO_new                     3577	EXIST::FUNCTION:
-STORE_method_get_lock_store_function    3578	EXIST:!VMS:FUNCTION:
-STORE_meth_get_lock_store_fn            3578	EXIST:VMS:FUNCTION:
-EC_KEY_set_public_key                   3579	EXIST::FUNCTION:EC
-BUF_strndup                             3580	EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_cstr             3581	EXIST::FUNCTION:
-POLICY_MAPPING_free                     3582	EXIST::FUNCTION:
-BN_get0_nist_prime_192                  3583	EXIST::FUNCTION:
-i2d_EC_PUBKEY                           3584	EXIST::FUNCTION:EC
-STORE_method_set_lock_store_function    3585	EXIST:!VMS:FUNCTION:
-STORE_meth_set_lock_store_fn            3585	EXIST:VMS:FUNCTION:
-PKCS12_add_safe                         3586	EXIST::FUNCTION:
-STORE_free                              3587	EXIST::FUNCTION:
-GENERAL_SUBTREE_it                      3588	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-GENERAL_SUBTREE_it                      3588	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ECDSA_do_verify                         3589	EXIST::FUNCTION:ECDSA
-GENERAL_SUBTREE_free                    3590	EXIST::FUNCTION:
-EC_KEY_get0_private_key                 3591	EXIST::FUNCTION:EC
-ECDSA_get_ex_new_index                  3592	EXIST::FUNCTION:ECDSA
-SHA224                                  3593	EXIST::FUNCTION:SHA,SHA256
-STORE_delete_certificate                3594	EXIST::FUNCTION:
-ECDSA_sign_ex                           3595	EXIST::FUNCTION:ECDSA
-BN_is_prime_fasttest_ex                 3596	EXIST::FUNCTION:
-EC_GROUP_set_curve_name                 3597	EXIST::FUNCTION:EC
-EVP_PKEY_set1_EC_KEY                    3598	EXIST::FUNCTION:EC
-STORE_store_arbitrary                   3599	EXIST::FUNCTION:
-EC_KEY_print_fp                         3600	EXIST::FUNCTION:EC,FP_API
-STORE_list_public_key_end               3601	EXIST::FUNCTION:
-SHA256_Transform                        3602	EXIST::FUNCTION:SHA,SHA256
-X509_policy_tree_level_count            3603	EXIST::FUNCTION:
-SHA512_Init                             3604	EXIST::FUNCTION:SHA,SHA512
-STORE_ATTR_INFO_in                      3605	EXIST::FUNCTION:
-ENGINE_get_default_ECDSA                3606	EXIST::FUNCTION:ENGINE
-ENGINE_get_static_state                 3607	EXIST::FUNCTION:ENGINE
-ECParameters_print                      3608	EXIST::FUNCTION:BIO,EC
-STORE_get_arbitrary                     3609	EXIST::FUNCTION:
-BN_BLINDING_set_flags                   3610	EXIST::FUNCTION:
-BN_GF2m_mod_solve_quad                  3611	EXIST::FUNCTION:
-STORE_delete_number                     3612	EXIST::FUNCTION:
-STORE_method_get_revoke_function        3613	EXIST:!VMS:FUNCTION:
-STORE_meth_get_revoke_fn                3613	EXIST:VMS:FUNCTION:
-STORE_ATTR_INFO_set_cstr                3614	EXIST::FUNCTION:
-BIO_dump_indent_cb                      3615	EXIST::FUNCTION:
-EC_KEY_dup                              3616	EXIST::FUNCTION:EC
-X509_keyid_get0                         3617	EXIST::FUNCTION:
-STORE_get_method                        3618	EXIST::FUNCTION:
-PKCS12_add_cert                         3619	EXIST::FUNCTION:
-X509_STORE_set1_param                   3620	EXIST::FUNCTION:
-BN_BLINDING_create_param                3621	EXIST::FUNCTION:
-BN_BLINDING_get_flags                   3622	EXIST::FUNCTION:
-EVP_PKEY_get_attr_count                 3623	EXIST::FUNCTION:
-STORE_parse_attrs_start                 3624	EXIST::FUNCTION:
-STORE_method_set_list_next_function     3625	EXIST:!VMS:FUNCTION:
-STORE_meth_set_list_next_fn             3625	EXIST:VMS:FUNCTION:
-STORE_parse_attrs_end                   3626	EXIST::FUNCTION:
-EC_GROUP_get_point_conversion_form      3627	EXIST:!VMS:FUNCTION:EC
-EC_GROUP_get_point_conv_form            3627	EXIST:VMS:FUNCTION:EC
-EC_KEY_get0_group                       3628	EXIST::FUNCTION:EC
-SHA256                                  3629	EXIST::FUNCTION:SHA,SHA256
-EC_GROUP_set_seed                       3630	EXIST::FUNCTION:EC
-pqueue_pop                              3631	EXIST::FUNCTION:
-i2d_ECPKParameters                      3632	EXIST::FUNCTION:EC
-pitem_new                               3633	EXIST::FUNCTION:
-ENGINE_set_ECDSA                        3634	EXIST::FUNCTION:ENGINE
-X509_STORE_CTX_set0_param               3635	EXIST::FUNCTION:
-X509_policy_tree_get0_user_policies     3636	EXIST:!VMS:FUNCTION:
-X509_pcy_tree_get0_usr_policies         3636	EXIST:VMS:FUNCTION:
-X509V3_NAME_from_section                3637	EXIST::FUNCTION:
-pqueue_peek                             3638	EXIST::FUNCTION:
-STORE_method_set_initialise_function    3639	EXIST:!VMS:FUNCTION:
-STORE_meth_set_initialise_fn            3639	EXIST:VMS:FUNCTION:
-EC_POINT_bn2point                       3640	EXIST::FUNCTION:EC
-ENGINE_load_gmp                         3641	EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
-pitem_free                              3642	EXIST::FUNCTION:
-ASN1_OCTET_STRING_NDEF_it               3643	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_OCTET_STRING_NDEF_it               3643	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_ctrl                              3644	EXIST::FUNCTION:
-STORE_method_get_list_start_function    3645	EXIST:!VMS:FUNCTION:
-STORE_meth_get_list_start_fn            3645	EXIST:VMS:FUNCTION:
-pqueue_iterator                         3646	EXIST::FUNCTION:
-STORE_list_private_key_start            3647	EXIST::FUNCTION:
-BIO_dgram_non_fatal_error               3648	EXIST::FUNCTION:
-pqueue_next                             3649	EXIST::FUNCTION:
-BN_get0_nist_prime_521                  3650	EXIST::FUNCTION:
-PEM_read_EC_PUBKEY                      3651	EXIST:!WIN16:FUNCTION:EC
-EC_POINT_get_affine_coordinates_GF2m    3652	EXIST:!VMS:FUNCTION:EC
-EC_POINT_get_affine_coords_GF2m         3652	EXIST:VMS:FUNCTION:EC
-X509_policy_level_node_count            3653	EXIST::FUNCTION:
-SHA512                                  3654	EXIST::FUNCTION:SHA,SHA512
-STORE_ATTR_INFO_set_dn                  3655	EXIST::FUNCTION:
-ECDSA_set_default_method                3656	EXIST::FUNCTION:ECDSA
-STORE_ATTR_INFO_in_ex                   3657	EXIST::FUNCTION:
-d2i_ECParameters                        3658	EXIST::FUNCTION:EC
-EC_GROUP_dup                            3659	EXIST::FUNCTION:EC
-STORE_generate_crl                      3660	EXIST::FUNCTION:
-STORE_OBJECT_new                        3661	EXIST::FUNCTION:
-POLICY_CONSTRAINTS_free                 3662	EXIST::FUNCTION:
-a2i_IPADDRESS_NC                        3663	EXIST::FUNCTION:
-STORE_delete_arbitrary                  3664	EXIST::FUNCTION:
-STORE_method_set_generate_function      3665	EXIST:!VMS:FUNCTION:
-STORE_meth_set_generate_fn              3665	EXIST:VMS:FUNCTION:
-EC_GROUP_check                          3666	EXIST::FUNCTION:EC
-ECDSA_get_default_method                3667	EXIST::FUNCTION:ECDSA
-ECDSA_sign                              3668	EXIST::FUNCTION:ECDSA
-i2v_ASN1_BIT_STRING                     3669	EXIST::FUNCTION:
-STORE_modify_arbitrary                  3670	EXIST::FUNCTION:
-EVP_CIPHER_CTX_rand_key                 3671	EXIST::FUNCTION:
-BN_nist_mod_224                         3672	EXIST::FUNCTION:
-STORE_revoke_public_key                 3673	EXIST::FUNCTION:
-STORE_method_get_unlock_store_function  3674	EXIST:!VMS:FUNCTION:
-STORE_meth_get_unlock_store_fn          3674	EXIST:VMS:FUNCTION:
-d2i_EC_PUBKEY_bio                       3675	EXIST::FUNCTION:BIO,EC
-EC_GFp_nist_method                      3676	EXIST::FUNCTION:EC
-EC_GROUP_get_degree                     3677	EXIST::FUNCTION:EC
-pqueue_new                              3678	EXIST::FUNCTION:
-EC_GROUP_new_curve_GF2m                 3679	EXIST::FUNCTION:EC
-ENGINE_register_ECDSA                   3680	EXIST::FUNCTION:ENGINE
-STORE_list_certificate_endp             3681	EXIST::FUNCTION:
-PEM_read_bio_EC_PUBKEY                  3682	EXIST::FUNCTION:EC
-ENGINE_unregister_STORE                 3683	EXIST::FUNCTION:ENGINE
-d2i_ECPKParameters                      3684	EXIST::FUNCTION:EC
-BN_GF2m_poly2arr                        3685	EXIST::FUNCTION:
-SHA512_Final                            3686	EXIST::FUNCTION:SHA,SHA512
-EC_KEY_set_conv_form                    3687	EXIST::FUNCTION:EC
-BN_GF2m_mod_solve_quad_arr              3688	EXIST::FUNCTION:
-PEM_write_bio_ECPrivateKey              3689	EXIST::FUNCTION:EC
-X509_policy_tree_free                   3690	EXIST::FUNCTION:
-STORE_list_certificate_end              3691	EXIST::FUNCTION:
-BIO_dump_cb                             3692	EXIST::FUNCTION:
-EVP_PKEY_get_attr_by_OBJ                3693	EXIST::FUNCTION:
-STORE_method_set_ctrl_function          3694	EXIST::FUNCTION:
-EC_GROUP_set_point_conversion_form      3695	EXIST:!VMS:FUNCTION:EC
-EC_GROUP_set_point_conv_form            3695	EXIST:VMS:FUNCTION:EC
-STORE_modify_certificate                3696	EXIST::FUNCTION:
-STORE_ATTR_INFO_compare                 3697	EXIST::FUNCTION:
-STORE_store_public_key                  3698	EXIST::FUNCTION:
-ECDH_OpenSSL                            3699	EXIST::FUNCTION:ECDH
-STORE_modify_public_key                 3700	EXIST::FUNCTION:
+ECDH_set_default_method                 3544	EXIST::FUNCTION:ECDH
+EC_KEY_generate_key                     3545	EXIST::FUNCTION:EC
+SHA384_Update                           3546	EXIST::FUNCTION:SHA,SHA512
+BN_GF2m_arr2poly                        3547	EXIST::FUNCTION:
+STORE_method_get_get_function           3548	EXIST::FUNCTION:
+STORE_method_set_cleanup_function       3549	EXIST:!VMS:FUNCTION:
+STORE_meth_set_cleanup_fn               3549	EXIST:VMS:FUNCTION:
+EC_GROUP_check                          3550	EXIST::FUNCTION:EC
+d2i_ECPrivateKey_bio                    3551	EXIST::FUNCTION:BIO,EC
+EC_KEY_insert_key_method_data           3552	EXIST::FUNCTION:EC
+STORE_method_get_lock_store_function    3553	EXIST:!VMS:FUNCTION:
+STORE_meth_get_lock_store_fn            3553	EXIST:VMS:FUNCTION:
+X509_VERIFY_PARAM_get_depth             3554	EXIST::FUNCTION:
+SHA224_Final                            3555	EXIST::FUNCTION:SHA,SHA256
+STORE_method_set_update_store_function  3556	EXIST:!VMS:FUNCTION:
+STORE_meth_set_update_store_fn          3556	EXIST:VMS:FUNCTION:
+SHA224_Update                           3557	EXIST::FUNCTION:SHA,SHA256
+d2i_ECPrivateKey                        3558	EXIST::FUNCTION:EC
+ASN1_item_ndef_i2d                      3559	EXIST::FUNCTION:
+STORE_delete_private_key                3560	EXIST::FUNCTION:
+ERR_pop_to_mark                         3561	EXIST::FUNCTION:
+ENGINE_register_all_STORE               3562	EXIST::FUNCTION:ENGINE
+X509_policy_level_get0_node             3563	EXIST::FUNCTION:
+i2d_PKCS7_NDEF                          3564	EXIST::FUNCTION:
+EC_GROUP_get_degree                     3565	EXIST::FUNCTION:EC
+ASN1_generate_v3                        3566	EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_cstr             3567	EXIST::FUNCTION:
+X509_policy_tree_level_count            3568	EXIST::FUNCTION:
+BN_GF2m_add                             3569	EXIST::FUNCTION:
+EC_KEY_get0_group                       3570	EXIST::FUNCTION:EC
+STORE_generate_crl                      3571	EXIST::FUNCTION:
+STORE_store_public_key                  3572	EXIST::FUNCTION:
+X509_CERT_PAIR_free                     3573	EXIST::FUNCTION:
+STORE_revoke_private_key                3574	EXIST::FUNCTION:
+BN_nist_mod_224                         3575	EXIST::FUNCTION:
+SHA512_Final                            3576	EXIST::FUNCTION:SHA,SHA512
+STORE_ATTR_INFO_modify_dn               3577	EXIST::FUNCTION:
+STORE_method_get_initialise_function    3578	EXIST:!VMS:FUNCTION:
+STORE_meth_get_initialise_fn            3578	EXIST:VMS:FUNCTION:
+STORE_delete_number                     3579	EXIST::FUNCTION:
+i2d_EC_PUBKEY_bio                       3580	EXIST::FUNCTION:BIO,EC
+BIO_dgram_non_fatal_error               3581	EXIST::FUNCTION:
+EC_GROUP_get_asn1_flag                  3582	EXIST::FUNCTION:EC
+STORE_ATTR_INFO_in_ex                   3583	EXIST::FUNCTION:
+STORE_list_crl_start                    3584	EXIST::FUNCTION:
+ECDH_get_ex_new_index                   3585	EXIST::FUNCTION:ECDH
+STORE_method_get_modify_function        3586	EXIST:!VMS:FUNCTION:
+STORE_meth_get_modify_fn                3586	EXIST:VMS:FUNCTION:
+v2i_ASN1_BIT_STRING                     3587	EXIST::FUNCTION:
+STORE_store_certificate                 3588	EXIST::FUNCTION:
+OBJ_bsearch_ex                          3589	EXIST::FUNCTION:
+X509_STORE_CTX_set_default              3590	EXIST::FUNCTION:
+STORE_ATTR_INFO_set_sha1str             3591	EXIST::FUNCTION:
+BN_GF2m_mod_inv                         3592	EXIST::FUNCTION:
+BN_GF2m_mod_exp                         3593	EXIST::FUNCTION:
+STORE_modify_public_key                 3594	EXIST::FUNCTION:
+STORE_method_get_list_start_function    3595	EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_start_fn            3595	EXIST:VMS:FUNCTION:
+EC_GROUP_get0_seed                      3596	EXIST::FUNCTION:EC
+STORE_store_arbitrary                   3597	EXIST::FUNCTION:
+STORE_method_set_unlock_store_function  3598	EXIST:!VMS:FUNCTION:
+STORE_meth_set_unlock_store_fn          3598	EXIST:VMS:FUNCTION:
+BN_GF2m_mod_div_arr                     3599	EXIST::FUNCTION:
+ENGINE_set_ECDSA                        3600	EXIST::FUNCTION:ENGINE
+STORE_create_method                     3601	EXIST::FUNCTION:
+ECPKParameters_print                    3602	EXIST::FUNCTION:BIO,EC
+EC_KEY_get0_private_key                 3603	EXIST::FUNCTION:EC
+PEM_write_EC_PUBKEY                     3604	EXIST:!WIN16:FUNCTION:EC
+X509_VERIFY_PARAM_set1                  3605	EXIST::FUNCTION:
+ECDH_set_method                         3606	EXIST::FUNCTION:ECDH
+v2i_GENERAL_NAME_ex                     3607	EXIST::FUNCTION:
+ECDH_set_ex_data                        3608	EXIST::FUNCTION:ECDH
+STORE_generate_key                      3609	EXIST::FUNCTION:
+BN_nist_mod_521                         3610	EXIST::FUNCTION:
+X509_policy_tree_get0_level             3611	EXIST::FUNCTION:
+EC_GROUP_set_point_conversion_form      3612	EXIST:!VMS:FUNCTION:EC
+EC_GROUP_set_point_conv_form            3612	EXIST:VMS:FUNCTION:EC
+PEM_read_EC_PUBKEY                      3613	EXIST:!WIN16:FUNCTION:EC
+i2d_ECDSA_SIG                           3614	EXIST::FUNCTION:ECDSA
+ECDSA_OpenSSL                           3615	EXIST::FUNCTION:ECDSA
+STORE_delete_crl                        3616	EXIST::FUNCTION:
+EC_KEY_get_enc_flags                    3617	EXIST::FUNCTION:EC
+ASN1_const_check_infinite_end           3618	EXIST::FUNCTION:
+EVP_PKEY_delete_attr                    3619	EXIST::FUNCTION:
+ECDSA_set_default_method                3620	EXIST::FUNCTION:ECDSA
+EC_POINT_set_compressed_coordinates_GF2m 3621	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_compr_coords_GF2m          3621	EXIST:VMS:FUNCTION:EC
+EC_GROUP_cmp                            3622	EXIST::FUNCTION:EC
+STORE_revoke_certificate                3623	EXIST::FUNCTION:
+BN_get0_nist_prime_256                  3624	EXIST::FUNCTION:
+STORE_method_get_delete_function        3625	EXIST:!VMS:FUNCTION:
+STORE_meth_get_delete_fn                3625	EXIST:VMS:FUNCTION:
+SHA224_Init                             3626	EXIST::FUNCTION:SHA,SHA256
+PEM_read_ECPrivateKey                   3627	EXIST:!WIN16:FUNCTION:EC
+SHA512_Init                             3628	EXIST::FUNCTION:SHA,SHA512
+STORE_parse_attrs_endp                  3629	EXIST::FUNCTION:
+BN_set_negative                         3630	EXIST::FUNCTION:
+ERR_load_ECDSA_strings                  3631	EXIST::FUNCTION:ECDSA
+EC_GROUP_get_basis_type                 3632	EXIST::FUNCTION:EC
+STORE_list_public_key_next              3633	EXIST::FUNCTION:
+i2v_ASN1_BIT_STRING                     3634	EXIST::FUNCTION:
+STORE_OBJECT_free                       3635	EXIST::FUNCTION:
+BN_nist_mod_384                         3636	EXIST::FUNCTION:
+i2d_X509_CERT_PAIR                      3637	EXIST::FUNCTION:
+PEM_write_ECPKParameters                3638	EXIST:!WIN16:FUNCTION:EC
+ECDH_compute_key                        3639	EXIST::FUNCTION:ECDH
+STORE_ATTR_INFO_get0_sha1str            3640	EXIST::FUNCTION:
+ENGINE_register_all_ECDH                3641	EXIST::FUNCTION:ENGINE
+pqueue_pop                              3642	EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_cstr               3643	EXIST::FUNCTION:
+POLICY_CONSTRAINTS_it                   3644	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_CONSTRAINTS_it                   3644	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_get_ex_new_index                  3645	EXIST::FUNCTION:
+EVP_PKEY_get_attr_by_OBJ                3646	EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_policy           3647	EXIST::FUNCTION:
+BN_GF2m_mod_solve_quad                  3648	EXIST::FUNCTION:
+SHA256                                  3649	EXIST::FUNCTION:SHA,SHA256
+i2d_ECPrivateKey_fp                     3650	EXIST::FUNCTION:EC,FP_API
+X509_policy_tree_get0_user_policies     3651	EXIST:!VMS:FUNCTION:
+X509_pcy_tree_get0_usr_policies         3651	EXIST:VMS:FUNCTION:
+OPENSSL_DIR_read                        3652	EXIST::FUNCTION:
+ENGINE_register_all_ECDSA               3653	EXIST::FUNCTION:ENGINE
+X509_VERIFY_PARAM_lookup                3654	EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GF2m    3655	EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_affine_coords_GF2m         3655	EXIST:VMS:FUNCTION:EC
+EC_GROUP_dup                            3656	EXIST::FUNCTION:EC
+ENGINE_get_default_ECDSA                3657	EXIST::FUNCTION:ENGINE
+EC_KEY_new                              3658	EXIST::FUNCTION:EC
+SHA256_Transform                        3659	EXIST::FUNCTION:SHA,SHA256
+EC_KEY_set_enc_flags                    3660	EXIST::FUNCTION:EC
+ECDSA_verify                            3661	EXIST::FUNCTION:ECDSA
+EC_POINT_point2hex                      3662	EXIST::FUNCTION:EC
+ENGINE_get_STORE                        3663	EXIST::FUNCTION:ENGINE
+SHA512                                  3664	EXIST::FUNCTION:SHA,SHA512
+STORE_get_certificate                   3665	EXIST::FUNCTION:
+ECDSA_do_sign_ex                        3666	EXIST::FUNCTION:ECDSA
+ECDSA_do_verify                         3667	EXIST::FUNCTION:ECDSA
+d2i_ECPrivateKey_fp                     3668	EXIST::FUNCTION:EC,FP_API
+STORE_delete_certificate                3669	EXIST::FUNCTION:
+SHA512_Transform                        3670	EXIST::FUNCTION:SHA,SHA512
+X509_STORE_set1_param                   3671	EXIST::FUNCTION:
+STORE_method_get_ctrl_function          3672	EXIST::FUNCTION:
+STORE_free                              3673	EXIST::FUNCTION:
+PEM_write_ECPrivateKey                  3674	EXIST:!WIN16:FUNCTION:EC
+STORE_method_get_unlock_store_function  3675	EXIST:!VMS:FUNCTION:
+STORE_meth_get_unlock_store_fn          3675	EXIST:VMS:FUNCTION:
+STORE_get_ex_data                       3676	EXIST::FUNCTION:
+EC_KEY_set_public_key                   3677	EXIST::FUNCTION:EC
+PEM_read_ECPKParameters                 3678	EXIST:!WIN16:FUNCTION:EC
+X509_CERT_PAIR_new                      3679	EXIST::FUNCTION:
+ENGINE_register_STORE                   3680	EXIST::FUNCTION:ENGINE
+RSA_generate_key_ex                     3681	EXIST::FUNCTION:RSA
+DSA_generate_parameters_ex              3682	EXIST::FUNCTION:DSA
+ECParameters_print_fp                   3683	EXIST::FUNCTION:EC,FP_API
+X509V3_NAME_from_section                3684	EXIST::FUNCTION:
+EVP_PKEY_add1_attr                      3685	EXIST::FUNCTION:
+STORE_modify_crl                        3686	EXIST::FUNCTION:
+STORE_list_private_key_start            3687	EXIST::FUNCTION:
+POLICY_MAPPINGS_it                      3688	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPINGS_it                      3688	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_SUBTREE_it                      3689	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_SUBTREE_it                      3689	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_get_curve_name                 3690	EXIST::FUNCTION:EC
+PEM_write_X509_CERT_PAIR                3691	EXIST:!WIN16:FUNCTION:
+BIO_dump_indent_cb                      3692	EXIST::FUNCTION:
+d2i_X509_CERT_PAIR                      3693	EXIST::FUNCTION:
+STORE_list_private_key_endp             3694	EXIST::FUNCTION:
+asn1_const_Finish                       3695	EXIST::FUNCTION:
+i2d_EC_PUBKEY_fp                        3696	EXIST::FUNCTION:EC,FP_API
+BN_nist_mod_256                         3697	EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_table            3698	EXIST::FUNCTION:
+pqueue_free                             3699	EXIST::FUNCTION:
+BN_BLINDING_create_param                3700	EXIST::FUNCTION:
 ECDSA_size                              3701	EXIST::FUNCTION:ECDSA
-ENGINE_get_STORE                        3702	EXIST::FUNCTION:ENGINE
-EC_KEY_get_enc_flags                    3703	EXIST::FUNCTION:EC
-STORE_get_crl                           3704	EXIST::FUNCTION:
-ECDH_get_default_method                 3705	EXIST::FUNCTION:ECDH
-ECDH_get_ex_new_index                   3706	EXIST::FUNCTION:ECDH
-PEM_read_X509_CERT_PAIR                 3707	EXIST:!WIN16:FUNCTION:
-ERR_load_ECDSA_strings                  3708	EXIST::FUNCTION:ECDSA
-BN_nist_mod_384                         3709	EXIST::FUNCTION:
-ENGINE_get_default_ECDH                 3710	EXIST::FUNCTION:ENGINE
-X509_VERIFY_PARAM_inherit               3711	EXIST::FUNCTION:
-ENGINE_load_padlock                     3712	EXIST::FUNCTION:ENGINE
-BN_get0_nist_prime_224                  3713	EXIST::FUNCTION:
-X509_STORE_set_depth                    3714	EXIST::FUNCTION:
-a2i_IPADDRESS                           3715	EXIST::FUNCTION:
-ECDSA_OpenSSL                           3716	EXIST::FUNCTION:ECDSA
-STORE_list_private_key_next             3717	EXIST::FUNCTION:
-STORE_store_certificate                 3718	EXIST::FUNCTION:
-STORE_method_set_list_start_function    3719	EXIST:!VMS:FUNCTION:
-STORE_meth_set_list_start_fn            3719	EXIST:VMS:FUNCTION:
-X509_STORE_CTX_get0_policy_tree         3720	EXIST::FUNCTION:
-SHA224_Init                             3721	EXIST::FUNCTION:SHA,SHA256
-pqueue_print                            3722	EXIST::FUNCTION:
-X509_VERIFY_PARAM_set1_policies         3723	EXIST::FUNCTION:
-ASN1_generate_v3                        3724	EXIST::FUNCTION:
-pqueue_find                             3725	EXIST::FUNCTION:
-i2d_ECDSA_SIG                           3726	EXIST::FUNCTION:ECDSA
-STORE_method_get_ctrl_function          3727	EXIST::FUNCTION:
-ECDH_set_ex_data                        3728	EXIST::FUNCTION:ECDH
-ECParameters_print_fp                   3729	EXIST::FUNCTION:EC,FP_API
-STORE_method_set_list_end_function      3730	EXIST:!VMS:FUNCTION:
-STORE_meth_set_list_end_fn              3730	EXIST:VMS:FUNCTION:
-ENGINE_register_all_STORE               3731	EXIST::FUNCTION:ENGINE
-EC_KEY_set_private_key                  3732	EXIST::FUNCTION:EC
-ECDSA_do_sign_ex                        3733	EXIST::FUNCTION:ECDSA
-X509_policy_tree_get0_level             3734	EXIST::FUNCTION:
-X509_POLICY_NODE_print                  3735	EXIST::FUNCTION:
-ENGINE_get_ECDH                         3736	EXIST::FUNCTION:ENGINE
-BIO_s_datagram                          3737	EXIST::FUNCTION:DGRAM
-PEM_read_ECPKParameters                 3738	EXIST:!WIN16:FUNCTION:EC
-ECDSA_set_method                        3739	EXIST::FUNCTION:ECDSA
-ERR_load_STORE_strings                  3740	EXIST::FUNCTION:
-STORE_method_get_modify_function        3741	EXIST:!VMS:FUNCTION:
-STORE_meth_get_modify_fn                3741	EXIST:VMS:FUNCTION:
-EC_KEY_set_enc_flags                    3742	EXIST::FUNCTION:EC
-d2i_EC_PUBKEY                           3743	EXIST::FUNCTION:EC
-SHA256_Final                            3744	EXIST::FUNCTION:SHA,SHA256
-BN_GF2m_add                             3745	EXIST::FUNCTION:
-X509_STORE_CTX_set0_crls                3746	EXIST::FUNCTION:
-GENERAL_SUBTREE_new                     3747	EXIST::FUNCTION:
-STORE_revoke_private_key                3748	EXIST::FUNCTION:
-X509_VERIFY_PARAM_new                   3749	EXIST::FUNCTION:
-BIO_dump_fp                             3750	EXIST::FUNCTION:FP_API
-BN_GF2m_mod_arr                         3751	EXIST::FUNCTION:
-BN_GF2m_mod_exp                         3752	EXIST::FUNCTION:
-EC_KEY_generate_key                     3753	EXIST::FUNCTION:EC
-RSA_setup_blinding                      3754	EXIST::FUNCTION:RSA
-POLICY_MAPPING_it                       3755	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_MAPPING_it                       3755	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-DSO_merge                               3756	EXIST::FUNCTION:
-STORE_method_get_update_store_function  3757	EXIST:!VMS:FUNCTION:
-STORE_meth_get_update_store_fn          3757	EXIST:VMS:FUNCTION:
-ENGINE_register_all_ECDH                3758	EXIST::FUNCTION:ENGINE
-i2d_ECPrivateKey                        3759	EXIST::FUNCTION:EC
+d2i_EC_PUBKEY_bio                       3702	EXIST::FUNCTION:BIO,EC
+BN_get0_nist_prime_521                  3703	EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_sha1str          3704	EXIST::FUNCTION:
+BN_generate_prime_ex                    3705	EXIST::FUNCTION:
+EC_GROUP_new_by_curve_name              3706	EXIST::FUNCTION:EC
+SHA256_Final                            3707	EXIST::FUNCTION:SHA,SHA256
+DH_generate_parameters_ex               3708	EXIST::FUNCTION:DH
+PEM_read_bio_ECPrivateKey               3709	EXIST::FUNCTION:EC
+STORE_method_get_cleanup_function       3710	EXIST:!VMS:FUNCTION:
+STORE_meth_get_cleanup_fn               3710	EXIST:VMS:FUNCTION:
+ENGINE_get_ECDH                         3711	EXIST::FUNCTION:ENGINE
+d2i_ECDSA_SIG                           3712	EXIST::FUNCTION:ECDSA
+BN_is_prime_fasttest_ex                 3713	EXIST::FUNCTION:
+ECDSA_sign                              3714	EXIST::FUNCTION:ECDSA
+X509_policy_check                       3715	EXIST::FUNCTION:
+EVP_PKEY_get_attr_by_NID                3716	EXIST::FUNCTION:
+STORE_set_ex_data                       3717	EXIST::FUNCTION:
+ENGINE_get_ECDSA                        3718	EXIST::FUNCTION:ENGINE
+EVP_ecdsa                               3719	EXIST::FUNCTION:SHA
+BN_BLINDING_get_flags                   3720	EXIST::FUNCTION:
+PKCS12_add_cert                         3721	EXIST::FUNCTION:
+STORE_OBJECT_new                        3722	EXIST::FUNCTION:
+ERR_load_ECDH_strings                   3723	EXIST::FUNCTION:ECDH
+EC_KEY_dup                              3724	EXIST::FUNCTION:EC
+EVP_CIPHER_CTX_rand_key                 3725	EXIST::FUNCTION:
+ECDSA_set_method                        3726	EXIST::FUNCTION:ECDSA
+a2i_IPADDRESS_NC                        3727	EXIST::FUNCTION:
+d2i_ECParameters                        3728	EXIST::FUNCTION:EC
+STORE_list_certificate_end              3729	EXIST::FUNCTION:
+STORE_get_crl                           3730	EXIST::FUNCTION:
+X509_POLICY_NODE_print                  3731	EXIST::FUNCTION:
+SHA384_Init                             3732	EXIST::FUNCTION:SHA,SHA512
+EC_GF2m_simple_method                   3733	EXIST::FUNCTION:EC
+ECDSA_set_ex_data                       3734	EXIST::FUNCTION:ECDSA
+SHA384_Final                            3735	EXIST::FUNCTION:SHA,SHA512
+PKCS7_set_digest                        3736	EXIST::FUNCTION:
+EC_KEY_print                            3737	EXIST::FUNCTION:BIO,EC
+STORE_method_set_lock_store_function    3738	EXIST:!VMS:FUNCTION:
+STORE_meth_set_lock_store_fn            3738	EXIST:VMS:FUNCTION:
+ECDSA_get_ex_new_index                  3739	EXIST::FUNCTION:ECDSA
+SHA384                                  3740	EXIST::FUNCTION:SHA,SHA512
+POLICY_MAPPING_new                      3741	EXIST::FUNCTION:
+STORE_list_certificate_endp             3742	EXIST::FUNCTION:
+X509_STORE_CTX_get0_policy_tree         3743	EXIST::FUNCTION:
+EC_GROUP_set_asn1_flag                  3744	EXIST::FUNCTION:EC
+EC_KEY_check_key                        3745	EXIST::FUNCTION:EC
+d2i_EC_PUBKEY_fp                        3746	EXIST::FUNCTION:EC,FP_API
+PKCS7_set0_type_other                   3747	EXIST::FUNCTION:
+PEM_read_bio_X509_CERT_PAIR             3748	EXIST::FUNCTION:
+pqueue_next                             3749	EXIST::FUNCTION:
+STORE_method_get_list_end_function      3750	EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_end_fn              3750	EXIST:VMS:FUNCTION:
+EVP_PKEY_add1_attr_by_OBJ               3751	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_time              3752	EXIST::FUNCTION:
+pqueue_new                              3753	EXIST::FUNCTION:
+ENGINE_set_default_ECDH                 3754	EXIST::FUNCTION:ENGINE
+STORE_new_method                        3755	EXIST::FUNCTION:
+PKCS12_add_key                          3756	EXIST::FUNCTION:
+DSO_merge                               3757	EXIST::FUNCTION:
+EC_POINT_hex2point                      3758	EXIST::FUNCTION:EC
+BIO_dump_cb                             3759	EXIST::FUNCTION:
+SHA256_Update                           3760	EXIST::FUNCTION:SHA,SHA256
+pqueue_insert                           3761	EXIST::FUNCTION:
+pitem_free                              3762	EXIST::FUNCTION:
+BN_GF2m_mod_inv_arr                     3763	EXIST::FUNCTION:
+ENGINE_unregister_ECDSA                 3764	EXIST::FUNCTION:ENGINE
+BN_BLINDING_set_thread_id               3765	EXIST::FUNCTION:
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@ -33,8 +33,9 @@ $infile="MINFO";
 	"ultrix-mips","DEC mips ultrix",
 	"FreeBSD","FreeBSD distribution",
 	"OS2-EMX", "EMX GCC OS/2",
-	"netware-clib", "CodeWarrior for NetWare - CLib",
-	"netware-libc", "CodeWarrior for NetWare - LibC",
+	"netware-clib", "CodeWarrior for NetWare - CLib - with WinSock Sockets",
+	"netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets",
+	"netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets",
 	"default","cc under unix",
 	);

@ -163,9 +164,11 @@ elsif ($platform eq "OS2-EMX")
 	$wc=1;
 	require 'OS2-EMX.pl';
 	}
-elsif (($platform eq "netware-clib") || ($platform eq "netware-libc"))
+elsif (($platform eq "netware-clib") || ($platform eq "netware-libc") ||
+       ($platform eq "netware-libc-bsdsock"))
 	{
-   $LIBC=1 if $platform eq "netware-libc";
+	$LIBC=1 if $platform eq "netware-libc" || $platform eq "netware-libc-bsdsock";
+	$BSDSOCK=1 if $platform eq "netware-libc-bsdsock";
 	require 'netware.pl';
 	}
 else
@ -269,10 +272,10 @@ for (;;)
 		{ $ex_libs .= " $val";}

 	if ($key eq "TEST")
-		{ $test.=&var_add($dir,$val); }
+		{ $test.=&var_add($dir,$val, 0); }

 	if (($key eq "PROGS") || ($key eq "E_OBJ"))
-		{ $e_exe.=&var_add($dir,$val); }
+		{ $e_exe.=&var_add($dir,$val, 0); }

 	if ($key eq "LIB")
 		{
@ -281,13 +284,13 @@ for (;;)
 		}

 	if ($key eq "EXHEADER")
-		{ $exheader.=&var_add($dir,$val); }
+		{ $exheader.=&var_add($dir,$val, 1); }

 	if ($key eq "HEADER")
-		{ $header.=&var_add($dir,$val); }
+		{ $header.=&var_add($dir,$val, 1); }

 	if ($key eq "LIBOBJ")
-		{ $libobj=&var_add($dir,$val); }
+		{ $libobj=&var_add($dir,$val, 0); }

 	if (!($_=<IN>))
 		{ $_="RELATIVE_DIRECTORY=FINISHED\n"; }
@ -524,11 +527,11 @@ foreach (split(/\s+/,$exheader)){ $h{$_}=1; }
 foreach (split(/\s+/,$header))	{ $h.=$_." " unless $h{$_}; }
 chop($h); $header=$h;

-$defs.=&do_defs("HEADER",$header,"\$(INCL_D)",".h");
-$rules.=&do_copy_rule("\$(INCL_D)",$header,".h");
+$defs.=&do_defs("HEADER",$header,"\$(INCL_D)","");
+$rules.=&do_copy_rule("\$(INCL_D)",$header,"");

-$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)",".h");
-$rules.=&do_copy_rule("\$(INCO_D)",$exheader,".h");
+$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)","");
+$rules.=&do_copy_rule("\$(INCO_D)",$exheader,"");

 $defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
 $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
@ -646,7 +649,7 @@ print $rules;
 # directories
 sub var_add
 	{
-	local($dir,$val)=@_;
+	local($dir,$val,$keepext)=@_;
 	local(@a,$_,$ret);

 	return("") if $no_engine && $dir =~ /\/engine/;
@ -675,7 +678,7 @@ sub var_add

 	$val =~ s/^\s*(.*)\s*$/$1/;
 	@a=split(/\s+/,$val);
-	grep(s/\.[och]$//,@a);
+	grep(s/\.[och]$//,@a) unless $keepext;

 	@a=grep(!/^e_.*_3d$/,@a) if $no_des;
 	@a=grep(!/^e_.*_d$/,@a) if $no_des;
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@ -741,7 +741,8 @@ sub do_defs
 				} elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
 					next;
 				} elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
-					 /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ) {
+					 /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_rw_const\s*\(\s*(\w*)\s*,/ ) {
 					# Things not in Win16
 					$def .=
 					    "#INFO:"
--- a/util/pl/netware.pl
+++ b/util/pl/netware.pl
@ -2,19 +2,25 @@
 #

 # The import files and other misc imports needed to link
+@misc_imports = ("GetProcessSwitchCount", "RunningProcess",  
+                 "GetSuperHighResolutionTimer");
 if ($LIBC)
 {
-   @import_files = ("libc.imp", "ws2nlm.imp");
+   @import_files = ("libc.imp");
   @module_files = ("libc");
 }
 else
 {
   # clib build
-   @import_files = ("clib.imp", "ws2nlm.imp");
+   @import_files = ("clib.imp");
   @module_files = ("clib");
+   push(@misc_imports, "_rt_modu64%16", "_rt_divu64%16");
 }
-@misc_imports = ("GetProcessSwitchCount", "RunningProcess",  
-                 "GetSuperHighResolutionTimer" );
+if (!$BSDSOCK)
+{
+   push(@import_files, "ws2nlm.imp");
+}
+		 

 # The "IMPORTS" environment variable must be set and point to the location
 # where import files (*.imp) can be found.
@ -82,10 +88,12 @@ else
 #        paths for each subdirectory a recursive include directive
 #        is used ( -ir crypto ).
 #
+#        A similar issue exists for the engines and apps subdirectories.
+#
 #        Turned off the "possible" warnings ( -w nopossible ).  Metrowerks
 #        complained a lot about various stuff.  May want to turn back
 #        on for further development.
-$cflags="-ir crypto -msgstyle gcc -align 4 -processor pentium \\
+$cflags="-ir crypto -ir engines -ir apps -msgstyle gcc -align 4 -processor pentium \\
         -char unsigned -w on -w nolargeargs -w nopossible -w nounusedarg \\
         -w noimplicitconv -relax_pointers -nosyspath -DL_ENDIAN \\
         -DOPENSSL_SYSNAME_NETWARE -U_WIN32 -maxerrors 20 ";
@ -120,6 +128,12 @@ else
   $lflags.=" -entry _Prelude -exit _Stop";
 }

+# If BSD Socket support is requested, set a define for the compiler
+if ($BSDSOCK)
+{
+   $cflags.=" -DNETWARE_BSDSOCK";
+}
+

 # linking stuff
 # for the output directories use the mk1mf.pl values with "_nw" appended
--- a/util/pod2man.pl
+++ b/util/pod2man.pl
@ -425,6 +425,7 @@ if ($name ne 'something') {
 	    }
 	    next if /^=cut\b/;	# DB_File and Net::Ping have =cut before NAME
 	    next if /^=pod\b/;  # It is OK to have =pod before NAME
+	    next if /^=for\s+comment\b/;  # It is OK to have =for comment before NAME
 	    die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
 	}
 	die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
--- a/util/selftest.pl
+++ b/util/selftest.pl
@ -49,7 +49,7 @@ if (open(IN,"<Makefile")) {
 }

 $cversion=`$cc -v 2>&1`;
-$cversion=`$cc -V 2>&1` if $cversion =~ "usage";
+$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage";
 $cversion=`$cc -V |head -1` if $cversion =~ "Error";
 $cversion=`$cc --version` if $cversion eq "";
 $cversion =~ s/Reading specs.*\n//;
@ -130,15 +130,21 @@ if (system("make 2>&1 | tee make.log") > 255) {
    goto err;
 }

-$_=$options;
-s/no-asm//;
-s/no-shared//;
-s/no-krb5//;
-if (/no-/)
-{
-    print OUT "Test skipped.\n";
-    goto err;
-}
+# Not sure why this is here.  The tests themselves can detect if their
+# particular feature isn't included, and should therefore skip themselves.
+# To skip *all* tests just because one algorithm isn't included is like
+# shooting mosquito with an elephant gun...
+#                   -- Richard Levitte, inspired by problem report 1089
+#
+#$_=$options;
+#s/no-asm//;
+#s/no-shared//;
+#s/no-krb5//;
+#if (/no-/)
+#{
+#    print OUT "Test skipped.\n";
+#    goto err;
+#}

 print "Running make test...\n";
 if (system("make test 2>&1 | tee maketest.log") > 255)