Prepare for 1.0.0s release

Reviewed-by: Stephen Henson <steve@openssl.org>
Update CHANGES and NEWS
2015-06-11 15:13:36 +01:00 · 2015-06-11 15:10:48 +01:00 · 2015-06-11 15:10:48 +01:00 · 2015-06-11 15:10:48 +01:00 · 2015-06-11 15:10:48 +01:00 · 2015-06-11 15:53:32 +02:00
846 changed files with 15398 additions and 87165 deletions
--- a/.cvsignore
+++ b/.cvsignore
@@ -0,0 +1,22 @@
 openssl.pc
 libcrypto.pc
 libssl.pc
 MINFO
 makefile.one
 tmp
 out
 outinc
 rehash.time
 testlog
 make.log
 maketest.log
 cctest
 cctest.c
 cctest.a
 *.flc
 semantic.cache
 Makefile
 *.dll*
 *.so*
 *.sl*
 *.dylib*
--- a/.gitignore
+++ b/.gitignore
@@ -7,7 +7,6 @@
 .#*
 #*#
 *~
 /.dir-locals.el
 # Top level excludes
 /Makefile.bak
@@ -96,12 +95,8 @@ tags
 TAGS
 # Windows
 /tmp32
 /tmp32.dbg
 /tmp32dll
 /tmp32dll.dbg
 /out32
 /out32.dbg
 /out32dll
 /out32dll.dbg
 /inc32
--- a/.travis-create-release.sh
+++ b/.travis-create-release.sh
@@ -1,10 +0,0 @@
 #! /bin/sh
 # $1 is expected to be $TRAVIS_OS_NAME
 if [ "$1" == osx ]; then
    make -f Makefile.org \
 	 DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist
 else
    make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist
 fi
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,60 +0,0 @@
 language: c
 addons:
    apt_packages:
        - binutils-mingw-w64
        - gcc-mingw-w64
 os:
    - linux
    - osx
 compiler:
    - clang
    - gcc
    - i686-w64-mingw32-gcc
    - x86_64-w64-mingw32-gcc
 env:
    - CONFIG_OPTS=""
    - CONFIG_OPTS="shared"
    - CONFIG_OPTS="-d --strict-warnings"
 matrix:
    exclude:
        - os: osx
          compiler: i686-w64-mingw32-gcc
        - os: osx
          compiler: x86_64-w64-mingw32-gcc
        - compiler: i686-w64-mingw32-gcc
          env: CONFIG_OPTS="-d --strict-warnings"
        - compiler: x86_64-w64-mingw32-gcc
          env: CONFIG_OPTS="-d --strict-warnings"
 before_script:
    - sh .travis-create-release.sh $TRAVIS_OS_NAME
    - tar -xvzf _srcdist.tar.gz
    - cd _srcdist
    - if [ "$CC" == i686-w64-mingw32-gcc ]; then
          export CROSS_COMPILE=${CC%%gcc}; unset CC;
          ./Configure mingw $CONFIG_OPTS;
      elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
          export CROSS_COMPILE=${CC%%gcc}; unset CC;
          ./Configure mingw64 $CONFIG_OPTS;
      else
          ./config $CONFIG_OPTS;
      fi
    - cd ..
 script:
    - cd _srcdist
    - make
    - if [ -z "$CROSS_COMPILE" ]; then make test; fi
    - cd ..
 notifications:
    recipient:
        - openssl-commits@openssl.org
    email:
        on_success: change
        on_failure: always
--- a/32
+++ b/32
@@ -1,2 +1,30 @@
-Please https://www.openssl.org/community/thanks.html for the current
+The OpenSSL project depends on volunteer efforts and financial support from
-acknowledgements.
+the end user community. That support comes in the form of donations and paid
 sponsorships, software support contracts, paid consulting services
 and commissioned software development.
 Since all these activities support the continued development and improvement
 of OpenSSL we consider all these clients and customers as sponsors of the
 OpenSSL project.
 We would like to identify and thank the following such sponsors for their past
 or current significant support of the OpenSSL project:
 Major support:
 	Qualys		http://www.qualys.com/
 Very significant support:
 	OpenGear:	http://www.opengear.com/
 Significant support:
 	PSW Group:	http://www.psw.net/
 	Acano Ltd.	http://acano.com/
 Please note that we ask permission to identify sponsors and that some sponsors
 we consider eligible for inclusion here have requested to remain anonymous.
 Additional sponsorship or financial support is always welcome: for more
 information please contact the OpenSSL Software Foundation.
--- a/898
+++ b/898
--- a/38
+++ b/38
@@ -1,38 +0,0 @@
 HOW TO CONTRIBUTE TO OpenSSL
 ----------------------------
 Development is coordinated on the openssl-dev mailing list (see
 http://www.openssl.org for information on subscribing). If you
 would like to submit a patch, send it to rt@openssl.org with
 the string "[PATCH]" in the subject. Please be sure to include a
 textual explanation of what your patch does.
 You can also make GitHub pull requests. If you do this, please also send
 mail to rt@openssl.org with a brief description and a link to the PR so
 that we can more easily keep track of it.
 If you are unsure as to whether a feature will be useful for the general
 OpenSSL community please discuss it on the openssl-dev mailing list first.
 Someone may be already working on the same thing or there may be a good
 reason as to why that feature isn't implemented.
 Patches should be as up to date as possible, preferably relative to the
 current Git or the last snapshot. They should follow our coding style
 (see https://www.openssl.org/policies/codingstyle.html) and compile without
 warnings using the --strict-warnings flag.  OpenSSL compiles on many varied
 platforms: try to ensure you only use portable features.
 Our preferred format for patch files is "git format-patch" output. For example
 to provide a patch file containing the last commit in your local git repository
 use the following command:
 # git format-patch --stdout HEAD^ >mydiffs.patch
 Another method of creating an acceptable patch file without using git is as
 follows:
 # cd openssl-work
 # [your changes]
 # ./Configure dist; make clean
 # cd ..
 # diff -ur openssl-orig openssl-work > mydiffs.patch
--- a/390
+++ b/390
@@ -10,7 +10,7 @@ use strict;
 # see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
 # Options:
 #
@@ -56,12 +56,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 # [no-]zlib     [don't] compile support for zlib compression.
 # zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared
 #		library and will be loaded in run-time by the OpenSSL library.
 # sctp          include SCTP support
 # 386           generate 80386 code
 # enable-weak-ssl-ciphers
 #		Enable EXPORT and LOW SSLv3 ciphers that are disabled by
 #		default.  Note, weak SSLv2 ciphers are unconditionally
 #		disabled.
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through 
@@ -109,11 +104,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
 # Warn that "make depend" should be run?
 my $warn_make_depend = 0;
 my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
 my $strict_warnings = 0;
 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@@ -133,24 +123,21 @@ my $tlib="-lnsl -lsocket";
 my $bits1="THIRTY_TWO_BIT ";
 my $bits2="SIXTY_FOUR_BIT ";
-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
+my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o";
 my $x86_elf_asm="$x86_asm:elf";
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o";
-my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
+my $ia64_asm="ia64cpuid.o:bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::void";
-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::void";
-my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
+my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void";
-my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
+my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::::::::void";
-my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
+my $mips3_asm=":bn-mips3.o::::::::::::void";
-my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
+my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o::aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::void";
-my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
+my $armv4_asm=":bn_asm.o armv4-mont.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::void";
-my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void";
+my $ppc32_asm="ppccpuid.o:bn-ppc.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::";
-my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
+my $ppc64_asm="ppccpuid.o:bn-ppc.o ppc-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::";
-my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
+my $no_asm=":::::::::::::void";
 my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::::";
 my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::::";
 my $no_asm=":::::::::::::::void";
 # As for $BSDthreads. Idea is to maintain "collective" set of flags,
 # which would cover all BSD flavors. -pthread applies to them all, 
@@ -161,7 +148,7 @@ my $no_asm=":::::::::::::::void";
 # seems to be sufficient?
 my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
-#config-string	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
+#config-string	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
 my %table=(
 # File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -176,37 +163,33 @@ my %table=(
 # Our development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
 "debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG_UNUSED -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-debug",	"gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::",
-"debug-ben-debug-64",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-ben-debug-64",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=strict-aliasing -Wno-error=uninitialized -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-ben-macos",	"cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
 "debug-ben-macos-gcc46",	"gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
 "debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-ben-no-opt",	"gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
-"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -DMD32_REG_T=int -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -DMD32_REG_T=int -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-x86_64",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "debug-linux-x86_64-clang","clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "dist",		"cc:-O::(unknown)::::::",
 # Basic configs that should work on any (32 and less bit) box
@@ -232,7 +215,7 @@ my %table=(
 # actually recommend to consider using gcc shared build even with vendor
 # compiler:-)
 #						<appro@fy.chalmers.se>
-"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
+"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 #### Solaris x86 with Sun C setups
 "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -240,12 +223,12 @@ my %table=(
 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
 "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### SPARC Solaris with Sun C setups
@@ -262,20 +245,20 @@ my %table=(
 #### SunOS configs, assuming sparc for the gcc one.
 #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
-"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-cc -o32' manually.
-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -308,18 +291,17 @@ my %table=(
 # Since there is mention of this in shlib/hpux10-cc.sh
 "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
+"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::::void:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
 "hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
 # Chris Ruemmler <ruemmler@cup.hp.com>
 # Kevin Steves <ks@hp.se>
 "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
+"hpux-parisc1_0-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::::void:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::void:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
 # HP/UX IA-64 targets
 "hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
@@ -355,47 +337,32 @@ my %table=(
 ####
 # *-generic* is endian-neutral target, but ./config is free to
 # throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc",	"gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # It's believed that majority of ARM toolchains predefine appropriate -march.
 # If you compiler does not, do complement config command line with one!
-"linux-armv4",	"gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4",	"gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IA-32 targets...
-"linux-ia32-icc",	"icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
 ####
-"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "linux64-s390x",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### So called "highgprs" target for z/Architecture CPUs
 # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
 # /proc/cpuinfo. The idea is to preserve most significant bits of
 # general purpose registers not only upon 32-bit process context
 # switch, but even on asynchronous signal delivery to such process.
 # This makes it possible to deploy 64-bit instructions even in legacy
 # application context and achieve better [or should we say adequate]
 # performance. The build is binary compatible with linux-generic32,
 # and the idea is to be able to install the resulting libcrypto.so
 # alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for
 # ldconfig and run-time linker to autodiscover. Unfortunately it
 # doesn't work just yet, because of couple of bugs in glibc
 # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
 "linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
 #### SPARC Linux setups
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -409,30 +376,25 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 # Android: linux-* but without pointers to headers and libs.
 "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### *BSD [do see comment about ${BSDthreads} above!]
-"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8",	"gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
 # simply *happens* to work around a compiler bug in gcc 3.3.3,
 # triggered by RIPEMD160 code.
-"BSD-sparc64",	"gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -444,8 +406,8 @@ my %table=(
 # QNX
 "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
-"QNX6",       "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6",       "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"QNX6-i386",  "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6-i386",  "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # BeOS
 "beos-x86-r5",   "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
@@ -518,7 +480,7 @@ my %table=(
 "SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
 # SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
 # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
 # You need to compile using the c89.sh wrapper in the tools directory, because the
@@ -529,15 +491,15 @@ my %table=(
 # Visual C targets
 #
 # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
-"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
+"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
-"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
+"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
-"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
+"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
-"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
+"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
 # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
 # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
-"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
 # Unified CE target
-"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
 "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
 # Borland C++ 4.5
@@ -578,7 +540,7 @@ my %table=(
 "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
 # DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@@ -590,12 +552,10 @@ my %table=(
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
 "darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 # iPhoneOS/iOS
 "iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 ##### A/UX
 "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -604,27 +564,24 @@ my %table=(
 "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
 ##### GNU Hurd
-"hurd-x86",  "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+"hurd-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
 ##### OS/2 EMX
 "OS2-EMX", "gcc::::::::",
 ##### VxWorks for various targets
 "vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::",
 "vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::",
 "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
 "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
 "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
 "vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:",
+"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::${no_asm}::::::ranlibmips:",
 "vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:",
 ##### Compaq Non-Stop Kernel (Tandem)
 "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
 # uClinux
-"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
+"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:::::::::::::::$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
-"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
+"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:::::::::::::::$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
 );
@@ -656,8 +613,6 @@ my $idx_rmd160_obj = $idx++;
 my $idx_rc5_obj = $idx++;
 my $idx_wp_obj = $idx++;
 my $idx_cmll_obj = $idx++;
 my $idx_modes_obj = $idx++;
 my $idx_engines_obj = $idx++;
 my $idx_perlasm_scheme = $idx++;
 my $idx_dso_scheme = $idx++;
 my $idx_shared_target = $idx++;
@@ -674,9 +629,6 @@ my $openssldir="";
 my $exe_ext="";
 my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
 my $cross_compile_prefix="";
 my $fipsdir="/usr/local/ssl/fips-2.0";
 my $fipslibdir="";
 my $baseaddr="0xFB00000";
 my $no_threads=0;
 my $threads=0;
 my $no_shared=0; # but "no-shared" is default
@@ -711,37 +663,26 @@ my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
 my $processor="";
 my $default_ranlib;
 my $perl;
 my $fips=0;
 if (exists $ENV{FIPSDIR})
 	{
 	$fipsdir = $ENV{FIPSDIR};
 	$fipsdir =~ s/\/$//;
 	}
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
 		 "ec_nistp_64_gcc_128" => "default",
 		 "gmp"		  => "default",
-		 "jpake"          => "experimental",
+                 "jpake"          => "experimental",
-		 "md2"            => "default",
+                 "md2"            => "default",
-		 "rc5"            => "default",
+                 "rc5"            => "default",
 		 "rfc3779"	  => "default",
-		 "sctp"           => "default",
+                 "shared"         => "default",
 		 "shared"         => "default",
 		 "ssl2"           => "default",
 		 "store"	  => "experimental",
-		 "unit-test"	  => "default",
+                 "zlib"           => "default",
-		 "weak-ssl-ciphers" => "default",
+                 "zlib-dynamic"   => "default"
-		 "zlib"           => "default",
+               );
 		 "zlib-dynamic"   => "default"
 	       );
 my @experimental = ();
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's experimental).
@@ -799,7 +740,6 @@ PROCESS_ARGS:
 		# rewrite some options in "enable-..." form
 		s /^-?-?shared$/enable-shared/;
 		s /^sctp$/enable-sctp/;
 		s /^threads$/enable-threads/;
 		s /^zlib$/enable-zlib/;
 		s /^zlib-dynamic$/enable-zlib-dynamic/;
@@ -817,11 +757,6 @@ PROCESS_ARGS:
 					{
 					$disabled{"tls1"} = "option(tls)"
 					}
 				elsif ($1 eq "ssl3-method")
 					{
 					$disabled{"ssl3-method"} = "option(ssl)";
 					$disabled{"ssl3"} = "option(ssl)";
 					}
 				else
 					{
 					$disabled{$1} = "option";
@@ -874,10 +809,6 @@ PROCESS_ARGS:
 			}
 		elsif (/^386$/)
 			{ $processor=386; }
 		elsif (/^fips$/)
 			{
 			$fips=1;
 			}
 		elsif (/^rsaref$/)
 			{
 			# No RSAref support any more since it's not needed.
@@ -892,7 +823,6 @@ PROCESS_ARGS:
 				}
 			elsif (/^-[^-]/ or /^\+/)
 				{
 				$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
 				$flags.=$_." ";
 				}
 			elsif (/^--prefix=(.*)$/)
@@ -923,18 +853,6 @@ PROCESS_ARGS:
 				{
 				$withargs{"zlib-include"}="-I$1";
 				}
 			elsif (/^--with-fipsdir=(.*)$/)
 				{
 				$fipsdir="$1";
 				}
 			elsif (/^--with-fipslibdir=(.*)$/)
 				{
 				$fipslibdir="$1";
 				}
 			elsif (/^--with-baseaddr=(.*)$/)
 				{
 				$baseaddr="$1";
 				}
 			elsif (/^--cross-compile-prefix=(.*)$/)
 				{
 				$cross_compile_prefix=$1;
@@ -1009,17 +927,6 @@ if (defined($disabled{"md5"}) || defined($disabled{"rsa"}))
 	$disabled{"ssl2"} = "forced";
 	}
 if ($fips && $fipslibdir eq "")
 	{
 	$fipslibdir = $fipsdir . "/lib/";
 	}
 # RSAX ENGINE sets default non-FIPS RSA method.
 if ($fips)
 	{
 	$disabled{"rsax"} = "forced";
 	}
 # SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
 if (defined($disabled{"md5"}) || defined($disabled{"sha"})
    || (defined($disabled{"rsa"})
@@ -1040,13 +947,6 @@ if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
 	$disabled{"gost"} = "forced";
 	}
 # SRP and HEARTBEATS require TLSEXT
 if (defined($disabled{"tlsext"}))
 	{
 	$disabled{"srp"} = "forced";
 	$disabled{"heartbeats"} = "forced";
 	}
 if ($target eq "TABLE") {
 	foreach $target (sort keys %table) {
 		print_table_entry($target);
@@ -1096,7 +996,7 @@ foreach (sort (keys %disabled))
 	else
 		{
 		my ($ALGO, $algo);
-		($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/;
+		($ALGO = $algo = $_) =~ tr/[a-z]/[A-Z]/;
 		if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
 			{
@@ -1188,8 +1088,6 @@ my $rmd160_obj = $fields[$idx_rmd160_obj];
 my $rc5_obj = $fields[$idx_rc5_obj];
 my $wp_obj = $fields[$idx_wp_obj];
 my $cmll_obj = $fields[$idx_cmll_obj];
 my $modes_obj = $fields[$idx_modes_obj];
 my $engines_obj = $fields[$idx_engines_obj];
 my $perlasm_scheme = $fields[$idx_perlasm_scheme];
 my $dso_scheme = $fields[$idx_dso_scheme];
 my $shared_target = $fields[$idx_shared_target];
@@ -1350,7 +1248,7 @@ if ($no_asm)
 	{
 	$cpuid_obj=$bn_obj=
 	$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
-	$modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
+	$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj="";
 	}
 if (!$no_shared)
@@ -1414,7 +1312,7 @@ if (!$IsMK1MF)
 		}
 	}
-$cpuid_obj.=" uplink.o uplink-x86.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
+$cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
 #
 # Platform fix-ups
@@ -1455,7 +1353,7 @@ if ($target =~ /\-icc$/)	# Intel C compiler
 # linker only when --prefix is not /usr.
 if ($target =~ /^BSD\-/)
 	{
-	$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+	$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
 	}
 if ($sys_id ne "")
@@ -1482,14 +1380,6 @@ $cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn-586/);
 $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/);
 $cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/);
 $cflags.=" -DOPENSSL_BN_ASM_MONT5" if ($bn_obj =~ /-mont5/);
 $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/);
 if ($fips)
 	{
 	$openssl_other_defines.="#define OPENSSL_FIPS\n";
 	$cflags .= " -I\$(FIPSDIR)/include";
 	}
 $cpuid_obj="mem_clr.o"	unless ($cpuid_obj =~ /\.o$/);
 $des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
@@ -1523,14 +1413,6 @@ if ($rmd160_obj =~ /\.o$/)
 if ($aes_obj =~ /\.o$/)
 	{
 	$cflags.=" -DAES_ASM";
 	# aes-ctr.o is not a real file, only indication that assembler
 	# module implements AES_ctr32_encrypt...
 	$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
 	# aes-xts.o indicates presense of AES_xts_[en|de]crypt...
 	$cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
 	$aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
 	$cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
 	$cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/);
 	}
 else	{
 	$aes_obj=$aes_enc;
@@ -1544,10 +1426,6 @@ else	{
 	$wp_obj="wp_block.o";
 	}
 $cmll_obj=$cmll_enc	unless ($cmll_obj =~ /.o$/);
 if ($modes_obj =~ /ghash/)
 	{
 	$cflags.=" -DGHASH_ASM";
 	}
 # "Stringify" the C flags string.  This permits it to be made part of a string
 # and works as well on command lines.
@@ -1587,20 +1465,11 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
 if ($strict_warnings)
 	{
 	my $ecc = $cc;
 	$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
 	my $wopt;
-	die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
+	die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
 	foreach $wopt (split /\s+/, $gcc_devteam_warn)
 		{
-		$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
+		$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
 		}
 	if ($ecc eq "clang")
 		{
 		foreach $wopt (split /\s+/, $clang_devteam_warn)
 			{
 			$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
 			}
 		}
 	}
@@ -1671,8 +1540,6 @@ while (<IN>)
 	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
 	s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
 	s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
 	s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/;
 	s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/;
 	s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/;
 	s/^PROCESSOR=.*/PROCESSOR= $processor/;
 	s/^ARFLAGS=.*/ARFLAGS= $arflags/;
@@ -1681,12 +1548,6 @@ while (<IN>)
 	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
 	s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
 	s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
 	s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
 	s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
 	s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
 	s/^BASEADDR=.*/BASEADDR=$baseaddr/;
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
 	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
@@ -1730,9 +1591,7 @@ print "RC5_ENC       =$rc5_obj\n";
 print "MD5_OBJ_ASM   =$md5_obj\n";
 print "SHA1_OBJ_ASM  =$sha1_obj\n";
 print "RMD160_OBJ_ASM=$rmd160_obj\n";
-print "CMLL_ENC      =$cmll_obj\n";
+print "CMLL_ENC=     =$cmll_obj\n";
 print "MODES_OBJ     =$modes_obj\n";
 print "ENGINES_OBJ   =$engines_obj\n";
 print "PROCESSOR     =$processor\n";
 print "RANLIB        =$ranlib\n";
 print "ARFLAGS       =$arflags\n";
@@ -1794,9 +1653,6 @@ open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslcon
 print OUT "/* opensslconf.h */\n";
 print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
 print OUT "#ifdef  __cplusplus\n";
 print OUT "extern \"C\" {\n";
 print OUT "#endif\n";
 print OUT "/* OpenSSL was configured with the following options: */\n";
 my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
 $openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n#  define OPENSSL_NO_$1\n# endif\n#endif/mg;
@@ -1901,9 +1757,6 @@ while (<IN>)
 		{ print OUT $_; }
 	}
 close(IN);
 print OUT "#ifdef  __cplusplus\n";
 print OUT "}\n";
 print OUT "#endif\n";
 close(OUT);
 rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
 rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
@@ -1962,8 +1815,14 @@ EOF
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
 	if ($depflags ne $default_depflags && !$make_depend) {
-            $warn_make_depend++;
+		print <<EOF;
-        }
+
 Since you've disabled or enabled at least one algorithm, you need to do
 the following before building:
 	make depend
 EOF
 	}
 }
 # create the ms/version32.rc file if needed
@@ -2042,18 +1901,12 @@ EOF
 print <<\EOF if ($no_shared_warn);
-You gave the option 'shared', which is not supported on this platform, so
+You gave the option 'shared'.  Normally, that would give you shared libraries.
-we will pretend you gave the option 'no-shared'.  If you know how to implement
+Unfortunately, the OpenSSL configuration doesn't include shared library support
-shared libraries, please let us know (but please first make sure you have
+for this platform yet, so it will pretend you gave the option 'no-shared'.  If
-tried with a current version of OpenSSL).
+you can inform the developpers (openssl-dev\@openssl.org) how to support shared
-EOF
+libraries on this platform, they will at least look at it and try their best
-
+(but please first make sure you have tried with a current version of OpenSSL).
 print <<EOF if ($warn_make_depend);
 *** Because of configuration changes, you MUST do the following before
 *** building:
 	make depend
 EOF
 exit(0);
@@ -2131,8 +1984,7 @@ sub print_table_entry
 	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
 	my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj,
 	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
-	my $rc5_obj,my $wp_obj,my $cmll_obj,my $modes_obj, my $engines_obj,
+	my $rc5_obj,my $wp_obj,my $cmll_obj,my $perlasm_scheme,my $dso_scheme,my $shared_target,my $shared_cflag,
 	my $perlasm_scheme,my $dso_scheme,my $shared_target,my $shared_cflag,
 	my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags,my $multilib)=
 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
@@ -2159,8 +2011,6 @@ sub print_table_entry
 \$rc5_obj      = $rc5_obj
 \$wp_obj       = $wp_obj
 \$cmll_obj     = $cmll_obj
 \$modes_obj    = $modes_obj
 \$engines_obj  = $engines_obj
 \$perlasm_scheme = $perlasm_scheme
 \$dso_scheme   = $dso_scheme
 \$shared_target= $shared_target
--- a/1041
+++ b/1041
--- a/8
+++ b/8
@@ -164,10 +164,10 @@
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
     message will be recorded in the request tracker publicly readable
-     at https://www.openssl.org/community/index.html#bugs and will be
+     via http://www.openssl.org/support/rt.html and will be forwarded to a
-     forwarded to a public mailing list). Include the output of "make
+     public mailing list). Include the output of "make report" in your message.
-     report" in your message.  Please check out the request tracker. Maybe
+     Please check out the request tracker. Maybe the bug was already
-     the bug was already reported or has already been fixed.
+     reported or has already been fixed.
     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]
--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/Makefile.org
+++ b/Makefile.org
@@ -69,7 +69,7 @@ RANLIB= ranlib
 NM= nm
 PERL= perl
 TAR= tar
-TARFLAGS= --no-recursion --record-size=10240
+TARFLAGS= --no-recursion
 MAKEDEPPROG=makedepend
 LIBDIR=lib
@@ -99,8 +99,6 @@ SHA1_ASM_OBJ=
 RMD160_ASM_OBJ= 
 WP_ASM_OBJ=
 CMLL_ENC=
 MODES_ASM_OBJ=
 ENGINES_ASM_OBJ=
 PERLASM_SCHEME=
 # KRB5 stuff
@@ -111,30 +109,6 @@ LIBKRB5=
 ZLIB_INCLUDE=
 LIBZLIB=
 # TOP level FIPS install directory.
 FIPSDIR=
 # This is the location of fipscanister.o and friends.
 # The FIPS module build will place it $(INSTALLTOP)/lib
 # but since $(INSTALLTOP) can only take the default value
 # when the module is built it will be in /usr/local/ssl/lib
 # $(INSTALLTOP) for this build may be different so hard
 # code the path.
 FIPSLIBDIR=
 # The location of the library which contains fipscanister.o
 # normally it will be libcrypto unless fipsdso is set in which
 # case it will be libfips. If not compiling in FIPS mode at all
 # this is empty making it a useful test for a FIPS compile.
 FIPSCANLIB=
 # Shared library base address. Currently only used on Windows.
 #
 BASEADDR=
 DIRS=   crypto ssl engines apps test tools
 ENGDIRS= ccgost
 SHLIBDIRS= crypto ssl
@@ -147,7 +121,7 @@ SDIRS=  \
 	bn ec rsa dsa ecdsa dh ecdh dso engine \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-	cms pqueue ts jpake srp store cmac
+	cms pqueue ts jpake store
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
@@ -179,11 +153,12 @@ SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        ../$(NAME).tar
+TARFILE=        $(NAME).tar
 WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
-all: Makefile build_all
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
 # as we stick to -e, CLEARENV ensures that local variables in lower
 # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@@ -229,12 +204,7 @@ BUILDENV=	PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
 		MD5_ASM_OBJ='$(MD5_ASM_OBJ)'			\
 		RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'		\
 		WP_ASM_OBJ='$(WP_ASM_OBJ)'			\
 		MODES_ASM_OBJ='$(MODES_ASM_OBJ)'		\
 		ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)'		\
 		PERLASM_SCHEME='$(PERLASM_SCHEME)'		\
 		FIPSLIBDIR='${FIPSLIBDIR}'			\
 		FIPSDIR='${FIPSDIR}'				\
 		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
 		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
 # which in turn eliminates ambiguities in variable treatment with -e.
@@ -267,46 +237,30 @@ reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
 sub_all: build_all
 build_all: build_libs build_apps build_tests build_tools
-build_libs: build_libcrypto build_libssl openssl.pc
+build_libs: build_crypto build_ssl build_engines
 build_libcrypto: build_crypto build_engines libcrypto.pc
 build_libssl: build_ssl libssl.pc
 build_crypto:
 	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
+build_ssl:
 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
+build_engines:
 	@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
+build_apps:
 	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
+build_tests:
 	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
+build_tools:
 	@dir=tools; target=all; $(BUILD_ONE_CMD)
 all_testapps: build_libs build_testapps
 build_testapps:
 	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-fips_premain_dso$(EXE_EXT): libcrypto.a
+libcrypto$(SHLIB_EXT): libcrypto.a
 	[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
 		-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@  \
 		$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
 		libcrypto.a $(EX_LIBS)
 libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+		$(MAKE) SHLIBDIRS=crypto build-shared; \
 			FIPSLD_LIBCRYPTO=libcrypto.a ; \
 			FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
 			export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
 		fi; \
 		$(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
 		(touch -c fips_premain_dso$(EXE_EXT) || :); \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \
@@ -406,7 +360,7 @@ Makefile: Makefile.org Configure config
 	@false
 libclean:
-	rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
+	rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
 clean:	libclean
 	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@@ -448,7 +402,7 @@ rehash.time: certs apps
 		[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
 		OPENSSL_DEBUG_MEMORY=on; \
 		export OPENSSL OPENSSL_DEBUG_MEMORY; \
-		$(PERL) tools/c_rehash certs/demo) && \
+		$(PERL) tools/c_rehash certs) && \
 		touch rehash.time; \
 	else :; fi
@@ -476,9 +430,9 @@ tags:
 	find . -name '[^.]*.[ch]' | xargs etags -a
 errors:
 	$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
 	$(PERL) util/mkerr.pl -recurse -write
 	(cd engines; $(MAKE) PERL=$(PERL) errors)
 	$(PERL) util/ck_errf.pl */*.c */*/*.c
 stacks:
 	$(PERL) util/mkstack.pl -write
@@ -498,35 +452,35 @@ TABLE: Configure
 # would occur. Therefore the list of files is temporarily stored into a file
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
+tar:
 	                       --owner 0 --group 0 \
 			       --transform 's|^|$(NAME)/|' \
 			       -cvf -
 $(TARFILE).list:
 	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
 	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
 	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
 	       \! -name '.#*' \! -name '*~' \! -type l \
 	    | sort > $(TARFILE).list
 tar: $(TARFILE).list
 	find . -type d -print | xargs chmod 755
 	find . -type f -print | xargs chmod a+r
 	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
+	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
-	rm -f $(TARFILE).list
+	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
-	ls -l $(TARFILE).gz
+	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - |\
 	gzip --best >../$(TARFILE).gz; \
 	rm -f ../$(TARFILE).list; \
 	ls -l ../$(TARFILE).gz
-tar-snap: $(TARFILE).list
+tar-snap:
-	$(TAR_COMMAND) > $(TARFILE)
+	@$(TAR) $(TARFLAGS) -cvf - \
-	rm -f $(TARFILE).list
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
-	ls -l $(TARFILE)
+	tardy --user_number=0  --user_name=openssl \
 	      --group_number=0 --group_name=openssl \
 	      --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
 	ls -l ../$(TARFILE)
 dist:   
 	$(PERL) Configure dist
 	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
 install: all install_docs install_sw
@@ -545,7 +499,7 @@ install_sw:
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+	@set -e; for i in $(LIBS) ;\
 	do \
 		if [ -f "$$i" ]; then \
 		(       echo installing $$i; \
--- a/114
+++ b/114
@@ -5,46 +5,7 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
-  Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [under development]
+  Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015]
      o
  Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
      o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
      o Disable SSLv2 default build, default negotiation and weak ciphers
        (CVE-2016-0800)
      o Fix a double-free in DSA code (CVE-2016-0705)
      o Disable SRP fake user seed to address a server memory leak
        (CVE-2016-0798)
      o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
        (CVE-2016-0797)
      o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
      o Fix side channel attack on modular exponentiation (CVE-2016-0702)
  Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
      o Protection for DH small subgroup attacks
      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
  Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
      o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
      o X509_ATTRIBUTE memory leak (CVE-2015-3195)
      o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
      o In DSA_generate_parameters_ex, if the provided seed is too short,
        return an error
  Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
      o Alternate chains certificate forgery (CVE-2015-1793)
      o Race condition handling PSK identify hint (CVE-2015-3196)
  Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
      o Fix HMAC ABI incompatibility
  Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
@@ -52,7 +13,7 @@
      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
      o Race condition handling NewSessionTicket (CVE-2015-1791)
-  Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
+  Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015]
      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
      o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
@@ -62,11 +23,11 @@
      o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
      o Removed the export ciphers from the DEFAULT ciphers
-  Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
+  Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015]
      o Build fixes for the Windows and OpenVMS platforms
-  Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
+  Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015]
      o Fix for CVE-2014-3571
      o Fix for CVE-2015-0206
@@ -77,88 +38,55 @@
      o Fix for CVE-2014-8275
      o Fix for CVE-2014-3570
-  Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
+  Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014]
      o Fix for CVE-2014-3513
      o Fix for CVE-2014-3567
      o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
      o Fix for CVE-2014-3568
-  Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
+  Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014]
      o Fix for CVE-2014-3512
      o Fix for CVE-2014-3511
      o Fix for CVE-2014-3510
      o Fix for CVE-2014-3507
      o Fix for CVE-2014-3506
      o Fix for CVE-2014-3505
      o Fix for CVE-2014-3509
      o Fix for CVE-2014-5139
      o Fix for CVE-2014-3508
-  Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
+  Known issues in OpenSSL 1.0.0m:
      o EAP-FAST and other applications using tls_session_secret_cb
        wont resume sessions. Fixed in 1.0.0n-dev
      o Compilation failure of s3_pkt.c on some platforms due to missing
        <limits.h> include. Fixed in 1.0.0n-dev
  Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014]
      o Fix for CVE-2014-0224
      o Fix for CVE-2014-0221
      o Fix for CVE-2014-0198
      o Fix for CVE-2014-0195
      o Fix for CVE-2014-3470
      o Fix for CVE-2014-0076
      o Fix for CVE-2010-5298
-  Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+  Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014]
      o Fix for CVE-2014-0160
      o Add TLS padding extension workaround for broken servers.
      o Fix for CVE-2014-0076
  Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
      o Don't include gmt_unix_time in TLS server and client random values
      o Fix for TLS record tampering bug CVE-2013-4353
      o Fix for TLS version checking bug CVE-2013-6449
      o Fix for DTLS retransmission bug CVE-2013-6450
-  Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
+  Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
      o Corrected fix for CVE-2013-0169
  Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
      o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
      o Include the fips configuration module.
      o Fix OCSP bad key DoS attack CVE-2013-0166
      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
-      o Fix for TLS AESNI record handling flaw CVE-2012-2686
+      o Fix OCSP bad key DoS attack CVE-2013-0166
-  Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
+  Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
-      o Fix TLS/DTLS record length checking bug CVE-2012-2333
+      o Fix DTLS record length checking bug CVE-2012-2333
      o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
-  Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
+  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
      o Fix compilation error on non-x86 platforms.
      o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
      o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
  Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
      o Fix for ASN1 overflow bug CVE-2012-2110
      o Workarounds for some servers that hang on long client hellos.
      o Fix SEGV in AES code.
  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
      o TLS/DTLS heartbeat support.
      o SCTP support.
      o RFC 5705 TLS key material exporter.
      o RFC 5764 DTLS-SRTP negotiation.
      o Next Protocol Negotiation.
      o PSS signatures in certificates, requests and CRLs.
      o Support for password based recipient info for CMS.
      o Support TLS v1.2 and TLS v1.1.
      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
      o SRP support.
  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
--- a/205
+++ b/205
@@ -1,7 +1,7 @@
- OpenSSL 1.0.1t-dev
+ OpenSSL 1.0.0s 11 Jun 2015
- Copyright (c) 1998-2015 The OpenSSL Project
+ Copyright (c) 1998-2011 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.
@@ -10,17 +10,17 @@
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
- Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
- well as a full-strength general purpose cryptograpic library. The project is
+ protocols as well as a full-strength general purpose cryptography library.
- managed by a worldwide community of volunteers that use the Internet to
+ The project is managed by a worldwide community of volunteers that use the
- communicate, plan, and develop the OpenSSL toolkit and its related
+ Internet to communicate, plan, and develop the OpenSSL toolkit and its
- documentation.
+ related documentation.
- OpenSSL is descended from the SSLeay library developed by Eric A. Young
+ OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
 and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
- OpenSSL license plus the SSLeay license), which means that you are free to
+ OpenSSL license plus the SSLeay license) situation, which basically means
- get and use it for commercial and non-commercial purposes as long as you
+ that you are free to get and use it for commercial and non-commercial
- fulfill the conditions of both licenses.
+ purposes as long as you fulfill the conditions of both licenses.
 OVERVIEW
 --------
@@ -28,39 +28,116 @@
 The OpenSSL toolkit includes:
 libssl.a:
-     Provides the client and server-side implementations for SSLv3 and TLS.
+     Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
     both SSLv2, SSLv3 and TLSv1 in the one server and client.
 libcrypto.a:
-     Provides general cryptographic and X.509 support needed by SSL/TLS but
+     General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
-     not logically part of it.
+     actually logically part of it. It includes routines for the following:
     Ciphers
        libdes - EAY's libdes DES encryption package which was floating
                 around the net for a few years, and was then relicensed by
                 him as part of SSLeay.  It includes 15 'modes/variations'
                 of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
                 pcbc and a more general form of cfb and ofb) including desx
                 in cbc mode, a fast crypt(3), and routines to read
                 passwords from the keyboard.
        RC4 encryption,
        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
        IDEA encryption     - 4 different modes, ecb, cbc, cfb and ofb.
     Digests
        MD5 and MD2 message digest algorithms, fast implementations,
        SHA (SHA-0) and SHA-1 message digest algorithms,
        MDC2 message digest. A DES based hash that is popular on smart cards.
     Public Key
        RSA encryption/decryption/generation.
            There is no limit on the number of bits.
        DSA encryption/decryption/generation.
            There is no limit on the number of bits.
        Diffie-Hellman key-exchange/key generation.
            There is no limit on the number of bits.
     X.509v3 certificates
        X509 encoding/decoding into/from binary ASN1 and a PEM
             based ASCII-binary encoding which supports encryption with a
             private key.  Program to generate RSA and DSA certificate
             requests and to generate RSA and DSA certificates.
     Systems
        The normal digital envelope routines and base64 encoding.  Higher
        level access to ciphers and digests by name.  New ciphers can be
        loaded at run time.  The BIO io system which is a simple non-blocking
        IO abstraction.  Current methods supported are file descriptors,
        sockets, socket accept, socket connect, memory buffer, buffering, SSL
        client/server, file pointer, encryption, digest, non-blocking testing
        and null.
     Data structures
        A dynamically growing hashing system
        A simple stack.
        A Configuration loader that uses a format similar to MS .ini files.
 openssl:
     A command line tool that can be used for:
-        Creation of key parameters
+        Creation of RSA, DH and DSA key parameters
        Creation of X.509 certificates, CSRs and CRLs
-        Calculation of message digests
+        Calculation of Message Digests
-        Encryption and decryption
+        Encryption and Decryption with Ciphers
-        SSL/TLS client and server tests
+        SSL/TLS Client and Server Tests
        Handling of S/MIME signed or encrypted mail
-        And more...
+
 PATENTS
 -------
 Various companies hold various patents for various algorithms in various
 locations around the world. _YOU_ are responsible for ensuring that your use
 of any algorithms is legal by checking if there are any patents in your
 country.  The file contains some of the patents that we know about or are
 rumored to exist. This is not a definitive list.
 RSA Security holds software patents on the RC5 algorithm.  If you
 intend to use this cipher, you must contact RSA Security for
 licensing conditions. Their web page is http://www.rsasecurity.com/.
 RC4 is a trademark of RSA Security, so use of this label should perhaps
 only be used with RSA Security's permission.
 The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
 Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They
 should be contacted if that algorithm is to be used; their web page is
 http://www.ascom.ch/.
 NTT and Mitsubishi have patents and pending patents on the Camellia
 algorithm, but allow use at no charge without requiring an explicit
 licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
 INSTALLATION
 ------------
- See the appropriate file:
+ To install this package under a Unix derivative, read the INSTALL file.  For
-        INSTALL         Linux, Unix, etc.
+ a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read
-        INSTALL.DJGPP   DOS platform with DJGPP
+ INSTALL.VMS.
-        INSTALL.NW      Netware
+
-        INSTALL.OS2     OS/2
+ Read the documentation in the doc/ directory.  It is quite rough, but it
-        INSTALL.VMS     VMS
+ lists the functions; you will probably have to look at the code to work out
-        INSTALL.W32     Windows (32bit)
+ how to use them. Look at the example programs.
-        INSTALL.W64     Windows (64bit)
+
-        INSTALL.WCE     Windows CE
+ PROBLEMS
 --------
 For some platforms, there are some known problems that may affect the user
 or application author.  We try to collect those in doc/PROBLEMS, with current
 thoughts on how they should be solved in a future of OpenSSL.
 SUPPORT
 -------
- See the OpenSSL website www.openssl.org for details on how to obtain
+ See the OpenSSL website www.openssl.org for details of how to obtain
 commercial technical support.
 If you have any problems with OpenSSL then please take the following steps
@@ -84,36 +161,58 @@
    - Problem Description (steps that will reproduce the problem, if known)
    - Stack Traceback (if the application dumps core)
- Email the report to:
+ Report the bug to the OpenSSL project via the Request Tracker
 (http://www.openssl.org/support/rt.html) by mail to:
-    rt@openssl.org
+    openssl-bugs@openssl.org
- In order to avoid spam, this is a moderated mailing list, and it might
+ Note that the request tracker should NOT be used for general assistance
- take a day for the ticket to show up.  (We also scan posts to make sure
+ or support queries. Just because something doesn't work the way you expect
- that security disclosures aren't publically posted by mistake.) Mail
+ does not mean it is necessarily a bug in OpenSSL.
 to this address is recorded in the public RT (request tracker) database
 (see https://www.openssl.org/community/index.html#bugs for details) and
 also forwarded the public openssl-dev mailing list.  Confidential mail
 may be sent to openssl-security@openssl.org (PGP key available from the
 key servers).
- Please do NOT use this for general assistance or support queries.
+ Note that mail to openssl-bugs@openssl.org is recorded in the publicly
- Just because something doesn't work the way you expect does not mean it
+ readable request tracker database and is forwarded to a public
- is necessarily a bug in OpenSSL.
+ mailing list. Confidential mail may be sent to openssl-security@openssl.org
-
+ (PGP key available from the key servers).
 You can also make GitHub pull requests. If you do this, please also send
 mail to rt@openssl.org with a link to the PR so that we can more easily
 keep track of it.
 HOW TO CONTRIBUTE TO OpenSSL
 ----------------------------
- See CONTRIBUTING
+ Development is coordinated on the openssl-dev mailing list (see
 http://www.openssl.org for information on subscribing). If you
 would like to submit a patch, send it to openssl-bugs@openssl.org with
 the string "[PATCH]" in the subject. Please be sure to include a
 textual explanation of what your patch does.
- LEGALITIES
+ If you are unsure as to whether a feature will be useful for the general
- ----------
+ OpenSSL community please discuss it on the openssl-dev mailing list first.
 Someone may be already working on the same thing or there may be a good
 reason as to why that feature isn't implemented.
 Patches should be as up to date as possible, preferably relative to the
 current Git or the last snapshot. They should follow the coding style of
 OpenSSL and compile without warnings. Some of the core team developer targets
 can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
 compiles on many varied platforms: try to ensure you only use portable
 features.
 Note: For legal reasons, contributions from the US can be accepted only
 if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
 (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
 please take some time to look at
    http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
 and
    http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
 for the details. If "your encryption source code is too large to serve as
 an email attachment", they are glad to receive it by fax instead; hope you
 have a cheap long-distance plan.
 Our preferred format for changes is "diff -u" output. You might
 generate it like this:
 # cd openssl-work
 # [your changes]
 # ./Configure dist; make clean
 # cd ..
 # diff -ur openssl-orig openssl-work > mydiffs.patch
 A number of nations, in particular the U.S., restrict the use or export
 of cryptography. If you are potentially subject to such restrictions
 you should seek competent professional legal advice before attempting to
 develop or distribute cryptographic code.
--- a/1350
+++ b/1350
--- a/apps/.cvsignore
+++ b/apps/.cvsignore
@@ -0,0 +1,8 @@
 openssl
 Makefile.save
 der_chop
 der_chop.bak
 CA.pl
 *.flc
 semantic.cache
 *.dll
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -39,7 +39,7 @@ E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa rsautl dsa dsaparam ec ecparam \
 	x509 genrsa gendsa genpkey s_server s_client speed \
 	s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \
-	pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts srp
+	pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts
 PROGS= $(PROGRAM).c
@@ -56,7 +56,7 @@ E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
 	x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
 	ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o \
-	spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o
+	spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o
 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
@@ -64,7 +64,7 @@ E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.
 	x509.c genrsa.c gendsa.c genpkey.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
 	ciphers.c nseq.c pkcs12.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c \
-	spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c srp.c
+	spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c
 SRC=$(E_SRC)
@@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend
 depend: local_depend
 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
 local_depend:
-	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -147,17 +147,15 @@ clean:
 	rm -f req
 $(DLIBSSL):
-	(cd ..; $(MAKE) build_libssl)
+	(cd ..; $(MAKE) DIRS=ssl all)
 $(DLIBCRYPTO):
-	(cd ..; $(MAKE) build_libcrypto)
+	(cd ..; $(MAKE) DIRS=crypto all)
 $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(EXE)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
 	elif [ -n "$(FIPSCANLIB)" ]; then \
 	  FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; export CC FIPSLD_CC; \
 	fi; \
 	LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
 	$(MAKE) -f $(TOP)/Makefile.shared -e \
@@ -250,13 +248,13 @@ ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-ciphers.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c
+ciphers.o: ciphers.c
 cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 cms.o: ../include/openssl/buffer.h ../include/openssl/cms.h
 cms.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -432,13 +430,13 @@ engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-engine.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-engine.o: ../include/openssl/x509v3.h apps.h engine.c
+engine.o: engine.c
 errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -453,13 +451,13 @@ errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-errstr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-errstr.o: ../include/openssl/x509v3.h apps.h errstr.c
+errstr.o: errstr.c
 gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -561,12 +559,12 @@ ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ocsp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
+ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
 openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -580,9 +578,8 @@ openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-openssl.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 openssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
 openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
@@ -797,13 +794,12 @@ s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_cb.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_cb.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+s_cb.o: ../include/openssl/x509v3.h apps.h s_apps.h s_cb.c
 s_cb.o: s_apps.h s_cb.c
 s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -819,8 +815,7 @@ s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-s_client.o: ../include/openssl/sha.h ../include/openssl/srp.h
+s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_client.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
 s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
@@ -844,7 +839,6 @@ s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_server.o: ../include/openssl/srp.h ../include/openssl/srtp.h
 s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -866,13 +860,13 @@ s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-s_socket.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c
+s_socket.o: s_apps.h s_socket.c
 s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -887,13 +881,13 @@ s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-s_time.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c
+s_time.o: s_apps.h s_time.c
 sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -908,13 +902,13 @@ sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-sess_id.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c
+sess_id.o: sess_id.c
 smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -944,19 +938,19 @@ speed.o: ../include/openssl/err.h ../include/openssl/evp.h
 speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
 speed.o: ../include/openssl/lhash.h ../include/openssl/md4.h
 speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-speed.o: ../include/openssl/modes.h ../include/openssl/obj_mac.h
+speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-speed.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/seed.h
-speed.o: ../include/openssl/seed.h ../include/openssl/sha.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
-speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-speed.o: ../include/openssl/ui_compat.h ../include/openssl/whrlpool.h
+speed.o: ../include/openssl/whrlpool.h ../include/openssl/x509.h
-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-speed.o: ../include/openssl/x509v3.h apps.h speed.c testdsa.h testrsa.h
+speed.o: speed.c testdsa.h testrsa.h
 spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -973,21 +967,6 @@ spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 spkac.o: spkac.c
 srp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 srp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 srp.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 srp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 srp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 srp.o: ../include/openssl/engine.h ../include/openssl/err.h
 srp.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 srp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 srp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 srp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 srp.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
 srp.o: ../include/openssl/sha.h ../include/openssl/srp.h
 srp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 srp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
 srp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h srp.c
 ts.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ts.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ts.o: ../include/openssl/conf.h ../include/openssl/crypto.h
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -119,6 +119,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
 # include <strings.h>
 #endif
 #include <sys/types.h>
 #include <ctype.h>
 #include <errno.h>
@@ -569,11 +572,6 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
        char *prompt = NULL;
        prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
        if (!prompt) {
            BIO_printf(bio_err, "Out of memory\n");
            UI_free(ui);
            return 0;
        }
        ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
        UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
@@ -583,12 +581,6 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
                                     PW_MIN_LENGTH, bufsiz - 1);
        if (ok >= 0 && verify) {
            buff = (char *)OPENSSL_malloc(bufsiz);
            if (!buff) {
                BIO_printf(bio_err, "Out of memory\n");
                UI_free(ui);
                OPENSSL_free(prompt);
                return 0;
            }
            ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
                                      PW_MIN_LENGTH, bufsiz - 1, buf);
        }
@@ -1244,11 +1236,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
        {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
        {NULL, 0, 0}
    };
-    if (set_multi_opts(flags, arg, ex_tbl) == 0)
+    return set_multi_opts(flags, arg, ex_tbl);
        return 0;
    if ((*flags & XN_FLAG_SEP_MASK) == 0)
        *flags |= XN_FLAG_SEP_CPLUS_SPC;
    return 1;
 }
 int set_ext_copy(int *copy_type, const char *arg)
@@ -2159,7 +2147,6 @@ int args_verify(char ***pargs, int *pargc,
    int purpose = 0, depth = -1;
    char **oldargs = *pargs;
    char *arg = **pargs, *argn = (*pargs)[1];
    time_t at_time = 0;
    if (!strcmp(arg, "-policy")) {
        if (!argn)
            *badarg = 1;
@@ -2197,22 +2184,6 @@ int args_verify(char ***pargs, int *pargc,
            }
        }
        (*pargs)++;
    } else if (strcmp(arg, "-attime") == 0) {
        if (!argn)
            *badarg = 1;
        else {
            long timestamp;
            /*
             * interpret the -attime argument as seconds since Epoch
             */
            if (sscanf(argn, "%li", &timestamp) != 1) {
                BIO_printf(bio_err, "Error parsing timestamp %s\n", argn);
                *badarg = 1;
            }
            /* on some platforms time_t may be a float */
            at_time = (time_t)timestamp;
        }
        (*pargs)++;
    } else if (!strcmp(arg, "-ignore_critical"))
        flags |= X509_V_FLAG_IGNORE_CRITICAL;
    else if (!strcmp(arg, "-issuer_checks"))
@@ -2239,8 +2210,6 @@ int args_verify(char ***pargs, int *pargc,
        flags |= X509_V_FLAG_NOTIFY_POLICY;
    else if (!strcmp(arg, "-check_ss_sig"))
        flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
    else if (!strcmp(arg, "-no_alt_chains"))
        flags |= X509_V_FLAG_NO_ALT_CHAINS;
    else
        return 0;
@@ -2267,9 +2236,6 @@ int args_verify(char ***pargs, int *pargc,
    if (depth >= 0)
        X509_VERIFY_PARAM_set_depth(*pm, depth);
    if (at_time)
        X509_VERIFY_PARAM_set_time(*pm, at_time);
 end:
    (*pargs)++;
@@ -2592,48 +2558,6 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
 #endif
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
 /*-
 * next_protos_parse parses a comma separated list of strings into a string
 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
 *   outlen: (output) set to the length of the resulting buffer on success.
 *   err: (maybe NULL) on failure, an error message line is written to this BIO.
 *   in: a NUL termianted string like "abc,def,ghi"
 *
 *   returns: a malloced buffer or NULL on failure.
 */
 unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
 {
    size_t len;
    unsigned char *out;
    size_t i, start = 0;
    len = strlen(in);
    if (len >= 65535)
        return NULL;
    out = OPENSSL_malloc(strlen(in) + 1);
    if (!out)
        return NULL;
    for (i = 0; i <= len; ++i) {
        if (i == len || in[i] == ',') {
            if (i - start > 255) {
                OPENSSL_free(out);
                return NULL;
            }
            out[start] = i - start;
            start = i + 1;
        } else
            out[i + 1] = in[i];
    }
    *outlen = len + 1;
    return out;
 }
 #endif                          /* !OPENSSL_NO_TLSEXT &&
                                 * !OPENSSL_NO_NEXTPROTONEG */
 /*
 * Platform-specific sections
 */
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -189,7 +189,6 @@ extern BIO *bio_err;
                        do { CONF_modules_unload(1); destroy_ui_method(); \
                        OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
                        CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
                        RAND_cleanup(); \
                        ERR_free_strings(); zlib_cleanup();} while(0)
 #  else
 #   define apps_startup() \
@@ -200,7 +199,6 @@ extern BIO *bio_err;
                        do { CONF_modules_unload(1); destroy_ui_method(); \
                        OBJ_cleanup(); EVP_cleanup(); \
                        CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
                        RAND_cleanup(); \
                        ERR_free_strings(); zlib_cleanup(); } while(0)
 #  endif
 # endif
@@ -320,12 +318,6 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
 int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
                 const char *algname, ENGINE *e, int do_param);
 int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
                 STACK_OF(OPENSSL_STRING) *sigopts);
 int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
                     STACK_OF(OPENSSL_STRING) *sigopts);
 int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
                     STACK_OF(OPENSSL_STRING) *sigopts);
 # ifndef OPENSSL_NO_PSK
 extern char *psk_key;
 # endif
@@ -334,11 +326,6 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
 void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
 # endif
 # if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
 unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
 # endif                         /* !OPENSSL_NO_TLSEXT &&
                                 * !OPENSSL_NO_NEXTPROTONEG */
 # define FORMAT_UNDEF    0
 # define FORMAT_ASN1     1
 # define FORMAT_TEXT     2
@@ -371,7 +358,4 @@ int raw_write_stdout(const void *, int);
 # define TM_START        0
 # define TM_STOP         1
 double app_tminterval(int stop, int usertime);
 # define OPENSSL_NO_SSL_INTERN
 #endif
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -313,9 +313,9 @@ int MAIN(int argc, char **argv)
            }
            typ = ASN1_TYPE_get(at);
            if ((typ == V_ASN1_OBJECT)
                || (typ == V_ASN1_BOOLEAN)
                || (typ == V_ASN1_NULL)) {
-                BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
+                BIO_printf(bio_err, "Can't parse %s type\n",
                           typ == V_ASN1_NULL ? "NULL" : "OBJECT");
                ERR_print_errors(bio_err);
                goto end;
            }
@@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
 {
    CONF *cnf = NULL;
    int len;
-    long errline = 0;
+    long errline;
    unsigned char *p;
    ASN1_TYPE *atyp = NULL;
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -99,19 +99,25 @@
 #undef PROG
 #define PROG ca_main
-#define BASE_SECTION            "ca"
+#define BASE_SECTION    "ca"
-#define CONFIG_FILE             "openssl.cnf"
+#define CONFIG_FILE "openssl.cnf"
 #define ENV_DEFAULT_CA          "default_ca"
-#define STRING_MASK             "string_mask"
+#define STRING_MASK     "string_mask"
 #define UTF8_IN                 "utf8"
 #define ENV_DIR                 "dir"
 #define ENV_CERTS               "certs"
 #define ENV_CRL_DIR             "crl_dir"
 #define ENV_CA_DB               "CA_DB"
 #define ENV_NEW_CERTS_DIR       "new_certs_dir"
 #define ENV_CERTIFICATE         "certificate"
 #define ENV_SERIAL              "serial"
 #define ENV_CRLNUMBER           "crlnumber"
 #define ENV_CRL                 "crl"
 #define ENV_PRIVATE_KEY         "private_key"
 #define ENV_RANDFILE            "RANDFILE"
 #define ENV_DEFAULT_DAYS        "default_days"
 #define ENV_DEFAULT_STARTDATE   "default_startdate"
 #define ENV_DEFAULT_ENDDATE     "default_enddate"
@@ -191,25 +197,23 @@ extern int EF_ALIGNMENT;
 static void lookup_fail(const char *name, const char *tag);
 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy,
-                   STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                   CA_DB *db, BIGNUM *serial, char *subj,
-                   BIGNUM *serial, char *subj, unsigned long chtype,
+                   unsigned long chtype, int multirdn, int email_dn,
-                   int multirdn, int email_dn, char *startdate, char *enddate,
+                   char *startdate, char *enddate, long days, int batch,
-                   long days, int batch, char *ext_sect, CONF *conf,
+                   char *ext_sect, CONF *conf, int verbose,
-                   int verbose, unsigned long certopt, unsigned long nameopt,
+                   unsigned long certopt, unsigned long nameopt,
                   int default_op, int ext_copy, int selfsign);
 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-                        const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                        const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy,
-                        STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                        CA_DB *db, BIGNUM *serial, char *subj,
-                        BIGNUM *serial, char *subj, unsigned long chtype,
+                        unsigned long chtype, int multirdn, int email_dn,
-                        int multirdn, int email_dn, char *startdate,
+                        char *startdate, char *enddate, long days, int batch,
-                        char *enddate, long days, int batch, char *ext_sect,
+                        char *ext_sect, CONF *conf, int verbose,
-                        CONF *conf, int verbose, unsigned long certopt,
+                        unsigned long certopt, unsigned long nameopt,
-                        unsigned long nameopt, int default_op, int ext_copy,
+                        int default_op, int ext_copy, ENGINE *e);
                        ENGINE *e);
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
                         X509 *x509, const EVP_MD *dgst,
                         STACK_OF(OPENSSL_STRING) *sigopts,
                         STACK_OF(CONF_VALUE) *policy, CA_DB *db,
                         BIGNUM *serial, char *subj, unsigned long chtype,
                         int multirdn, int email_dn, char *startdate,
@@ -219,12 +223,12 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
 static void write_new_certificate(BIO *bp, X509 *x, int output_der,
                                  int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
-                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy,
-                   STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
+                   CA_DB *db, BIGNUM *serial, char *subj,
-                   char *subj, unsigned long chtype, int multirdn,
+                   unsigned long chtype, int multirdn, int email_dn,
-                   int email_dn, char *startdate, char *enddate, long days,
+                   char *startdate, char *enddate, long days, int batch,
-                   int batch, int verbose, X509_REQ *req, char *ext_sect,
+                   int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
-                   CONF *conf, unsigned long certopt, unsigned long nameopt,
+                   unsigned long certopt, unsigned long nameopt,
                   int default_op, int ext_copy, int selfsign);
 static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
 static int get_certificate_status(const char *ser_status, CA_DB *db);
@@ -314,7 +318,6 @@ int MAIN(int argc, char **argv)
    const EVP_MD *dgst = NULL;
    STACK_OF(CONF_VALUE) *attribs = NULL;
    STACK_OF(X509) *cert_sk = NULL;
    STACK_OF(OPENSSL_STRING) *sigopts = NULL;
 #undef BSIZE
 #define BSIZE 256
    MS_STATIC char buf[3][BSIZE];
@@ -422,13 +425,6 @@ int MAIN(int argc, char **argv)
            if (--argc < 1)
                goto bad;
            outdir = *(++argv);
        } else if (strcmp(*argv, "-sigopt") == 0) {
            if (--argc < 1)
                goto bad;
            if (!sigopts)
                sigopts = sk_OPENSSL_STRING_new_null();
            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
                goto bad;
        } else if (strcmp(*argv, "-notext") == 0)
            notext = 1;
        else if (strcmp(*argv, "-batch") == 0)
@@ -552,18 +548,10 @@ int MAIN(int argc, char **argv)
 #ifdef OPENSSL_SYS_VMS
        len = strlen(s) + sizeof(CONFIG_FILE);
        tofree = OPENSSL_malloc(len);
        if (!tofree) {
            BIO_printf(bio_err, "Out of memory\n");
            goto err;
        }
        strcpy(tofree, s);
 #else
        len = strlen(s) + sizeof(CONFIG_FILE) + 1;
        tofree = OPENSSL_malloc(len);
        if (!tofree) {
            BIO_printf(bio_err, "Out of memory\n");
            goto err;
        }
        BUF_strlcpy(tofree, s, len);
        BUF_strlcat(tofree, "/", len);
 #endif
@@ -661,7 +649,7 @@ int MAIN(int argc, char **argv)
        ERR_clear_error();
 #ifdef RL_DEBUG
    if (!p)
-        BIO_printf(bio_err, "DEBUG: unique_subject undefined\n");
+        BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
 #endif
 #ifdef RL_DEBUG
    BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
@@ -1102,10 +1090,10 @@ int MAIN(int argc, char **argv)
        }
        if (spkac_file != NULL) {
            total++;
-            j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts,
+            j = certify_spkac(&x, spkac_file, pkey, x509, dgst, attribs, db,
-                              attribs, db, serial, subj, chtype, multirdn,
+                              serial, subj, chtype, multirdn, email_dn,
-                              email_dn, startdate, enddate, days, extensions,
+                              startdate, enddate, days, extensions, conf,
-                              conf, verbose, certopt, nameopt, default_op,
+                              verbose, certopt, nameopt, default_op,
                              ext_copy);
            if (j < 0)
                goto err;
@@ -1126,8 +1114,7 @@ int MAIN(int argc, char **argv)
        }
        if (ss_cert_file != NULL) {
            total++;
-            j = certify_cert(&x, ss_cert_file, pkey, x509, dgst, sigopts,
+            j = certify_cert(&x, ss_cert_file, pkey, x509, dgst, attribs,
                             attribs,
                             db, serial, subj, chtype, multirdn, email_dn,
                             startdate, enddate, days, batch, extensions,
                             conf, verbose, certopt, nameopt, default_op,
@@ -1147,7 +1134,7 @@ int MAIN(int argc, char **argv)
        }
        if (infile != NULL) {
            total++;
-            j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db,
+            j = certify(&x, infile, pkey, x509p, dgst, attribs, db,
                        serial, subj, chtype, multirdn, email_dn, startdate,
                        enddate, days, batch, extensions, conf, verbose,
                        certopt, nameopt, default_op, ext_copy, selfsign);
@@ -1166,7 +1153,7 @@ int MAIN(int argc, char **argv)
        }
        for (i = 0; i < argc; i++) {
            total++;
-            j = certify(&x, argv[i], pkey, x509p, dgst, sigopts, attribs, db,
+            j = certify(&x, argv[i], pkey, x509p, dgst, attribs, db,
                        serial, subj, chtype, multirdn, email_dn, startdate,
                        enddate, days, batch, extensions, conf, verbose,
                        certopt, nameopt, default_op, ext_copy, selfsign);
@@ -1318,7 +1305,6 @@ int MAIN(int argc, char **argv)
            if (!NCONF_get_number(conf, section,
                                  ENV_DEFAULT_CRL_HOURS, &crlhours))
                crlhours = 0;
            ERR_clear_error();
        }
        if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) {
            BIO_printf(bio_err,
@@ -1415,7 +1401,7 @@ int MAIN(int argc, char **argv)
            crlnumber = NULL;
        }
-        if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, sigopts))
+        if (!X509_CRL_sign(crl, pkey, dgst))
            goto err;
        PEM_write_bio_X509_CRL(Sout, crl);
@@ -1470,8 +1456,6 @@ int MAIN(int argc, char **argv)
    BN_free(serial);
    BN_free(crlnumber);
    free_index(db);
    if (sigopts)
        sk_OPENSSL_STRING_free(sigopts);
    EVP_PKEY_free(pkey);
    if (x509)
        X509_free(x509);
@@ -1489,12 +1473,12 @@ static void lookup_fail(const char *name, const char *tag)
 }
 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy,
-                   STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                   CA_DB *db, BIGNUM *serial, char *subj,
-                   BIGNUM *serial, char *subj, unsigned long chtype,
+                   unsigned long chtype, int multirdn, int email_dn,
-                   int multirdn, int email_dn, char *startdate, char *enddate,
+                   char *startdate, char *enddate, long days, int batch,
-                   long days, int batch, char *ext_sect, CONF *lconf,
+                   char *ext_sect, CONF *lconf, int verbose,
-                   int verbose, unsigned long certopt, unsigned long nameopt,
+                   unsigned long certopt, unsigned long nameopt,
                   int default_op, int ext_copy, int selfsign)
 {
    X509_REQ *req = NULL;
@@ -1545,10 +1529,10 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
    } else
        BIO_printf(bio_err, "Signature ok\n");
-    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+    ok = do_body(xret, pkey, x509, dgst, policy, db, serial, subj, chtype,
-                 chtype, multirdn, email_dn, startdate, enddate, days, batch,
+                 multirdn, email_dn, startdate, enddate, days, batch, verbose,
-                 verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
+                 req, ext_sect, lconf, certopt, nameopt, default_op, ext_copy,
-                 ext_copy, selfsign);
+                 selfsign);
 err:
    if (req != NULL)
@@ -1559,14 +1543,13 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 }
 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-                        const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                        const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy,
-                        STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                        CA_DB *db, BIGNUM *serial, char *subj,
-                        BIGNUM *serial, char *subj, unsigned long chtype,
+                        unsigned long chtype, int multirdn, int email_dn,
-                        int multirdn, int email_dn, char *startdate,
+                        char *startdate, char *enddate, long days, int batch,
-                        char *enddate, long days, int batch, char *ext_sect,
+                        char *ext_sect, CONF *lconf, int verbose,
-                        CONF *lconf, int verbose, unsigned long certopt,
+                        unsigned long certopt, unsigned long nameopt,
-                        unsigned long nameopt, int default_op, int ext_copy,
+                        int default_op, int ext_copy, ENGINE *e)
                        ENGINE *e)
 {
    X509 *req = NULL;
    X509_REQ *rreq = NULL;
@@ -1602,9 +1585,9 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
    if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
        goto err;
-    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+    ok = do_body(xret, pkey, x509, dgst, policy, db, serial, subj, chtype,
-                 chtype, multirdn, email_dn, startdate, enddate, days, batch,
+                 multirdn, email_dn, startdate, enddate, days, batch, verbose,
-                 verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op,
+                 rreq, ext_sect, lconf, certopt, nameopt, default_op,
                 ext_copy, 0);
 err:
@@ -1616,12 +1599,12 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 }
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
-                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy,
-                   STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
+                   CA_DB *db, BIGNUM *serial, char *subj,
-                   char *subj, unsigned long chtype, int multirdn,
+                   unsigned long chtype, int multirdn, int email_dn,
-                   int email_dn, char *startdate, char *enddate, long days,
+                   char *startdate, char *enddate, long days, int batch,
-                   int batch, int verbose, X509_REQ *req, char *ext_sect,
+                   int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
-                   CONF *lconf, unsigned long certopt, unsigned long nameopt,
+                   unsigned long certopt, unsigned long nameopt,
                   int default_op, int ext_copy, int selfsign)
 {
    X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
@@ -2088,7 +2071,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
        EVP_PKEY_copy_parameters(pktmp, pkey);
    EVP_PKEY_free(pktmp);
-    if (!do_X509_sign(bio_err, ret, pkey, dgst, sigopts))
+    if (!X509_sign(ret, pkey, dgst))
        goto err;
    /* We now just add it to the database */
@@ -2181,7 +2164,6 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der,
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
                         X509 *x509, const EVP_MD *dgst,
                         STACK_OF(OPENSSL_STRING) *sigopts,
                         STACK_OF(CONF_VALUE) *policy, CA_DB *db,
                         BIGNUM *serial, char *subj, unsigned long chtype,
                         int multirdn, int email_dn, char *startdate,
@@ -2304,10 +2286,10 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
    X509_REQ_set_pubkey(req, pktmp);
    EVP_PKEY_free(pktmp);
-    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+    ok = do_body(xret, pkey, x509, dgst, policy, db, serial, subj, chtype,
-                 chtype, multirdn, email_dn, startdate, enddate, days, 1,
+                 multirdn, email_dn, startdate, enddate, days, 1, verbose,
-                 verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
+                 req, ext_sect, lconf, certopt, nameopt, default_op, ext_copy,
-                 ext_copy, 0);
+                 0);
 err:
    if (req != NULL)
        X509_REQ_free(req);
@@ -2514,8 +2496,6 @@ static int do_updatedb(CA_DB *db)
    char **rrow, *a_tm_s;
    a_tm = ASN1_UTCTIME_new();
    if (a_tm == NULL)
        return -1;
    /* get actual time and make a string */
    a_tm = X509_gmtime_adj(a_tm, 0);
@@ -2799,11 +2779,6 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
    ASN1_GENERALIZEDTIME *comp_time = NULL;
    tmp = BUF_strdup(str);
    if (!tmp) {
        BIO_printf(bio_err, "memory allocation failure\n");
        goto err;
    }
    p = strchr(tmp, ',');
    rtime_str = tmp;
@@ -2821,10 +2796,6 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
    if (prevtm) {
        *prevtm = ASN1_UTCTIME_new();
        if (!*prevtm) {
            BIO_printf(bio_err, "memory allocation failure\n");
            goto err;
        }
        if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
            BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
            goto err;
@@ -2865,10 +2836,6 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
                goto err;
            }
            comp_time = ASN1_GENERALIZEDTIME_new();
            if (!comp_time) {
                BIO_printf(bio_err, "memory allocation failure\n");
                goto err;
            }
            if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) {
                BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
                goto err;
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -182,7 +182,7 @@ int MAIN(int argc, char **argv)
            c = sk_SSL_CIPHER_value(sk, i);
            if (Verbose) {
-                unsigned long id = SSL_CIPHER_get_id(c);
+                unsigned long id = c->id;
                int id0 = (int)(id >> 24);
                int id1 = (int)((id >> 16) & 0xffL);
                int id2 = (int)((id >> 8) & 0xffL);
--- a/apps/client.pem
+++ b/apps/client.pem
@@ -1,52 +1,24 @@
-subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512 bit)
 -----BEGIN CERTIFICATE-----
-MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+MIIB6TCCAVICAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU2WhcNOTgwNjA5
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
+MTM1NzU2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0IGNl
-RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i2Plw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
+Z1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs62NNt
-+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
+XrT8odkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBwtMmI7oGUG8nKmftQssATViH5
-lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
+NRRtoEw07DxJp/LfatHdrhqQB73eGdL5WILZJXk46Xz2e9WMSUjVCSYhdKxtflU3
-nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
+UR2Ajv1Oo0sTNdfz0wDqJNirLNtzyhhsaq8qMTrLwXrCP31VxBiigFSQSUFnZyTE
-x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
+9TKwhS4GlwbtCfxSKQ==
 bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
 AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
 AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
 BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
 hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS
 curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB
 IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b
 vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2
 QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm
 CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
+MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
-wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
+q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
-agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
+/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
-mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
+HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
-MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
+ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
-HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
+nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
-p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
+ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
 KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
 1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
 L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
 LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
 Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
 /bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
 1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
 1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
 NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
 zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
 mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
 5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
 u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
 HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
 tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
 SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
 kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
 1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
 -----END RSA PRIVATE KEY-----
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -137,7 +137,6 @@ int MAIN(int argc, char **argv)
    char *engine = NULL;
 # endif
    unsigned char *secret_key = NULL, *secret_keyid = NULL;
    unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
    size_t secret_keylen = 0, secret_keyidlen = 0;
    ASN1_OBJECT *econtent_type = NULL;
@@ -314,11 +313,6 @@ int MAIN(int argc, char **argv)
                goto argerr;
            }
            secret_keyidlen = (size_t)ltmp;
        } else if (!strcmp(*args, "-pwri_password")) {
            if (!args[1])
                goto argerr;
            args++;
            pwri_pass = (unsigned char *)*args;
        } else if (!strcmp(*args, "-econtent_type")) {
            if (!args[1])
                goto argerr;
@@ -496,13 +490,13 @@ int MAIN(int argc, char **argv)
    }
    else if (operation == SMIME_DECRYPT) {
-        if (!recipfile && !keyfile && !secret_key && !pwri_pass) {
+        if (!recipfile && !keyfile && !secret_key) {
            BIO_printf(bio_err,
                       "No recipient certificate or key specified\n");
            badarg = 1;
        }
    } else if (operation == SMIME_ENCRYPT) {
-        if (!*args && !secret_key && !pwri_pass) {
+        if (!*args && !secret_key) {
            BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
            badarg = 1;
        }
@@ -580,8 +574,6 @@ int MAIN(int argc, char **argv)
        BIO_printf(bio_err,
                   "-CApath dir    trusted certificates directory\n");
        BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
        BIO_printf(bio_err,
                   "-no_alt_chains only ever use the first certificate chain found\n");
        BIO_printf(bio_err,
                   "-crl_check     check revocation status of signer's certificate using CRLs\n");
        BIO_printf(bio_err,
@@ -818,16 +810,6 @@ int MAIN(int argc, char **argv)
            secret_key = NULL;
            secret_keyid = NULL;
        }
        if (pwri_pass) {
            pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass);
            if (!pwri_tmp)
                goto end;
            if (!CMS_add0_recipient_password(cms,
                                             -1, NID_undef, NID_undef,
                                             pwri_tmp, -1, NULL))
                goto end;
            pwri_tmp = NULL;
        }
        if (!(flags & CMS_STREAM)) {
            if (!CMS_final(cms, in, NULL, flags))
                goto end;
@@ -933,13 +915,6 @@ int MAIN(int argc, char **argv)
            }
        }
        if (pwri_pass) {
            if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
                BIO_puts(bio_err, "Error decrypting CMS using password\n");
                goto end;
            }
        }
        if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) {
            BIO_printf(bio_err, "Error decrypting CMS structure\n");
            goto end;
@@ -1037,8 +1012,6 @@ int MAIN(int argc, char **argv)
        OPENSSL_free(secret_key);
    if (secret_keyid)
        OPENSSL_free(secret_keyid);
    if (pwri_tmp)
        OPENSSL_free(pwri_tmp);
    if (econtent_type)
        ASN1_OBJECT_free(econtent_type);
    if (rr)
--- a/apps/demoSRP/srp_verifier.txt
+++ b/apps/demoSRP/srp_verifier.txt
@@ -1,6 +0,0 @@
 # This is a file that will be filled by the openssl srp routine.
 # You can initialize the file with additional groups, these are
 # records starting with a I followed by the g and N values and the id.
 # The exact values ... you have to dig this out from the source of srp.c
 # or srp_vfy.c
 # The last value of an I is used as the default group for new users.  
--- a/apps/demoSRP/srp_verifier.txt.attr
+++ b/apps/demoSRP/srp_verifier.txt.attr
@@ -1 +0,0 @@
 unique_subject = yes
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -127,7 +127,6 @@ int MAIN(int argc, char **argv)
 #endif
    char *hmac_key = NULL;
    char *mac_name = NULL;
    int non_fips_allow = 0;
    STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
    apps_startup();
@@ -207,10 +206,6 @@ int MAIN(int argc, char **argv)
            out_bin = 1;
        else if (strcmp(*argv, "-d") == 0)
            debug = 1;
        else if (!strcmp(*argv, "-fips-fingerprint"))
            hmac_key = "etaonrishdlcupfm";
        else if (strcmp(*argv, "-non-fips-allow") == 0)
            non_fips_allow = 1;
        else if (!strcmp(*argv, "-hmac")) {
            if (--argc < 1)
                break;
@@ -257,8 +252,6 @@ int MAIN(int argc, char **argv)
        BIO_printf(bio_err, "-d              to output debug info\n");
        BIO_printf(bio_err, "-hex            output as hex dump\n");
        BIO_printf(bio_err, "-binary         output in binary form\n");
        BIO_printf(bio_err, "-hmac arg       set the HMAC key to arg\n");
        BIO_printf(bio_err, "-non-fips-allow allow use of non FIPS digest\n");
        BIO_printf(bio_err,
                   "-sign   file    sign digest using private key in file\n");
        BIO_printf(bio_err,
@@ -287,11 +280,6 @@ int MAIN(int argc, char **argv)
    in = BIO_new(BIO_s_file());
    bmd = BIO_new(BIO_f_md());
    if ((in == NULL) || (bmd == NULL)) {
        ERR_print_errors(bio_err);
        goto end;
    }
    if (debug) {
        BIO_set_callback(in, BIO_debug_callback);
        /* needed for windows 3.1 */
@@ -303,6 +291,11 @@ int MAIN(int argc, char **argv)
        goto end;
    }
    if ((in == NULL) || (bmd == NULL)) {
        ERR_print_errors(bio_err);
        goto end;
    }
    if (out_bin == -1) {
        if (keyfile)
            out_bin = 1;
@@ -384,12 +377,6 @@ int MAIN(int argc, char **argv)
            goto end;
    }
    if (non_fips_allow) {
        EVP_MD_CTX *md_ctx;
        BIO_get_md_ctx(bmd, &md_ctx);
        EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
    }
    if (hmac_key) {
        sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
                                      (unsigned char *)hmac_key, -1);
@@ -448,11 +435,6 @@ int MAIN(int argc, char **argv)
            ERR_print_errors(bio_err);
            goto end;
        }
        if (!sigbuf) {
            BIO_printf(bio_err, "Out of memory\n");
            ERR_print_errors(bio_err);
            goto end;
        }
        siglen = BIO_read(sigbio, sigbuf, siglen);
        BIO_free(sigbio);
        if (siglen <= 0) {
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -130,7 +130,7 @@
 # undef PROG
 # define PROG    dhparam_main
-# define DEFBITS 2048
+# define DEFBITS 512
 /*-
 * -inform arg  - input format - default PEM (DER or PEM)
@@ -254,7 +254,7 @@ int MAIN(int argc, char **argv)
        BIO_printf(bio_err,
                   " -5            generate parameters using  5 as the generator value\n");
        BIO_printf(bio_err,
-                   " numbits       number of bits in to generate (default 2048)\n");
+                   " numbits       number of bits in to generate (default 512)\n");
 # ifndef OPENSSL_NO_ENGINE
        BIO_printf(bio_err,
                   " -engine e     use engine e, possibly a hardware device.\n");
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -310,7 +310,6 @@ int MAIN(int argc, char **argv)
                goto end;
            }
 # endif
            ERR_print_errors(bio_err);
            BIO_printf(bio_err, "Error, DSA key generation failed\n");
            goto end;
        }
@@ -406,11 +405,8 @@ int MAIN(int argc, char **argv)
        assert(need_rand);
        if ((dsakey = DSAparams_dup(dsa)) == NULL)
            goto end;
-        if (!DSA_generate_key(dsakey)) {
+        if (!DSA_generate_key(dsakey))
            ERR_print_errors(bio_err);
            DSA_free(dsakey);
            goto end;
        }
        if (outformat == FORMAT_ASN1)
            i = i2d_DSAPrivateKey_bio(out, dsakey);
        else if (outformat == FORMAT_PEM)
@@ -418,7 +414,6 @@ int MAIN(int argc, char **argv)
                                            NULL);
        else {
            BIO_printf(bio_err, "bad output format specified for outfile\n");
            DSA_free(dsakey);
            goto end;
        }
        DSA_free(dsakey);
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -413,13 +413,14 @@ int MAIN(int argc, char **argv)
    }
    if (check) {
        if (group == NULL)
            BIO_printf(bio_err, "no elliptic curve parameters\n");
        BIO_printf(bio_err, "checking elliptic curve parameters: ");
        if (!EC_GROUP_check(group, NULL)) {
            BIO_printf(bio_err, "failed\n");
            ERR_print_errors(bio_err);
-            goto end;
+        } else
-        }
+            BIO_printf(bio_err, "ok\n");
        BIO_printf(bio_err, "ok\n");
    }
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -130,7 +130,6 @@ int MAIN(int argc, char **argv)
    char *engine = NULL;
 #endif
    const EVP_MD *dgst = NULL;
    int non_fips_allow = 0;
    apps_startup();
@@ -266,10 +265,8 @@ int MAIN(int argc, char **argv)
            if (--argc < 1)
                goto bad;
            md = *(++argv);
-        } else if (strcmp(*argv, "-non-fips-allow") == 0)
+        } else if ((argv[0][0] == '-') &&
-            non_fips_allow = 1;
+                   ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
        else if ((argv[0][0] == '-') &&
                 ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
            cipher = c;
        } else if (strcmp(*argv, "-none") == 0)
            cipher = NULL;
@@ -326,18 +323,6 @@ int MAIN(int argc, char **argv)
    setup_engine(bio_err, engine, 0);
 #endif
    if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
        BIO_printf(bio_err,
                   "AEAD ciphers not supported by the enc utility\n");
        goto end;
    }
    if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
        BIO_printf(bio_err,
                   "Ciphers in XTS mode are not supported by the enc utility\n");
        goto end;
    }
    if (md && (dgst = EVP_get_digestbyname(md)) == NULL) {
        BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
        goto end;
@@ -548,14 +533,9 @@ int MAIN(int argc, char **argv)
            else
                OPENSSL_cleanse(str, strlen(str));
        }
-        if (hiv != NULL) {
+        if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
-            int siz = EVP_CIPHER_iv_length(cipher);
+            BIO_printf(bio_err, "invalid hex iv value\n");
-            if (siz == 0) {
+            goto end;
                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
            } else if (!set_hex(hiv, iv, sizeof iv)) {
                BIO_printf(bio_err, "invalid hex iv value\n");
                goto end;
            }
        }
        if ((hiv == NULL) && (str == NULL)
            && EVP_CIPHER_iv_length(cipher) != 0) {
@@ -567,7 +547,7 @@ int MAIN(int argc, char **argv)
            BIO_printf(bio_err, "iv undefined\n");
            goto end;
        }
-        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
+        if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
            BIO_printf(bio_err, "invalid hex key value\n");
            goto end;
        }
@@ -581,10 +561,6 @@ int MAIN(int argc, char **argv)
         */
        BIO_get_cipher_ctx(benc, &ctx);
        if (non_fips_allow)
            EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
        if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
            BIO_printf(bio_err, "Error setting cipher %s\n",
                       EVP_CIPHER_name(cipher));
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -1,4 +1,4 @@
-/* apps/engine.c */
+/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
 /*
 * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
 * 2000.
@@ -99,6 +99,8 @@ static void identity(char *ptr)
 static int append_buf(char **buf, const char *s, int *size, int step)
 {
    int l = strlen(s);
    if (*buf == NULL) {
        *size = step;
        *buf = OPENSSL_malloc(*size);
@@ -107,6 +109,9 @@ static int append_buf(char **buf, const char *s, int *size, int step)
        **buf = '\0';
    }
    if (**buf != '\0')
        l += 2;                 /* ", " */
    if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
        *size += step;
        *buf = OPENSSL_realloc(*buf, *size);
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -80,7 +80,7 @@
 # include <openssl/x509.h>
 # include <openssl/pem.h>
-# define DEFBITS 2048
+# define DEFBITS 512
 # undef PROG
 # define PROG gendh_main
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -80,7 +80,7 @@
 # include <openssl/pem.h>
 # include <openssl/rand.h>
-# define DEFBITS 1024
+# define DEFBITS 512
 # undef PROG
 # define PROG genrsa_main
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -184,7 +184,7 @@ $ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DH,DHPARAM,ENC,PASSWD,GENDH,ERRSTR,"+-
 	      	"X509,GENRSA,GENDSA,GENPKEY,S_SERVER,S_CLIENT,SPEED,"+-
 	      	"S_TIME,APPS,S_CB,S_SOCKET,APP_RAND,VERSION,SESS_ID,"+-
 	      	"CIPHERS,NSEQ,PKCS12,PKCS8,PKEY,PKEYPARAM,PKEYUTL,"+ -
-	      	"SPKAC,SMIME,CMS,RAND,ENGINE,OCSP,PRIME,TS,SRP"
+	      	"SPKAC,SMIME,CMS,RAND,ENGINE,OCSP,PRIME,TS"
 $!
 $ LIB_OPENSSL = LIB_OPENSSL+ ",VMS_DECC_INIT"
 $!
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -518,8 +518,6 @@ int MAIN(int argc, char **argv)
                   "-CApath dir          trusted certificates directory\n");
        BIO_printf(bio_err,
                   "-CAfile file         trusted certificates file\n");
        BIO_printf(bio_err,
                   "-no_alt_chains       only ever use the first certificate chain found\n");
        BIO_printf(bio_err,
                   "-VAfile file         validator certificates file\n");
        BIO_printf(bio_err,
@@ -1003,7 +1001,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
    bs = OCSP_BASICRESP_new();
    thisupd = X509_gmtime_adj(NULL, 0);
    if (ndays != -1)
-        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
+        nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
    /* Examine each certificate id in the request */
    for (i = 0; i < id_count; i++) {
@@ -1220,8 +1218,8 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
        return NULL;
    }
-    if (BIO_get_fd(cbio, &fd) < 0) {
+    if (BIO_get_fd(cbio, &fd) <= 0) {
-        BIO_puts(bio_err, "Can't get connection fd\n");
+        BIO_puts(err, "Can't get connection fd\n");
        goto err;
    }
@@ -1302,7 +1300,16 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
        BIO_set_conn_port(cbio, port);
    if (use_ssl == 1) {
        BIO *sbio;
 # if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
        ctx = SSL_CTX_new(SSLv23_client_method());
 # elif !defined(OPENSSL_NO_SSL3)
        ctx = SSL_CTX_new(SSLv3_client_method());
 # elif !defined(OPENSSL_NO_SSL2)
        ctx = SSL_CTX_new(SSLv2_client_method());
 # else
        BIO_printf(err, "SSL is disabled\n");
        goto end;
 # endif
        if (ctx == NULL) {
            BIO_printf(err, "Error creating SSL context.\n");
            goto end;
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -117,7 +117,6 @@
 #include "apps.h"
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
 #include <openssl/x509.h>
@@ -131,9 +130,6 @@
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
 #ifdef OPENSSL_FIPS
 # include <openssl/fips.h>
 #endif
 /*
 * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
@@ -308,19 +304,6 @@ int main(int Argc, char *ARGV[])
        CRYPTO_set_locking_callback(lock_dbg_cb);
    }
    if (getenv("OPENSSL_FIPS")) {
 #ifdef OPENSSL_FIPS
        if (!FIPS_mode_set(1)) {
            ERR_load_crypto_strings();
            ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
            EXIT(1);
        }
 #else
        fprintf(stderr, "FIPS mode not supported.\n");
        EXIT(1);
 #endif
    }
    apps_startup();
    /* Lets load up our environment a little */
@@ -428,19 +411,19 @@ int main(int Argc, char *ARGV[])
    if (arg.data != NULL)
        OPENSSL_free(arg.data);
    apps_shutdown();
    CRYPTO_mem_leaks(bio_err);
    if (bio_err != NULL) {
        BIO_free(bio_err);
        bio_err = NULL;
    }
 #if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
    /* Free any duplicate Argv[] storage. */
    if (free_Argv) {
        OPENSSL_free(Argv);
    }
 #endif
    apps_shutdown();
    CRYPTO_mem_leaks(bio_err);
    if (bio_err != NULL) {
        BIO_free(bio_err);
        bio_err = NULL;
    }
    OPENSSL_EXIT(ret);
 }
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -79,8 +79,7 @@ const EVP_CIPHER *enc;
 # define CLCERTS         0x8
 # define CACERTS         0x10
-static int get_cert_chain(X509 *cert, X509_STORE *store,
+int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
                          STACK_OF(X509) **chain);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
                        int options, char *pempass);
 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@@ -117,7 +116,7 @@ int MAIN(int argc, char **argv)
    int maciter = PKCS12_DEFAULT_ITER;
    int twopass = 0;
    int keytype = 0;
-    int cert_pbe;
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    int ret = 1;
    int macver = 1;
@@ -142,13 +141,6 @@ int MAIN(int argc, char **argv)
    if (!load_config(bio_err, NULL))
        goto end;
 # ifdef OPENSSL_FIPS
    if (FIPS_mode())
        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    else
 # endif
        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
    args = argv + 1;
    while (*args) {
@@ -595,7 +587,7 @@ int MAIN(int argc, char **argv)
            vret = get_cert_chain(ucert, store, &chain2);
            X509_STORE_free(store);
-            if (vret == X509_V_OK) {
+            if (!vret) {
                /* Exclude verified certificate */
                for (i = 1; i < sk_X509_num(chain2); i++)
                    sk_X509_push(certs, sk_X509_value(chain2, i));
@@ -603,7 +595,7 @@ int MAIN(int argc, char **argv)
                X509_free(sk_X509_value(chain2, 0));
                sk_X509_free(chain2);
            } else {
-                if (vret != X509_V_ERR_UNSPECIFIED)
+                if (vret >= 0)
                    BIO_printf(bio_err, "Error %s getting chain.\n",
                               X509_verify_cert_error_string(vret));
                else
@@ -907,25 +899,36 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 /* Given a single certificate return a verified chain or NULL if error */
-static int get_cert_chain(X509 *cert, X509_STORE *store,
+/* Hope this is OK .... */
-                          STACK_OF(X509) **chain)
+
 int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 {
    X509_STORE_CTX store_ctx;
-    STACK_OF(X509) *chn = NULL;
+    STACK_OF(X509) *chn;
    int i = 0;
-    if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
+    /*
-        *chain = NULL;
+     * FIXME: Should really check the return status of X509_STORE_CTX_init
-        return X509_V_ERR_UNSPECIFIED;
+     * for an error, but how that fits into the return value of this function
-    }
+     * is less obvious.
-
+     */
-    if (X509_verify_cert(&store_ctx) > 0)
+    X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
    if (X509_verify_cert(&store_ctx) <= 0) {
        i = X509_STORE_CTX_get_error(&store_ctx);
        if (i == 0)
            /*
             * avoid returning 0 if X509_verify_cert() did not set an
             * appropriate error value in the context
             */
            i = -1;
        chn = NULL;
        goto err;
    } else
        chn = X509_STORE_CTX_get1_chain(&store_ctx);
-    else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
+ err:
        i = X509_V_ERR_UNSPECIFIED;
    X509_STORE_CTX_cleanup(&store_ctx);
    *chain = chn;
    return i;
 }
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -189,11 +189,11 @@ int MAIN(int argc, char **argv)
    if (infile == NULL)
        BIO_set_fp(in, stdin, BIO_NOCLOSE);
    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+        if (BIO_read_filename(in, infile) <= 0)
-            BIO_printf(bio_err, "unable to load input file\n");
+            if (in == NULL) {
-            ERR_print_errors(bio_err);
+                perror(infile);
-            goto end;
+                goto end;
-        }
+            }
    }
    if (informat == FORMAT_ASN1)
@@ -235,16 +235,12 @@ int MAIN(int argc, char **argv)
        i = OBJ_obj2nid(p7->type);
        switch (i) {
        case NID_pkcs7_signed:
-            if (p7->d.sign != NULL) {
+            certs = p7->d.sign->cert;
-                certs = p7->d.sign->cert;
+            crls = p7->d.sign->crl;
                crls = p7->d.sign->crl;
            }
            break;
        case NID_pkcs7_signedAndEnveloped:
-            if (p7->d.signed_and_enveloped != NULL) {
+            certs = p7->d.signed_and_enveloped->cert;
-                certs = p7->d.signed_and_enveloped->cert;
+            crls = p7->d.signed_and_enveloped->crl;
                crls = p7->d.signed_and_enveloped->crl;
            }
            break;
        default:
            break;
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -46,7 +46,6 @@ extern int engine_main(int argc, char *argv[]);
 extern int ocsp_main(int argc, char *argv[]);
 extern int prime_main(int argc, char *argv[]);
 extern int ts_main(int argc, char *argv[]);
 extern int srp_main(int argc, char *argv[]);
 #define FUNC_TYPE_GENERAL       1
 #define FUNC_TYPE_MD            2
@@ -148,9 +147,6 @@ FUNCTION functions[] = {
 #endif
    {FUNC_TYPE_GENERAL, "prime", prime_main},
    {FUNC_TYPE_GENERAL, "ts", ts_main},
 #ifndef OPENSSL_NO_SRP
    {FUNC_TYPE_GENERAL, "srp", srp_main},
 #endif
 #ifndef OPENSSL_NO_MD2
    {FUNC_TYPE_MD, "md2", dgst_main},
 #endif
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -51,8 +51,6 @@ foreach (@ARGV)
 		{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^ocsp$/))
 		{ print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n"; }
 	elsif ( ($_ =~ /^srp$/))
 		{ print "#ifndef OPENSSL_NO_SRP\n${str}#endif\n"; }
 	else
 		{ print $str; }
 	}
--- a/apps/req.c
+++ b/apps/req.c
@@ -169,7 +169,7 @@ int MAIN(int argc, char **argv)
    EVP_PKEY_CTX *genctx = NULL;
    const char *keyalg = NULL;
    char *keyalgstr = NULL;
-    STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL;
+    STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
    EVP_PKEY *pkey = NULL;
    int i = 0, badops = 0, newreq = 0, verbose = 0, pkey_type = -1;
    long newkey = -1;
@@ -295,13 +295,6 @@ int MAIN(int argc, char **argv)
                pkeyopts = sk_OPENSSL_STRING_new_null();
            if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv)))
                goto bad;
        } else if (strcmp(*argv, "-sigopt") == 0) {
            if (--argc < 1)
                goto bad;
            if (!sigopts)
                sigopts = sk_OPENSSL_STRING_new_null();
            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
                goto bad;
        } else if (strcmp(*argv, "-batch") == 0)
            batch = 1;
        else if (strcmp(*argv, "-newhdr") == 0)
@@ -825,8 +818,7 @@ int MAIN(int argc, char **argv)
                goto end;
            }
-            i = do_X509_sign(bio_err, x509ss, pkey, digest, sigopts);
+            if (!(i = X509_sign(x509ss, pkey, digest))) {
            if (!i) {
                ERR_print_errors(bio_err);
                goto end;
            }
@@ -846,8 +838,7 @@ int MAIN(int argc, char **argv)
                           req_exts);
                goto end;
            }
-            i = do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts);
+            if (!(i = X509_REQ_sign(req, pkey, digest))) {
            if (!i) {
                ERR_print_errors(bio_err);
                goto end;
            }
@@ -1028,8 +1019,6 @@ int MAIN(int argc, char **argv)
        EVP_PKEY_CTX_free(genctx);
    if (pkeyopts)
        sk_OPENSSL_STRING_free(pkeyopts);
    if (sigopts)
        sk_OPENSSL_STRING_free(sigopts);
 #ifndef OPENSSL_NO_ENGINE
    if (gen_eng)
        ENGINE_free(gen_eng);
@@ -1672,61 +1661,3 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx)
 #endif
    return 1;
 }
 static int do_sign_init(BIO *err, EVP_MD_CTX *ctx, EVP_PKEY *pkey,
                        const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
 {
    EVP_PKEY_CTX *pkctx = NULL;
    int i;
    EVP_MD_CTX_init(ctx);
    if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
        return 0;
    for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
        char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
        if (pkey_ctrl_string(pkctx, sigopt) <= 0) {
            BIO_printf(err, "parameter error \"%s\"\n", sigopt);
            ERR_print_errors(bio_err);
            return 0;
        }
    }
    return 1;
 }
 int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
                 STACK_OF(OPENSSL_STRING) *sigopts)
 {
    int rv;
    EVP_MD_CTX mctx;
    EVP_MD_CTX_init(&mctx);
    rv = do_sign_init(err, &mctx, pkey, md, sigopts);
    if (rv > 0)
        rv = X509_sign_ctx(x, &mctx);
    EVP_MD_CTX_cleanup(&mctx);
    return rv > 0 ? 1 : 0;
 }
 int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
                     STACK_OF(OPENSSL_STRING) *sigopts)
 {
    int rv;
    EVP_MD_CTX mctx;
    EVP_MD_CTX_init(&mctx);
    rv = do_sign_init(err, &mctx, pkey, md, sigopts);
    if (rv > 0)
        rv = X509_REQ_sign_ctx(x, &mctx);
    EVP_MD_CTX_cleanup(&mctx);
    return rv > 0 ? 1 : 0;
 }
 int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
                     STACK_OF(OPENSSL_STRING) *sigopts)
 {
    int rv;
    EVP_MD_CTX mctx;
    EVP_MD_CTX_init(&mctx);
    rv = do_sign_init(err, &mctx, pkey, md, sigopts);
    if (rv > 0)
        rv = X509_CRL_sign_ctx(x, &mctx);
    EVP_MD_CTX_cleanup(&mctx);
    return rv > 0 ? 1 : 0;
 }
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -268,11 +268,6 @@ int MAIN(int argc, char **argv)
    rsa_in = OPENSSL_malloc(keysize * 2);
    rsa_out = OPENSSL_malloc(keysize);
    if (!rsa_in || !rsa_out) {
        BIO_printf(bio_err, "Out of memory\n");
        ERR_print_errors(bio_err);
        goto end;
    }
    /* Read the input data */
    rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -111,7 +111,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h> /* for memcpy() */
 #define USE_SOCKETS
 #define NON_MAIN
 #include "apps.h"
@@ -346,12 +345,6 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
    case TLS1_VERSION:
        str_version = "TLS 1.0 ";
        break;
    case TLS1_1_VERSION:
        str_version = "TLS 1.1 ";
        break;
    case TLS1_2_VERSION:
        str_version = "TLS 1.2 ";
        break;
    case DTLS1_VERSION:
        str_version = "DTLS 1.0 ";
        break;
@@ -422,8 +415,6 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
    if (version == SSL3_VERSION ||
        version == TLS1_VERSION ||
        version == TLS1_1_VERSION ||
        version == TLS1_2_VERSION ||
        version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
        switch (content_type) {
        case 20:
@@ -536,9 +527,6 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
                case 114:
                    str_details2 = " bad_certificate_hash_value";
                    break;
                case 115:
                    str_details2 = " unknown_psk_identity";
                    break;
                }
            }
        }
@@ -584,22 +572,6 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
                }
            }
        }
 #ifndef OPENSSL_NO_HEARTBEATS
        if (content_type == 24) { /* Heartbeat */
            str_details1 = ", Heartbeat";
            if (len > 0) {
                switch (((const unsigned char *)buf)[0]) {
                case 1:
                    str_details1 = ", HeartbeatRequest";
                    break;
                case 2:
                    str_details1 = ", HeartbeatResponse";
                    break;
                }
            }
        }
 #endif
    }
    BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version,
@@ -658,22 +630,6 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
        extname = "status request";
        break;
    case TLSEXT_TYPE_user_mapping:
        extname = "user mapping";
        break;
    case TLSEXT_TYPE_client_authz:
        extname = "client authz";
        break;
    case TLSEXT_TYPE_server_authz:
        extname = "server authz";
        break;
    case TLSEXT_TYPE_cert_type:
        extname = "cert type";
        break;
    case TLSEXT_TYPE_elliptic_curves:
        extname = "elliptic curves";
        break;
@@ -682,28 +638,12 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
        extname = "EC point formats";
        break;
    case TLSEXT_TYPE_srp:
        extname = "SRP";
        break;
    case TLSEXT_TYPE_signature_algorithms:
        extname = "signature algorithms";
        break;
    case TLSEXT_TYPE_use_srtp:
        extname = "use SRTP";
        break;
    case TLSEXT_TYPE_heartbeat:
        extname = "heartbeat";
        break;
    case TLSEXT_TYPE_session_ticket:
-        extname = "session ticket";
+        extname = "server ticket";
        break;
    case TLSEXT_TYPE_renegotiate:
-        extname = "renegotiation info";
+        extname = "renegotiate";
        break;
 #ifdef TLSEXT_TYPE_opaque_prf_input
@@ -711,15 +651,6 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
        extname = "opaque PRF input";
        break;
 #endif
 #ifdef TLSEXT_TYPE_next_proto_neg
    case TLSEXT_TYPE_next_proto_neg:
        extname = "next protocol";
        break;
 #endif
    case TLSEXT_TYPE_padding:
        extname = "TLS padding";
        break;
    default:
        extname = "unknown";
@@ -748,7 +679,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
    /* Initialize a random secret */
    if (!cookie_initialized) {
-        if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
+        if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
            BIO_printf(bio_err, "error setting random cookie secret\n");
            return 0;
        }
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -165,9 +165,6 @@ typedef unsigned int u_int;
 #include <openssl/rand.h>
 #include <openssl/ocsp.h>
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_SRP
 # include <openssl/srp.h>
 #endif
 #include "s_apps.h"
 #include "timeouts.h"
@@ -215,9 +212,6 @@ static int c_status_req = 0;
 static int c_msg = 0;
 static int c_showcerts = 0;
 static char *keymatexportlabel = NULL;
 static int keymatexportlen = 20;
 static void sc_usage(void);
 static void print_stuff(BIO *berr, SSL *con, int full);
 #ifndef OPENSSL_NO_TLSEXT
@@ -322,8 +316,6 @@ static void sc_usage(void)
               " -pass arg     - private key file pass phrase source\n");
    BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
    BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
    BIO_printf(bio_err,
               " -no_alt_chains - only ever use the first certificate chain found\n");
    BIO_printf(bio_err,
               " -reconnect    - Drop and re-make the connection with the same Session-ID\n");
    BIO_printf(bio_err,
@@ -354,31 +346,15 @@ static void sc_usage(void)
 # ifndef OPENSSL_NO_JPAKE
    BIO_printf(bio_err, " -jpake arg    - JPAKE secret to use\n");
 # endif
 #endif
 #ifndef OPENSSL_NO_SRP
    BIO_printf(bio_err,
               " -srpuser user     - SRP authentification for 'user'\n");
    BIO_printf(bio_err, " -srppass arg      - password for 'user'\n");
    BIO_printf(bio_err,
               " -srp_lateuser     - SRP username into second ClientHello message\n");
    BIO_printf(bio_err,
               " -srp_moregroups   - Tolerate other than the known g N values.\n");
    BIO_printf(bio_err,
               " -srp_strength int - minimal length in bits for N (default %d).\n",
               SRP_MINIMAL_N);
 #endif
    BIO_printf(bio_err, " -ssl2         - just use SSLv2\n");
 #ifndef OPENSSL_NO_SSL3_METHOD
    BIO_printf(bio_err, " -ssl3         - just use SSLv3\n");
 #endif
    BIO_printf(bio_err, " -tls1_2       - just use TLSv1.2\n");
    BIO_printf(bio_err, " -tls1_1       - just use TLSv1.1\n");
    BIO_printf(bio_err, " -tls1         - just use TLSv1\n");
    BIO_printf(bio_err, " -dtls1        - just use DTLSv1\n");
    BIO_printf(bio_err, " -fallback_scsv - send TLS_FALLBACK_SCSV\n");
    BIO_printf(bio_err, " -mtu          - set the link layer MTU\n");
    BIO_printf(bio_err,
-               " -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
+               " -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
    BIO_printf(bio_err,
               " -bugs         - Switch on all SSL implementation bug workarounds\n");
    BIO_printf(bio_err,
@@ -413,21 +389,9 @@ static void sc_usage(void)
               " -status           - request certificate status from server\n");
    BIO_printf(bio_err,
               " -no_ticket        - disable use of RFC4507bis session tickets\n");
 # ifndef OPENSSL_NO_NEXTPROTONEG
    BIO_printf(bio_err,
               " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
 # endif
 #endif
    BIO_printf(bio_err,
               " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #ifndef OPENSSL_NO_SRTP
    BIO_printf(bio_err,
               " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
 #endif
    BIO_printf(bio_err,
               " -keymatexport label   - Export keying material using label\n");
    BIO_printf(bio_err,
               " -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
 }
 #ifndef OPENSSL_NO_TLSEXT
@@ -449,162 +413,6 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
    return SSL_TLSEXT_ERR_OK;
 }
 # ifndef OPENSSL_NO_SRP
 /* This is a context that we pass to all callbacks */
 typedef struct srp_arg_st {
    char *srppassin;
    char *srplogin;
    int msg;                    /* copy from c_msg */
    int debug;                  /* copy from c_debug */
    int amp;                    /* allow more groups */
    int strength /* minimal size for N */ ;
 } SRP_ARG;
 #  define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
 static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g)
 {
    BN_CTX *bn_ctx = BN_CTX_new();
    BIGNUM *p = BN_new();
    BIGNUM *r = BN_new();
    int ret =
        g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
        BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
        p != NULL && BN_rshift1(p, N) &&
        /* p = (N-1)/2 */
        BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
        r != NULL &&
        /* verify g^((N-1)/2) == -1 (mod N) */
        BN_mod_exp(r, g, p, N, bn_ctx) &&
        BN_add_word(r, 1) && BN_cmp(r, N) == 0;
    if (r)
        BN_free(r);
    if (p)
        BN_free(p);
    if (bn_ctx)
        BN_CTX_free(bn_ctx);
    return ret;
 }
 /*-
 * This callback is used here for two purposes:
 * - extended debugging
 * - making some primality tests for unknown groups
 * The callback is only called for a non default group.
 *
 * An application does not need the call back at all if
 * only the stanard groups are used.  In real life situations,
 * client and server already share well known groups,
 * thus there is no need to verify them.
 * Furthermore, in case that a server actually proposes a group that
 * is not one of those defined in RFC 5054, it is more appropriate
 * to add the group to a static list and then compare since
 * primality tests are rather cpu consuming.
 */
 static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg)
 {
    SRP_ARG *srp_arg = (SRP_ARG *)arg;
    BIGNUM *N = NULL, *g = NULL;
    if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s)))
        return 0;
    if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) {
        BIO_printf(bio_err, "SRP parameters:\n");
        BIO_printf(bio_err, "\tN=");
        BN_print(bio_err, N);
        BIO_printf(bio_err, "\n\tg=");
        BN_print(bio_err, g);
        BIO_printf(bio_err, "\n");
    }
    if (SRP_check_known_gN_param(g, N))
        return 1;
    if (srp_arg->amp == 1) {
        if (srp_arg->debug)
            BIO_printf(bio_err,
                       "SRP param N and g are not known params, going to check deeper.\n");
        /*
         * The srp_moregroups is a real debugging feature. Implementors
         * should rather add the value to the known ones. The minimal size
         * has already been tested.
         */
        if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g))
            return 1;
    }
    BIO_printf(bio_err, "SRP param N and g rejected.\n");
    return 0;
 }
 #  define PWD_STRLEN 1024
 static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
 {
    SRP_ARG *srp_arg = (SRP_ARG *)arg;
    char *pass = (char *)OPENSSL_malloc(PWD_STRLEN + 1);
    PW_CB_DATA cb_tmp;
    int l;
    if (!pass) {
        BIO_printf(bio_err, "Malloc failure\n");
        return NULL;
    }
    cb_tmp.password = (char *)srp_arg->srppassin;
    cb_tmp.prompt_info = "SRP user";
    if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
        BIO_printf(bio_err, "Can't read Password\n");
        OPENSSL_free(pass);
        return NULL;
    }
    *(pass + l) = '\0';
    return pass;
 }
 # endif
 # ifndef OPENSSL_NO_SRTP
 char *srtp_profiles = NULL;
 # endif
 # ifndef OPENSSL_NO_NEXTPROTONEG
 /* This the context that we pass to next_proto_cb */
 typedef struct tlsextnextprotoctx_st {
    unsigned char *data;
    unsigned short len;
    int status;
 } tlsextnextprotoctx;
 static tlsextnextprotoctx next_proto;
 static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen,
                         const unsigned char *in, unsigned int inlen,
                         void *arg)
 {
    tlsextnextprotoctx *ctx = arg;
    if (!c_quiet) {
        /* We can assume that |in| is syntactically valid. */
        unsigned i;
        BIO_printf(bio_c_out, "Protocols advertised by server: ");
        for (i = 0; i < inlen;) {
            if (i)
                BIO_write(bio_c_out, ", ", 2);
            BIO_write(bio_c_out, &in[i + 1], in[i]);
            i += in[i] + 1;
        }
        BIO_write(bio_c_out, "\n", 1);
    }
    ctx->status =
        SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
    return SSL_TLSEXT_ERR_OK;
 }
 # endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
 #endif
 enum {
@@ -622,9 +430,6 @@ int MAIN(int argc, char **argv)
 {
    unsigned int off = 0, clr = 0;
    SSL *con = NULL;
 #ifndef OPENSSL_NO_KRB5
    KSSL_CTX *kctx;
 #endif
    int s, k, width, state = 0;
    char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL;
    int cbuf_len, cbuf_off;
@@ -669,9 +474,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_TLSEXT
    char *servername = NULL;
    tlsextctx tlsextcbp = { NULL, 0 };
 # ifndef OPENSSL_NO_NEXTPROTONEG
    const char *next_proto_neg_in = NULL;
 # endif
 #endif
    char *sess_in = NULL;
    char *sess_out = NULL;
@@ -683,11 +485,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_JPAKE
    char *jpake_secret = NULL;
 #endif
 #ifndef OPENSSL_NO_SRP
    char *srppass = NULL;
    int srp_lateuser = 0;
    SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 };
 #endif
    meth = SSLv23_client_method();
@@ -816,45 +613,15 @@ int MAIN(int argc, char **argv)
            }
        }
 #endif
 #ifndef OPENSSL_NO_SRP
        else if (strcmp(*argv, "-srpuser") == 0) {
            if (--argc < 1)
                goto bad;
            srp_arg.srplogin = *(++argv);
            meth = TLSv1_client_method();
        } else if (strcmp(*argv, "-srppass") == 0) {
            if (--argc < 1)
                goto bad;
            srppass = *(++argv);
            meth = TLSv1_client_method();
        } else if (strcmp(*argv, "-srp_strength") == 0) {
            if (--argc < 1)
                goto bad;
            srp_arg.strength = atoi(*(++argv));
            BIO_printf(bio_err, "SRP minimal length for N is %d\n",
                       srp_arg.strength);
            meth = TLSv1_client_method();
        } else if (strcmp(*argv, "-srp_lateuser") == 0) {
            srp_lateuser = 1;
            meth = TLSv1_client_method();
        } else if (strcmp(*argv, "-srp_moregroups") == 0) {
            srp_arg.amp = 1;
            meth = TLSv1_client_method();
        }
 #endif
 #ifndef OPENSSL_NO_SSL2
        else if (strcmp(*argv, "-ssl2") == 0)
            meth = SSLv2_client_method();
 #endif
-#ifndef OPENSSL_NO_SSL3_METHOD
+#ifndef OPENSSL_NO_SSL3
        else if (strcmp(*argv, "-ssl3") == 0)
            meth = SSLv3_client_method();
 #endif
 #ifndef OPENSSL_NO_TLS1
        else if (strcmp(*argv, "-tls1_2") == 0)
            meth = TLSv1_2_client_method();
        else if (strcmp(*argv, "-tls1_1") == 0)
            meth = TLSv1_1_client_method();
        else if (strcmp(*argv, "-tls1") == 0)
            meth = TLSv1_client_method();
 #endif
@@ -862,8 +629,6 @@ int MAIN(int argc, char **argv)
        else if (strcmp(*argv, "-dtls1") == 0) {
            meth = DTLSv1_client_method();
            socket_type = SOCK_DGRAM;
        } else if (strcmp(*argv, "-fallback_scsv") == 0) {
            fallback_scsv = 1;
        } else if (strcmp(*argv, "-timeout") == 0)
            enable_timeouts = 1;
        else if (strcmp(*argv, "-mtu") == 0) {
@@ -872,7 +637,9 @@ int MAIN(int argc, char **argv)
            socket_mtu = atol(*(++argv));
        }
 #endif
-        else if (strcmp(*argv, "-bugs") == 0)
+        else if (strcmp(*argv, "-fallback_scsv") == 0) {
            fallback_scsv = 1;
        } else if (strcmp(*argv, "-bugs") == 0)
            bugs = 1;
        else if (strcmp(*argv, "-keyform") == 0) {
            if (--argc < 1)
@@ -896,11 +663,7 @@ int MAIN(int argc, char **argv)
            if (--argc < 1)
                goto bad;
            CAfile = *(++argv);
-        } else if (strcmp(*argv, "-no_tls1_2") == 0)
+        } else if (strcmp(*argv, "-no_tls1") == 0)
            off |= SSL_OP_NO_TLSv1_2;
        else if (strcmp(*argv, "-no_tls1_1") == 0)
            off |= SSL_OP_NO_TLSv1_1;
        else if (strcmp(*argv, "-no_tls1") == 0)
            off |= SSL_OP_NO_TLSv1;
        else if (strcmp(*argv, "-no_ssl3") == 0)
            off |= SSL_OP_NO_SSLv3;
@@ -913,13 +676,6 @@ int MAIN(int argc, char **argv)
        else if (strcmp(*argv, "-no_ticket") == 0) {
            off |= SSL_OP_NO_TICKET;
        }
 # ifndef OPENSSL_NO_NEXTPROTONEG
        else if (strcmp(*argv, "-nextprotoneg") == 0) {
            if (--argc < 1)
                goto bad;
            next_proto_neg_in = *(++argv);
        }
 # endif
 #endif
        else if (strcmp(*argv, "-serverpref") == 0)
            off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
@@ -987,24 +743,7 @@ int MAIN(int argc, char **argv)
            jpake_secret = *++argv;
        }
 #endif
-#ifndef OPENSSL_NO_SRTP
+        else {
        else if (strcmp(*argv, "-use_srtp") == 0) {
            if (--argc < 1)
                goto bad;
            srtp_profiles = *(++argv);
        }
 #endif
        else if (strcmp(*argv, "-keymatexport") == 0) {
            if (--argc < 1)
                goto bad;
            keymatexportlabel = *(++argv);
        } else if (strcmp(*argv, "-keymatexportlen") == 0) {
            if (--argc < 1)
                goto bad;
            keymatexportlen = atoi(*(++argv));
            if (keymatexportlen == 0)
                goto bad;
        } else {
            BIO_printf(bio_err, "unknown option %s\n", *argv);
            badop = 1;
            break;
@@ -1035,19 +774,6 @@ int MAIN(int argc, char **argv)
    OpenSSL_add_ssl_algorithms();
    SSL_load_error_strings();
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
    next_proto.status = -1;
    if (next_proto_neg_in) {
        next_proto.data =
            next_protos_parse(&next_proto.len, next_proto_neg_in);
        if (next_proto.data == NULL) {
            BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n");
            goto end;
        }
    } else
        next_proto.data = NULL;
 #endif
 #ifndef OPENSSL_NO_ENGINE
    e = setup_engine(bio_err, engine_id, 1);
    if (ssl_client_engine_id) {
@@ -1104,12 +830,6 @@ int MAIN(int argc, char **argv)
                bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE);
        }
    }
 #ifndef OPENSSL_NO_SRP
    if (!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL)) {
        BIO_printf(bio_err, "Error getting password\n");
        goto end;
    }
 #endif
    ctx = SSL_CTX_new(meth);
    if (ctx == NULL) {
@@ -1144,10 +864,6 @@ int MAIN(int argc, char **argv)
                       "PSK key given or JPAKE in use, setting client callback\n");
        SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
    }
 #endif
 #ifndef OPENSSL_NO_SRTP
    if (srtp_profiles != NULL)
        SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
 #endif
    if (bugs)
        SSL_CTX_set_options(ctx, SSL_OP_ALL | off);
@@ -1156,11 +872,12 @@ int MAIN(int argc, char **argv)
    if (clr)
        SSL_CTX_clear_options(ctx, clr);
-
+    /*
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+     * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
-    if (next_proto.data)
+     * read ahead solves this problem.
-        SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
+     */
-#endif
+    if (socket_type == SOCK_DGRAM)
        SSL_CTX_set_read_ahead(ctx, 1);
    if (state)
        SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
@@ -1179,12 +896,13 @@ int MAIN(int argc, char **argv)
    if (!set_cert_key_stuff(ctx, cert, key))
        goto end;
-    if ((CAfile || CApath)
+    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
-        && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
+        (!SSL_CTX_set_default_verify_paths(ctx))) {
-        ERR_print_errors(bio_err);
+        /*
-    }
+         * BIO_printf(bio_err,"error setting default verify locations\n");
-    if (!SSL_CTX_set_default_verify_paths(ctx)) {
+         */
        ERR_print_errors(bio_err);
        /* goto end; */
    }
 #ifndef OPENSSL_NO_TLSEXT
    if (servername != NULL) {
@@ -1192,22 +910,6 @@ int MAIN(int argc, char **argv)
        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
        SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
    }
 # ifndef OPENSSL_NO_SRP
    if (srp_arg.srplogin) {
        if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) {
            BIO_printf(bio_err, "Unable to set SRP username\n");
            goto end;
        }
        srp_arg.msg = c_msg;
        srp_arg.debug = c_debug;
        SSL_CTX_set_srp_cb_arg(ctx, &srp_arg);
        SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
        SSL_CTX_set_srp_strength(ctx, srp_arg.strength);
        if (c_msg || c_debug || srp_arg.amp == 0)
            SSL_CTX_set_srp_verify_param_callback(ctx,
                                                  ssl_srp_verify_param_cb);
    }
 # endif
 #endif
    con = SSL_new(ctx);
@@ -1243,9 +945,8 @@ int MAIN(int argc, char **argv)
    }
 #endif
 #ifndef OPENSSL_NO_KRB5
-    if (con && (kctx = kssl_ctx_new()) != NULL) {
+    if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) {
-        SSL_set0_kssl_ctx(con, kctx);
+        kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
        kssl_ctx_setstring(kctx, KSSL_SERVER, host);
    }
 #endif                          /* OPENSSL_NO_KRB5 */
 /*      SSL_set_cipher_list(con,"RC4-MD5"); */
@@ -1275,7 +976,7 @@ int MAIN(int argc, char **argv)
    }
 #endif
    if (c_Pause & 0x01)
-        SSL_set_debug(con, 1);
+        con->debug = 1;
    if (SSL_version(con) == DTLS1_VERSION) {
@@ -1326,7 +1027,7 @@ int MAIN(int argc, char **argv)
    }
    if (c_debug) {
-        SSL_set_debug(con, 1);
+        con->debug = 1;
        BIO_set_callback(sbio, bio_dump_callback);
        BIO_set_callback_arg(sbio, (char *)bio_c_out);
    }
@@ -1839,15 +1540,7 @@ int MAIN(int argc, char **argv)
                BIO_printf(bio_err, "RENEGOTIATING\n");
                SSL_renegotiate(con);
                cbuf_len = 0;
-            }
+            } else {
 #ifndef OPENSSL_NO_HEARTBEATS
            else if ((!c_ign_eof) && (cbuf[0] == 'B')) {
                BIO_printf(bio_err, "HEARTBEATING\n");
                SSL_heartbeat(con);
                cbuf_len = 0;
            }
 #endif
            else {
                cbuf_len = i;
                cbuf_off = 0;
 #ifdef CHARSET_EBCDIC
@@ -1872,10 +1565,6 @@ int MAIN(int argc, char **argv)
            print_stuff(bio_c_out, con, 1);
        SSL_free(con);
    }
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
    if (next_proto.data)
        OPENSSL_free(next_proto.data);
 #endif
    if (ctx != NULL)
        SSL_CTX_free(ctx);
    if (cert)
@@ -1884,9 +1573,6 @@ int MAIN(int argc, char **argv)
        EVP_PKEY_free(key);
    if (pass)
        OPENSSL_free(pass);
 #ifndef OPENSSL_NO_SRP
    OPENSSL_free(srp_arg.srppassin);
 #endif
    if (vpm)
        X509_VERIFY_PARAM_free(vpm);
    if (cbuf != NULL) {
@@ -1923,7 +1609,6 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 #ifndef OPENSSL_NO_COMP
    const COMP_METHOD *comp, *expansion;
 #endif
    unsigned char *exportedkeymat;
    if (full) {
        int got_a_chain = 0;
@@ -2003,7 +1688,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
                   BIO_number_read(SSL_get_rbio(s)),
                   BIO_number_written(SSL_get_wbio(s)));
    }
-    BIO_printf(bio, (SSL_cache_hit(s) ? "---\nReused, " : "---\nNew, "));
+    BIO_printf(bio, ((s->hit) ? "---\nReused, " : "---\nNew, "));
    c = SSL_get_current_cipher(s);
    BIO_printf(bio, "%s, Cipher is %s\n",
               SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
@@ -2024,63 +1709,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
    BIO_printf(bio, "Expansion: %s\n",
               expansion ? SSL_COMP_get_name(expansion) : "NONE");
 #endif
 #ifdef SSL_DEBUG
    {
        /* Print out local port of connection: useful for debugging */
        int sock;
        struct sockaddr_in ladd;
        socklen_t ladd_size = sizeof(ladd);
        sock = SSL_get_fd(s);
        getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);
        BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
    }
 #endif
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
    if (next_proto.status != -1) {
        const unsigned char *proto;
        unsigned int proto_len;
        SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
        BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
        BIO_write(bio, proto, proto_len);
        BIO_write(bio, "\n", 1);
    }
 #endif
 #ifndef OPENSSL_NO_SRTP
    {
        SRTP_PROTECTION_PROFILE *srtp_profile =
            SSL_get_selected_srtp_profile(s);
        if (srtp_profile)
            BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n",
                       srtp_profile->name);
    }
 #endif
    SSL_SESSION_print(bio, SSL_get_session(s));
    if (keymatexportlabel != NULL) {
        BIO_printf(bio, "Keying material exporter:\n");
        BIO_printf(bio, "    Label: '%s'\n", keymatexportlabel);
        BIO_printf(bio, "    Length: %i bytes\n", keymatexportlen);
        exportedkeymat = OPENSSL_malloc(keymatexportlen);
        if (exportedkeymat != NULL) {
            if (!SSL_export_keying_material(s, exportedkeymat,
                                            keymatexportlen,
                                            keymatexportlabel,
                                            strlen(keymatexportlabel),
                                            NULL, 0, 0)) {
                BIO_printf(bio, "    Error\n");
            } else {
                BIO_printf(bio, "    Keying material: ");
                for (i = 0; i < keymatexportlen; i++)
                    BIO_printf(bio, "%02X", exportedkeymat[i]);
                BIO_printf(bio, "\n");
            }
            OPENSSL_free(exportedkeymat);
        }
    }
    BIO_printf(bio, "---\n");
    if (peer != NULL)
        X509_free(peer);
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -191,9 +191,6 @@ typedef unsigned int u_int;
 #ifndef OPENSSL_NO_RSA
 # include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_SRP
 # include <openssl/srp.h>
 #endif
 #include "s_apps.h"
 #include "timeouts.h"
@@ -219,7 +216,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
                               unsigned int *id_len);
 #ifndef OPENSSL_NO_DH
 static DH *load_dh_param(const char *dhfile);
-static DH *get_dh2048(void);
+static DH *get_dh512(void);
 #endif
 #ifdef MONOLITH
@@ -227,48 +224,30 @@ static void s_server_init(void);
 #endif
 #ifndef OPENSSL_NO_DH
-static unsigned char dh2048_p[] = {
+static unsigned char dh512_p[] = {
-    0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
+    0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
-    0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
+    0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
-    0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
+    0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
-    0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
+    0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
-    0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
+    0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
-    0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
+    0x47, 0x74, 0xE8, 0x33,
    0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
    0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
    0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
    0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
    0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
    0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
    0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
    0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
    0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
    0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
    0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
    0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
    0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
    0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
    0xE9,0x32,0x0B,0x3B,
 };
-static unsigned char dh2048_g[] = {
+static unsigned char dh512_g[] = {
    0x02,
 };
-DH *get_dh2048()
+static DH *get_dh512(void)
 {
-    DH *dh;
+    DH *dh = NULL;
    if ((dh = DH_new()) == NULL)
-        return NULL;
+        return (NULL);
-    dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+    dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
-    dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+    dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
-    if (dh->p == NULL || dh->g == NULL) {
+    if ((dh->p == NULL) || (dh->g == NULL))
-        DH_free(dh);
+        return (NULL);
-        return NULL;
+    return (dh);
    }
    return dh;
 }
 #endif
@@ -317,9 +296,6 @@ static int cert_status_cb(SSL *s, void *arg);
 static int s_msg = 0;
 static int s_quiet = 0;
 static char *keymatexportlabel = NULL;
 static int keymatexportlen = 20;
 static int hack = 0;
 #ifndef OPENSSL_NO_ENGINE
 static char *engine_id = NULL;
@@ -352,7 +328,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
    }
    if (s_debug)
        BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
-                   (int)strlen(identity), identity);
+                   identity ? (int)strlen(identity) : 0, identity);
    /* here we could lookup the given identity e.g. from a database */
    if (strcmp(identity, psk_identity) != 0) {
@@ -397,58 +373,6 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
 }
 #endif
 #ifndef OPENSSL_NO_SRP
 /* This is a context that we pass to callbacks */
 typedef struct srpsrvparm_st {
    char *login;
    SRP_VBASE *vb;
    SRP_user_pwd *user;
 } srpsrvparm;
 /*
 * This callback pretends to require some asynchronous logic in order to
 * obtain a verifier. When the callback is called for a new connection we
 * return with a negative value. This will provoke the accept etc to return
 * with an LOOKUP_X509. The main logic of the reinvokes the suspended call
 * (which would normally occur after a worker has finished) and we set the
 * user parameters.
 */
 static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
 {
    srpsrvparm *p = (srpsrvparm *) arg;
    int ret = SSL3_AL_FATAL;
    if (p->login == NULL && p->user == NULL) {
        p->login = SSL_get_srp_username(s);
        BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
        return (-1);
    }
    if (p->user == NULL) {
        BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
        goto err;
    }
    if (SSL_set_srp_server_param
        (s, p->user->N, p->user->g, p->user->s, p->user->v,
         p->user->info) < 0) {
        *ad = SSL_AD_INTERNAL_ERROR;
        goto err;
    }
    BIO_printf(bio_err,
               "SRP parameters set: username = \"%s\" info=\"%s\" \n",
               p->login, p->user->info);
    ret = SSL_ERROR_NONE;
 err:
    SRP_user_pwd_free(p->user);
    p->user = NULL;
    p->login = NULL;
    return ret;
 }
 #endif
 #ifdef MONOLITH
 static void s_server_init(void)
 {
@@ -546,8 +470,6 @@ static void sv_usage(void)
    BIO_printf(bio_err, " -state        - Print the SSL states\n");
    BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
    BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
    BIO_printf(bio_err,
               " -no_alt_chains - only ever use the first certificate chain found\n");
    BIO_printf(bio_err,
               " -nocert       - Don't use any certificates (Anon-DH)\n");
    BIO_printf(bio_err,
@@ -561,18 +483,9 @@ static void sv_usage(void)
 # ifndef OPENSSL_NO_JPAKE
    BIO_printf(bio_err, " -jpake arg    - JPAKE secret to use\n");
 # endif
 #endif
 #ifndef OPENSSL_NO_SRP
    BIO_printf(bio_err, " -srpvfile file      - The verifier file for SRP\n");
    BIO_printf(bio_err,
               " -srpuserseed string - A seed string for a default user salt.\n");
 #endif
    BIO_printf(bio_err, " -ssl2         - Just talk SSLv2\n");
 #ifndef OPENSSL_NO_SSL3_METHOD
    BIO_printf(bio_err, " -ssl3         - Just talk SSLv3\n");
 #endif
    BIO_printf(bio_err, " -tls1_2       - Just talk TLSv1.2\n");
    BIO_printf(bio_err, " -tls1_1       - Just talk TLSv1.1\n");
    BIO_printf(bio_err, " -tls1         - Just talk TLSv1\n");
    BIO_printf(bio_err, " -dtls1        - Just talk DTLSv1\n");
    BIO_printf(bio_err, " -timeout      - Enable timeouts\n");
@@ -581,8 +494,6 @@ static void sv_usage(void)
    BIO_printf(bio_err, " -no_ssl2      - Just disable SSLv2\n");
    BIO_printf(bio_err, " -no_ssl3      - Just disable SSLv3\n");
    BIO_printf(bio_err, " -no_tls1      - Just disable TLSv1\n");
    BIO_printf(bio_err, " -no_tls1_1    - Just disable TLSv1.1\n");
    BIO_printf(bio_err, " -no_tls1_2    - Just disable TLSv1.2\n");
 #ifndef OPENSSL_NO_DH
    BIO_printf(bio_err, " -no_dhe       - Disable ephemeral DH\n");
 #endif
@@ -626,19 +537,7 @@ static void sv_usage(void)
               " -no_ticket    - disable use of RFC4507bis session tickets\n");
    BIO_printf(bio_err,
               " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 # ifndef OPENSSL_NO_NEXTPROTONEG
    BIO_printf(bio_err,
               " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
 # endif
 # ifndef OPENSSL_NO_SRTP
    BIO_printf(bio_err,
               " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
 # endif
 #endif
    BIO_printf(bio_err,
               " -keymatexport label   - Export keying material using label\n");
    BIO_printf(bio_err,
               " -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
    BIO_printf(bio_err,
               " -status           - respond to certificate status requests\n");
    BIO_printf(bio_err,
@@ -688,8 +587,6 @@ static int ebcdic_new(BIO *bi)
    EBCDIC_OUTBUFF *wbuf;
    wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
    if (!wbuf)
        return 0;
    wbuf->alloced = 1024;
    wbuf->buff[0] = '\0';
@@ -744,11 +641,9 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
        num = num + num;        /* double the size */
        if (num < inl)
            num = inl;
        OPENSSL_free(wbuf);
        wbuf =
            (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
        if (!wbuf)
            return 0;
        OPENSSL_free(b->ptr);
        wbuf->alloced = num;
        wbuf->buff[0] = '\0';
@@ -974,26 +869,6 @@ static int cert_status_cb(SSL *s, void *arg)
    ret = SSL_TLSEXT_ERR_ALERT_FATAL;
    goto done;
 }
 # ifndef OPENSSL_NO_NEXTPROTONEG
 /* This is the context that we pass to next_proto_cb */
 typedef struct tlsextnextprotoctx_st {
    unsigned char *data;
    unsigned int len;
 } tlsextnextprotoctx;
 static int next_proto_cb(SSL *s, const unsigned char **data,
                         unsigned int *len, void *arg)
 {
    tlsextnextprotoctx *next_proto = arg;
    *data = next_proto->data;
    *len = next_proto->len;
    return SSL_TLSEXT_ERR_OK;
 }
 # endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
 #endif
 int MAIN(int, char **);
@@ -1001,12 +876,6 @@ int MAIN(int, char **);
 #ifndef OPENSSL_NO_JPAKE
 static char *jpake_secret = NULL;
 #endif
 #ifndef OPENSSL_NO_SRP
 static srpsrvparm srp_callback_parm;
 #endif
 #ifndef OPENSSL_NO_SRTP
 static char *srtp_profiles = NULL;
 #endif
 int MAIN(int argc, char *argv[])
 {
@@ -1022,10 +891,7 @@ int MAIN(int argc, char *argv[])
    int badop = 0, bugs = 0;
    int ret = 1;
    int off = 0;
-    int no_tmp_rsa = 0, no_dhe = 0, nocert = 0;
+    int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0;
 #ifndef OPENSSL_NO_ECDH
    int no_ecdhe = 0;
 #endif
    int state = 0;
    const SSL_METHOD *meth = NULL;
    int socket_type = SOCK_STREAM;
@@ -1041,19 +907,13 @@ int MAIN(int argc, char *argv[])
 #ifndef OPENSSL_NO_TLSEXT
    EVP_PKEY *s_key2 = NULL;
    X509 *s_cert2 = NULL;
 #endif
 #ifndef OPENSSL_NO_TLSEXT
    tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
 # ifndef OPENSSL_NO_NEXTPROTONEG
    const char *next_proto_neg_in = NULL;
    tlsextnextprotoctx next_proto;
 # endif
 #endif
 #ifndef OPENSSL_NO_PSK
    /* by default do not send a PSK identity hint */
    static char *psk_identity_hint = NULL;
 #endif
 #ifndef OPENSSL_NO_SRP
    char *srpuserseed = NULL;
    char *srp_verifier_file = NULL;
 #endif
    meth = SSLv23_server_method();
@@ -1240,12 +1100,9 @@ int MAIN(int argc, char *argv[])
            no_tmp_rsa = 1;
        } else if (strcmp(*argv, "-no_dhe") == 0) {
            no_dhe = 1;
-        }
+        } else if (strcmp(*argv, "-no_ecdhe") == 0) {
 #ifndef OPENSSL_NO_ECDH
        else if (strcmp(*argv, "-no_ecdhe") == 0) {
            no_ecdhe = 1;
        }
 #endif
 #ifndef OPENSSL_NO_PSK
        else if (strcmp(*argv, "-psk_hint") == 0) {
            if (--argc < 1)
@@ -1264,19 +1121,6 @@ int MAIN(int argc, char *argv[])
                goto bad;
            }
        }
 #endif
 #ifndef OPENSSL_NO_SRP
        else if (strcmp(*argv, "-srpvfile") == 0) {
            if (--argc < 1)
                goto bad;
            srp_verifier_file = *(++argv);
            meth = TLSv1_server_method();
        } else if (strcmp(*argv, "-srpuserseed") == 0) {
            if (--argc < 1)
                goto bad;
            srpuserseed = *(++argv);
            meth = TLSv1_server_method();
        }
 #endif
        else if (strcmp(*argv, "-www") == 0) {
            www = 1;
@@ -1290,10 +1134,6 @@ int MAIN(int argc, char *argv[])
            off |= SSL_OP_NO_SSLv3;
        } else if (strcmp(*argv, "-no_tls1") == 0) {
            off |= SSL_OP_NO_TLSv1;
        } else if (strcmp(*argv, "-no_tls1_1") == 0) {
            off |= SSL_OP_NO_TLSv1_1;
        } else if (strcmp(*argv, "-no_tls1_2") == 0) {
            off |= SSL_OP_NO_TLSv1_2;
        } else if (strcmp(*argv, "-no_comp") == 0) {
            off |= SSL_OP_NO_COMPRESSION;
        }
@@ -1307,7 +1147,7 @@ int MAIN(int argc, char *argv[])
            meth = SSLv2_server_method();
        }
 #endif
-#ifndef OPENSSL_NO_SSL3_METHOD
+#ifndef OPENSSL_NO_SSL3
        else if (strcmp(*argv, "-ssl3") == 0) {
            meth = SSLv3_server_method();
        }
@@ -1315,10 +1155,6 @@ int MAIN(int argc, char *argv[])
 #ifndef OPENSSL_NO_TLS1
        else if (strcmp(*argv, "-tls1") == 0) {
            meth = TLSv1_server_method();
        } else if (strcmp(*argv, "-tls1_1") == 0) {
            meth = TLSv1_1_server_method();
        } else if (strcmp(*argv, "-tls1_2") == 0) {
            meth = TLSv1_2_server_method();
        }
 #endif
 #ifndef OPENSSL_NO_DTLS1
@@ -1367,13 +1203,6 @@ int MAIN(int argc, char *argv[])
                goto bad;
            s_key_file2 = *(++argv);
        }
 # ifndef OPENSSL_NO_NEXTPROTONEG
        else if (strcmp(*argv, "-nextprotoneg") == 0) {
            if (--argc < 1)
                goto bad;
            next_proto_neg_in = *(++argv);
        }
 # endif
 #endif
 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
        else if (strcmp(*argv, "-jpake") == 0) {
@@ -1382,24 +1211,7 @@ int MAIN(int argc, char *argv[])
            jpake_secret = *(++argv);
        }
 #endif
-#ifndef OPENSSL_NO_SRTP
+        else {
        else if (strcmp(*argv, "-use_srtp") == 0) {
            if (--argc < 1)
                goto bad;
            srtp_profiles = *(++argv);
        }
 #endif
        else if (strcmp(*argv, "-keymatexport") == 0) {
            if (--argc < 1)
                goto bad;
            keymatexportlabel = *(++argv);
        } else if (strcmp(*argv, "-keymatexportlen") == 0) {
            if (--argc < 1)
                goto bad;
            keymatexportlen = atoi(*(++argv));
            if (keymatexportlen == 0)
                goto bad;
        } else {
            BIO_printf(bio_err, "unknown option %s\n", *argv);
            badop = 1;
            break;
@@ -1487,17 +1299,6 @@ int MAIN(int argc, char *argv[])
        }
 #endif
    }
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
    if (next_proto_neg_in) {
        unsigned short len;
        next_proto.data = next_protos_parse(&len, next_proto_neg_in);
        if (next_proto.data == NULL)
            goto end;
        next_proto.len = len;
    } else {
        next_proto.data = NULL;
    }
 #endif
    if (s_dcert_file) {
@@ -1577,6 +1378,12 @@ int MAIN(int argc, char *argv[])
    if (hack)
        SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
    SSL_CTX_set_options(ctx, off);
    /*
     * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
     * read ahead solves this problem.
     */
    if (socket_type == SOCK_DGRAM)
        SSL_CTX_set_read_ahead(ctx, 1);
    if (state)
        SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
@@ -1585,11 +1392,6 @@ int MAIN(int argc, char *argv[])
    else
        SSL_CTX_sess_set_cache_size(ctx, 128);
 #ifndef OPENSSL_NO_SRTP
    if (srtp_profiles != NULL)
        SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
 #endif
 #if 0
    if (cipher == NULL)
        cipher = getenv("SSL_CIPHER");
@@ -1644,6 +1446,12 @@ int MAIN(int argc, char *argv[])
        if (hack)
            SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
        SSL_CTX_set_options(ctx2, off);
        /*
         * DTLS: partial reads end up discarding unread UDP bytes :-(
         * Setting read ahead solves this problem.
         */
        if (socket_type == SOCK_DGRAM)
            SSL_CTX_set_read_ahead(ctx2, 1);
        if (state)
            SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
@@ -1660,11 +1468,6 @@ int MAIN(int argc, char *argv[])
        if (vpm)
            SSL_CTX_set1_param(ctx2, vpm);
    }
 # ifndef OPENSSL_NO_NEXTPROTONEG
    if (next_proto.data)
        SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb,
                                              &next_proto);
 # endif
 #endif
 #ifndef OPENSSL_NO_DH
@@ -1680,11 +1483,7 @@ int MAIN(int argc, char *argv[])
            BIO_printf(bio_s_out, "Setting temp DH parameters\n");
        } else {
            BIO_printf(bio_s_out, "Using default temp DH parameters\n");
-            dh = get_dh2048();
+            dh = get_dh512();
            if (dh == NULL) {
                ERR_print_errors(bio_err);
                goto end;
            }
        }
        (void)BIO_flush(bio_s_out);
@@ -1851,24 +1650,6 @@ int MAIN(int argc, char *argv[])
    }
 #endif
 #ifndef OPENSSL_NO_SRP
    if (srp_verifier_file != NULL) {
        srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
        srp_callback_parm.user = NULL;
        srp_callback_parm.login = NULL;
        if ((ret =
             SRP_VBASE_init(srp_callback_parm.vb,
                            srp_verifier_file)) != SRP_NO_ERROR) {
            BIO_printf(bio_err,
                       "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
                       srp_verifier_file, ret);
            goto end;
        }
        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
        SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
        SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
    } else
 #endif
    if (CAfile != NULL) {
        SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
 #ifndef OPENSSL_NO_TLSEXT
@@ -1961,9 +1742,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
    unsigned long l;
    SSL *con = NULL;
    BIO *sbio;
 #ifndef OPENSSL_NO_KRB5
    KSSL_CTX *kctx;
 #endif
    struct timeval timeout;
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
    struct timeval tv;
@@ -2000,10 +1778,9 @@ static int sv_body(char *hostname, int s, unsigned char *context)
        }
 #endif
 #ifndef OPENSSL_NO_KRB5
-        if ((kctx = kssl_ctx_new()) != NULL) {
+        if ((con->kssl_ctx = kssl_ctx_new()) != NULL) {
-            SSL_set0_kssl_ctx(con, kctx);
+            kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
-            kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
+            kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
            kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
        }
 #endif                          /* OPENSSL_NO_KRB5 */
        if (context)
@@ -2070,7 +1847,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
    /* SSL_set_fd(con,s); */
    if (s_debug) {
-        SSL_set_debug(con, 1);
+        con->debug = 1;
        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
    }
@@ -2191,14 +1968,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                     */
                    goto err;
                }
-#ifndef OPENSSL_NO_HEARTBEATS
+
                if ((buf[0] == 'B') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
                    BIO_printf(bio_err, "HEARTBEATING\n");
                    SSL_heartbeat(con);
                    i = 0;
                    continue;
                }
 #endif
                if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
                    SSL_renegotiate(con);
                    i = SSL_do_handshake(con);
@@ -2247,21 +2017,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                }
 #endif
                k = SSL_write(con, &(buf[l]), (unsigned int)i);
 #ifndef OPENSSL_NO_SRP
                while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during write\n");
                    SRP_user_pwd_free(srp_callback_parm.user);
                    srp_callback_parm.user =
                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
                                               srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
                                   srp_callback_parm.user->info);
                    else
                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
                    k = SSL_write(con, &(buf[l]), (unsigned int)i);
                }
 #endif
                switch (SSL_get_error(con, k)) {
                case SSL_ERROR_NONE:
                    break;
@@ -2304,21 +2059,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
            } else {
 again:
                i = SSL_read(con, (char *)buf, bufsize);
 #ifndef OPENSSL_NO_SRP
                while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
                    SRP_user_pwd_free(srp_callback_parm.user);
                    srp_callback_parm.user =
                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
                                               srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
                                   srp_callback_parm.user->info);
                    else
                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
                    i = SSL_read(con, (char *)buf, bufsize);
                }
 #endif
                switch (SSL_get_error(con, i)) {
                case SSL_ERROR_NONE:
 #ifdef CHARSET_EBCDIC
@@ -2330,6 +2070,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                    break;
                case SSL_ERROR_WANT_WRITE:
                case SSL_ERROR_WANT_READ:
                case SSL_ERROR_WANT_X509_LOOKUP:
                    BIO_printf(bio_s_out, "Read BLOCK\n");
                    break;
                case SSL_ERROR_SYSCALL:
@@ -2381,33 +2122,8 @@ static int init_ssl_connection(SSL *con)
    X509 *peer;
    long verify_error;
    MS_STATIC char buf[BUFSIZ];
 #ifndef OPENSSL_NO_KRB5
    char *client_princ;
 #endif
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
    const unsigned char *next_proto_neg;
    unsigned next_proto_neg_len;
 #endif
    unsigned char *exportedkeymat;
-    i = SSL_accept(con);
+    if ((i = SSL_accept(con)) <= 0) {
 #ifndef OPENSSL_NO_SRP
    while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
        BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
                   srp_callback_parm.login);
        SRP_user_pwd_free(srp_callback_parm.user);
        srp_callback_parm.user =
            SRP_VBASE_get1_by_user(srp_callback_parm.vb,
                                   srp_callback_parm.login);
        if (srp_callback_parm.user)
            BIO_printf(bio_s_out, "LOOKUP done %s\n",
                       srp_callback_parm.user->info);
        else
            BIO_printf(bio_s_out, "LOOKUP not successful\n");
        i = SSL_accept(con);
    }
 #endif
    if (i <= 0) {
        if (BIO_sock_should_retry(i)) {
            BIO_printf(bio_s_out, "DELAY\n");
            return (1);
@@ -2440,61 +2156,19 @@ static int init_ssl_connection(SSL *con)
        BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
    str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
    BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
-
+    if (con->hit)
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
    SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
    if (next_proto_neg) {
        BIO_printf(bio_s_out, "NEXTPROTO is ");
        BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
        BIO_printf(bio_s_out, "\n");
    }
 #endif
 #ifndef OPENSSL_NO_SRTP
    {
        SRTP_PROTECTION_PROFILE *srtp_profile
            = SSL_get_selected_srtp_profile(con);
        if (srtp_profile)
            BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
                       srtp_profile->name);
    }
 #endif
    if (SSL_cache_hit(con))
        BIO_printf(bio_s_out, "Reused session-id\n");
    if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
        TLS1_FLAGS_TLS_PADDING_BUG)
        BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");
 #ifndef OPENSSL_NO_KRB5
-    client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
+    if (con->kssl_ctx->client_princ != NULL) {
    if (client_princ != NULL) {
        BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
-                   client_princ);
+                   con->kssl_ctx->client_princ);
    }
 #endif                          /* OPENSSL_NO_KRB5 */
    BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
               SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
    if (keymatexportlabel != NULL) {
        BIO_printf(bio_s_out, "Keying material exporter:\n");
        BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);
        BIO_printf(bio_s_out, "    Length: %i bytes\n", keymatexportlen);
        exportedkeymat = OPENSSL_malloc(keymatexportlen);
        if (exportedkeymat != NULL) {
            if (!SSL_export_keying_material(con, exportedkeymat,
                                            keymatexportlen,
                                            keymatexportlabel,
                                            strlen(keymatexportlabel),
                                            NULL, 0, 0)) {
                BIO_printf(bio_s_out, "    Error\n");
            } else {
                BIO_printf(bio_s_out, "    Keying material: ");
                for (i = 0; i < keymatexportlen; i++)
                    BIO_printf(bio_s_out, "%02X", exportedkeymat[i]);
                BIO_printf(bio_s_out, "\n");
            }
            OPENSSL_free(exportedkeymat);
        }
    }
    return (1);
 }
@@ -2513,9 +2187,6 @@ static DH *load_dh_param(const char *dhfile)
    return (ret);
 }
 #endif
 #ifndef OPENSSL_NO_KRB5
 char *client_princ;
 #endif
 #if 0
 static int load_CA(SSL_CTX *ctx, char *file)
@@ -2546,9 +2217,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
    SSL *con;
    const SSL_CIPHER *c;
    BIO *io, *ssl_bio, *sbio;
 #ifndef OPENSSL_NO_KRB5
    KSSL_CTX *kctx;
 #endif
    buf = OPENSSL_malloc(bufsize);
    if (buf == NULL)
@@ -2582,9 +2250,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
    }
 #endif
 #ifndef OPENSSL_NO_KRB5
-    if ((kctx = kssl_ctx_new()) != NULL) {
+    if ((con->kssl_ctx = kssl_ctx_new()) != NULL) {
-        kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
+        kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
-        kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
+        kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
    }
 #endif                          /* OPENSSL_NO_KRB5 */
    if (context)
@@ -2608,7 +2276,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 #endif
    if (s_debug) {
-        SSL_set_debug(con, 1);
+        con->debug = 1;
        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
    }
@@ -2620,23 +2288,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
    for (;;) {
        if (hack) {
            i = SSL_accept(con);
-#ifndef OPENSSL_NO_SRP
+
            while (i <= 0
                   && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
                BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
                           srp_callback_parm.login);
                SRP_user_pwd_free(srp_callback_parm.user);
                srp_callback_parm.user =
                    SRP_VBASE_get1_by_user(srp_callback_parm.vb,
                                           srp_callback_parm.login);
                if (srp_callback_parm.user)
                    BIO_printf(bio_s_out, "LOOKUP done %s\n",
                               srp_callback_parm.user->info);
                else
                    BIO_printf(bio_s_out, "LOOKUP not successful\n");
                i = SSL_accept(con);
            }
 #endif
            switch (SSL_get_error(con, i)) {
            case SSL_ERROR_NONE:
                break;
@@ -2664,22 +2316,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
                goto err;
            } else {
                BIO_printf(bio_s_out, "read R BLOCK\n");
 #ifndef OPENSSL_NO_SRP
                if (BIO_should_io_special(io)
                    && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
                    SRP_user_pwd_free(srp_callback_parm.user);
                    srp_callback_parm.user =
                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
                                               srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
                                   srp_callback_parm.user->info);
                    else
                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
                    continue;
                }
 #endif
 #if defined(OPENSSL_SYS_NETWARE)
                delay(1000);
 #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
@@ -2694,7 +2330,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
        /* else we have data */
        if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
-            ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
+            ((www == 2) && (strncmp("GET /stats ", buf, 10) == 0))) {
            char *p;
            X509 *peer;
            STACK_OF(SSL_CIPHER) *sk;
@@ -2712,11 +2348,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
            }
            BIO_puts(io, "\n");
            BIO_printf(io,
                       "Secure Renegotiation IS%s supported\n",
                       SSL_get_secure_renegotiation_support(con) ?
                       "" : " NOT");
            /*
             * The following is evil and should not really be done
             */
@@ -2750,7 +2381,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
                }
                BIO_puts(io, "\n");
            }
-            BIO_printf(io, (SSL_cache_hit(con)
+            BIO_printf(io, ((con->hit)
                            ? "---\nReused, " : "---\nNew, "));
            c = SSL_get_current_cipher(con);
            BIO_printf(io, "%s, Cipher is %s\n",
@@ -2968,8 +2599,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
 {
    unsigned int count = 0;
    do {
-        if (RAND_pseudo_bytes(id, *id_len) < 0)
+        RAND_pseudo_bytes(id, *id_len);
            return 0;
        /*
         * Prefix the session_id with the required prefix. NB: If our prefix
         * is too long, clip it - but there will be worse effects anyway, eg.
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -235,10 +235,10 @@ int init_client(int *sock, char *host, int port, int type)
 {
    unsigned char ip[4];
-    memset(ip, '\0', sizeof ip);
+    if (!host_ip(host, &(ip[0]))) {
-    if (!host_ip(host, &(ip[0])))
+        return (0);
-        return 0;
+    }
-    return init_client_ip(sock, ip, port, type);
+    return (init_client_ip(sock, ip, port, type));
 }
 static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -302,10 +302,6 @@ static int parseArgs(int argc, char **argv)
            if (--argc < 1)
                goto bad;
            maxTime = atoi(*(++argv));
            if (maxTime <= 0) {
                BIO_printf(bio_err, "time must be > 0\n");
                badop = 1;
            }
        } else {
            BIO_printf(bio_err, "unknown option %s\n", *argv);
            badop = 1;
@@ -361,7 +357,13 @@ int MAIN(int argc, char **argv)
    if (bio_err == NULL)
        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
    s_time_meth = SSLv23_client_method();
 #elif !defined(OPENSSL_NO_SSL3)
    s_time_meth = SSLv3_client_method();
 #elif !defined(OPENSSL_NO_SSL2)
    s_time_meth = SSLv2_client_method();
 #endif
    /* parse the command line arguments */
    if (parseArgs(argc, argv) < 0)
@@ -554,8 +556,7 @@ int MAIN(int argc, char **argv)
         nConn, totalTime, ((double)nConn / totalTime), bytes_read);
    printf
        ("%d connections in %ld real seconds, %ld bytes read per connection\n",
-         nConn, (long)time(NULL) - finishtime + maxTime,
+         nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
         bytes_read / (nConn?nConn:1));
    ret = 0;
 end:
--- a/apps/server.pem
+++ b/apps/server.pem
@@ -1,52 +1,369 @@
-subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
 -----BEGIN CERTIFICATE-----
-MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
+MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
-RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
+Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
-R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
+GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
-vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
+k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
-TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
+itAE+OjGF+PFKbwX8Q==
 41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
 AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
 AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
 BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
 hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
 WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
 yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
 vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
 xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
 JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
-h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
-tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
-D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
-uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
-qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
-zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
 r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
 AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
 5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
 W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
 674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
 utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
 BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
 4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
 WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
 bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
 6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
 4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
 WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
 n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
 JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
 OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
 xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
 UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
 -----END RSA PRIVATE KEY-----
 subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
 issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
 notBefore=950413210656Z
 notAfter =970412210656Z
 -----BEGIN X509 CERTIFICATE-----
 MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
 BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
 ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
 BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
 VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
 MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
 3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
 YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
 hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
 dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
 zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
 -----END X509 CERTIFICATE-----
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
 -----BEGIN CERTIFICATE-----
 MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
 VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
 OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
 BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
 IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
 DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
 1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
 mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
 hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
 YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
 q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
 gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
 2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
 AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
 hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
 J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
 HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
 21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
 nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
 MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
 pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
 KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
 XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
 -----END RSA PRIVATE KEY-----
 -----BEGIN X509 CERTIFICATE-----
 MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
 LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
 MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
 b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
 EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
 bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
 ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
 hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
 ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
 bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
 fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
 R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
 Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
 -----END X509 CERTIFICATE-----
 -----BEGIN X509 CERTIFICATE-----
 MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
 Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
 GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
 bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
 BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
 BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
 ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
 ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
 H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
 WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
 MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
 LC7obsrHD8XAHG+ZRG==
 -----END X509 CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
 MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
 DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
 CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
 amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
 iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
 U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
 zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
 BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
 A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
 /DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
 lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
 S7ELuYGtmYgYm9NZOIr7yU0=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
 A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
 aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
 LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
 gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
 ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
 dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
 SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
 bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
 OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
 GJNMJ4L0AJ/ac+SmHZc=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
 BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
 HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
 IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
 MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
 aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
 GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
 ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
 zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
 YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
 hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
 cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
 YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
 -----END CERTIFICATE-----
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 -----BEGIN CERTIFICATE-----
 MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
 VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
 OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
 BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
 NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
 40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
 22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
 BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
 Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
 xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
 cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
 wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
 vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
 AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
 z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
 xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
 HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
 yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
 xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
 7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
 h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
 QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
 hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
 -----END RSA PRIVATE KEY-----
 subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
 issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
 notBefore=941104185834Z
 notAfter =991103185834Z
 -----BEGIN X509 CERTIFICATE-----
 MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
 HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
 Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
 OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
 ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
 IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
 975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
 touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
 7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
 9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
 0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
 MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
 -----END X509 CERTIFICATE-----
 subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
 issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
 notBefore=941109235417Z
 notAfter =991231235417Z
 -----BEGIN X509 CERTIFICATE-----
 MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
 HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
 IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
 Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
 YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
 Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
 roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
 aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
 HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
 iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
 suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
 cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
 -----END X509 CERTIFICATE-----
 subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
 	/OU=Certification Services Division/CN=Thawte Server CA
 	/Email=server-certs@thawte.com
 issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
 	/OU=Certification Services Division/CN=Thawte Server CA
 	/Email=server-certs@thawte.com
 -----BEGIN CERTIFICATE-----
 MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
 VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
 VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
 dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
 hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
 N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
 bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
 aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
 F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
 iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
 Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
 KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
 SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
 7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
 qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
 VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
 VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
 dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
 QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
 NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
 A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
 FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
 cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
 Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
 DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
 G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
 c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
 jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
 w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
 GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
 3VZdLbCVIhNoEsysrxCpxcI=
 -----END CERTIFICATE-----
 Tims test GCI CA
 -----BEGIN CERTIFICATE-----
 MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
 VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
 cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
 cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
 gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
 cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
 dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
 AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
 OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
 AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
 TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
 VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
 cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
 IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
 VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
 NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
 EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
 I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
 RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
 KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
 Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
 9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
 WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
 MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
 c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
 Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
 ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
 ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
 FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
 W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
 QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
 9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
 TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
 8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
 -----END CERTIFICATE-----
 subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
 issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
 -----BEGIN CERTIFICATE-----
 MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
 YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
 MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
 YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
 SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
 U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
 SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
 RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
 3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
 z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
 hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
 YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
 LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
 KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
 Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
 ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
 dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
 IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
 ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
 TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
 LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
 BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
 53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
 2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
 p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
 -----END CERTIFICATE-----
 subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
 issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
 -----BEGIN CERTIFICATE-----
 MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
 FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
 UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
 Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
 biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
 Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
 nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
 AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
 IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
 AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
 Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
 NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
 -----END CERTIFICATE-----
 subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
 issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
 -----BEGIN CERTIFICATE-----
 MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
 FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
 UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
 Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
 biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
 Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
 9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
 IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
 O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
 AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
 g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
 yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
 -----END CERTIFICATE-----
--- a/apps/server2.pem
+++ b/apps/server2.pem
@@ -1,52 +1,376 @@
-subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert #2
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (1024 bit)
 -----BEGIN CERTIFICATE-----
-MIID6jCCAtKgAwIBAgIJALnu1NlVpZ60MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU0WhcNOTgwNjA5
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZzELMAkG
+MTM1NzU0WjBkMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxJDAiBgNVBAMTG1NlcnZlciB0ZXN0IGNl
-RVNUSU5HIFBVUlBPU0VTIE9OTFkxHDAaBgNVBAMME1Rlc3QgU2VydmVyIENlcnQg
+cnQgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsxH1PBPm
-IzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrdi7j9yctG+L4EjBy
+RkxrR11eV4bzNi4N9n11CI8nV29+ARlT1+qDe/mjVUvXlmsr1v/vf71G9GgqopSa
-gjPmEqZzOJEQba26MoQGzglU7e5Xf59Rb/hgVQuKAoiZe7/R8rK4zJ4W7iXdXw0L
+6RXrICLVdk/FYYYzhPvl1M+OrjaXDFO8BzBAF1Lnz6c7aRZvGRJNrRSr2nZEkqDf
-qBpyG8B5aGKeI32w+A9TcBApoXXL2CrYQEQjZwUIpLlYBIi2NkJj3nVkq5dgl1gO
+JW9dY7r2VZEpD5QeuaRYUnuECkqeieB65GMCAwEAATANBgkqhkiG9w0BAQQFAAOB
-ALiQ+W8jg3kzg5Ec9rimp9r93N8wsSL3awsafurmYCvOf7leHaMP1WJ/zDRGUNHG
+gQCWsOta6C0wiVzXz8wPmJKyTrurMlgUss2iSuW9366iwofZddsNg7FXniMzkIf6
-/WtDjXc8ZUG1+6EXU9Jc2Fs+2Omf7fcN0l00AK/wPg8OaNS0rKyGq9JdIT9FRGV1
+dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh
-bXe/rx58FaE5CItdwCSYhJvF/O95LWQoxJXye5bCFLmvDTEyVq9FMSCptfsmbXjE
+8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA==
 ZGsXAgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJ
 YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
 DgQWBBR52UaWWTKzZGDH/X4mWNcuqeQVazAfBgNVHSMEGDAWgBQ2w2yI55X+sL3s
 zj49hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEANBW+XYLlHBqVY/31ie+3gRlS
 LPfy4SIqn0t3RJjagT29MXprblBO2cbMO8VGjkQdKGpmMXjxbht2arOOUXRHX4n/
 XTyn/QHEf0bcwIITMReO3DZUPAEw8hSjn9xEOM0IRVOCP+mH5fi74QzzQaZVCyYg
 5VtLKdww/+sc0nCbKl2KWgDluriH0nfVx95qgW3mg9dhXRr0zmf1w2zkBHYpARYL
 Dew6Z8EE4tS3HJu8/qM6meWzNtrfonQ3eiiMxjZBxzV46jchBwa2z9XYhP6AmpPb
 oeTSzcQNbWsxaGYzWo46oLDUZmJOwSBawbS31bZNMCoPIY6ukoesCzFSsUKZww==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA63Yu4/cnLRvi+BIwcoIz5hKmcziREG2tujKEBs4JVO3uV3+f
+MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
-UW/4YFULigKImXu/0fKyuMyeFu4l3V8NC6gachvAeWhiniN9sPgPU3AQKaF1y9gq
+S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
-2EBEI2cFCKS5WASItjZCY951ZKuXYJdYDgC4kPlvI4N5M4ORHPa4pqfa/dzfMLEi
+pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
-92sLGn7q5mArzn+5Xh2jD9Vif8w0RlDRxv1rQ413PGVBtfuhF1PSXNhbPtjpn+33
+AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
-DdJdNACv8D4PDmjUtKyshqvSXSE/RURldW13v68efBWhOQiLXcAkmISbxfzveS1k
+dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
-KMSV8nuWwhS5rw0xMlavRTEgqbX7Jm14xGRrFwIDAQABAoIBAHLsTPihIfLnYIE5
+bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
-x4GsQQ5zXeBw5ITDM37ktwHnQDC+rIzyUl1aLD1AZRBoKinXd4lOTqLZ4/NHKx4A
+Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
-DYr58mZtWyUmqLOMmQVuHXTZBlp7XtYuXMMNovQwjQlp9LicBeoBU6gQ5PVMtubD
+zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
-F4xGF89Sn0cTHW3iMkqTtQ5KcR1j57OcJO0FEb1vPvk2MXI5ZyAatUYE7YacbEzd
+6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
-rg02uIwx3FqNSkuSI79uz4hMdV5TPtuhxx9nTwj9aLUhXFeZ0mn2PVgVzEnnMoJb
+QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
-+znlsZDgzDlJqdaD744YGWh8Z3OEssB35KfzFcdOeO6yH8lmv2Zfznk7pNPT7LTb
+dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
-Lae9VgkCgYEA92p1qnAB3NtJtNcaW53i0S5WJgS1hxWKvUDx3lTB9s8X9fHpqL1a
+0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
-E94fDfWzp/hax6FefUKIvBOukPLQ6bYjTMiFoOHzVirghAIuIUoMI5VtLhwD1hKs
+nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
 Lr7l/dptMgKb1nZHyXoKHRBthsy3K4+udsPi8TzMvYElgEqyQIe/Rk0CgYEA86GL
 8HC6zLszzKERDPBxrboRmoFvVUCTQDhsfj1M8aR3nQ8V5LkdIJc7Wqm/Ggfk9QRf
 rJ8M2WUMlU5CNnCn/KCrKzCNZIReze3fV+HnKdbcXGLvgbHPrhnz8yYehUFG+RGq
 bVyDWRU94T38izy2s5qMYrMJWZEYyXncSPbfcPMCgYAtaXfxcZ+V5xYPQFARMtiX
 5nZfggvDoJuXgx0h3tK/N2HBfcaSdzbaYLG4gTmZggc/jwnl2dl5E++9oSPhUdIG
 3ONSFUbxsOsGr9PBvnKd8WZZyUCXAVRjPBzAzF+whzQNWCZy/5htnz9LN7YDI9s0
 5113Q96cheDZPFydZY0hHQKBgQDVbEhNukM5xCiNcu+f2SaMnLp9EjQ4h5g3IvaP
 5B16daw/Dw8LzcohWboqIxeAsze0GD/D1ZUJAEd0qBjC3g+a9BjefervCjKOzXng
 38mEUm+6EwVjJSQcjSmycEs+Sr/kwr/8i5WYvU32+jk4tFgMoC+o6tQe/Uesf68k
 z/dPVwKBgGbF7Vv1/3SmhlOy+zYyvJ0CrWtKxH9QP6tLIEgEpd8x7YTSuCH94yok
 kToMXYA3sWNPt22GbRDZ+rcp4c7HkDx6I6vpdP9aQEwJTp0EPy0sgWr2XwYmreIQ
 NFmkk8Itn9EY2R9VBaP7GLv5kvwxDdLAnmwGmzVtbmaVdxCaBwUk
 -----END RSA PRIVATE KEY-----
 subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
 issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
 notBefore=950413210656Z
 notAfter =970412210656Z
 -----BEGIN X509 CERTIFICATE-----
 MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
 BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
 ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
 BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
 VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
 MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
 3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
 YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
 hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
 dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
 zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
 -----END X509 CERTIFICATE-----
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
 -----BEGIN CERTIFICATE-----
 MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
 VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
 OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
 BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
 IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
 DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
 1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
 mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
 hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
 YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
 q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
 gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
 2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
 AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
 hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
 J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
 HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
 21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
 nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
 MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
 pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
 KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
 XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
 -----END RSA PRIVATE KEY-----
 -----BEGIN X509 CERTIFICATE-----
 MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
 LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
 MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
 b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
 EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
 bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
 ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
 hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
 ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
 bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
 fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
 R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
 Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
 -----END X509 CERTIFICATE-----
 -----BEGIN X509 CERTIFICATE-----
 MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
 Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
 GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
 bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
 BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
 BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
 ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
 ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
 H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
 WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
 MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
 LC7obsrHD8XAHG+ZRG==
 -----END X509 CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
 MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
 DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
 CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
 amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
 iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
 U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
 zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
 BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
 A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
 /DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
 lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
 S7ELuYGtmYgYm9NZOIr7yU0=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
 A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
 aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
 LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
 gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
 ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
 dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
 SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
 bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
 OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
 GJNMJ4L0AJ/ac+SmHZc=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
 BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
 HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
 IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
 MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
 aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
 GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
 ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
 zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
 YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
 hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
 cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
 YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
 -----END CERTIFICATE-----
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 -----BEGIN CERTIFICATE-----
 MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
 VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
 OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
 BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
 NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
 40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
 22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
 BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
 Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
 xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
 cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
 wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
 vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
 AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
 z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
 xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
 HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
 yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
 xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
 7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
 h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
 QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
 hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
 -----END RSA PRIVATE KEY-----
 subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
 issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
 notBefore=941104185834Z
 notAfter =991103185834Z
 -----BEGIN X509 CERTIFICATE-----
 MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
 HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
 Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
 OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
 ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
 IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
 975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
 touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
 7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
 9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
 0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
 MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
 -----END X509 CERTIFICATE-----
 subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
 issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
 notBefore=941109235417Z
 notAfter =991231235417Z
 -----BEGIN X509 CERTIFICATE-----
 MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
 HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
 IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
 Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
 YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
 Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
 roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
 aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
 HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
 iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
 suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
 cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
 -----END X509 CERTIFICATE-----
 subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
 	/OU=Certification Services Division/CN=Thawte Server CA
 	/Email=server-certs@thawte.com
 issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
 	/OU=Certification Services Division/CN=Thawte Server CA
 	/Email=server-certs@thawte.com
 -----BEGIN CERTIFICATE-----
 MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
 VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
 VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
 dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
 hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
 N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
 bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
 aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
 F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
 iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
 Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
 KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
 SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
 7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
 qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
 VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
 VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
 dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
 QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
 NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
 A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
 FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
 cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
 Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
 DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
 G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
 c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
 jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
 w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
 GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
 3VZdLbCVIhNoEsysrxCpxcI=
 -----END CERTIFICATE-----
 Tims test GCI CA
 -----BEGIN CERTIFICATE-----
 MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
 VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
 cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
 cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
 gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
 cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
 dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
 AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
 OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
 AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
 TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
 VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
 cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
 IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
 VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
 NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
 EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
 I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
 RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
 KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
 Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
 9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
 WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
 MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
 c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
 Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
 ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
 ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
 FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
 W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
 QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
 9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
 TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
 8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
 -----END CERTIFICATE-----
 subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
 issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
 -----BEGIN CERTIFICATE-----
 MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
 YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
 MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
 YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
 SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
 U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
 SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
 RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
 3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
 z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
 hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
 YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
 LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
 KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
 Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
 ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
 dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
 IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
 ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
 TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
 LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
 BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
 53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
 2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
 p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
 -----END CERTIFICATE-----
 subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
 issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
 -----BEGIN CERTIFICATE-----
 MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
 FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
 UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
 Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
 biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
 Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
 nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
 AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
 IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
 AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
 Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
 NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
 -----END CERTIFICATE-----
 subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
 issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
 -----BEGIN CERTIFICATE-----
 MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
 FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
 UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
 Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
 biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
 Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
 9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
 IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
 O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
 AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
 g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
 yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
 -----END CERTIFICATE-----
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -90,7 +90,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
    SSL_SESSION *x = NULL;
    X509 *peer = NULL;
    int ret = 1, i, num, badops = 0;
    BIO *out = NULL;
    int informat, outformat;
@@ -158,15 +157,14 @@ int MAIN(int argc, char **argv)
    if (x == NULL) {
        goto end;
    }
    peer = SSL_SESSION_get0_peer(x);
    if (context) {
-        size_t ctx_len = strlen(context);
+        x->sid_ctx_length = strlen(context);
-        if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+        if (x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH) {
            BIO_printf(bio_err, "Context too long\n");
            goto end;
        }
-        SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len);
+        memcpy(x->sid_ctx, context, x->sid_ctx_length);
    }
 #ifdef undef
    /* just testing for memory leaks :-) */
@@ -216,10 +214,10 @@ int MAIN(int argc, char **argv)
        SSL_SESSION_print(out, x);
        if (cert) {
-            if (peer == NULL)
+            if (x->peer == NULL)
                BIO_puts(out, "No certificate present\n");
            else
-                X509_print(out, peer);
+                X509_print(out, x->peer);
        }
    }
@@ -236,11 +234,11 @@ int MAIN(int argc, char **argv)
            BIO_printf(bio_err, "unable to write SSL_SESSION\n");
            goto end;
        }
-    } else if (!noout && (peer != NULL)) { /* just print the certificate */
+    } else if (!noout && (x->peer != NULL)) { /* just print the certificate */
        if (outformat == FORMAT_ASN1)
-            i = (int)i2d_X509_bio(out, peer);
+            i = (int)i2d_X509_bio(out, x->peer);
        else if (outformat == FORMAT_PEM)
-            i = PEM_write_bio_X509(out, peer);
+            i = PEM_write_bio_X509(out, x->peer);
        else {
            BIO_printf(bio_err, "bad output format specified for outfile\n");
            goto end;
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -441,8 +441,6 @@ int MAIN(int argc, char **argv)
        BIO_printf(bio_err,
                   "-CApath dir    trusted certificates directory\n");
        BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
        BIO_printf(bio_err,
                   "-no_alt_chains only ever use the first certificate chain found\n");
        BIO_printf(bio_err,
                   "-crl_check     check revocation status of signer's certificate using CRLs\n");
        BIO_printf(bio_err,
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1,4 +1,4 @@
-/* apps/speed.c */
+/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -108,16 +108,8 @@
 #  include <signal.h>
 # endif
-# if defined(_WIN32) || defined(__CYGWIN__)
+# ifdef _WIN32
 #  include <windows.h>
 #  if defined(__CYGWIN__) && !defined(_WIN32)
  /*
   * <windows.h> should define _WIN32, which normally is mutually exclusive
   * with __CYGWIN__, but if it didn't...
   */
 #   define _WIN32
  /* this is done because Cygwin alarm() fails sometimes. */
 #  endif
 # endif
 # include <openssl/bn.h>
@@ -191,25 +183,6 @@
 # ifndef OPENSSL_NO_ECDH
 #  include <openssl/ecdh.h>
 # endif
 # include <openssl/modes.h>
 # ifdef OPENSSL_FIPS
 #  ifdef OPENSSL_DOING_MAKEDEPEND
 #   undef AES_set_encrypt_key
 #   undef AES_set_decrypt_key
 #   undef DES_set_key_unchecked
 #  endif
 #  define BF_set_key      private_BF_set_key
 #  define CAST_set_key    private_CAST_set_key
 #  define idea_set_encrypt_key    private_idea_set_encrypt_key
 #  define SEED_set_key    private_SEED_set_key
 #  define RC2_set_key     private_RC2_set_key
 #  define RC4_set_key     private_RC4_set_key
 #  define DES_set_key_unchecked   private_DES_set_key_unchecked
 #  define AES_set_encrypt_key     private_AES_set_encrypt_key
 #  define AES_set_decrypt_key     private_AES_set_decrypt_key
 #  define Camellia_set_key        private_Camellia_set_key
 # endif
 # ifndef HAVE_FORK
 #  if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
@@ -227,7 +200,7 @@
 # undef BUFSIZE
 # define BUFSIZE ((long)1024*8+1)
-static volatile int run = 0;
+int run = 0;
 static int mr = 0;
 static int usertime = 1;
@@ -241,7 +214,7 @@ static void print_result(int alg, int run_no, int count, double time_used);
 static int do_multi(int multi);
 # endif
-# define ALGOR_NUM       30
+# define ALGOR_NUM       29
 # define SIZE_NUM        5
 # define RSA_NUM         4
 # define DSA_NUM         3
@@ -256,7 +229,7 @@ static const char *names[ALGOR_NUM] = {
    "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
    "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
    "evp", "sha256", "sha512", "whirlpool",
-    "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"
+    "aes-128 ige", "aes-192 ige", "aes-256 ige"
 };
 static double results[ALGOR_NUM][SIZE_NUM];
@@ -304,17 +277,13 @@ static SIGRETTYPE sig_done(int sig)
 # if defined(_WIN32)
-#  if !defined(SIGALRM)
+#  define SIGALRM
 #   define SIGALRM
 #  endif
 static unsigned int lapse, schlock;
-static void alarm_win32(unsigned int secs)
+static void alarm(unsigned int secs)
 {
    lapse = secs * 1000;
 }
 #  define alarm alarm_win32
 static DWORD WINAPI sleepy(VOID * arg)
 {
    schlock = 1;
@@ -513,7 +482,6 @@ int MAIN(int argc, char **argv)
 # define D_IGE_128_AES   26
 # define D_IGE_192_AES   27
 # define D_IGE_256_AES   28
 # define D_GHASH         29
    double d = 0.0;
    long c[ALGOR_NUM][SIZE_NUM];
 # define R_DSA_512       0
@@ -955,8 +923,6 @@ int MAIN(int argc, char **argv)
            doit[D_CBC_128_AES] = 1;
            doit[D_CBC_192_AES] = 1;
            doit[D_CBC_256_AES] = 1;
        } else if (strcmp(*argv, "ghash") == 0) {
            doit[D_GHASH] = 1;
        } else
 # endif
 # ifndef OPENSSL_NO_CAMELLIA
@@ -1363,7 +1329,6 @@ int MAIN(int argc, char **argv)
    c[D_IGE_128_AES][0] = count;
    c[D_IGE_192_AES][0] = count;
    c[D_IGE_256_AES][0] = count;
    c[D_GHASH][0] = count;
    for (i = 1; i < SIZE_NUM; i++) {
        c[D_MD2][i] = c[D_MD2][0] * 4 * lengths[0] / lengths[i];
@@ -1532,7 +1497,7 @@ int MAIN(int argc, char **argv)
 #   error "You cannot disable DES on systems without SIGALRM."
 #  endif                        /* OPENSSL_NO_DES */
 # else
-#  define COND(c) (run && count<0x7fffffff)
+#  define COND(c) (run)
 #  define COUNT(d) (count)
 #  ifndef _WIN32
    signal(SIGALRM, sig_done);
@@ -1799,21 +1764,6 @@ int MAIN(int argc, char **argv)
            print_result(D_IGE_256_AES, j, count, d);
        }
    }
    if (doit[D_GHASH]) {
        GCM128_CONTEXT *ctx =
            CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt);
        CRYPTO_gcm128_setiv(ctx, (unsigned char *)"0123456789ab", 12);
        for (j = 0; j < SIZE_NUM; j++) {
            print_message(names[D_GHASH], c[D_GHASH][j], lengths[j]);
            Time_F(START);
            for (count = 0, run = 1; COND(c[D_GHASH][j]); count++)
                CRYPTO_gcm128_aad(ctx, buf, lengths[j]);
            d = Time_F(STOP);
            print_result(D_GHASH, j, count, d);
        }
        CRYPTO_gcm128_release(ctx);
    }
 # endif
 # ifndef OPENSSL_NO_CAMELLIA
    if (doit[D_CBC_128_CML]) {
@@ -2537,7 +2487,7 @@ static void pkey_print_message(const char *str, const char *str2, long num,
               mr ? "+DTP:%d:%s:%s:%d\n"
               : "Doing %d bit %s %s's for %ds: ", bits, str, str2, tm);
    (void)BIO_flush(bio_err);
-    alarm(tm);
+    alarm(RSA_SECONDS);
 # else
    BIO_printf(bio_err,
               mr ? "+DNP:%ld:%d:%s:%s\n"
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -1,768 +0,0 @@
 /* apps/srp.c */
 /*
 * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey
 * project and contributed to the OpenSSL project 2004.
 */
 /* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_SRP
 # include <stdio.h>
 # include <stdlib.h>
 # include <string.h>
 # include <openssl/conf.h>
 # include <openssl/bio.h>
 # include <openssl/err.h>
 # include <openssl/txt_db.h>
 # include <openssl/buffer.h>
 # include <openssl/srp.h>
 # include "apps.h"
 # undef PROG
 # define PROG srp_main
 # define BASE_SECTION    "srp"
 # define CONFIG_FILE "openssl.cnf"
 # define ENV_RANDFILE            "RANDFILE"
 # define ENV_DATABASE            "srpvfile"
 # define ENV_DEFAULT_SRP         "default_srp"
 static char *srp_usage[] = {
    "usage: srp [args] [user] \n",
    "\n",
    " -verbose        Talk alot while doing things\n",
    " -config file    A config file\n",
    " -name arg       The particular srp definition to use\n",
    " -srpvfile arg   The srp verifier file name\n",
    " -add            add an user and srp verifier\n",
    " -modify         modify the srp verifier of an existing user\n",
    " -delete         delete user from verifier file\n",
    " -list           list user\n",
    " -gn arg         g and N values to be used for new verifier\n",
    " -userinfo arg   additional info to be set for user\n",
    " -passin arg     input file pass phrase source\n",
    " -passout arg    output file pass phrase source\n",
 # ifndef OPENSSL_NO_ENGINE
    " -engine e         - use engine e, possibly a hardware device.\n",
 # endif
    NULL
 };
 # ifdef EFENCE
 extern int EF_PROTECT_FREE;
 extern int EF_PROTECT_BELOW;
 extern int EF_ALIGNMENT;
 # endif
 static CONF *conf = NULL;
 static char *section = NULL;
 # define VERBOSE if (verbose)
 # define VVERBOSE if (verbose>1)
 int MAIN(int, char **);
 static int get_index(CA_DB *db, char *id, char type)
 {
    char **pp;
    int i;
    if (id == NULL)
        return -1;
    if (type == DB_SRP_INDEX)
        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
            if (pp[DB_srptype][0] == DB_SRP_INDEX
                && !strcmp(id, pp[DB_srpid]))
                return i;
    } else
        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
            if (pp[DB_srptype][0] != DB_SRP_INDEX
                && !strcmp(id, pp[DB_srpid]))
                return i;
        }
    return -1;
 }
 static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
 {
    if (indx >= 0 && verbose) {
        int j;
        char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
        BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
        for (j = 0; j < DB_NUMBER; j++) {
            BIO_printf(bio_err, "  %d = \"%s\"\n", j, pp[j]);
        }
    }
 }
 static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose)
 {
    print_entry(db, bio, indexindex, verbose, "g N entry");
 }
 static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
 {
    if (verbose > 0) {
        char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
        if (pp[DB_srptype][0] != 'I') {
            print_entry(db, bio, userindex, verbose, "User entry");
            print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose,
                        "g N entry");
        }
    }
 }
 static int update_index(CA_DB *db, BIO *bio, char **row)
 {
    char **irow;
    int i;
    if ((irow =
         (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
        BIO_printf(bio_err, "Memory allocation failure\n");
        return 0;
    }
    for (i = 0; i < DB_NUMBER; i++) {
        irow[i] = row[i];
        row[i] = NULL;
    }
    irow[DB_NUMBER] = NULL;
    if (!TXT_DB_insert(db->db, irow)) {
        BIO_printf(bio, "failed to update srpvfile\n");
        BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error);
        OPENSSL_free(irow);
        return 0;
    }
    return 1;
 }
 static void lookup_fail(const char *name, char *tag)
 {
    BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
 }
 static char *srp_verify_user(const char *user, const char *srp_verifier,
                             char *srp_usersalt, const char *g, const char *N,
                             const char *passin, BIO *bio, int verbose)
 {
    char password[1024];
    PW_CB_DATA cb_tmp;
    char *verifier = NULL;
    char *gNid = NULL;
    cb_tmp.prompt_info = user;
    cb_tmp.password = passin;
    if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
        VERBOSE BIO_printf(bio,
                           "Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
                           user, srp_verifier, srp_usersalt, g, N);
        BIO_printf(bio, "Pass %s\n", password);
        if (!
            (gNid =
             SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
                                 g))) {
            BIO_printf(bio, "Internal error validating SRP verifier\n");
        } else {
            if (strcmp(verifier, srp_verifier))
                gNid = NULL;
            OPENSSL_free(verifier);
        }
    }
    return gNid;
 }
 static char *srp_create_user(char *user, char **srp_verifier,
                             char **srp_usersalt, char *g, char *N,
                             char *passout, BIO *bio, int verbose)
 {
    char password[1024];
    PW_CB_DATA cb_tmp;
    char *gNid = NULL;
    char *salt = NULL;
    cb_tmp.prompt_info = user;
    cb_tmp.password = passout;
    if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
        VERBOSE BIO_printf(bio,
                           "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
                           user, g, N);
        if (!
            (gNid =
             SRP_create_verifier(user, password, &salt, srp_verifier, N,
                                 g))) {
            BIO_printf(bio, "Internal error creating SRP verifier\n");
        } else
            *srp_usersalt = salt;
        VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
                            gNid, salt, *srp_verifier);
    }
    return gNid;
 }
 int MAIN(int argc, char **argv)
 {
    int add_user = 0;
    int list_user = 0;
    int delete_user = 0;
    int modify_user = 0;
    char *user = NULL;
    char *passargin = NULL, *passargout = NULL;
    char *passin = NULL, *passout = NULL;
    char *gN = NULL;
    int gNindex = -1;
    char **gNrow = NULL;
    int maxgN = -1;
    char *userinfo = NULL;
    int badops = 0;
    int ret = 1;
    int errors = 0;
    int verbose = 0;
    int doupdatedb = 0;
    char *configfile = NULL;
    char *dbfile = NULL;
    CA_DB *db = NULL;
    char **pp;
    int i;
    long errorline = -1;
    char *randfile = NULL;
 # ifndef OPENSSL_NO_ENGINE
    char *engine = NULL;
 # endif
    char *tofree = NULL;
    DB_ATTR db_attr;
 # ifdef EFENCE
    EF_PROTECT_FREE = 1;
    EF_PROTECT_BELOW = 1;
    EF_ALIGNMENT = 0;
 # endif
    apps_startup();
    conf = NULL;
    section = NULL;
    if (bio_err == NULL)
        if ((bio_err = BIO_new(BIO_s_file())) != NULL)
            BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
    argc--;
    argv++;
    while (argc >= 1 && badops == 0) {
        if (strcmp(*argv, "-verbose") == 0)
            verbose++;
        else if (strcmp(*argv, "-config") == 0) {
            if (--argc < 1)
                goto bad;
            configfile = *(++argv);
        } else if (strcmp(*argv, "-name") == 0) {
            if (--argc < 1)
                goto bad;
            section = *(++argv);
        } else if (strcmp(*argv, "-srpvfile") == 0) {
            if (--argc < 1)
                goto bad;
            dbfile = *(++argv);
        } else if (strcmp(*argv, "-add") == 0)
            add_user = 1;
        else if (strcmp(*argv, "-delete") == 0)
            delete_user = 1;
        else if (strcmp(*argv, "-modify") == 0)
            modify_user = 1;
        else if (strcmp(*argv, "-list") == 0)
            list_user = 1;
        else if (strcmp(*argv, "-gn") == 0) {
            if (--argc < 1)
                goto bad;
            gN = *(++argv);
        } else if (strcmp(*argv, "-userinfo") == 0) {
            if (--argc < 1)
                goto bad;
            userinfo = *(++argv);
        } else if (strcmp(*argv, "-passin") == 0) {
            if (--argc < 1)
                goto bad;
            passargin = *(++argv);
        } else if (strcmp(*argv, "-passout") == 0) {
            if (--argc < 1)
                goto bad;
            passargout = *(++argv);
        }
 # ifndef OPENSSL_NO_ENGINE
        else if (strcmp(*argv, "-engine") == 0) {
            if (--argc < 1)
                goto bad;
            engine = *(++argv);
        }
 # endif
        else if (**argv == '-') {
 bad:
            BIO_printf(bio_err, "unknown option %s\n", *argv);
            badops = 1;
            break;
        } else
            break;
        argc--;
        argv++;
    }
    if (dbfile && configfile) {
        BIO_printf(bio_err,
                   "-dbfile and -configfile cannot be specified together.\n");
        badops = 1;
    }
    if (add_user + delete_user + modify_user + list_user != 1) {
        BIO_printf(bio_err,
                   "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
        badops = 1;
    }
    if (delete_user + modify_user + delete_user == 1 && argc <= 0) {
        BIO_printf(bio_err,
                   "Need at least one user for options -add, -delete, -modify. \n");
        badops = 1;
    }
    if ((passin || passout) && argc != 1) {
        BIO_printf(bio_err,
                   "-passin, -passout arguments only valid with one user.\n");
        badops = 1;
    }
    if (badops) {
        for (pp = srp_usage; (*pp != NULL); pp++)
            BIO_printf(bio_err, "%s", *pp);
        BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
                   LIST_SEPARATOR_CHAR);
        BIO_printf(bio_err,
                   "                 load the file (or the files in the directory) into\n");
        BIO_printf(bio_err, "                 the random number generator\n");
        goto err;
    }
    ERR_load_crypto_strings();
 # ifndef OPENSSL_NO_ENGINE
    setup_engine(bio_err, engine, 0);
 # endif
    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
        BIO_printf(bio_err, "Error getting passwords\n");
        goto err;
    }
    if (!dbfile) {
        /*****************************************************************/
        tofree = NULL;
        if (configfile == NULL)
            configfile = getenv("OPENSSL_CONF");
        if (configfile == NULL)
            configfile = getenv("SSLEAY_CONF");
        if (configfile == NULL) {
            const char *s = X509_get_default_cert_area();
            size_t len;
 # ifdef OPENSSL_SYS_VMS
            len = strlen(s) + sizeof(CONFIG_FILE);
            tofree = OPENSSL_malloc(len);
            if (!tofree) {
                BIO_printf(bio_err, "Out of memory\n");
                goto err;
            }
            strcpy(tofree, s);
 # else
            len = strlen(s) + sizeof(CONFIG_FILE) + 1;
            tofree = OPENSSL_malloc(len);
            if (!tofree) {
                BIO_printf(bio_err, "Out of memory\n");
                goto err;
            }
            BUF_strlcpy(tofree, s, len);
            BUF_strlcat(tofree, "/", len);
 # endif
            BUF_strlcat(tofree, CONFIG_FILE, len);
            configfile = tofree;
        }
        VERBOSE BIO_printf(bio_err, "Using configuration from %s\n",
                           configfile);
        conf = NCONF_new(NULL);
        if (NCONF_load(conf, configfile, &errorline) <= 0) {
            if (errorline <= 0)
                BIO_printf(bio_err, "error loading the config file '%s'\n",
                           configfile);
            else
                BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
                           errorline, configfile);
            goto err;
        }
        if (tofree) {
            OPENSSL_free(tofree);
            tofree = NULL;
        }
        if (!load_config(bio_err, conf))
            goto err;
        /* Lets get the config section we are using */
        if (section == NULL) {
            VERBOSE BIO_printf(bio_err,
                               "trying to read " ENV_DEFAULT_SRP
                               " in \" BASE_SECTION \"\n");
            section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
            if (section == NULL) {
                lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
                goto err;
            }
        }
        if (randfile == NULL && conf)
            randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
        VERBOSE BIO_printf(bio_err,
                           "trying to read " ENV_DATABASE
                           " in section \"%s\"\n", section);
        if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
            lookup_fail(section, ENV_DATABASE);
            goto err;
        }
    }
    if (randfile == NULL)
        ERR_clear_error();
    else
        app_RAND_load_file(randfile, bio_err, 0);
    VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
                       dbfile);
    db = load_index(dbfile, &db_attr);
    if (db == NULL)
        goto err;
    /* Lets check some fields */
    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
        pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
        if (pp[DB_srptype][0] == DB_SRP_INDEX) {
            maxgN = i;
            if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
                gNindex = i;
            print_index(db, bio_err, i, verbose > 1);
        }
    }
    VERBOSE BIO_printf(bio_err, "Database initialised\n");
    if (gNindex >= 0) {
        gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
        print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
    } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
        BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
        goto err;
    } else {
        VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
        gNrow = NULL;
    }
    VVERBOSE BIO_printf(bio_err, "Starting user processing\n");
    if (argc > 0)
        user = *(argv++);
    while (list_user || user) {
        int userindex = -1;
        if (user)
            VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
        if ((userindex = get_index(db, user, 'U')) >= 0) {
            print_user(db, bio_err, userindex, (verbose > 0) || list_user);
        }
        if (list_user) {
            if (user == NULL) {
                BIO_printf(bio_err, "List all users\n");
                for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
                    print_user(db, bio_err, i, 1);
                }
                list_user = 0;
            } else if (userindex < 0) {
                BIO_printf(bio_err,
                           "user \"%s\" does not exist, ignored. t\n", user);
                errors++;
            }
        } else if (add_user) {
            if (userindex >= 0) {
                /* reactivation of a new user */
                char **row =
                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
                BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
                row[DB_srptype][0] = 'V';
                doupdatedb = 1;
            } else {
                char *row[DB_NUMBER];
                char *gNid;
                row[DB_srpverifier] = NULL;
                row[DB_srpsalt] = NULL;
                row[DB_srpinfo] = NULL;
                if (!
                    (gNid =
                     srp_create_user(user, &(row[DB_srpverifier]),
                                     &(row[DB_srpsalt]),
                                     gNrow ? gNrow[DB_srpsalt] : gN,
                                     gNrow ? gNrow[DB_srpverifier] : NULL,
                                     passout, bio_err, verbose))) {
                    BIO_printf(bio_err,
                               "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
                               user);
                    errors++;
                    goto err;
                }
                row[DB_srpid] = BUF_strdup(user);
                row[DB_srptype] = BUF_strdup("v");
                row[DB_srpgN] = BUF_strdup(gNid);
                if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
                    || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo
                                                                    &&
                                                                    (!(row
                                                                       [DB_srpinfo]
                                                                       =
                                                                       BUF_strdup
                                                                       (userinfo))))
                    || !update_index(db, bio_err, row)) {
                    if (row[DB_srpid])
                        OPENSSL_free(row[DB_srpid]);
                    if (row[DB_srpgN])
                        OPENSSL_free(row[DB_srpgN]);
                    if (row[DB_srpinfo])
                        OPENSSL_free(row[DB_srpinfo]);
                    if (row[DB_srptype])
                        OPENSSL_free(row[DB_srptype]);
                    if (row[DB_srpverifier])
                        OPENSSL_free(row[DB_srpverifier]);
                    if (row[DB_srpsalt])
                        OPENSSL_free(row[DB_srpsalt]);
                    goto err;
                }
                doupdatedb = 1;
            }
        } else if (modify_user) {
            if (userindex < 0) {
                BIO_printf(bio_err,
                           "user \"%s\" does not exist, operation ignored.\n",
                           user);
                errors++;
            } else {
                char **row =
                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
                char type = row[DB_srptype][0];
                if (type == 'v') {
                    BIO_printf(bio_err,
                               "user \"%s\" already updated, operation ignored.\n",
                               user);
                    errors++;
                } else {
                    char *gNid;
                    if (row[DB_srptype][0] == 'V') {
                        int user_gN;
                        char **irow = NULL;
                        VERBOSE BIO_printf(bio_err,
                                           "Verifying password for user \"%s\"\n",
                                           user);
                        if ((user_gN =
                             get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
                            irow =
                                (char **)sk_OPENSSL_PSTRING_value(db->
                                                                  db->data,
                                                                  userindex);
                        if (!srp_verify_user
                            (user, row[DB_srpverifier], row[DB_srpsalt],
                             irow ? irow[DB_srpsalt] : row[DB_srpgN],
                             irow ? irow[DB_srpverifier] : NULL, passin,
                             bio_err, verbose)) {
                            BIO_printf(bio_err,
                                       "Invalid password for user \"%s\", operation abandoned.\n",
                                       user);
                            errors++;
                            goto err;
                        }
                    }
                    VERBOSE BIO_printf(bio_err,
                                       "Password for user \"%s\" ok.\n",
                                       user);
                    if (!
                        (gNid =
                         srp_create_user(user, &(row[DB_srpverifier]),
                                         &(row[DB_srpsalt]),
                                         gNrow ? gNrow[DB_srpsalt] : NULL,
                                         gNrow ? gNrow[DB_srpverifier] : NULL,
                                         passout, bio_err, verbose))) {
                        BIO_printf(bio_err,
                                   "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
                                   user);
                        errors++;
                        goto err;
                    }
                    row[DB_srptype][0] = 'v';
                    row[DB_srpgN] = BUF_strdup(gNid);
                    if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
                        || !row[DB_srpverifier] || !row[DB_srpsalt]
                        || (userinfo
                            && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
                        goto err;
                    doupdatedb = 1;
                }
            }
        } else if (delete_user) {
            if (userindex < 0) {
                BIO_printf(bio_err,
                           "user \"%s\" does not exist, operation ignored. t\n",
                           user);
                errors++;
            } else {
                char **xpp =
                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
                BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
                xpp[DB_srptype][0] = 'R';
                doupdatedb = 1;
            }
        }
        if (--argc > 0)
            user = *(argv++);
        else {
            user = NULL;
            list_user = 0;
        }
    }
    VERBOSE BIO_printf(bio_err, "User procession done.\n");
    if (doupdatedb) {
        /* Lets check some fields */
        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
            if (pp[DB_srptype][0] == 'v') {
                pp[DB_srptype][0] = 'V';
                print_user(db, bio_err, i, verbose);
            }
        }
        VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
        if (!save_index(dbfile, "new", db))
            goto err;
        VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
        if (!rotate_index(dbfile, "new", "old"))
            goto err;
        VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
    }
    ret = (errors != 0);
 err:
    if (errors != 0)
        VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors);
    VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
    if (tofree)
        OPENSSL_free(tofree);
    if (ret)
        ERR_print_errors(bio_err);
    if (randfile)
        app_RAND_write_file(randfile, bio_err);
    if (conf)
        NCONF_free(conf);
    if (db)
        free_index(db);
    OBJ_cleanup();
    apps_shutdown();
    OPENSSL_EXIT(ret);
 }
 #endif
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -213,26 +213,20 @@ int MAIN(int argc, char **argv)
            goto end;
    }
-    ret = 0;
+    if (argc < 1)
-    if (argc < 1) {
+        check(cert_ctx, NULL, untrusted, trusted, crls, e);
-        if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
+    else
            ret = -1;
    } else {
        for (i = 0; i < argc; i++)
-            if (1 != check(cert_ctx, argv[i], untrusted, trusted, crls, e))
+            check(cert_ctx, argv[i], untrusted, trusted, crls, e);
-                ret = -1;
+    ret = 0;
    }
 end:
    if (ret == 1) {
        BIO_printf(bio_err,
                   "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
        BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
 #ifndef OPENSSL_NO_ENGINE
        BIO_printf(bio_err, " [-engine e]");
 #endif
        BIO_printf(bio_err, " cert1 cert2 ...\n");
        BIO_printf(bio_err, "recognized usages:\n");
        for (i = 0; i < X509_PURPOSE_get_count(); i++) {
            X509_PURPOSE *ptmp;
@@ -250,7 +244,7 @@ int MAIN(int argc, char **argv)
    sk_X509_pop_free(trusted, X509_free);
    sk_X509_CRL_pop_free(crls, X509_CRL_free);
    apps_shutdown();
-    OPENSSL_EXIT(ret < 0 ? 2 : ret);
+    OPENSSL_EXIT(ret);
 }
 static int check(X509_STORE *ctx, char *file,
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -157,8 +157,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
 static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
                const EVP_MD *digest, CONF *conf, char *section);
 static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
-                        X509 *x, X509 *xca, EVP_PKEY *pkey,
+                        X509 *x, X509 *xca, EVP_PKEY *pkey, char *serial,
                        STACK_OF(OPENSSL_STRING) *sigopts, char *serial,
                        int create, int days, int clrext, CONF *conf,
                        char *section, ASN1_INTEGER *sno);
 static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
@@ -173,7 +172,6 @@ int MAIN(int argc, char **argv)
    X509_REQ *req = NULL;
    X509 *x = NULL, *xca = NULL;
    ASN1_OBJECT *objtmp;
    STACK_OF(OPENSSL_STRING) *sigopts = NULL;
    EVP_PKEY *Upkey = NULL, *CApkey = NULL;
    ASN1_INTEGER *sno = NULL;
    int i, num, badops = 0;
@@ -267,19 +265,12 @@ int MAIN(int argc, char **argv)
            if (--argc < 1)
                goto bad;
            CAkeyformat = str2fmt(*(++argv));
        } else if (strcmp(*argv, "-sigopt") == 0) {
            if (--argc < 1)
                goto bad;
            if (!sigopts)
                sigopts = sk_OPENSSL_STRING_new_null();
            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
                goto bad;
        } else if (strcmp(*argv, "-days") == 0) {
            if (--argc < 1)
                goto bad;
            days = atoi(*(++argv));
            if (days == 0) {
-                BIO_printf(bio_err, "bad number of days\n");
+                BIO_printf(STDout, "bad number of days\n");
                goto bad;
            }
        } else if (strcmp(*argv, "-passin") == 0) {
@@ -783,11 +774,6 @@ int MAIN(int argc, char **argv)
                z = i2d_X509(x, NULL);
                m = OPENSSL_malloc(z);
                if (!m) {
                    BIO_printf(bio_err, "Out of memory\n");
                    ERR_print_errors(bio_err);
                    goto end;
                }
                d = (unsigned char *)m;
                z = i2d_X509_NAME(X509_get_subject_name(x), &d);
@@ -830,7 +816,7 @@ int MAIN(int argc, char **argv)
                OPENSSL_free(m);
            } else if (text == i) {
-                X509_print_ex(STDout, x, nmflag, certflag);
+                X509_print_ex(out, x, nmflag, certflag);
            } else if (startdate == i) {
                BIO_puts(STDout, "notBefore=");
                ASN1_TIME_print(STDout, X509_get_notBefore(x));
@@ -886,9 +872,8 @@ int MAIN(int argc, char **argv)
                assert(need_rand);
                if (!x509_certify(ctx, CAfile, digest, x, xca,
-                                  CApkey, sigopts,
+                                  CApkey, CAserial, CA_createserial, days,
-                                  CAserial, CA_createserial, days, clrext,
+                                  clrext, extconf, extsect, sno))
                                  extconf, extsect, sno))
                    goto end;
            } else if (x509req == i) {
                EVP_PKEY *pk;
@@ -982,8 +967,6 @@ int MAIN(int argc, char **argv)
    X509_free(xca);
    EVP_PKEY_free(Upkey);
    EVP_PKEY_free(CApkey);
    if (sigopts)
        sk_OPENSSL_STRING_free(sigopts);
    X509_REQ_free(rq);
    ASN1_INTEGER_free(sno);
    sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
@@ -1041,11 +1024,9 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile,
 }
 static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
-                        X509 *x, X509 *xca, EVP_PKEY *pkey,
+                        X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile,
-                        STACK_OF(OPENSSL_STRING) *sigopts,
+                        int create, int days, int clrext, CONF *conf,
-                        char *serialfile, int create,
+                        char *section, ASN1_INTEGER *sno)
                        int days, int clrext, CONF *conf, char *section,
                        ASN1_INTEGER *sno)
 {
    int ret = 0;
    ASN1_INTEGER *bs = NULL;
@@ -1108,7 +1089,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
            goto end;
    }
-    if (!do_X509_sign(bio_err, x, pkey, digest, sigopts))
+    if (!X509_sign(x, pkey, digest))
        goto end;
    ret = 1;
 end:
@@ -1170,7 +1151,12 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
    if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
        goto err;
-    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
+    /* Lets just make it 12:00am GMT, Jan 1 1970 */
    /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
    /* 28 days to be certified */
    if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
        NULL)
        goto err;
    if (!X509_set_pubkey(x, pkey))
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,60 +0,0 @@
 platform:
    - x86
    - x64
 environment:
    matrix:
        - VSVER: 9
        - VSVER: 10
        - VSVER: 11
        - VSVER: 12
        - VSVER: 14
 configuration:
    - plain
    - shared
 matrix:
    allow_failures:
        - platform: x64
          VSVER: 9
        - platform: x64
          VSVER: 10
        - platform: x64
          VSVER: 11
 before_build:
    - ps: >-
        If ($env:Platform -Match "x86") {
            $env:VCVARS_PLATFORM="x86"
            $env:TARGET="VC-WIN32"
            $env:DO="do_ms"
        } Else {
            $env:VCVARS_PLATFORM="amd64"
            $env:TARGET="VC-WIN64A"
            $env:DO="do_win64a"
        }
    - ps: >-
        If ($env:Configuration -Like "*shared*") {
            $env:MAK="ntdll.mak"
        } Else {
            $env:MAK="nt.mak"
        }
    - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
    - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
    - perl Configure %TARGET% no-asm
    - call ms\%DO%
 build_script:
    - nmake /f ms\%MAK%
 test_script:
    - nmake /f ms\%MAK% test
 notifications:
    - provider: Email
      to:
          - openssl-commits@openssl.org
      on_build_success: false
      on_build_failure: true
      on_build_status_changed: true
--- a/96
+++ b/96
@@ -370,10 +370,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
    NONSTOP_KERNEL*)
       echo "nsr-tandem-nsk"; exit 0;
       ;;
    vxworks*)
       echo "${MACHINE}-whatever-vxworks"; exit 0;
       ;;
 esac
 #
@@ -411,18 +407,23 @@ exit 0
 # this is where the translation occurs into SSLeay terms
 # ---------------------------------------------------------------------------
 GCCVER=`(gcc -dumpversion) 2>/dev/null`
 if [ "$GCCVER" != "" ]; then
  # then strip off whatever prefix egcs prepends the number with...
  # Hopefully, this will work for any future prefixes as well.
  GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
  # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
  # does give us what we want though, so we use that.  We just just the
  # major and minor version numbers.
  # peak single digit before and after first dot, e.g. 2.95.1 gives 29
  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
 fi
 # Only set CC if not supplied already
-if [ -z "$CROSS_COMPILE$CC" ]; then
+if [ -z "$CC" ]; then
-  GCCVER=`sh -c "gcc -dumpversion" 2>/dev/null`
+# figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
  if [ "$GCCVER" != "" ]; then
    # then strip off whatever prefix egcs prepends the number with...
    # Hopefully, this will work for any future prefixes as well.
    GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
    # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
    # does give us what we want though, so we use that.  We just just the
    # major and minor version numbers.
    # peak single digit before and after first dot, e.g. 2.95.1 gives 29
    GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
    CC=gcc
  else
    CC=cc
@@ -538,7 +539,7 @@ case "$GUESSOS" in
  ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
  ppc-apple-darwin*)
 	ISA64=`(sysctl -n hw.optional.64bitops) 2>/dev/null`
-	if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then
+	if [ "$ISA64" = "1" ]; then
 	    echo "WARNING! If you wish to build 64-bit library, then you have to"
 	    echo "         invoke './Configure darwin64-ppc-cc' *manually*."
 	    if [ "$TEST" = "false" -a -t 1 ]; then
@@ -546,14 +547,10 @@ case "$GUESSOS" in
 	      (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	    fi
 	fi
-	if [ "$ISA64" = "1" -a "$KERNEL_BITS" = "64" ]; then
+	OUT="darwin-ppc-cc" ;;
 	    OUT="darwin64-ppc-cc"
 	else
 	    OUT="darwin-ppc-cc"
 	fi ;;
  i?86-apple-darwin*)
 	ISA64=`(sysctl -n hw.optional.x86_64) 2>/dev/null`
-	if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then
+	if [ "$ISA64" = "1" ]; then
 	    echo "WARNING! If you wish to build 64-bit library, then you have to"
 	    echo "         invoke './Configure darwin64-x86_64-cc' *manually*."
 	    if [ "$TEST" = "false" -a -t 1 ]; then
@@ -561,17 +558,7 @@ case "$GUESSOS" in
 	      (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	    fi
 	fi
-	if [ "$ISA64" = "1" -a "$KERNEL_BITS" = "64" ]; then
+	OUT="darwin-i386-cc" ;;
 	    OUT="darwin64-x86_64-cc"
 	else
 	    OUT="darwin-i386-cc"
 	fi ;;
  armv6+7-*-iphoneos)
 	options="$options -arch%20armv6 -arch%20armv7"
 	OUT="iphoneos-cross" ;;
  *-*-iphoneos)
 	options="$options -arch%20${MACHINE}"
 	OUT="iphoneos-cross" ;;
  alpha-*-linux2)
        ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
 	case ${ISA:-generic} in
@@ -596,11 +583,6 @@ case "$GUESSOS" in
 	OUT="linux-ppc"
 	;;
  ppc-*-linux2) OUT="linux-ppc" ;;
  ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
  ppcgen-*-vxworks*) OUT="vxworks-ppcgen" ;;
  pentium-*-vxworks*) OUT="vxworks-pentium" ;;
  simlinux-*-vxworks*) OUT="vxworks-simlinux" ;;
  mips-*-vxworks*) OUT="vxworks-mips";;
  ia64-*-linux?) OUT="linux-ia64" ;;
  sparc64-*-linux2)
 	echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
@@ -642,24 +624,12 @@ case "$GUESSOS" in
 	options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH"
 	OUT="linux-generic32" ;;
  armv[1-3]*-*-linux2) OUT="linux-generic32" ;;
  armv[7-9]*-*-linux2) OUT="linux-armv4"; options="$options -march=armv7-a" ;;
  arm*-*-linux2) OUT="linux-armv4" ;;
  sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
  sh*-*-linux2)  OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
  m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
  s390-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
-  s390x-*-linux2)
+  s390x-*-linux2) OUT="linux-s390x" ;;
 	# To be uncommented when glibc bug is fixed, see Configure...
 	#if egrep -e '^features.* highgprs' /proc/cpuinfo >/dev/null ; then
 	#  echo "WARNING! If you wish to build \"highgprs\" 32-bit library, then you"
 	#  echo "         have to invoke './Configure linux32-s390x' *manually*."
 	#  if [ "$TEST" = "false" -a -t -1 ]; then
 	#    echo "         You have about 5 seconds to press Ctrl-C to abort."
 	#    (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	#  fi
 	#fi
 	OUT="linux64-s390x"
 	;;
  x86_64-*-linux?) OUT="linux-x86_64" ;;
  *86-*-linux2) OUT="linux-elf"
 	if [ "$GCCVER" -gt 28 ]; then
@@ -678,7 +648,7 @@ case "$GUESSOS" in
  sun4[uv]*-*-solaris2)
 	OUT="solaris-sparcv9-$CC"
 	ISA64=`(isalist) 2>/dev/null | grep sparcv9`
-	if [ "$ISA64" != "" -a "$KERNEL_BITS" = "" ]; then
+	if [ "$ISA64" != "" ]; then
 	    if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
@@ -708,16 +678,13 @@ case "$GUESSOS" in
 		fi
 	    fi
 	fi
 	if [ "$ISA64" != "" -a "$KERNEL_BITS" = "64" ]; then
 	    OUT="solaris64-sparcv9-$CC"
 	fi
 	;;
  sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
  sun4d-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
  sun4*-*-solaris2)	OUT="solaris-sparcv7-$CC" ;;
  *86*-*-solaris2)
 	ISA64=`(isalist) 2>/dev/null | grep amd64`
-	if [ "$ISA64" != "" -a ${KERNEL_BITS:-64} -eq 64 ]; then
+	if [ "$ISA64" != "" ]; then
 	    OUT="solaris64-x86_64-$CC"
 	else
 	    OUT="solaris-x86-$CC"
@@ -769,17 +736,20 @@ case "$GUESSOS" in
 	if [ $CC = "gcc" -a $GCC_BITS = "64" ]; then
 	    OUT="hpux64-parisc2-gcc"
 	fi
-	[ "$KERNEL_BITS" ] || KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
+	KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
 	KERNEL_BITS=${KERNEL_BITS:-32}
 	CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null`
 	CPU_VERSION=${CPU_VERSION:-0}
 	# See <sys/unistd.h> for further info on CPU_VERSION.
 	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
-	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
+	     echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
-	        OUT="hpux64-ia64-cc"
+	     echo "         If you wish to build 32-bit library, the you have to"
-             else
+	     echo "         invoke './Configure hpux-ia64-cc' *manually*."
-	        OUT="hpux-ia64-cc"
+	     if [ "$TEST" = "false" -a -t 1 ]; then
-             fi
+		echo "         You have about 5 seconds to press Ctrl-C to abort."
 		(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	     fi
 	     OUT="hpux64-ia64-cc"
 	elif [ $CPU_VERSION -ge 532 ]; then	# PA-RISC 2.x CPU
 	     OUT=${OUT:-"hpux-parisc2-${CC}"}
 	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
@@ -800,7 +770,7 @@ case "$GUESSOS" in
 	options="$options -D_REENTRANT" ;;
  *-hpux)	OUT="hpux-parisc-$CC" ;;
  *-aix)
-	[ "$KERNEL_BITS" ] || KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null`
+	KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null`
 	KERNEL_BITS=${KERNEL_BITS:-32}
 	OBJECT_MODE=${OBJECT_MODE:-32}
 	if [ "$CC" = "gcc" ]; then
@@ -840,8 +810,6 @@ case "$GUESSOS" in
  beos-*) OUT="$GUESSOS" ;;
  x86pc-*-qnx6) OUT="QNX6-i386" ;;
  *-*-qnx6) OUT="QNX6" ;;
  x86-*-android|i?86-*-android) OUT="android-x86" ;;
  armv[7-9]*-*-android) OUT="android-armv7" ;;
  *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
--- a/crypto/.cvsignore
+++ b/crypto/.cvsignore
@@ -0,0 +1,8 @@
 lib
 buildinf.h
 opensslconf.h
 Makefile.save
 *.flc
 semantic.cache
 *cpuid.s
 uplink-cof.s
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -7,7 +7,7 @@ TOP=		..
 CC=		cc
 INCLUDE=	-I. -I$(TOP) -I../include $(ZLIB_INCLUDE)
 # INCLUDES targets sudbirs!
-INCLUDES=	-I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE)
+INCLUDES=	-I.. -I../.. -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE)
 CFLAG=		-g
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
@@ -35,10 +35,8 @@ TEST=constant_time_test.c
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
+LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c
-	ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ)
 LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
 	uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
 SRC= $(LIBSRC)
@@ -66,17 +64,16 @@ applink.o:	$(TOP)/ms/applink.c
 uplink.o:	$(TOP)/ms/uplink.c applink.o
 	$(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/uplink.c
-uplink-x86.s:	$(TOP)/ms/uplink-x86.pl
+uplink-cof.s:	$(TOP)/ms/uplink.pl
-	$(PERL) $(TOP)/ms/uplink-x86.pl $(PERLASM_SCHEME) > $@
+	$(PERL) $(TOP)/ms/uplink.pl coff > $@
-x86_64cpuid.s: x86_64cpuid.pl;	$(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@
+x86_64cpuid.s: x86_64cpuid.pl
-ia64cpuid.s: ia64cpuid.S;	$(CC) $(CFLAGS) -E ia64cpuid.S > $@
+	$(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@
 ia64cpuid.s: ia64cpuid.S
 	$(CC) $(CFLAGS) -E ia64cpuid.S > $@
 ppccpuid.s:	ppccpuid.pl;	$(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
 pariscid.s:	pariscid.pl;	$(PERL) pariscid.pl $(PERLASM_SCHEME) $@
 alphacpuid.s:	alphacpuid.pl
-	(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
+	$(PERL) $< | $(CC) -E - | tee $@ > /dev/null
 	$(PERL) alphacpuid.pl > $$preproc && \
 	$(CC) -E $$preproc > $@ && rm $$preproc)
 testapps:
 	[ -z "$(THIS)" ] || (	if echo $(SDIRS) | fgrep ' des '; \
@@ -102,7 +99,6 @@ lib:	$(LIB)
 	@touch lib
 $(LIB):	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
 	[ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
 	$(RANLIB) $(LIB) || echo Never mind.
 shared: buildinf.h lib subdirs
@@ -177,7 +173,6 @@ ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
 ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 ex_data.o: ex_data.c
 fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c
 mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
 mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
@@ -198,19 +193,6 @@ mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 mem_dbg.o: mem_dbg.c
 o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
 o_dir.o: LPdir_unix.c o_dir.c o_dir.h
 o_fips.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
 o_fips.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 o_fips.o: ../include/openssl/err.h ../include/openssl/lhash.h
 o_fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 o_fips.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
 o_fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 o_fips.o: o_fips.c
 o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
 o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h
 o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 o_init.o: ../include/openssl/symhacks.h o_init.c
 o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
 o_str.o: o_str.c o_str.h
 o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
--- a/crypto/aes/.cvsignore
+++ b/crypto/aes/.cvsignore
@@ -0,0 +1,5 @@
 lib
 Makefile.save
 *.flc
 semantic.cache
 aes-*.s
--- a/crypto/aes/Makefile
+++ b/crypto/aes/Makefile
@@ -50,21 +50,9 @@ aes-ia64.s: asm/aes-ia64.S
 aes-586.s:	asm/aes-586.pl ../perlasm/x86asm.pl
 	$(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
 vpaes-x86.s:	asm/vpaes-x86.pl ../perlasm/x86asm.pl
 	$(PERL) asm/vpaes-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
 aesni-x86.s:	asm/aesni-x86.pl ../perlasm/x86asm.pl
 	$(PERL) asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
 aes-x86_64.s: asm/aes-x86_64.pl
 	$(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@
 vpaes-x86_64.s:	asm/vpaes-x86_64.pl
 	$(PERL) asm/vpaes-x86_64.pl $(PERLASM_SCHEME) > $@
 bsaes-x86_64.s:	asm/bsaes-x86_64.pl
 	$(PERL) asm/bsaes-x86_64.pl $(PERLASM_SCHEME) > $@
 aesni-x86_64.s: asm/aesni-x86_64.pl
 	$(PERL) asm/aesni-x86_64.pl $(PERLASM_SCHEME) > $@
 aesni-sha1-x86_64.s:	asm/aesni-sha1-x86_64.pl
 	$(PERL) asm/aesni-sha1-x86_64.pl $(PERLASM_SCHEME) > $@
 aes-sparcv9.s: asm/aes-sparcv9.pl
 	$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
@@ -72,15 +60,8 @@ aes-sparcv9.s: asm/aes-sparcv9.pl
 aes-ppc.s:	asm/aes-ppc.pl
 	$(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@
 aes-parisc.s:	asm/aes-parisc.pl
 	$(PERL) asm/aes-parisc.pl $(PERLASM_SCHEME) $@
 aes-mips.S:	asm/aes-mips.pl
 	$(PERL) asm/aes-mips.pl $(PERLASM_SCHEME) $@
 # GNU make "catch all"
-aes-%.S:	asm/aes-%.pl;	$(PERL) $< $(PERLASM_SCHEME) > $@
+aes-%.s:	asm/aes-%.pl;	$(PERL) $< $(CFLAGS) > $@
 aes-armv4.o:	aes-armv4.S
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -138,11 +119,9 @@ aes_ige.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 aes_ige.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 aes_ige.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h
-aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/crypto.h
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-aes_misc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslconf.h
-aes_misc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
 aes_misc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 aes_misc.o: ../../include/openssl/symhacks.h aes_locl.h aes_misc.c
 aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
 aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c
 aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h
--- a/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
@@ -1,4 +1,4 @@
-/* crypto/aes/aes.h */
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@@ -92,11 +92,6 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
                        AES_KEY *key);
 int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                                AES_KEY *key);
 int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
                                AES_KEY *key);
 void AES_encrypt(const unsigned char *in, unsigned char *out,
                 const AES_KEY *key);
 void AES_decrypt(const unsigned char *in, unsigned char *out,
--- a/crypto/aes/aes_cbc.c
+++ b/crypto/aes/aes_cbc.c
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_cbc.c */
+/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_cfb.c */
+/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c */
+/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
 /**
 * rijndael-alg-fst.c
 *
@@ -625,8 +625,8 @@ static const u32 rcon[] = {
 /**
 * Expand the cipher key into the encryption key schedule.
 */
-int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
+                        AES_KEY *key)
 {
    u32 *rk;
@@ -727,8 +727,8 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 /**
 * Expand the cipher key into the decryption key schedule.
 */
-int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
+                        AES_KEY *key)
 {
    u32 *rk;
@@ -736,7 +736,7 @@ int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
    u32 temp;
    /* first, start with an encryption schedule */
-    status = private_AES_set_encrypt_key(userKey, bits, key);
+    status = AES_set_encrypt_key(userKey, bits, key);
    if (status < 0)
        return status;
@@ -1130,31 +1130,31 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
     * map cipher state to byte array block:
     */
    s0 =
-        ((u32)Td4[(t0 >> 24)       ] << 24) ^
+        (Td4[(t0 >> 24)       ] << 24) ^
-        ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^
+        (Td4[(t3 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t2 >>  8) & 0xff] <<  8) ^
+        (Td4[(t2 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t1      ) & 0xff])       ^
+        (Td4[(t1      ) & 0xff])       ^
        rk[0];
    PUTU32(out     , s0);
    s1 =
-        ((u32)Td4[(t1 >> 24)       ] << 24) ^
+        (Td4[(t1 >> 24)       ] << 24) ^
-        ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^
+        (Td4[(t0 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t3 >>  8) & 0xff] <<  8) ^
+        (Td4[(t3 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t2      ) & 0xff])       ^
+        (Td4[(t2      ) & 0xff])       ^
        rk[1];
    PUTU32(out +  4, s1);
    s2 =
-        ((u32)Td4[(t2 >> 24)       ] << 24) ^
+        (Td4[(t2 >> 24)       ] << 24) ^
-        ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^
+        (Td4[(t1 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t0 >>  8) & 0xff] <<  8) ^
+        (Td4[(t0 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t3      ) & 0xff])       ^
+        (Td4[(t3      ) & 0xff])       ^
        rk[2];
    PUTU32(out +  8, s2);
    s3 =
-        ((u32)Td4[(t3 >> 24)       ] << 24) ^
+        (Td4[(t3 >> 24)       ] << 24) ^
-        ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^
+        (Td4[(t2 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t1 >>  8) & 0xff] <<  8) ^
+        (Td4[(t1 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t0      ) & 0xff])       ^
+        (Td4[(t0      ) & 0xff])       ^
        rk[3];
    PUTU32(out + 12, s3);
 }
@@ -1204,8 +1204,8 @@ static const u32 rcon[] = {
 /**
 * Expand the cipher key into the encryption key schedule.
 */
-int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
+                        AES_KEY *key)
 {
    u32 *rk;
   	int i = 0;
@@ -1233,10 +1233,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
        while (1) {
            temp  = rk[3];
            rk[4] = rk[0] ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                (Te4[(temp >> 16) & 0xff] << 24) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                (Te4[(temp >>  8) & 0xff] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                (Te4[(temp      ) & 0xff] << 8) ^
-                ((u32)Te4[(temp >> 24)       ]) ^
+                (Te4[(temp >> 24)       ]) ^
                rcon[i];
            rk[5] = rk[1] ^ rk[4];
            rk[6] = rk[2] ^ rk[5];
@@ -1253,10 +1253,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
        while (1) {
            temp = rk[ 5];
            rk[ 6] = rk[ 0] ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                (Te4[(temp >> 16) & 0xff] << 24) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                (Te4[(temp >>  8) & 0xff] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                (Te4[(temp      ) & 0xff] << 8) ^
-                ((u32)Te4[(temp >> 24)       ]) ^
+                (Te4[(temp >> 24)       ]) ^
                rcon[i];
            rk[ 7] = rk[ 1] ^ rk[ 6];
            rk[ 8] = rk[ 2] ^ rk[ 7];
@@ -1275,10 +1275,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
        while (1) {
            temp = rk[ 7];
            rk[ 8] = rk[ 0] ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                (Te4[(temp >> 16) & 0xff] << 24) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                (Te4[(temp >>  8) & 0xff] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                (Te4[(temp      ) & 0xff] << 8) ^
-                ((u32)Te4[(temp >> 24)       ]) ^
+                (Te4[(temp >> 24)       ]) ^
                rcon[i];
            rk[ 9] = rk[ 1] ^ rk[ 8];
            rk[10] = rk[ 2] ^ rk[ 9];
@@ -1288,10 +1288,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
            }
            temp = rk[11];
            rk[12] = rk[ 4] ^
-                ((u32)Te4[(temp >> 24)       ] << 24) ^
+                (Te4[(temp >> 24)       ] << 24) ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
+                (Te4[(temp >> 16) & 0xff] << 16) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 8) ^
+                (Te4[(temp >>  8) & 0xff] << 8) ^
-                ((u32)Te4[(temp      ) & 0xff]);
+                (Te4[(temp      ) & 0xff]);
            rk[13] = rk[ 5] ^ rk[12];
            rk[14] = rk[ 6] ^ rk[13];
            rk[15] = rk[ 7] ^ rk[14];
@@ -1305,16 +1305,15 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 /**
 * Expand the cipher key into the decryption key schedule.
 */
-int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
+                        AES_KEY *key)
 {
    u32 *rk;
    int i, j, status;
    u32 temp;
    /* first, start with an encryption schedule */
-    status = private_AES_set_encrypt_key(userKey, bits, key);
+    status = AES_set_encrypt_key(userKey, bits, key);
    if (status < 0)
        return status;
--- a/crypto/aes/aes_ctr.c
+++ b/crypto/aes/aes_ctr.c
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ctr.c */
+/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_ecb.c
+++ b/crypto/aes/aes_ecb.c
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ecb.c */
+/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ige.c */
+/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_locl.h
+++ b/crypto/aes/aes_locl.h
@@ -1,4 +1,4 @@
-/* crypto/aes/aes.h */
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_misc.c
+++ b/crypto/aes/aes_misc.c
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_misc.c */
+/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@@ -50,7 +50,6 @@
 */
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
 #include <openssl/aes.h>
 #include "aes_locl.h"
@@ -64,23 +63,3 @@ const char *AES_options(void)
    return "aes(partial)";
 #endif
 }
 /* FIPS wrapper functions to block low level AES calls in FIPS mode */
 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                        AES_KEY *key)
 {
 #ifdef OPENSSL_FIPS
    fips_cipher_abort(AES);
 #endif
    return private_AES_set_encrypt_key(userKey, bits, key);
 }
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
                        AES_KEY *key)
 {
 #ifdef OPENSSL_FIPS
    fips_cipher_abort(AES);
 #endif
    return private_AES_set_decrypt_key(userKey, bits, key);
 }
--- a/crypto/aes/aes_ofb.c
+++ b/crypto/aes/aes_ofb.c
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ofb.c */
+/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
--- a/crypto/aes/aes_x86core.c
+++ b/crypto/aes/aes_x86core.c
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c */
+/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
 /**
 * rijndael-alg-fst.c
 *
@@ -497,10 +497,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
        while (1) {
            temp  = rk[3];
            rk[4] = rk[0] ^
-                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                (Te4[(temp >>  8) & 0xff]      ) ^
-                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                (Te4[(temp >> 16) & 0xff] <<  8) ^
-                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                (Te4[(temp >> 24)       ] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 24) ^
+                (Te4[(temp      ) & 0xff] << 24) ^
                rcon[i];
            rk[5] = rk[1] ^ rk[4];
            rk[6] = rk[2] ^ rk[5];
@@ -517,10 +517,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
        while (1) {
            temp = rk[ 5];
            rk[ 6] = rk[ 0] ^
-                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                (Te4[(temp >>  8) & 0xff]      ) ^
-                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                (Te4[(temp >> 16) & 0xff] <<  8) ^
-                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                (Te4[(temp >> 24)       ] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 24) ^
+                (Te4[(temp      ) & 0xff] << 24) ^
                rcon[i];
            rk[ 7] = rk[ 1] ^ rk[ 6];
            rk[ 8] = rk[ 2] ^ rk[ 7];
@@ -539,10 +539,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
        while (1) {
            temp = rk[ 7];
            rk[ 8] = rk[ 0] ^
-                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                (Te4[(temp >>  8) & 0xff]      ) ^
-                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                (Te4[(temp >> 16) & 0xff] <<  8) ^
-                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                (Te4[(temp >> 24)       ] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 24) ^
+                (Te4[(temp      ) & 0xff] << 24) ^
                rcon[i];
            rk[ 9] = rk[ 1] ^ rk[ 8];
            rk[10] = rk[ 2] ^ rk[ 9];
@@ -552,10 +552,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
            }
            temp = rk[11];
            rk[12] = rk[ 4] ^
-                ((u32)Te4[(temp      ) & 0xff]      ) ^
+                (Te4[(temp      ) & 0xff]      ) ^
-                ((u32)Te4[(temp >>  8) & 0xff] <<  8) ^
+                (Te4[(temp >>  8) & 0xff] <<  8) ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
+                (Te4[(temp >> 16) & 0xff] << 16) ^
-                ((u32)Te4[(temp >> 24)       ] << 24);
+                (Te4[(temp >> 24)       ] << 24);
            rk[13] = rk[ 5] ^ rk[12];
            rk[14] = rk[ 6] ^ rk[13];
            rk[15] = rk[ 7] ^ rk[14];
@@ -674,22 +674,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
 #if defined(AES_COMPACT_IN_OUTER_ROUNDS)
    prefetch256(Te4);
-    t[0] = (u32)Te4[(s0      ) & 0xff]       ^
+    t[0] =  Te4[(s0      ) & 0xff]       ^
-           (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+        Te4[(s1 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+        Te4[(s2 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s3 >> 24)       ] << 24;
+        Te4[(s3 >> 24)       ] << 24;
-    t[1] = (u32)Te4[(s1      ) & 0xff]       ^
+    t[1] =  Te4[(s1      ) & 0xff]       ^
-           (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+        Te4[(s2 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+        Te4[(s3 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s0 >> 24)       ] << 24;
+        Te4[(s0 >> 24)       ] << 24;
-    t[2] = (u32)Te4[(s2      ) & 0xff]       ^
+    t[2] =  Te4[(s2      ) & 0xff]       ^
-           (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+        Te4[(s3 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+        Te4[(s0 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s1 >> 24)       ] << 24;
+        Te4[(s1 >> 24)       ] << 24;
-    t[3] = (u32)Te4[(s3      ) & 0xff]       ^
+    t[3] =  Te4[(s3      ) & 0xff]       ^
-           (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+        Te4[(s0 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+        Te4[(s1 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s2 >> 24)       ] << 24;
+        Te4[(s2 >> 24)       ] << 24;
    /* now do the linear transform using words */
    {   int i;
@@ -740,22 +740,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
     */
    for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
 #if defined(AES_COMPACT_IN_INNER_ROUNDS)
-        t[0] = (u32)Te4[(s0      ) & 0xff]       ^
+        t[0] =  Te4[(s0      ) & 0xff]       ^
-               (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+            Te4[(s1 >>  8) & 0xff] <<  8 ^
-               (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+            Te4[(s2 >> 16) & 0xff] << 16 ^
-               (u32)Te4[(s3 >> 24)       ] << 24;
+            Te4[(s3 >> 24)       ] << 24;
-        t[1] = (u32)Te4[(s1      ) & 0xff]       ^
+        t[1] =  Te4[(s1      ) & 0xff]       ^
-               (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+            Te4[(s2 >>  8) & 0xff] <<  8 ^
-               (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+            Te4[(s3 >> 16) & 0xff] << 16 ^
-               (u32)Te4[(s0 >> 24)       ] << 24;
+            Te4[(s0 >> 24)       ] << 24;
-        t[2] = (u32)Te4[(s2      ) & 0xff]       ^
+        t[2] =  Te4[(s2      ) & 0xff]       ^
-               (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+            Te4[(s3 >>  8) & 0xff] <<  8 ^
-               (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+            Te4[(s0 >> 16) & 0xff] << 16 ^
-               (u32)Te4[(s1 >> 24)       ] << 24;
+            Te4[(s1 >> 24)       ] << 24;
-        t[3] = (u32)Te4[(s3      ) & 0xff]       ^
+        t[3] =  Te4[(s3      ) & 0xff]       ^
-               (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+            Te4[(s0 >>  8) & 0xff] <<  8 ^
-               (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+            Te4[(s1 >> 16) & 0xff] << 16 ^
-               (u32)Te4[(s2 >> 24)       ] << 24;
+            Te4[(s2 >> 24)       ] << 24;
        /* now do the linear transform using words */
        {
@@ -810,28 +810,28 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
    prefetch256(Te4);
    *(u32*)(out+0) =
-           (u32)Te4[(s0      ) & 0xff]       ^
+        Te4[(s0      ) & 0xff]       ^
-           (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+        Te4[(s1 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+        Te4[(s2 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s3 >> 24)       ] << 24 ^
+        Te4[(s3 >> 24)       ] << 24 ^
        rk[0];
    *(u32*)(out+4) =
-           (u32)Te4[(s1      ) & 0xff]       ^
+        Te4[(s1      ) & 0xff]       ^
-           (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+        Te4[(s2 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+        Te4[(s3 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s0 >> 24)       ] << 24 ^
+        Te4[(s0 >> 24)       ] << 24 ^
        rk[1];
    *(u32*)(out+8) =
-           (u32)Te4[(s2      ) & 0xff]       ^
+        Te4[(s2      ) & 0xff]       ^
-           (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+        Te4[(s3 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+        Te4[(s0 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s1 >> 24)       ] << 24 ^
+        Te4[(s1 >> 24)       ] << 24 ^
        rk[2];
    *(u32*)(out+12) =
-           (u32)Te4[(s3      ) & 0xff]       ^
+        Te4[(s3      ) & 0xff]       ^
-           (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+        Te4[(s0 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+        Te4[(s1 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s2 >> 24)       ] << 24 ^
+        Te4[(s2 >> 24)       ] << 24 ^
        rk[3];
 #else
    *(u32*)(out+0) =
@@ -888,22 +888,22 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 #if defined(AES_COMPACT_IN_OUTER_ROUNDS)
    prefetch256(Td4);
-    t[0] = (u32)Td4[(s0      ) & 0xff]       ^
+    t[0] =  Td4[(s0      ) & 0xff]       ^
-           (u32)Td4[(s3 >>  8) & 0xff] <<  8 ^
+    Td4[(s3 >>  8) & 0xff] <<  8 ^
-           (u32)Td4[(s2 >> 16) & 0xff] << 16 ^
+    Td4[(s2 >> 16) & 0xff] << 16 ^
-           (u32)Td4[(s1 >> 24)       ] << 24;
+    Td4[(s1 >> 24)       ] << 24;
-    t[1] = (u32)Td4[(s1      ) & 0xff]       ^
+    t[1] =  Td4[(s1      ) & 0xff]       ^
-           (u32)Td4[(s0 >>  8) & 0xff] <<  8 ^
+    Td4[(s0 >>  8) & 0xff] <<  8 ^
-           (u32)Td4[(s3 >> 16) & 0xff] << 16 ^
+    Td4[(s3 >> 16) & 0xff] << 16 ^
-           (u32)Td4[(s2 >> 24)       ] << 24;
+    Td4[(s2 >> 24)       ] << 24;
-    t[2] = (u32)Td4[(s2      ) & 0xff]       ^
+    t[2] =  Td4[(s2      ) & 0xff]       ^
-           (u32)Td4[(s1 >>  8) & 0xff] <<  8 ^
+    Td4[(s1 >>  8) & 0xff] <<  8 ^
-           (u32)Td4[(s0 >> 16) & 0xff] << 16 ^
+    Td4[(s0 >> 16) & 0xff] << 16 ^
-           (u32)Td4[(s3 >> 24)       ] << 24;
+    Td4[(s3 >> 24)       ] << 24;
-    t[3] = (u32)Td4[(s3      ) & 0xff]       ^
+    t[3] =  Td4[(s3      ) & 0xff]       ^
-           (u32)Td4[(s2 >>  8) & 0xff] <<  8 ^
+    Td4[(s2 >>  8) & 0xff] <<  8 ^
-           (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
+    Td4[(s1 >> 16) & 0xff] << 16 ^
-           (u32)Td4[(s0 >> 24)       ] << 24;
+    Td4[(s0 >> 24)       ] << 24;
    /* now do the linear transform using words */ 
    {
@@ -965,22 +965,22 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
     */
    for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
 #if defined(AES_COMPACT_IN_INNER_ROUNDS)
-        t[0] = (u32)Td4[(s0      ) & 0xff]       ^
+        t[0] =  Td4[(s0      ) & 0xff]       ^
-               (u32)Td4[(s3 >>  8) & 0xff] <<  8 ^
+        Td4[(s3 >>  8) & 0xff] <<  8 ^
-               (u32)Td4[(s2 >> 16) & 0xff] << 16 ^
+        Td4[(s2 >> 16) & 0xff] << 16 ^
-               (u32)Td4[(s1 >> 24)       ] << 24;
+        Td4[(s1 >> 24)       ] << 24;
-        t[1] = (u32)Td4[(s1      ) & 0xff]       ^
+        t[1] =  Td4[(s1      ) & 0xff]       ^
-               (u32)Td4[(s0 >>  8) & 0xff] <<  8 ^
+        Td4[(s0 >>  8) & 0xff] <<  8 ^
-               (u32)Td4[(s3 >> 16) & 0xff] << 16 ^
+        Td4[(s3 >> 16) & 0xff] << 16 ^
-               (u32)Td4[(s2 >> 24)       ] << 24;
+        Td4[(s2 >> 24)       ] << 24;
-        t[2] = (u32)Td4[(s2      ) & 0xff]       ^
+        t[2] =  Td4[(s2      ) & 0xff]       ^
-               (u32)Td4[(s1 >>  8) & 0xff] <<  8 ^
+        Td4[(s1 >>  8) & 0xff] <<  8 ^
-               (u32)Td4[(s0 >> 16) & 0xff] << 16 ^
+        Td4[(s0 >> 16) & 0xff] << 16 ^
-               (u32)Td4[(s3 >> 24)       ] << 24;
+        Td4[(s3 >> 24)       ] << 24;
-        t[3] = (u32)Td4[(s3      ) & 0xff]       ^
+        t[3] =  Td4[(s3      ) & 0xff]       ^
-               (u32)Td4[(s2 >>  8) & 0xff] <<  8 ^
+        Td4[(s2 >>  8) & 0xff] <<  8 ^
-               (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
+        Td4[(s1 >> 16) & 0xff] << 16 ^
-               (u32)Td4[(s0 >> 24)       ] << 24;
+        Td4[(s0 >> 24)       ] << 24;
    /* now do the linear transform using words */ 
    {
@@ -1044,27 +1044,27 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
    prefetch256(Td4);
    *(u32*)(out+0) =
-        ((u32)Td4[(s0      ) & 0xff])    ^
+        (Td4[(s0      ) & 0xff])    ^
-        ((u32)Td4[(s3 >>  8) & 0xff] <<  8) ^
+        (Td4[(s3 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^
+        (Td4[(s2 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(s1 >> 24)       ] << 24) ^
+        (Td4[(s1 >> 24)       ] << 24) ^
        rk[0];
    *(u32*)(out+4) =
-        ((u32)Td4[(s1      ) & 0xff])     ^
+        (Td4[(s1      ) & 0xff])     ^
-        ((u32)Td4[(s0 >>  8) & 0xff] <<  8) ^
+        (Td4[(s0 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^
+        (Td4[(s3 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(s2 >> 24)       ] << 24) ^
+        (Td4[(s2 >> 24)       ] << 24) ^
        rk[1];
    *(u32*)(out+8) =
-        ((u32)Td4[(s2      ) & 0xff])     ^
+        (Td4[(s2      ) & 0xff])     ^
-        ((u32)Td4[(s1 >>  8) & 0xff] <<  8) ^
+        (Td4[(s1 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^
+        (Td4[(s0 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(s3 >> 24)       ] << 24) ^
+        (Td4[(s3 >> 24)       ] << 24) ^
        rk[2];
    *(u32*)(out+12) =
-        ((u32)Td4[(s3      ) & 0xff])     ^
+        (Td4[(s3      ) & 0xff])     ^
-        ((u32)Td4[(s2 >>  8) & 0xff] <<  8) ^
+        (Td4[(s2 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^
+        (Td4[(s1 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(s0 >> 24)       ] << 24) ^
+        (Td4[(s0 >> 24)       ] << 24) ^
        rk[3];
 }
--- a/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
@@ -39,13 +39,13 @@
 # but exhibits up to 10% improvement on other cores.
 #
 # Second version is "monolithic" replacement for aes_core.c, which in
-# addition to AES_[de|en]crypt implements private_AES_set_[de|en]cryption_key.
+# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key.
 # This made it possible to implement little-endian variant of the
 # algorithm without modifying the base C code. Motivating factor for
 # the undertaken effort was that it appeared that in tight IA-32
 # register window little-endian flavor could achieve slightly higher
 # Instruction Level Parallelism, and it indeed resulted in up to 15%
-# better performance on most recent µ-archs...
+# better performance on most recent <EFBFBD>-archs...
 #
 # Third version adds AES_cbc_encrypt implementation, which resulted in
 # up to 40% performance imrovement of CBC benchmark results. 40% was
@@ -223,7 +223,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
 $speed_limit=512;	# chunks smaller than $speed_limit are
 			# processed with compact routine in CBC mode
 $small_footprint=1;	# $small_footprint=1 code is ~5% slower [on
-			# recent µ-archs], but ~5 times smaller!
+			# recent <EFBFBD>-archs], but ~5 times smaller!
 			# I favor compact code to minimize cache
 			# contention and in hope to "collect" 5% back
 			# in real-life applications...
@@ -562,7 +562,7 @@ sub enctransform()
 # Performance is not actually extraordinary in comparison to pure
 # x86 code. In particular encrypt performance is virtually the same.
 # Decrypt performance on the other hand is 15-20% better on newer
-# µ-archs [but we're thankful for *any* improvement here], and ~50%
+# <EFBFBD>-archs [but we're thankful for *any* improvement here], and ~50%
 # better on PIII:-) And additionally on the pros side this code
 # eliminates redundant references to stack and thus relieves/
 # minimizes the pressure on the memory bus.
@@ -2854,12 +2854,12 @@ sub enckey()
    &set_label("exit");
 &function_end("_x86_AES_set_encrypt_key");
-# int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 #                        AES_KEY *key)
-&function_begin_B("private_AES_set_encrypt_key");
+&function_begin_B("AES_set_encrypt_key");
 	&call	("_x86_AES_set_encrypt_key");
 	&ret	();
-&function_end_B("private_AES_set_encrypt_key");
+&function_end_B("AES_set_encrypt_key");
 sub deckey()
 { my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
@@ -2916,9 +2916,9 @@ sub deckey()
 	&mov	(&DWP(4*$i,$key),$tp1);
 }
-# int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
 #                        AES_KEY *key)
-&function_begin_B("private_AES_set_decrypt_key");
+&function_begin_B("AES_set_decrypt_key");
 	&call	("_x86_AES_set_encrypt_key");
 	&cmp	("eax",0);
 	&je	(&label("proceed"));
@@ -2974,7 +2974,7 @@ sub deckey()
 	&jb	(&label("permute"));
 	&xor	("eax","eax");			# return success
-&function_end("private_AES_set_decrypt_key");
+&function_end("AES_set_decrypt_key");
 &asciz("AES for x86, CRYPTOGAMS by <appro\@openssl.org>");
 &asm_finish();
--- a/crypto/aes/asm/aes-armv4.pl
+++ b/crypto/aes/asm/aes-armv4.pl
@@ -27,11 +27,6 @@
 # Rescheduling for dual-issue pipeline resulted in 12% improvement on
 # Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
 # February 2011.
 #
 # Profiler-assisted and platform-specific optimization resulted in 16%
 # improvement on Cortex A8 core and ~21.5 cycles per byte.
 while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
@@ -51,7 +46,6 @@ $key="r11";
 $rounds="r12";
 $code=<<___;
 #include "arm_arch.h"
 .text
 .code	32
@@ -172,7 +166,7 @@ AES_encrypt:
 	mov	$rounds,r0		@ inp
 	mov	$key,r2
 	sub	$tbl,r3,#AES_encrypt-AES_Te	@ Te
-#if __ARM_ARCH__<7
+
 	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
 	ldrb	$t1,[$rounds,#2]	@ manner...
 	ldrb	$t2,[$rounds,#1]
@@ -201,33 +195,10 @@ AES_encrypt:
 	orr	$s3,$s3,$t1,lsl#8
 	orr	$s3,$s3,$t2,lsl#16
 	orr	$s3,$s3,$t3,lsl#24
-#else
+
 	ldr	$s0,[$rounds,#0]
 	ldr	$s1,[$rounds,#4]
 	ldr	$s2,[$rounds,#8]
 	ldr	$s3,[$rounds,#12]
 #ifdef __ARMEL__
 	rev	$s0,$s0
 	rev	$s1,$s1
 	rev	$s2,$s2
 	rev	$s3,$s3
 #endif
 #endif
 	bl	_armv4_AES_encrypt
 	ldr	$rounds,[sp],#4		@ pop out
 #if __ARM_ARCH__>=7
 #ifdef __ARMEL__
 	rev	$s0,$s0
 	rev	$s1,$s1
 	rev	$s2,$s2
 	rev	$s3,$s3
 #endif
 	str	$s0,[$rounds,#0]
 	str	$s1,[$rounds,#4]
 	str	$s2,[$rounds,#8]
 	str	$s3,[$rounds,#12]
 #else
 	mov	$t1,$s0,lsr#24		@ write output in endian-neutral
 	mov	$t2,$s0,lsr#16		@ manner...
 	mov	$t3,$s0,lsr#8
@@ -256,15 +227,11 @@ AES_encrypt:
 	strb	$t2,[$rounds,#13]
 	strb	$t3,[$rounds,#14]
 	strb	$s3,[$rounds,#15]
-#endif
+
 #if __ARM_ARCH__>=5
 	ldmia	sp!,{r4-r12,pc}
 #else
 	ldmia   sp!,{r4-r12,lr}
 	tst	lr,#1
 	moveq	pc,lr			@ be binary compatible with V4, yet
 	bx	lr			@ interoperable with Thumb ISA:-)
 #endif
 .size	AES_encrypt,.-AES_encrypt
 .type   _armv4_AES_encrypt,%function
@@ -304,11 +271,11 @@ _armv4_AES_encrypt:
 	and	$i2,lr,$s2,lsr#16	@ i1
 	eor	$t3,$t3,$i3,ror#8
 	and	$i3,lr,$s2
 	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te2[s2>>8]
 	eor	$s1,$s1,$t1,ror#24
-	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te1[s2>>16]
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te2[s2>>8]
 	mov	$s2,$s2,lsr#24
 	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te1[s2>>16]
 	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te3[s2>>0]
 	eor	$s0,$s0,$i1,ror#16
 	ldr	$s2,[$tbl,$s2,lsl#2]	@ Te0[s2>>24]
@@ -317,16 +284,16 @@ _armv4_AES_encrypt:
 	and	$i2,lr,$s3,lsr#8	@ i1
 	eor	$t3,$t3,$i3,ror#16
 	and	$i3,lr,$s3,lsr#16	@ i2
 	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te3[s3>>0]
 	eor	$s2,$s2,$t2,ror#16
-	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te2[s3>>8]
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te3[s3>>0]
 	mov	$s3,$s3,lsr#24
 	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te2[s3>>8]
 	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te1[s3>>16]
 	eor	$s0,$s0,$i1,ror#24
 	ldr	$i1,[$key],#16
 	eor	$s1,$s1,$i2,ror#16
 	ldr	$s3,[$tbl,$s3,lsl#2]	@ Te0[s3>>24]
 	eor	$s1,$s1,$i2,ror#16
 	ldr	$i1,[$key],#16
 	eor	$s2,$s2,$i3,ror#8
 	ldr	$t1,[$key,#-12]
 	eor	$s3,$s3,$t3,ror#8
@@ -366,11 +333,11 @@ _armv4_AES_encrypt:
 	and	$i2,lr,$s2,lsr#16	@ i1
 	eor	$t3,$i3,$t3,lsl#8
 	and	$i3,lr,$s2
 	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s2>>8]
 	eor	$s1,$t1,$s1,lsl#24
-	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s2>>16]
+	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s2>>8]
 	mov	$s2,$s2,lsr#24
 	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s2>>16]
 	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s2>>0]
 	eor	$s0,$i1,$s0,lsl#8
 	ldrb	$s2,[$tbl,$s2,lsl#2]	@ Te4[s2>>24]
@@ -379,15 +346,15 @@ _armv4_AES_encrypt:
 	and	$i2,lr,$s3,lsr#8	@ i1
 	eor	$t3,$i3,$t3,lsl#8
 	and	$i3,lr,$s3,lsr#16	@ i2
 	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s3>>0]
 	eor	$s2,$t2,$s2,lsl#24
-	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s3>>8]
+	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s3>>0]
 	mov	$s3,$s3,lsr#24
 	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s3>>8]
 	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s3>>16]
 	eor	$s0,$i1,$s0,lsl#8
 	ldr	$i1,[$key,#0]
 	ldrb	$s3,[$tbl,$s3,lsl#2]	@ Te4[s3>>24]
 	ldr	$i1,[$key,#0]
 	eor	$s1,$s1,$i2,lsl#8
 	ldr	$t1,[$key,#4]
 	eor	$s2,$s2,$i3,lsl#16
@@ -404,11 +371,10 @@ _armv4_AES_encrypt:
 	ldr	pc,[sp],#4		@ pop and return
 .size	_armv4_AES_encrypt,.-_armv4_AES_encrypt
-.global private_AES_set_encrypt_key
+.global AES_set_encrypt_key
-.type   private_AES_set_encrypt_key,%function
+.type   AES_set_encrypt_key,%function
 .align	5
-private_AES_set_encrypt_key:
+AES_set_encrypt_key:
 _armv4_AES_set_encrypt_key:
 	sub	r3,pc,#8		@ AES_set_encrypt_key
 	teq	r0,#0
 	moveq	r0,#-1
@@ -426,13 +392,12 @@ _armv4_AES_set_encrypt_key:
 	bne	.Labrt
 .Lok:	stmdb   sp!,{r4-r12,lr}
-	sub	$tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024	@ Te4
+	sub	$tbl,r3,#AES_set_encrypt_key-AES_Te-1024	@ Te4
 	mov	$rounds,r0		@ inp
 	mov	lr,r1			@ bits
 	mov	$key,r2			@ key
 #if __ARM_ARCH__<7
 	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
 	ldrb	$t1,[$rounds,#2]	@ manner...
 	ldrb	$t2,[$rounds,#1]
@@ -465,22 +430,6 @@ _armv4_AES_set_encrypt_key:
 	orr	$s3,$s3,$t3,lsl#24
 	str	$s2,[$key,#-8]
 	str	$s3,[$key,#-4]
 #else
 	ldr	$s0,[$rounds,#0]
 	ldr	$s1,[$rounds,#4]
 	ldr	$s2,[$rounds,#8]
 	ldr	$s3,[$rounds,#12]
 #ifdef __ARMEL__
 	rev	$s0,$s0
 	rev	$s1,$s1
 	rev	$s2,$s2
 	rev	$s3,$s3
 #endif
 	str	$s0,[$key],#16
 	str	$s1,[$key,#-12]
 	str	$s2,[$key,#-8]
 	str	$s3,[$key,#-4]
 #endif
 	teq	lr,#128
 	bne	.Lnot128
@@ -517,7 +466,6 @@ _armv4_AES_set_encrypt_key:
 	b	.Ldone
 .Lnot128:
 #if __ARM_ARCH__<7
 	ldrb	$i2,[$rounds,#19]
 	ldrb	$t1,[$rounds,#18]
 	ldrb	$t2,[$rounds,#17]
@@ -534,16 +482,6 @@ _armv4_AES_set_encrypt_key:
 	str	$i2,[$key],#8
 	orr	$i3,$i3,$t3,lsl#24
 	str	$i3,[$key,#-4]
 #else
 	ldr	$i2,[$rounds,#16]
 	ldr	$i3,[$rounds,#20]
 #ifdef __ARMEL__
 	rev	$i2,$i2
 	rev	$i3,$i3
 #endif
 	str	$i2,[$key],#8
 	str	$i3,[$key,#-4]
 #endif
 	teq	lr,#192
 	bne	.Lnot192
@@ -588,7 +526,6 @@ _armv4_AES_set_encrypt_key:
 	b	.L192_loop
 .Lnot192:
 #if __ARM_ARCH__<7
 	ldrb	$i2,[$rounds,#27]
 	ldrb	$t1,[$rounds,#26]
 	ldrb	$t2,[$rounds,#25]
@@ -605,16 +542,6 @@ _armv4_AES_set_encrypt_key:
 	str	$i2,[$key],#8
 	orr	$i3,$i3,$t3,lsl#24
 	str	$i3,[$key,#-4]
 #else
 	ldr	$i2,[$rounds,#24]
 	ldr	$i3,[$rounds,#28]
 #ifdef __ARMEL__
 	rev	$i2,$i2
 	rev	$i3,$i3
 #endif
 	str	$i2,[$key],#8
 	str	$i3,[$key,#-4]
 #endif
 	mov	$rounds,#14
 	str	$rounds,[$key,#240-32]
@@ -679,14 +606,14 @@ _armv4_AES_set_encrypt_key:
 .Labrt:	tst	lr,#1
 	moveq	pc,lr			@ be binary compatible with V4, yet
 	bx	lr			@ interoperable with Thumb ISA:-)
-.size	private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
+.size	AES_set_encrypt_key,.-AES_set_encrypt_key
-.global private_AES_set_decrypt_key
+.global AES_set_decrypt_key
-.type   private_AES_set_decrypt_key,%function
+.type   AES_set_decrypt_key,%function
 .align	5
-private_AES_set_decrypt_key:
+AES_set_decrypt_key:
 	str	lr,[sp,#-4]!            @ push lr
-	bl	_armv4_AES_set_encrypt_key
+	bl	AES_set_encrypt_key
 	teq	r0,#0
 	ldrne	lr,[sp],#4              @ pop lr
 	bne	.Labrt
@@ -765,15 +692,11 @@ $code.=<<___;
 	bne	.Lmix
 	mov	r0,#0
 #if __ARM_ARCH__>=5
 	ldmia	sp!,{r4-r12,pc}
 #else
 	ldmia   sp!,{r4-r12,lr}
 	tst	lr,#1
 	moveq	pc,lr			@ be binary compatible with V4, yet
 	bx	lr			@ interoperable with Thumb ISA:-)
-#endif
+.size	AES_set_decrypt_key,.-AES_set_decrypt_key
 .size	private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
 .type	AES_Td,%object
 .align	5
@@ -888,7 +811,7 @@ AES_decrypt:
 	mov	$rounds,r0		@ inp
 	mov	$key,r2
 	sub	$tbl,r3,#AES_decrypt-AES_Td		@ Td
-#if __ARM_ARCH__<7
+
 	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
 	ldrb	$t1,[$rounds,#2]	@ manner...
 	ldrb	$t2,[$rounds,#1]
@@ -917,33 +840,10 @@ AES_decrypt:
 	orr	$s3,$s3,$t1,lsl#8
 	orr	$s3,$s3,$t2,lsl#16
 	orr	$s3,$s3,$t3,lsl#24
-#else
+
 	ldr	$s0,[$rounds,#0]
 	ldr	$s1,[$rounds,#4]
 	ldr	$s2,[$rounds,#8]
 	ldr	$s3,[$rounds,#12]
 #ifdef __ARMEL__
 	rev	$s0,$s0
 	rev	$s1,$s1
 	rev	$s2,$s2
 	rev	$s3,$s3
 #endif
 #endif
 	bl	_armv4_AES_decrypt
 	ldr	$rounds,[sp],#4		@ pop out
 #if __ARM_ARCH__>=7
 #ifdef __ARMEL__
 	rev	$s0,$s0
 	rev	$s1,$s1
 	rev	$s2,$s2
 	rev	$s3,$s3
 #endif
 	str	$s0,[$rounds,#0]
 	str	$s1,[$rounds,#4]
 	str	$s2,[$rounds,#8]
 	str	$s3,[$rounds,#12]
 #else
 	mov	$t1,$s0,lsr#24		@ write output in endian-neutral
 	mov	$t2,$s0,lsr#16		@ manner...
 	mov	$t3,$s0,lsr#8
@@ -972,15 +872,11 @@ AES_decrypt:
 	strb	$t2,[$rounds,#13]
 	strb	$t3,[$rounds,#14]
 	strb	$s3,[$rounds,#15]
-#endif
+
 #if __ARM_ARCH__>=5
 	ldmia	sp!,{r4-r12,pc}
 #else
 	ldmia   sp!,{r4-r12,lr}
 	tst	lr,#1
 	moveq	pc,lr			@ be binary compatible with V4, yet
 	bx	lr			@ interoperable with Thumb ISA:-)
 #endif
 .size	AES_decrypt,.-AES_decrypt
 .type   _armv4_AES_decrypt,%function
@@ -1020,11 +916,11 @@ _armv4_AES_decrypt:
 	and	$i2,lr,$s2		@ i1
 	eor	$t3,$i3,$t3,ror#8
 	and	$i3,lr,$s2,lsr#16
 	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td2[s2>>8]
 	eor	$s1,$s1,$t1,ror#8
-	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td3[s2>>0]
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td2[s2>>8]
 	mov	$s2,$s2,lsr#24
 	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td3[s2>>0]
 	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td1[s2>>16]
 	eor	$s0,$s0,$i1,ror#16
 	ldr	$s2,[$tbl,$s2,lsl#2]	@ Td0[s2>>24]
@@ -1033,22 +929,22 @@ _armv4_AES_decrypt:
 	and	$i2,lr,$s3,lsr#8	@ i1
 	eor	$t3,$i3,$t3,ror#8
 	and	$i3,lr,$s3		@ i2
 	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td1[s3>>16]
 	eor	$s2,$s2,$t2,ror#8
-	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td2[s3>>8]
+	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td1[s3>>16]
 	mov	$s3,$s3,lsr#24
 	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td2[s3>>8]
 	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td3[s3>>0]
 	eor	$s0,$s0,$i1,ror#8
 	ldr	$i1,[$key],#16
 	eor	$s1,$s1,$i2,ror#16
 	ldr	$s3,[$tbl,$s3,lsl#2]	@ Td0[s3>>24]
 	eor	$s1,$s1,$i2,ror#16
 	eor	$s2,$s2,$i3,ror#24
 	ldr	$i1,[$key],#16
 	eor	$s3,$s3,$t3,ror#8
 	ldr	$t1,[$key,#-12]
 	eor	$s0,$s0,$i1
 	ldr	$t2,[$key,#-8]
-	eor	$s3,$s3,$t3,ror#8
+	eor	$s0,$s0,$i1
 	ldr	$t3,[$key,#-4]
 	and	$i1,lr,$s0,lsr#16
 	eor	$s1,$s1,$t1
@@ -1089,11 +985,11 @@ _armv4_AES_decrypt:
 	and	$i1,lr,$s2,lsr#8	@ i0
 	eor	$t2,$t2,$i2,lsl#8
 	and	$i2,lr,$s2		@ i1
 	ldrb	$i1,[$tbl,$i1]		@ Td4[s2>>8]
 	eor	$t3,$t3,$i3,lsl#8
-	ldrb	$i2,[$tbl,$i2]		@ Td4[s2>>0]
+	ldrb	$i1,[$tbl,$i1]		@ Td4[s2>>8]
 	and	$i3,lr,$s2,lsr#16
 	ldrb	$i2,[$tbl,$i2]		@ Td4[s2>>0]
 	ldrb	$s2,[$tbl,$s2,lsr#24]	@ Td4[s2>>24]
 	eor	$s0,$s0,$i1,lsl#8
 	ldrb	$i3,[$tbl,$i3]		@ Td4[s2>>16]
@@ -1101,11 +997,11 @@ _armv4_AES_decrypt:
 	and	$i1,lr,$s3,lsr#16	@ i0
 	eor	$s2,$t2,$s2,lsl#16
 	and	$i2,lr,$s3,lsr#8	@ i1
 	ldrb	$i1,[$tbl,$i1]		@ Td4[s3>>16]
 	eor	$t3,$t3,$i3,lsl#16
-	ldrb	$i2,[$tbl,$i2]		@ Td4[s3>>8]
+	ldrb	$i1,[$tbl,$i1]		@ Td4[s3>>16]
 	and	$i3,lr,$s3		@ i2
 	ldrb	$i2,[$tbl,$i2]		@ Td4[s3>>8]
 	ldrb	$i3,[$tbl,$i3]		@ Td4[s3>>0]
 	ldrb	$s3,[$tbl,$s3,lsr#24]	@ Td4[s3>>24]
 	eor	$s0,$s0,$i1,lsl#16
--- a/crypto/aes/asm/aes-mips.pl
+++ b/crypto/aes/asm/aes-mips.pl
--- a/crypto/aes/asm/aes-parisc.pl
+++ b/crypto/aes/asm/aes-parisc.pl
--- a/crypto/aes/asm/aes-ppc.pl
+++ b/crypto/aes/asm/aes-ppc.pl
@@ -7,7 +7,7 @@
 # details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
-# Needs more work: key setup, CBC routine...
+# Needs more work: key setup, page boundaries, CBC routine...
 #
 # ppc_AES_[en|de]crypt perform at 18 cycles per byte processed with
 # 128-bit key, which is ~40% better than 64-bit code generated by gcc
@@ -18,7 +18,7 @@
 # February 2010
 #
-# Rescheduling instructions to favour Power6 pipeline gave 10%
+# Rescheduling instructions to favour Power6 pipeline gives 10%
 # performance improvement on the platfrom in question (and marginal
 # improvement even on others). It should be noted that Power6 fails
 # to process byte in 18 cycles, only in 23, because it fails to issue
@@ -33,13 +33,11 @@ $flavour = shift;
 if ($flavour =~ /64/) {
 	$SIZE_T	=8;
 	$LRSAVE	=2*$SIZE_T;
 	$STU	="stdu";
 	$POP	="ld";
 	$PUSH	="std";
 } elsif ($flavour =~ /32/) {
 	$SIZE_T	=4;
 	$LRSAVE	=$SIZE_T;
 	$STU	="stwu";
 	$POP	="lwz";
 	$PUSH	="stw";
@@ -118,19 +116,15 @@ LAES_Te:
 	addi	$Tbl0,$Tbl0,`128-8`
 	mtlr	r0
 	blr
-	.long	0
+	.space	`32-24`
 	.byte	0,12,0x14,0,0,0,0,0
 	.space	`64-9*4`
 LAES_Td:
 	mflr	r0
 	bcl	20,31,\$+4
 	mflr	$Tbl0	;    vvvvvvvv "distance" between . and 1st data entry
-	addi	$Tbl0,$Tbl0,`128-64-8+2048+256`
+	addi	$Tbl0,$Tbl0,`128-8-32+2048+256`
 	mtlr	r0
 	blr
-	.long	0
+	.space	`128-32-24`
 	.byte	0,12,0x14,0,0,0,0,0
 	.space	`128-64-9*4`
 ___
 &_data_word(
 	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
@@ -334,9 +328,10 @@ $code.=<<___;
 .globl	.AES_encrypt
 .align	7
 .AES_encrypt:
 	$STU	$sp,-$FRAME($sp)
 	mflr	r0
 	$STU	$sp,-$FRAME($sp)
 	$PUSH	r0,`$FRAME-$SIZE_T*21`($sp)
 	$PUSH	$toc,`$FRAME-$SIZE_T*20`($sp)
 	$PUSH	r13,`$FRAME-$SIZE_T*19`($sp)
 	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
@@ -357,14 +352,7 @@ $code.=<<___;
 	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
 	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
 	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
 	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
 	andi.	$t0,$inp,3
 	andi.	$t1,$out,3
 	or.	$t0,$t0,$t1
 	bne	Lenc_unaligned
 Lenc_unaligned_ok:
 	lwz	$s0,0($inp)
 	lwz	$s1,4($inp)
 	lwz	$s2,8($inp)
@@ -375,80 +363,8 @@ Lenc_unaligned_ok:
 	stw	$s1,4($out)
 	stw	$s2,8($out)
 	stw	$s3,12($out)
 	b	Lenc_done
-Lenc_unaligned:
+	$POP	r0,`$FRAME-$SIZE_T*21`($sp)
 	subfic	$t0,$inp,4096
 	subfic	$t1,$out,4096
 	andi.	$t0,$t0,4096-16
 	beq	Lenc_xpage
 	andi.	$t1,$t1,4096-16
 	bne	Lenc_unaligned_ok
 Lenc_xpage:
 	lbz	$acc00,0($inp)
 	lbz	$acc01,1($inp)
 	lbz	$acc02,2($inp)
 	lbz	$s0,3($inp)
 	lbz	$acc04,4($inp)
 	lbz	$acc05,5($inp)
 	lbz	$acc06,6($inp)
 	lbz	$s1,7($inp)
 	lbz	$acc08,8($inp)
 	lbz	$acc09,9($inp)
 	lbz	$acc10,10($inp)
 	insrwi	$s0,$acc00,8,0
 	lbz	$s2,11($inp)
 	insrwi	$s1,$acc04,8,0
 	lbz	$acc12,12($inp)
 	insrwi	$s0,$acc01,8,8
 	lbz	$acc13,13($inp)
 	insrwi	$s1,$acc05,8,8
 	lbz	$acc14,14($inp)
 	insrwi	$s0,$acc02,8,16
 	lbz	$s3,15($inp)
 	insrwi	$s1,$acc06,8,16
 	insrwi	$s2,$acc08,8,0
 	insrwi	$s3,$acc12,8,0
 	insrwi	$s2,$acc09,8,8
 	insrwi	$s3,$acc13,8,8
 	insrwi	$s2,$acc10,8,16
 	insrwi	$s3,$acc14,8,16
 	bl	LAES_Te
 	bl	Lppc_AES_encrypt_compact
 	extrwi	$acc00,$s0,8,0
 	extrwi	$acc01,$s0,8,8
 	stb	$acc00,0($out)
 	extrwi	$acc02,$s0,8,16
 	stb	$acc01,1($out)
 	stb	$acc02,2($out)
 	extrwi	$acc04,$s1,8,0
 	stb	$s0,3($out)
 	extrwi	$acc05,$s1,8,8
 	stb	$acc04,4($out)
 	extrwi	$acc06,$s1,8,16
 	stb	$acc05,5($out)
 	stb	$acc06,6($out)
 	extrwi	$acc08,$s2,8,0
 	stb	$s1,7($out)
 	extrwi	$acc09,$s2,8,8
 	stb	$acc08,8($out)
 	extrwi	$acc10,$s2,8,16
 	stb	$acc09,9($out)
 	stb	$acc10,10($out)
 	extrwi	$acc12,$s3,8,0
 	stb	$s2,11($out)
 	extrwi	$acc13,$s3,8,8
 	stb	$acc12,12($out)
 	extrwi	$acc14,$s3,8,16
 	stb	$acc13,13($out)
 	stb	$acc14,14($out)
 	stb	$s3,15($out)
 Lenc_done:
 	$POP	r0,`$FRAME+$LRSAVE`($sp)
 	$POP	$toc,`$FRAME-$SIZE_T*20`($sp)
 	$POP	r13,`$FRAME-$SIZE_T*19`($sp)
 	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
@@ -472,21 +388,18 @@ Lenc_done:
 	mtlr	r0
 	addi	$sp,$sp,$FRAME
 	blr
 	.long	0
 	.byte	0,12,4,1,0x80,18,3,0
 	.long	0
 .align	5
 Lppc_AES_encrypt:
 	lwz	$acc00,240($key)
 	addi	$Tbl1,$Tbl0,3
 	lwz	$t0,0($key)
 	addi	$Tbl2,$Tbl0,2
 	lwz	$t1,4($key)
 	addi	$Tbl3,$Tbl0,1
 	lwz	$t2,8($key)
 	addi	$acc00,$acc00,-1
 	lwz	$t3,12($key)
 	addi	$Tbl1,$Tbl0,3
 	addi	$Tbl2,$Tbl0,2
 	addi	$Tbl3,$Tbl0,1
 	addi	$acc00,$acc00,-1
 	addi	$key,$key,16
 	xor	$s0,$s0,$t0
 	xor	$s1,$s1,$t1
@@ -500,44 +413,44 @@ Lenc_loop:
 	rlwinm	$acc02,$s2,`32-24+3`,21,28
 	rlwinm	$acc03,$s3,`32-24+3`,21,28
 	lwz	$t0,0($key)
 	rlwinm	$acc04,$s1,`32-16+3`,21,28
 	lwz	$t1,4($key)
 	rlwinm	$acc04,$s1,`32-16+3`,21,28
 	rlwinm	$acc05,$s2,`32-16+3`,21,28
 	lwz	$t2,8($key)
 	rlwinm	$acc06,$s3,`32-16+3`,21,28
 	lwz	$t3,12($key)
 	rlwinm	$acc06,$s3,`32-16+3`,21,28
 	rlwinm	$acc07,$s0,`32-16+3`,21,28
 	lwzx	$acc00,$Tbl0,$acc00
 	rlwinm	$acc08,$s2,`32-8+3`,21,28
 	lwzx	$acc01,$Tbl0,$acc01
 	rlwinm	$acc08,$s2,`32-8+3`,21,28
 	rlwinm	$acc09,$s3,`32-8+3`,21,28
 	lwzx	$acc02,$Tbl0,$acc02
 	rlwinm	$acc10,$s0,`32-8+3`,21,28
 	lwzx	$acc03,$Tbl0,$acc03
 	rlwinm	$acc10,$s0,`32-8+3`,21,28
 	rlwinm	$acc11,$s1,`32-8+3`,21,28
 	lwzx	$acc04,$Tbl1,$acc04
 	rlwinm	$acc12,$s3,`0+3`,21,28
 	lwzx	$acc05,$Tbl1,$acc05
 	rlwinm	$acc12,$s3,`0+3`,21,28
 	rlwinm	$acc13,$s0,`0+3`,21,28
 	lwzx	$acc06,$Tbl1,$acc06
 	rlwinm	$acc14,$s1,`0+3`,21,28
 	lwzx	$acc07,$Tbl1,$acc07
 	rlwinm	$acc14,$s1,`0+3`,21,28
 	rlwinm	$acc15,$s2,`0+3`,21,28
 	lwzx	$acc08,$Tbl2,$acc08
 	xor	$t0,$t0,$acc00
 	lwzx	$acc09,$Tbl2,$acc09
 	xor	$t0,$t0,$acc00
 	xor	$t1,$t1,$acc01
 	lwzx	$acc10,$Tbl2,$acc10
 	xor	$t2,$t2,$acc02
 	lwzx	$acc11,$Tbl2,$acc11
 	xor	$t2,$t2,$acc02
 	xor	$t3,$t3,$acc03
 	lwzx	$acc12,$Tbl3,$acc12
 	xor	$t0,$t0,$acc04
 	lwzx	$acc13,$Tbl3,$acc13
 	xor	$t0,$t0,$acc04
 	xor	$t1,$t1,$acc05
 	lwzx	$acc14,$Tbl3,$acc14
 	xor	$t2,$t2,$acc06
 	lwzx	$acc15,$Tbl3,$acc15
 	xor	$t2,$t2,$acc06
 	xor	$t3,$t3,$acc07
 	xor	$t0,$t0,$acc08
 	xor	$t1,$t1,$acc09
@@ -553,60 +466,60 @@ Lenc_loop:
 	addi	$Tbl2,$Tbl0,2048
 	nop
 	lwz	$t0,0($key)
 	rlwinm	$acc00,$s0,`32-24`,24,31
 	lwz	$t1,4($key)
 	rlwinm	$acc00,$s0,`32-24`,24,31
 	rlwinm	$acc01,$s1,`32-24`,24,31
 	lwz	$t2,8($key)
 	rlwinm	$acc02,$s2,`32-24`,24,31
 	lwz	$t3,12($key)
 	rlwinm	$acc02,$s2,`32-24`,24,31
 	rlwinm	$acc03,$s3,`32-24`,24,31
 	lwz	$acc08,`2048+0`($Tbl0)	! prefetch Te4
 	rlwinm	$acc04,$s1,`32-16`,24,31
 	lwz	$acc09,`2048+32`($Tbl0)
 	rlwinm	$acc04,$s1,`32-16`,24,31
 	rlwinm	$acc05,$s2,`32-16`,24,31
 	lwz	$acc10,`2048+64`($Tbl0)
 	rlwinm	$acc06,$s3,`32-16`,24,31
 	lwz	$acc11,`2048+96`($Tbl0)
 	rlwinm	$acc06,$s3,`32-16`,24,31
 	rlwinm	$acc07,$s0,`32-16`,24,31
 	lwz	$acc12,`2048+128`($Tbl0)
 	rlwinm	$acc08,$s2,`32-8`,24,31
 	lwz	$acc13,`2048+160`($Tbl0)
 	rlwinm	$acc08,$s2,`32-8`,24,31
 	rlwinm	$acc09,$s3,`32-8`,24,31
 	lwz	$acc14,`2048+192`($Tbl0)
 	rlwinm	$acc10,$s0,`32-8`,24,31
 	lwz	$acc15,`2048+224`($Tbl0)
 	rlwinm	$acc10,$s0,`32-8`,24,31
 	rlwinm	$acc11,$s1,`32-8`,24,31
 	lbzx	$acc00,$Tbl2,$acc00
 	rlwinm	$acc12,$s3,`0`,24,31
 	lbzx	$acc01,$Tbl2,$acc01
 	rlwinm	$acc12,$s3,`0`,24,31
 	rlwinm	$acc13,$s0,`0`,24,31
 	lbzx	$acc02,$Tbl2,$acc02
 	rlwinm	$acc14,$s1,`0`,24,31
 	lbzx	$acc03,$Tbl2,$acc03
 	rlwinm	$acc14,$s1,`0`,24,31
 	rlwinm	$acc15,$s2,`0`,24,31
 	lbzx	$acc04,$Tbl2,$acc04
 	rlwinm	$s0,$acc00,24,0,7
 	lbzx	$acc05,$Tbl2,$acc05
 	rlwinm	$s0,$acc00,24,0,7
 	rlwinm	$s1,$acc01,24,0,7
 	lbzx	$acc06,$Tbl2,$acc06
 	rlwinm	$s2,$acc02,24,0,7
 	lbzx	$acc07,$Tbl2,$acc07
 	rlwinm	$s2,$acc02,24,0,7
 	rlwinm	$s3,$acc03,24,0,7
 	lbzx	$acc08,$Tbl2,$acc08
 	rlwimi	$s0,$acc04,16,8,15
 	lbzx	$acc09,$Tbl2,$acc09
 	rlwimi	$s0,$acc04,16,8,15
 	rlwimi	$s1,$acc05,16,8,15
 	lbzx	$acc10,$Tbl2,$acc10
 	rlwimi	$s2,$acc06,16,8,15
 	lbzx	$acc11,$Tbl2,$acc11
 	rlwimi	$s2,$acc06,16,8,15
 	rlwimi	$s3,$acc07,16,8,15
 	lbzx	$acc12,$Tbl2,$acc12
 	rlwimi	$s0,$acc08,8,16,23
 	lbzx	$acc13,$Tbl2,$acc13
 	rlwimi	$s0,$acc08,8,16,23
 	rlwimi	$s1,$acc09,8,16,23
 	lbzx	$acc14,$Tbl2,$acc14
 	rlwimi	$s2,$acc10,8,16,23
 	lbzx	$acc15,$Tbl2,$acc15
 	rlwimi	$s2,$acc10,8,16,23
 	rlwimi	$s3,$acc11,8,16,23
 	or	$s0,$s0,$acc12
 	or	$s1,$s1,$acc13
@@ -617,31 +530,29 @@ Lenc_loop:
 	xor	$s2,$s2,$t2
 	xor	$s3,$s3,$t3
 	blr
 	.long	0
 	.byte	0,12,0x14,0,0,0,0,0
 .align	4
 Lppc_AES_encrypt_compact:
 	lwz	$acc00,240($key)
 	addi	$Tbl1,$Tbl0,2048
 	lwz	$t0,0($key)
 	lis	$mask80,0x8080
 	lwz	$t1,4($key)
 	lis	$mask1b,0x1b1b
 	lwz	$t2,8($key)
 	ori	$mask80,$mask80,0x8080
 	lwz	$t3,12($key)
-	ori	$mask1b,$mask1b,0x1b1b
+	addi	$Tbl1,$Tbl0,2048
 	lis	$mask80,0x8080
 	lis	$mask1b,0x1b1b
 	addi	$key,$key,16
 	ori	$mask80,$mask80,0x8080
 	ori	$mask1b,$mask1b,0x1b1b
 	mtctr	$acc00
 .align	4
 Lenc_compact_loop:
 	xor	$s0,$s0,$t0
 	xor	$s1,$s1,$t1
 	rlwinm	$acc00,$s0,`32-24`,24,31
 	xor	$s2,$s2,$t2
 	rlwinm	$acc01,$s1,`32-24`,24,31
 	xor	$s3,$s3,$t3
 	rlwinm	$acc00,$s0,`32-24`,24,31
 	rlwinm	$acc01,$s1,`32-24`,24,31
 	rlwinm	$acc02,$s2,`32-24`,24,31
 	rlwinm	$acc03,$s3,`32-24`,24,31
 	rlwinm	$acc04,$s1,`32-16`,24,31
@@ -649,48 +560,48 @@ Lenc_compact_loop:
 	rlwinm	$acc06,$s3,`32-16`,24,31
 	rlwinm	$acc07,$s0,`32-16`,24,31
 	lbzx	$acc00,$Tbl1,$acc00
 	rlwinm	$acc08,$s2,`32-8`,24,31
 	lbzx	$acc01,$Tbl1,$acc01
 	rlwinm	$acc08,$s2,`32-8`,24,31
 	rlwinm	$acc09,$s3,`32-8`,24,31
 	lbzx	$acc02,$Tbl1,$acc02
 	rlwinm	$acc10,$s0,`32-8`,24,31
 	lbzx	$acc03,$Tbl1,$acc03
 	rlwinm	$acc10,$s0,`32-8`,24,31
 	rlwinm	$acc11,$s1,`32-8`,24,31
 	lbzx	$acc04,$Tbl1,$acc04
 	rlwinm	$acc12,$s3,`0`,24,31
 	lbzx	$acc05,$Tbl1,$acc05
 	rlwinm	$acc12,$s3,`0`,24,31
 	rlwinm	$acc13,$s0,`0`,24,31
 	lbzx	$acc06,$Tbl1,$acc06
 	rlwinm	$acc14,$s1,`0`,24,31
 	lbzx	$acc07,$Tbl1,$acc07
 	rlwinm	$acc14,$s1,`0`,24,31
 	rlwinm	$acc15,$s2,`0`,24,31
 	lbzx	$acc08,$Tbl1,$acc08
 	rlwinm	$s0,$acc00,24,0,7
 	lbzx	$acc09,$Tbl1,$acc09
 	rlwinm	$s0,$acc00,24,0,7
 	rlwinm	$s1,$acc01,24,0,7
 	lbzx	$acc10,$Tbl1,$acc10
 	rlwinm	$s2,$acc02,24,0,7
 	lbzx	$acc11,$Tbl1,$acc11
 	rlwinm	$s2,$acc02,24,0,7
 	rlwinm	$s3,$acc03,24,0,7
 	lbzx	$acc12,$Tbl1,$acc12
 	rlwimi	$s0,$acc04,16,8,15
 	lbzx	$acc13,$Tbl1,$acc13
 	rlwimi	$s0,$acc04,16,8,15
 	rlwimi	$s1,$acc05,16,8,15
 	lbzx	$acc14,$Tbl1,$acc14
 	rlwimi	$s2,$acc06,16,8,15
 	lbzx	$acc15,$Tbl1,$acc15
 	rlwimi	$s2,$acc06,16,8,15
 	rlwimi	$s3,$acc07,16,8,15
 	rlwimi	$s0,$acc08,8,16,23
 	rlwimi	$s1,$acc09,8,16,23
 	rlwimi	$s2,$acc10,8,16,23
 	rlwimi	$s3,$acc11,8,16,23
 	lwz	$t0,0($key)
 	or	$s0,$s0,$acc12
 	lwz	$t1,4($key)
 	or	$s0,$s0,$acc12
 	or	$s1,$s1,$acc13
 	lwz	$t2,8($key)
 	or	$s2,$s2,$acc14
 	lwz	$t3,12($key)
 	or	$s2,$s2,$acc14
 	or	$s3,$s3,$acc15
 	addi	$key,$key,16
@@ -701,12 +612,12 @@ Lenc_compact_loop:
 	and	$acc02,$s2,$mask80
 	and	$acc03,$s3,$mask80
 	srwi	$acc04,$acc00,7		# r1>>7
 	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
 	srwi	$acc05,$acc01,7
 	andc	$acc09,$s1,$mask80
 	srwi	$acc06,$acc02,7
 	andc	$acc10,$s2,$mask80
 	srwi	$acc07,$acc03,7
 	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
 	andc	$acc09,$s1,$mask80
 	andc	$acc10,$s2,$mask80
 	andc	$acc11,$s3,$mask80
 	sub	$acc00,$acc00,$acc04	# r1-(r1>>7)
 	sub	$acc01,$acc01,$acc05
@@ -722,32 +633,32 @@ Lenc_compact_loop:
 	and	$acc03,$acc03,$mask1b
 	xor	$acc00,$acc00,$acc08	# r2
 	xor	$acc01,$acc01,$acc09
 	 rotlwi	$acc12,$s0,16		# ROTATE(r0,16)
 	xor	$acc02,$acc02,$acc10
 	 rotlwi	$acc13,$s1,16
 	xor	$acc03,$acc03,$acc11
 	 rotlwi	$acc14,$s2,16
-	xor	$s0,$s0,$acc00		# r0^r2
+	rotlwi	$acc12,$s0,16		# ROTATE(r0,16)
 	rotlwi	$acc13,$s1,16
 	rotlwi	$acc14,$s2,16
 	rotlwi	$acc15,$s3,16
 	xor	$s0,$s0,$acc00		# r0^r2
 	xor	$s1,$s1,$acc01
 	rotrwi	$s0,$s0,24		# ROTATE(r2^r0,24)
 	xor	$s2,$s2,$acc02
 	rotrwi	$s1,$s1,24
 	xor	$s3,$s3,$acc03
 	rotrwi	$s0,$s0,24		# ROTATE(r2^r0,24)
 	rotrwi	$s1,$s1,24
 	rotrwi	$s2,$s2,24
 	xor	$s0,$s0,$acc00		# ROTATE(r2^r0,24)^r2
 	rotrwi	$s3,$s3,24
 	xor	$s0,$s0,$acc00		# ROTATE(r2^r0,24)^r2
 	xor	$s1,$s1,$acc01
 	xor	$s2,$s2,$acc02
 	xor	$s3,$s3,$acc03
 	rotlwi	$acc08,$acc12,8		# ROTATE(r0,24)
 	xor	$s0,$s0,$acc12		#
 	rotlwi	$acc09,$acc13,8
 	xor	$s1,$s1,$acc13
 	rotlwi	$acc10,$acc14,8
 	xor	$s2,$s2,$acc14
 	rotlwi	$acc11,$acc15,8
 	xor	$s0,$s0,$acc12		#
 	xor	$s1,$s1,$acc13
 	xor	$s2,$s2,$acc14
 	xor	$s3,$s3,$acc15
 	xor	$s0,$s0,$acc08		#
 	xor	$s1,$s1,$acc09
@@ -762,15 +673,14 @@ Lenc_compact_done:
 	xor	$s2,$s2,$t2
 	xor	$s3,$s3,$t3
 	blr
 	.long	0
 	.byte	0,12,0x14,0,0,0,0,0
 .globl	.AES_decrypt
 .align	7
 .AES_decrypt:
 	$STU	$sp,-$FRAME($sp)
 	mflr	r0
 	$STU	$sp,-$FRAME($sp)
 	$PUSH	r0,`$FRAME-$SIZE_T*21`($sp)
 	$PUSH	$toc,`$FRAME-$SIZE_T*20`($sp)
 	$PUSH	r13,`$FRAME-$SIZE_T*19`($sp)
 	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
@@ -791,14 +701,7 @@ Lenc_compact_done:
 	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
 	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
 	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
 	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
 	andi.	$t0,$inp,3
 	andi.	$t1,$out,3
 	or.	$t0,$t0,$t1
 	bne	Ldec_unaligned
 Ldec_unaligned_ok:
 	lwz	$s0,0($inp)
 	lwz	$s1,4($inp)
 	lwz	$s2,8($inp)
@@ -809,80 +712,8 @@ Ldec_unaligned_ok:
 	stw	$s1,4($out)
 	stw	$s2,8($out)
 	stw	$s3,12($out)
 	b	Ldec_done
-Ldec_unaligned:
+	$POP	r0,`$FRAME-$SIZE_T*21`($sp)
 	subfic	$t0,$inp,4096
 	subfic	$t1,$out,4096
 	andi.	$t0,$t0,4096-16
 	beq	Ldec_xpage
 	andi.	$t1,$t1,4096-16
 	bne	Ldec_unaligned_ok
 Ldec_xpage:
 	lbz	$acc00,0($inp)
 	lbz	$acc01,1($inp)
 	lbz	$acc02,2($inp)
 	lbz	$s0,3($inp)
 	lbz	$acc04,4($inp)
 	lbz	$acc05,5($inp)
 	lbz	$acc06,6($inp)
 	lbz	$s1,7($inp)
 	lbz	$acc08,8($inp)
 	lbz	$acc09,9($inp)
 	lbz	$acc10,10($inp)
 	insrwi	$s0,$acc00,8,0
 	lbz	$s2,11($inp)
 	insrwi	$s1,$acc04,8,0
 	lbz	$acc12,12($inp)
 	insrwi	$s0,$acc01,8,8
 	lbz	$acc13,13($inp)
 	insrwi	$s1,$acc05,8,8
 	lbz	$acc14,14($inp)
 	insrwi	$s0,$acc02,8,16
 	lbz	$s3,15($inp)
 	insrwi	$s1,$acc06,8,16
 	insrwi	$s2,$acc08,8,0
 	insrwi	$s3,$acc12,8,0
 	insrwi	$s2,$acc09,8,8
 	insrwi	$s3,$acc13,8,8
 	insrwi	$s2,$acc10,8,16
 	insrwi	$s3,$acc14,8,16
 	bl	LAES_Td
 	bl	Lppc_AES_decrypt_compact
 	extrwi	$acc00,$s0,8,0
 	extrwi	$acc01,$s0,8,8
 	stb	$acc00,0($out)
 	extrwi	$acc02,$s0,8,16
 	stb	$acc01,1($out)
 	stb	$acc02,2($out)
 	extrwi	$acc04,$s1,8,0
 	stb	$s0,3($out)
 	extrwi	$acc05,$s1,8,8
 	stb	$acc04,4($out)
 	extrwi	$acc06,$s1,8,16
 	stb	$acc05,5($out)
 	stb	$acc06,6($out)
 	extrwi	$acc08,$s2,8,0
 	stb	$s1,7($out)
 	extrwi	$acc09,$s2,8,8
 	stb	$acc08,8($out)
 	extrwi	$acc10,$s2,8,16
 	stb	$acc09,9($out)
 	stb	$acc10,10($out)
 	extrwi	$acc12,$s3,8,0
 	stb	$s2,11($out)
 	extrwi	$acc13,$s3,8,8
 	stb	$acc12,12($out)
 	extrwi	$acc14,$s3,8,16
 	stb	$acc13,13($out)
 	stb	$acc14,14($out)
 	stb	$s3,15($out)
 Ldec_done:
 	$POP	r0,`$FRAME+$LRSAVE`($sp)
 	$POP	$toc,`$FRAME-$SIZE_T*20`($sp)
 	$POP	r13,`$FRAME-$SIZE_T*19`($sp)
 	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
@@ -906,21 +737,18 @@ Ldec_done:
 	mtlr	r0
 	addi	$sp,$sp,$FRAME
 	blr
 	.long	0
 	.byte	0,12,4,1,0x80,18,3,0
 	.long	0
 .align	5
 Lppc_AES_decrypt:
 	lwz	$acc00,240($key)
 	addi	$Tbl1,$Tbl0,3
 	lwz	$t0,0($key)
 	addi	$Tbl2,$Tbl0,2
 	lwz	$t1,4($key)
 	addi	$Tbl3,$Tbl0,1
 	lwz	$t2,8($key)
 	addi	$acc00,$acc00,-1
 	lwz	$t3,12($key)
 	addi	$Tbl1,$Tbl0,3
 	addi	$Tbl2,$Tbl0,2
 	addi	$Tbl3,$Tbl0,1
 	addi	$acc00,$acc00,-1
 	addi	$key,$key,16
 	xor	$s0,$s0,$t0
 	xor	$s1,$s1,$t1
@@ -934,44 +762,44 @@ Ldec_loop:
 	rlwinm	$acc02,$s2,`32-24+3`,21,28
 	rlwinm	$acc03,$s3,`32-24+3`,21,28
 	lwz	$t0,0($key)
 	rlwinm	$acc04,$s3,`32-16+3`,21,28
 	lwz	$t1,4($key)
 	rlwinm	$acc04,$s3,`32-16+3`,21,28
 	rlwinm	$acc05,$s0,`32-16+3`,21,28
 	lwz	$t2,8($key)
 	rlwinm	$acc06,$s1,`32-16+3`,21,28
 	lwz	$t3,12($key)
 	rlwinm	$acc06,$s1,`32-16+3`,21,28
 	rlwinm	$acc07,$s2,`32-16+3`,21,28
 	lwzx	$acc00,$Tbl0,$acc00
 	rlwinm	$acc08,$s2,`32-8+3`,21,28
 	lwzx	$acc01,$Tbl0,$acc01
 	rlwinm	$acc08,$s2,`32-8+3`,21,28
 	rlwinm	$acc09,$s3,`32-8+3`,21,28
 	lwzx	$acc02,$Tbl0,$acc02
 	rlwinm	$acc10,$s0,`32-8+3`,21,28
 	lwzx	$acc03,$Tbl0,$acc03
 	rlwinm	$acc10,$s0,`32-8+3`,21,28
 	rlwinm	$acc11,$s1,`32-8+3`,21,28
 	lwzx	$acc04,$Tbl1,$acc04
 	rlwinm	$acc12,$s1,`0+3`,21,28
 	lwzx	$acc05,$Tbl1,$acc05
 	rlwinm	$acc12,$s1,`0+3`,21,28
 	rlwinm	$acc13,$s2,`0+3`,21,28
 	lwzx	$acc06,$Tbl1,$acc06
 	rlwinm	$acc14,$s3,`0+3`,21,28
 	lwzx	$acc07,$Tbl1,$acc07
 	rlwinm	$acc14,$s3,`0+3`,21,28
 	rlwinm	$acc15,$s0,`0+3`,21,28
 	lwzx	$acc08,$Tbl2,$acc08
 	xor	$t0,$t0,$acc00
 	lwzx	$acc09,$Tbl2,$acc09
 	xor	$t0,$t0,$acc00
 	xor	$t1,$t1,$acc01
 	lwzx	$acc10,$Tbl2,$acc10
 	xor	$t2,$t2,$acc02
 	lwzx	$acc11,$Tbl2,$acc11
 	xor	$t2,$t2,$acc02
 	xor	$t3,$t3,$acc03
 	lwzx	$acc12,$Tbl3,$acc12
 	xor	$t0,$t0,$acc04
 	lwzx	$acc13,$Tbl3,$acc13
 	xor	$t0,$t0,$acc04
 	xor	$t1,$t1,$acc05
 	lwzx	$acc14,$Tbl3,$acc14
 	xor	$t2,$t2,$acc06
 	lwzx	$acc15,$Tbl3,$acc15
 	xor	$t2,$t2,$acc06
 	xor	$t3,$t3,$acc07
 	xor	$t0,$t0,$acc08
 	xor	$t1,$t1,$acc09
@@ -987,56 +815,56 @@ Ldec_loop:
 	addi	$Tbl2,$Tbl0,2048
 	nop
 	lwz	$t0,0($key)
 	rlwinm	$acc00,$s0,`32-24`,24,31
 	lwz	$t1,4($key)
 	rlwinm	$acc00,$s0,`32-24`,24,31
 	rlwinm	$acc01,$s1,`32-24`,24,31
 	lwz	$t2,8($key)
 	rlwinm	$acc02,$s2,`32-24`,24,31
 	lwz	$t3,12($key)
 	rlwinm	$acc02,$s2,`32-24`,24,31
 	rlwinm	$acc03,$s3,`32-24`,24,31
 	lwz	$acc08,`2048+0`($Tbl0)	! prefetch Td4
 	rlwinm	$acc04,$s3,`32-16`,24,31
 	lwz	$acc09,`2048+32`($Tbl0)
 	rlwinm	$acc04,$s3,`32-16`,24,31
 	rlwinm	$acc05,$s0,`32-16`,24,31
 	lwz	$acc10,`2048+64`($Tbl0)
 	lbzx	$acc00,$Tbl2,$acc00
 	lwz	$acc11,`2048+96`($Tbl0)
 	lbzx	$acc00,$Tbl2,$acc00
 	lbzx	$acc01,$Tbl2,$acc01
 	lwz	$acc12,`2048+128`($Tbl0)
 	rlwinm	$acc06,$s1,`32-16`,24,31
 	lwz	$acc13,`2048+160`($Tbl0)
 	rlwinm	$acc06,$s1,`32-16`,24,31
 	rlwinm	$acc07,$s2,`32-16`,24,31
 	lwz	$acc14,`2048+192`($Tbl0)
 	rlwinm	$acc08,$s2,`32-8`,24,31
 	lwz	$acc15,`2048+224`($Tbl0)
 	rlwinm	$acc08,$s2,`32-8`,24,31
 	rlwinm	$acc09,$s3,`32-8`,24,31
 	lbzx	$acc02,$Tbl2,$acc02
 	rlwinm	$acc10,$s0,`32-8`,24,31
 	lbzx	$acc03,$Tbl2,$acc03
 	rlwinm	$acc10,$s0,`32-8`,24,31
 	rlwinm	$acc11,$s1,`32-8`,24,31
 	lbzx	$acc04,$Tbl2,$acc04
 	rlwinm	$acc12,$s1,`0`,24,31
 	lbzx	$acc05,$Tbl2,$acc05
 	rlwinm	$acc12,$s1,`0`,24,31
 	rlwinm	$acc13,$s2,`0`,24,31
 	lbzx	$acc06,$Tbl2,$acc06
 	rlwinm	$acc14,$s3,`0`,24,31
 	lbzx	$acc07,$Tbl2,$acc07
 	rlwinm	$acc14,$s3,`0`,24,31
 	rlwinm	$acc15,$s0,`0`,24,31
 	lbzx	$acc08,$Tbl2,$acc08
 	rlwinm	$s0,$acc00,24,0,7
 	lbzx	$acc09,$Tbl2,$acc09
 	rlwinm	$s0,$acc00,24,0,7
 	rlwinm	$s1,$acc01,24,0,7
 	lbzx	$acc10,$Tbl2,$acc10
 	rlwinm	$s2,$acc02,24,0,7
 	lbzx	$acc11,$Tbl2,$acc11
 	rlwinm	$s2,$acc02,24,0,7
 	rlwinm	$s3,$acc03,24,0,7
 	lbzx	$acc12,$Tbl2,$acc12
 	rlwimi	$s0,$acc04,16,8,15
 	lbzx	$acc13,$Tbl2,$acc13
 	rlwimi	$s0,$acc04,16,8,15
 	rlwimi	$s1,$acc05,16,8,15
 	lbzx	$acc14,$Tbl2,$acc14
 	rlwimi	$s2,$acc06,16,8,15
 	lbzx	$acc15,$Tbl2,$acc15
 	rlwimi	$s2,$acc06,16,8,15
 	rlwimi	$s3,$acc07,16,8,15
 	rlwimi	$s0,$acc08,8,16,23
 	rlwimi	$s1,$acc09,8,16,23
@@ -1051,22 +879,20 @@ Ldec_loop:
 	xor	$s2,$s2,$t2
 	xor	$s3,$s3,$t3
 	blr
 	.long	0
 	.byte	0,12,0x14,0,0,0,0,0
 .align	4
 Lppc_AES_decrypt_compact:
 	lwz	$acc00,240($key)
 	addi	$Tbl1,$Tbl0,2048
 	lwz	$t0,0($key)
 	lis	$mask80,0x8080
 	lwz	$t1,4($key)
 	lis	$mask1b,0x1b1b
 	lwz	$t2,8($key)
 	ori	$mask80,$mask80,0x8080
 	lwz	$t3,12($key)
-	ori	$mask1b,$mask1b,0x1b1b
+	addi	$Tbl1,$Tbl0,2048
 	lis	$mask80,0x8080
 	lis	$mask1b,0x1b1b
 	addi	$key,$key,16
 	ori	$mask80,$mask80,0x8080
 	ori	$mask1b,$mask1b,0x1b1b
 ___
 $code.=<<___ if ($SIZE_T==8);
 	insrdi	$mask80,$mask80,32,0
@@ -1078,10 +904,10 @@ $code.=<<___;
 Ldec_compact_loop:
 	xor	$s0,$s0,$t0
 	xor	$s1,$s1,$t1
 	rlwinm	$acc00,$s0,`32-24`,24,31
 	xor	$s2,$s2,$t2
 	rlwinm	$acc01,$s1,`32-24`,24,31
 	xor	$s3,$s3,$t3
 	rlwinm	$acc00,$s0,`32-24`,24,31
 	rlwinm	$acc01,$s1,`32-24`,24,31
 	rlwinm	$acc02,$s2,`32-24`,24,31
 	rlwinm	$acc03,$s3,`32-24`,24,31
 	rlwinm	$acc04,$s3,`32-16`,24,31
@@ -1089,48 +915,48 @@ Ldec_compact_loop:
 	rlwinm	$acc06,$s1,`32-16`,24,31
 	rlwinm	$acc07,$s2,`32-16`,24,31
 	lbzx	$acc00,$Tbl1,$acc00
 	rlwinm	$acc08,$s2,`32-8`,24,31
 	lbzx	$acc01,$Tbl1,$acc01
 	rlwinm	$acc08,$s2,`32-8`,24,31
 	rlwinm	$acc09,$s3,`32-8`,24,31
 	lbzx	$acc02,$Tbl1,$acc02
 	rlwinm	$acc10,$s0,`32-8`,24,31
 	lbzx	$acc03,$Tbl1,$acc03
 	rlwinm	$acc10,$s0,`32-8`,24,31
 	rlwinm	$acc11,$s1,`32-8`,24,31
 	lbzx	$acc04,$Tbl1,$acc04
 	rlwinm	$acc12,$s1,`0`,24,31
 	lbzx	$acc05,$Tbl1,$acc05
 	rlwinm	$acc12,$s1,`0`,24,31
 	rlwinm	$acc13,$s2,`0`,24,31
 	lbzx	$acc06,$Tbl1,$acc06
 	rlwinm	$acc14,$s3,`0`,24,31
 	lbzx	$acc07,$Tbl1,$acc07
 	rlwinm	$acc14,$s3,`0`,24,31
 	rlwinm	$acc15,$s0,`0`,24,31
 	lbzx	$acc08,$Tbl1,$acc08
 	rlwinm	$s0,$acc00,24,0,7
 	lbzx	$acc09,$Tbl1,$acc09
 	rlwinm	$s0,$acc00,24,0,7
 	rlwinm	$s1,$acc01,24,0,7
 	lbzx	$acc10,$Tbl1,$acc10
 	rlwinm	$s2,$acc02,24,0,7
 	lbzx	$acc11,$Tbl1,$acc11
 	rlwinm	$s2,$acc02,24,0,7
 	rlwinm	$s3,$acc03,24,0,7
 	lbzx	$acc12,$Tbl1,$acc12
 	rlwimi	$s0,$acc04,16,8,15
 	lbzx	$acc13,$Tbl1,$acc13
 	rlwimi	$s0,$acc04,16,8,15
 	rlwimi	$s1,$acc05,16,8,15
 	lbzx	$acc14,$Tbl1,$acc14
 	rlwimi	$s2,$acc06,16,8,15
 	lbzx	$acc15,$Tbl1,$acc15
 	rlwimi	$s2,$acc06,16,8,15
 	rlwimi	$s3,$acc07,16,8,15
 	rlwimi	$s0,$acc08,8,16,23
 	rlwimi	$s1,$acc09,8,16,23
 	rlwimi	$s2,$acc10,8,16,23
 	rlwimi	$s3,$acc11,8,16,23
 	lwz	$t0,0($key)
 	or	$s0,$s0,$acc12
 	lwz	$t1,4($key)
 	or	$s0,$s0,$acc12
 	or	$s1,$s1,$acc13
 	lwz	$t2,8($key)
 	or	$s2,$s2,$acc14
 	lwz	$t3,12($key)
 	or	$s2,$s2,$acc14
 	or	$s3,$s3,$acc15
 	addi	$key,$key,16
@@ -1204,12 +1030,12 @@ $code.=<<___ if ($SIZE_T==4);
 	and	$acc02,$s2,$mask80
 	and	$acc03,$s3,$mask80
 	srwi	$acc04,$acc00,7		# r1>>7
 	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
 	srwi	$acc05,$acc01,7
 	andc	$acc09,$s1,$mask80
 	srwi	$acc06,$acc02,7
 	andc	$acc10,$s2,$mask80
 	srwi	$acc07,$acc03,7
 	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
 	andc	$acc09,$s1,$mask80
 	andc	$acc10,$s2,$mask80
 	andc	$acc11,$s3,$mask80
 	sub	$acc00,$acc00,$acc04	# r1-(r1>>7)
 	sub	$acc01,$acc01,$acc05
@@ -1233,12 +1059,12 @@ $code.=<<___ if ($SIZE_T==4);
 	and	$acc06,$acc02,$mask80
 	and	$acc07,$acc03,$mask80
 	srwi	$acc08,$acc04,7		# r1>>7
 	andc	$acc12,$acc00,$mask80	# r2&0x7f7f7f7f
 	srwi	$acc09,$acc05,7
 	andc	$acc13,$acc01,$mask80
 	srwi	$acc10,$acc06,7
 	andc	$acc14,$acc02,$mask80
 	srwi	$acc11,$acc07,7
 	andc	$acc12,$acc00,$mask80	# r2&0x7f7f7f7f
 	andc	$acc13,$acc01,$mask80
 	andc	$acc14,$acc02,$mask80
 	andc	$acc15,$acc03,$mask80
 	sub	$acc04,$acc04,$acc08	# r1-(r1>>7)
 	sub	$acc05,$acc05,$acc09
@@ -1259,13 +1085,13 @@ $code.=<<___ if ($SIZE_T==4);
 	and	$acc08,$acc04,$mask80	# r1=r4&0x80808080
 	and	$acc09,$acc05,$mask80
 	srwi	$acc12,$acc08,7		# r1>>7
 	and	$acc10,$acc06,$mask80
 	srwi	$acc13,$acc09,7
 	and	$acc11,$acc07,$mask80
 	srwi	$acc12,$acc08,7		# r1>>7
 	srwi	$acc13,$acc09,7
 	srwi	$acc14,$acc10,7
 	sub	$acc08,$acc08,$acc12	# r1-(r1>>7)
 	srwi	$acc15,$acc11,7
 	sub	$acc08,$acc08,$acc12	# r1-(r1>>7)
 	sub	$acc09,$acc09,$acc13
 	sub	$acc10,$acc10,$acc14
 	sub	$acc11,$acc11,$acc15
@@ -1298,10 +1124,10 @@ ___
 $code.=<<___;
 	rotrwi	$s0,$s0,8		# = ROTATE(r0,8)
 	rotrwi	$s1,$s1,8
 	xor	$s0,$s0,$acc00		# ^= r2^r0
 	rotrwi	$s2,$s2,8
 	xor	$s1,$s1,$acc01
 	rotrwi	$s3,$s3,8
 	xor	$s0,$s0,$acc00		# ^= r2^r0
 	xor	$s1,$s1,$acc01
 	xor	$s2,$s2,$acc02
 	xor	$s3,$s3,$acc03
 	xor	$acc00,$acc00,$acc08
@@ -1309,32 +1135,32 @@ $code.=<<___;
 	xor	$acc02,$acc02,$acc10
 	xor	$acc03,$acc03,$acc11
 	xor	$s0,$s0,$acc04		# ^= r4^r0
 	rotrwi	$acc00,$acc00,24
 	xor	$s1,$s1,$acc05
 	rotrwi	$acc01,$acc01,24
 	xor	$s2,$s2,$acc06
 	rotrwi	$acc02,$acc02,24
 	xor	$s3,$s3,$acc07
 	rotrwi	$acc00,$acc00,24
 	rotrwi	$acc01,$acc01,24
 	rotrwi	$acc02,$acc02,24
 	rotrwi	$acc03,$acc03,24
 	xor	$acc04,$acc04,$acc08
 	xor	$acc05,$acc05,$acc09
 	xor	$acc06,$acc06,$acc10
 	xor	$acc07,$acc07,$acc11
 	xor	$s0,$s0,$acc08		# ^= r8 [^((r4^r0)^(r2^r0)=r4^r2)]
 	rotrwi	$acc04,$acc04,16
 	xor	$s1,$s1,$acc09
 	rotrwi	$acc05,$acc05,16
 	xor	$s2,$s2,$acc10
 	rotrwi	$acc06,$acc06,16
 	xor	$s3,$s3,$acc11
 	rotrwi	$acc04,$acc04,16
 	rotrwi	$acc05,$acc05,16
 	rotrwi	$acc06,$acc06,16
 	rotrwi	$acc07,$acc07,16
 	xor	$s0,$s0,$acc00		# ^= ROTATE(r8^r2^r0,24)
 	rotrwi	$acc08,$acc08,8
 	xor	$s1,$s1,$acc01
 	rotrwi	$acc09,$acc09,8
 	xor	$s2,$s2,$acc02
 	rotrwi	$acc10,$acc10,8
 	xor	$s3,$s3,$acc03
 	rotrwi	$acc08,$acc08,8
 	rotrwi	$acc09,$acc09,8
 	rotrwi	$acc10,$acc10,8
 	rotrwi	$acc11,$acc11,8
 	xor	$s0,$s0,$acc04		# ^= ROTATE(r8^r4^r0,16)
 	xor	$s1,$s1,$acc05
@@ -1353,9 +1179,7 @@ Ldec_compact_done:
 	xor	$s2,$s2,$t2
 	xor	$s3,$s3,$t3
 	blr
-	.long	0
+.long	0
 	.byte	0,12,0x14,0,0,0,0,0
 .asciz	"AES for PPC, CRYPTOGAMS by <appro\@openssl.org>"
 .align	7
 ___
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -589,9 +589,6 @@ $code.=<<___;
 .globl	AES_encrypt
 .type	AES_encrypt,\@function,3
 .align	16
 .globl	asm_AES_encrypt
 .hidden	asm_AES_encrypt
 asm_AES_encrypt:
 AES_encrypt:
 	push	%rbx
 	push	%rbp
@@ -1188,9 +1185,6 @@ $code.=<<___;
 .globl	AES_decrypt
 .type	AES_decrypt,\@function,3
 .align	16
 .globl	asm_AES_decrypt
 .hidden	asm_AES_decrypt
 asm_AES_decrypt:
 AES_decrypt:
 	push	%rbx
 	push	%rbp
@@ -1284,13 +1278,13 @@ $code.=<<___;
 ___
 }
-# int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 #                        AES_KEY *key)
 $code.=<<___;
-.globl	private_AES_set_encrypt_key
+.globl	AES_set_encrypt_key
-.type	private_AES_set_encrypt_key,\@function,3
+.type	AES_set_encrypt_key,\@function,3
 .align	16
-private_AES_set_encrypt_key:
+AES_set_encrypt_key:
 	push	%rbx
 	push	%rbp
 	push	%r12			# redundant, but allows to share 
@@ -1311,7 +1305,7 @@ private_AES_set_encrypt_key:
 	add	\$56,%rsp
 .Lenc_key_epilogue:
 	ret
-.size	private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
+.size	AES_set_encrypt_key,.-AES_set_encrypt_key
 .type	_x86_64_AES_set_encrypt_key,\@abi-omnipotent
 .align	16
@@ -1554,13 +1548,13 @@ $code.=<<___;
 ___
 }
-# int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
 #                        AES_KEY *key)
 $code.=<<___;
-.globl	private_AES_set_decrypt_key
+.globl	AES_set_decrypt_key
-.type	private_AES_set_decrypt_key,\@function,3
+.type	AES_set_decrypt_key,\@function,3
 .align	16
-private_AES_set_decrypt_key:
+AES_set_decrypt_key:
 	push	%rbx
 	push	%rbp
 	push	%r12
@@ -1629,7 +1623,7 @@ $code.=<<___;
 	add	\$56,%rsp
 .Ldec_key_epilogue:
 	ret
-.size	private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
+.size	AES_set_decrypt_key,.-AES_set_decrypt_key
 ___
 # void AES_cbc_encrypt (const void char *inp, unsigned char *out,
@@ -1655,9 +1649,6 @@ $code.=<<___;
 .type	AES_cbc_encrypt,\@function,6
 .align	16
 .extern	OPENSSL_ia32cap_P
 .globl	asm_AES_cbc_encrypt
 .hidden	asm_AES_cbc_encrypt
 asm_AES_cbc_encrypt:
 AES_cbc_encrypt:
 	cmp	\$0,%rdx	# check length
 	je	.Lcbc_epilogue
@@ -2776,13 +2767,13 @@ cbc_se_handler:
 	.rva	.LSEH_end_AES_decrypt
 	.rva	.LSEH_info_AES_decrypt
-	.rva	.LSEH_begin_private_AES_set_encrypt_key
+	.rva	.LSEH_begin_AES_set_encrypt_key
-	.rva	.LSEH_end_private_AES_set_encrypt_key
+	.rva	.LSEH_end_AES_set_encrypt_key
-	.rva	.LSEH_info_private_AES_set_encrypt_key
+	.rva	.LSEH_info_AES_set_encrypt_key
-	.rva	.LSEH_begin_private_AES_set_decrypt_key
+	.rva	.LSEH_begin_AES_set_decrypt_key
-	.rva	.LSEH_end_private_AES_set_decrypt_key
+	.rva	.LSEH_end_AES_set_decrypt_key
-	.rva	.LSEH_info_private_AES_set_decrypt_key
+	.rva	.LSEH_info_AES_set_decrypt_key
 	.rva	.LSEH_begin_AES_cbc_encrypt
 	.rva	.LSEH_end_AES_cbc_encrypt
@@ -2798,11 +2789,11 @@ cbc_se_handler:
 	.byte	9,0,0,0
 	.rva	block_se_handler
 	.rva	.Ldec_prologue,.Ldec_epilogue	# HandlerData[]
-.LSEH_info_private_AES_set_encrypt_key:
+.LSEH_info_AES_set_encrypt_key:
 	.byte	9,0,0,0
 	.rva	key_se_handler
 	.rva	.Lenc_key_prologue,.Lenc_key_epilogue	# HandlerData[]
-.LSEH_info_private_AES_set_decrypt_key:
+.LSEH_info_AES_set_decrypt_key:
 	.byte	9,0,0,0
 	.rva	key_se_handler
 	.rva	.Ldec_key_prologue,.Ldec_key_epilogue	# HandlerData[]
--- a/crypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha1-x86_64.pl
--- a/crypto/aes/asm/aesni-x86.pl
+++ b/crypto/aes/asm/aesni-x86.pl
--- a/crypto/aes/asm/aesni-x86_64.pl
+++ b/crypto/aes/asm/aesni-x86_64.pl
--- a/crypto/aes/asm/bsaes-x86_64.pl
+++ b/crypto/aes/asm/bsaes-x86_64.pl
--- a/crypto/aes/asm/vpaes-x86.pl
+++ b/crypto/aes/asm/vpaes-x86.pl
@@ -1,903 +0,0 @@
 #!/usr/bin/env perl
 ######################################################################
 ## Constant-time SSSE3 AES core implementation.
 ## version 0.1
 ##
 ## By Mike Hamburg (Stanford University), 2009
 ## Public domain.
 ##
 ## For details see http://shiftleft.org/papers/vector_aes/ and
 ## http://crypto.stanford.edu/vpaes/.
 ######################################################################
 # September 2011.
 #
 # Port vpaes-x86_64.pl as 32-bit "almost" drop-in replacement for
 # aes-586.pl. "Almost" refers to the fact that AES_cbc_encrypt
 # doesn't handle partial vectors (doesn't have to if called from
 # EVP only). "Drop-in" implies that this module doesn't share key
 # schedule structure with the original nor does it make assumption
 # about its alignment...
 #
 # Performance summary. aes-586.pl column lists large-block CBC
 # encrypt/decrypt/with-hyper-threading-off(*) results in cycles per
 # byte processed with 128-bit key, and vpaes-x86.pl column - [also
 # large-block CBC] encrypt/decrypt.
 #
 #		aes-586.pl		vpaes-x86.pl
 #
 # Core 2(**)	29.1/42.3/18.3		22.0/25.6(***)
 # Nehalem	27.9/40.4/18.1		10.3/12.0
 # Atom		102./119./60.1		64.5/85.3(***)
 #
 # (*)	"Hyper-threading" in the context refers rather to cache shared
 #	among multiple cores, than to specifically Intel HTT. As vast
 #	majority of contemporary cores share cache, slower code path
 #	is common place. In other words "with-hyper-threading-off"
 #	results are presented mostly for reference purposes.
 #
 # (**)	"Core 2" refers to initial 65nm design, a.k.a. Conroe.
 #
 # (***)	Less impressive improvement on Core 2 and Atom is due to slow
 #	pshufb,	yet it's respectable +32%/65%  improvement on Core 2
 #	and +58%/40% on Atom (as implied, over "hyper-threading-safe"
 #	code path).
 #
 #						<appro@openssl.org>
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],"vpaes-x86.pl",$x86only = $ARGV[$#ARGV] eq "386");
 $PREFIX="vpaes";
 my  ($round, $base, $magic, $key, $const, $inp, $out)=
    ("eax",  "ebx", "ecx",  "edx","ebp",  "esi","edi");
 &static_label("_vpaes_consts");
 &static_label("_vpaes_schedule_low_round");
 &set_label("_vpaes_consts",64);
 $k_inv=-0x30;		# inv, inva
 	&data_word(0x0D080180,0x0E05060F,0x0A0B0C02,0x04070309);
 	&data_word(0x0F0B0780,0x01040A06,0x02050809,0x030D0E0C);
 $k_s0F=-0x10;		# s0F
 	&data_word(0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F);
 $k_ipt=0x00;		# input transform (lo, hi)
 	&data_word(0x5A2A7000,0xC2B2E898,0x52227808,0xCABAE090);
 	&data_word(0x317C4D00,0x4C01307D,0xB0FDCC81,0xCD80B1FC);
 $k_sb1=0x20;		# sb1u, sb1t
 	&data_word(0xCB503E00,0xB19BE18F,0x142AF544,0xA5DF7A6E);
 	&data_word(0xFAE22300,0x3618D415,0x0D2ED9EF,0x3BF7CCC1);
 $k_sb2=0x40;		# sb2u, sb2t
 	&data_word(0x0B712400,0xE27A93C6,0xBC982FCD,0x5EB7E955);
 	&data_word(0x0AE12900,0x69EB8840,0xAB82234A,0xC2A163C8);
 $k_sbo=0x60;		# sbou, sbot
 	&data_word(0x6FBDC700,0xD0D26D17,0xC502A878,0x15AABF7A);
 	&data_word(0x5FBB6A00,0xCFE474A5,0x412B35FA,0x8E1E90D1);
 $k_mc_forward=0x80;	# mc_forward
 	&data_word(0x00030201,0x04070605,0x080B0A09,0x0C0F0E0D);
 	&data_word(0x04070605,0x080B0A09,0x0C0F0E0D,0x00030201);
 	&data_word(0x080B0A09,0x0C0F0E0D,0x00030201,0x04070605);
 	&data_word(0x0C0F0E0D,0x00030201,0x04070605,0x080B0A09);
 $k_mc_backward=0xc0;	# mc_backward
 	&data_word(0x02010003,0x06050407,0x0A09080B,0x0E0D0C0F);
 	&data_word(0x0E0D0C0F,0x02010003,0x06050407,0x0A09080B);
 	&data_word(0x0A09080B,0x0E0D0C0F,0x02010003,0x06050407);
 	&data_word(0x06050407,0x0A09080B,0x0E0D0C0F,0x02010003);
 $k_sr=0x100;		# sr
 	&data_word(0x03020100,0x07060504,0x0B0A0908,0x0F0E0D0C);
 	&data_word(0x0F0A0500,0x030E0904,0x07020D08,0x0B06010C);
 	&data_word(0x0B020900,0x0F060D04,0x030A0108,0x070E050C);
 	&data_word(0x070A0D00,0x0B0E0104,0x0F020508,0x0306090C);
 $k_rcon=0x140;		# rcon
 	&data_word(0xAF9DEEB6,0x1F8391B9,0x4D7C7D81,0x702A9808);
 $k_s63=0x150;		# s63: all equal to 0x63 transformed
 	&data_word(0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B);
 $k_opt=0x160;		# output transform
 	&data_word(0xD6B66000,0xFF9F4929,0xDEBE6808,0xF7974121);
 	&data_word(0x50BCEC00,0x01EDBD51,0xB05C0CE0,0xE10D5DB1);
 $k_deskew=0x180;	# deskew tables: inverts the sbox's "skew"
 	&data_word(0x47A4E300,0x07E4A340,0x5DBEF91A,0x1DFEB95A);
 	&data_word(0x83EA6900,0x5F36B5DC,0xF49D1E77,0x2841C2AB);
 ##
 ##  Decryption stuff
 ##  Key schedule constants
 ##
 $k_dksd=0x1a0;		# decryption key schedule: invskew x*D
 	&data_word(0xA3E44700,0xFEB91A5D,0x5A1DBEF9,0x0740E3A4);
 	&data_word(0xB5368300,0x41C277F4,0xAB289D1E,0x5FDC69EA);
 $k_dksb=0x1c0;		# decryption key schedule: invskew x*B
 	&data_word(0x8550D500,0x9A4FCA1F,0x1CC94C99,0x03D65386);
 	&data_word(0xB6FC4A00,0x115BEDA7,0x7E3482C8,0xD993256F);
 $k_dkse=0x1e0;		# decryption key schedule: invskew x*E + 0x63
 	&data_word(0x1FC9D600,0xD5031CCA,0x994F5086,0x53859A4C);
 	&data_word(0x4FDC7BE8,0xA2319605,0x20B31487,0xCD5EF96A);
 $k_dks9=0x200;		# decryption key schedule: invskew x*9
 	&data_word(0x7ED9A700,0xB6116FC8,0x82255BFC,0x4AED9334);
 	&data_word(0x27143300,0x45765162,0xE9DAFDCE,0x8BB89FAC);
 ##
 ##  Decryption stuff
 ##  Round function constants
 ##
 $k_dipt=0x220;		# decryption input transform
 	&data_word(0x0B545F00,0x0F505B04,0x114E451A,0x154A411E);
 	&data_word(0x60056500,0x86E383E6,0xF491F194,0x12771772);
 $k_dsb9=0x240;		# decryption sbox output *9*u, *9*t
 	&data_word(0x9A86D600,0x851C0353,0x4F994CC9,0xCAD51F50);
 	&data_word(0xECD74900,0xC03B1789,0xB2FBA565,0x725E2C9E);
 $k_dsbd=0x260;		# decryption sbox output *D*u, *D*t
 	&data_word(0xE6B1A200,0x7D57CCDF,0x882A4439,0xF56E9B13);
 	&data_word(0x24C6CB00,0x3CE2FAF7,0x15DEEFD3,0x2931180D);
 $k_dsbb=0x280;		# decryption sbox output *B*u, *B*t
 	&data_word(0x96B44200,0xD0226492,0xB0F2D404,0x602646F6);
 	&data_word(0xCD596700,0xC19498A6,0x3255AA6B,0xF3FF0C3E);
 $k_dsbe=0x2a0;		# decryption sbox output *E*u, *E*t
 	&data_word(0x26D4D000,0x46F29296,0x64B4F6B0,0x22426004);
 	&data_word(0xFFAAC100,0x0C55A6CD,0x98593E32,0x9467F36B);
 $k_dsbo=0x2c0;		# decryption sbox final output
 	&data_word(0x7EF94000,0x1387EA53,0xD4943E2D,0xC7AA6DB9);
 	&data_word(0x93441D00,0x12D7560F,0xD8C58E9C,0xCA4B8159);
 &asciz	("Vector Permutation AES for x86/SSSE3, Mike Hamburg (Stanford University)");
 &align	(64);
 &function_begin_B("_vpaes_preheat");
 	&add	($const,&DWP(0,"esp"));
 	&movdqa	("xmm7",&QWP($k_inv,$const));
 	&movdqa	("xmm6",&QWP($k_s0F,$const));
 	&ret	();
 &function_end_B("_vpaes_preheat");
 ##
 ##  _aes_encrypt_core
 ##
 ##  AES-encrypt %xmm0.
 ##
 ##  Inputs:
 ##     %xmm0 = input
 ##     %xmm6-%xmm7 as in _vpaes_preheat
 ##    (%edx) = scheduled keys
 ##
 ##  Output in %xmm0
 ##  Clobbers  %xmm1-%xmm5, %eax, %ebx, %ecx, %edx
 ##
 ##
 &function_begin_B("_vpaes_encrypt_core");
 	&mov	($magic,16);
 	&mov	($round,&DWP(240,$key));
 	&movdqa	("xmm1","xmm6")
 	&movdqa	("xmm2",&QWP($k_ipt,$const));
 	&pandn	("xmm1","xmm0");
 	&movdqu	("xmm5",&QWP(0,$key));
 	&psrld	("xmm1",4);
 	&pand	("xmm0","xmm6");
 	&pshufb	("xmm2","xmm0");
 	&movdqa	("xmm0",&QWP($k_ipt+16,$const));
 	&pshufb	("xmm0","xmm1");
 	&pxor	("xmm2","xmm5");
 	&pxor	("xmm0","xmm2");
 	&add	($key,16);
 	&lea	($base,&DWP($k_mc_backward,$const));
 	&jmp	(&label("enc_entry"));
 &set_label("enc_loop",16);
 	# middle of middle round
 	&movdqa	("xmm4",&QWP($k_sb1,$const));	# 4 : sb1u
 	&pshufb	("xmm4","xmm2");		# 4 = sb1u
 	&pxor	("xmm4","xmm5");		# 4 = sb1u + k
 	&movdqa	("xmm0",&QWP($k_sb1+16,$const));# 0 : sb1t
 	&pshufb	("xmm0","xmm3");		# 0 = sb1t
 	&pxor	("xmm0","xmm4");		# 0 = A
 	&movdqa	("xmm5",&QWP($k_sb2,$const));	# 4 : sb2u
 	&pshufb	("xmm5","xmm2");		# 4 = sb2u
 	&movdqa	("xmm1",&QWP(-0x40,$base,$magic));# .Lk_mc_forward[]
 	&movdqa	("xmm2",&QWP($k_sb2+16,$const));# 2 : sb2t
 	&pshufb	("xmm2","xmm3");		# 2 = sb2t
 	&pxor	("xmm2","xmm5");		# 2 = 2A
 	&movdqa	("xmm4",&QWP(0,$base,$magic));	# .Lk_mc_backward[]
 	&movdqa	("xmm3","xmm0");		# 3 = A
 	&pshufb	("xmm0","xmm1");		# 0 = B
 	&add	($key,16);			# next key
 	&pxor	("xmm0","xmm2");		# 0 = 2A+B
 	&pshufb	("xmm3","xmm4");		# 3 = D
 	&add	($magic,16);			# next mc
 	&pxor	("xmm3","xmm0");		# 3 = 2A+B+D
 	&pshufb	("xmm0","xmm1");		# 0 = 2B+C
 	&and	($magic,0x30);			# ... mod 4
 	&pxor	("xmm0","xmm3");		# 0 = 2A+3B+C+D
 	&sub	($round,1);			# nr--
 &set_label("enc_entry");
 	# top of round
 	&movdqa	("xmm1","xmm6");		# 1 : i
 	&pandn	("xmm1","xmm0");		# 1 = i<<4
 	&psrld	("xmm1",4);			# 1 = i
 	&pand	("xmm0","xmm6");		# 0 = k
 	&movdqa	("xmm5",&QWP($k_inv+16,$const));# 2 : a/k
 	&pshufb	("xmm5","xmm0");		# 2 = a/k
 	&pxor	("xmm0","xmm1");		# 0 = j
 	&movdqa	("xmm3","xmm7");		# 3 : 1/i
 	&pshufb	("xmm3","xmm1");		# 3 = 1/i
 	&pxor	("xmm3","xmm5");		# 3 = iak = 1/i + a/k
 	&movdqa	("xmm4","xmm7");		# 4 : 1/j
 	&pshufb	("xmm4","xmm0");		# 4 = 1/j
 	&pxor	("xmm4","xmm5");		# 4 = jak = 1/j + a/k
 	&movdqa	("xmm2","xmm7");		# 2 : 1/iak
 	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
 	&pxor	("xmm2","xmm0");		# 2 = io
 	&movdqa	("xmm3","xmm7");		# 3 : 1/jak
 	&movdqu	("xmm5",&QWP(0,$key));
 	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
 	&pxor	("xmm3","xmm1");		# 3 = jo
 	&jnz	(&label("enc_loop"));
 	# middle of last round
 	&movdqa	("xmm4",&QWP($k_sbo,$const));	# 3 : sbou      .Lk_sbo
 	&movdqa	("xmm0",&QWP($k_sbo+16,$const));# 3 : sbot      .Lk_sbo+16
 	&pshufb	("xmm4","xmm2");		# 4 = sbou
 	&pxor	("xmm4","xmm5");		# 4 = sb1u + k
 	&pshufb	("xmm0","xmm3");		# 0 = sb1t
 	&movdqa	("xmm1",&QWP(0x40,$base,$magic));# .Lk_sr[]
 	&pxor	("xmm0","xmm4");		# 0 = A
 	&pshufb	("xmm0","xmm1");
 	&ret	();
 &function_end_B("_vpaes_encrypt_core");
 ##
 ##  Decryption core
 ##
 ##  Same API as encryption core.
 ##
 &function_begin_B("_vpaes_decrypt_core");
 	&mov	($round,&DWP(240,$key));
 	&lea	($base,&DWP($k_dsbd,$const));
 	&movdqa	("xmm1","xmm6");
 	&movdqa	("xmm2",&QWP($k_dipt-$k_dsbd,$base));
 	&pandn	("xmm1","xmm0");
 	&mov	($magic,$round);
 	&psrld	("xmm1",4)
 	&movdqu	("xmm5",&QWP(0,$key));
 	&shl	($magic,4);
 	&pand	("xmm0","xmm6");
 	&pshufb	("xmm2","xmm0");
 	&movdqa	("xmm0",&QWP($k_dipt-$k_dsbd+16,$base));
 	&xor	($magic,0x30);
 	&pshufb	("xmm0","xmm1");
 	&and	($magic,0x30);
 	&pxor	("xmm2","xmm5");
 	&movdqa	("xmm5",&QWP($k_mc_forward+48,$const));
 	&pxor	("xmm0","xmm2");
 	&add	($key,16);
 	&lea	($magic,&DWP($k_sr-$k_dsbd,$base,$magic));
 	&jmp	(&label("dec_entry"));
 &set_label("dec_loop",16);
 ##
 ##  Inverse mix columns
 ##
 	&movdqa	("xmm4",&QWP(-0x20,$base));	# 4 : sb9u
 	&pshufb	("xmm4","xmm2");		# 4 = sb9u
 	&pxor	("xmm4","xmm0");
 	&movdqa	("xmm0",&QWP(-0x10,$base));	# 0 : sb9t
 	&pshufb	("xmm0","xmm3");		# 0 = sb9t
 	&pxor	("xmm0","xmm4");		# 0 = ch
 	&add	($key,16);			# next round key
 	&pshufb	("xmm0","xmm5");		# MC ch
 	&movdqa	("xmm4",&QWP(0,$base));		# 4 : sbdu
 	&pshufb	("xmm4","xmm2");		# 4 = sbdu
 	&pxor	("xmm4","xmm0");		# 4 = ch
 	&movdqa	("xmm0",&QWP(0x10,$base));	# 0 : sbdt
 	&pshufb	("xmm0","xmm3");		# 0 = sbdt
 	&pxor	("xmm0","xmm4");		# 0 = ch
 	&sub	($round,1);			# nr--
 	&pshufb	("xmm0","xmm5");		# MC ch
 	&movdqa	("xmm4",&QWP(0x20,$base));	# 4 : sbbu
 	&pshufb	("xmm4","xmm2");		# 4 = sbbu
 	&pxor	("xmm4","xmm0");		# 4 = ch
 	&movdqa	("xmm0",&QWP(0x30,$base));	# 0 : sbbt
 	&pshufb	("xmm0","xmm3");		# 0 = sbbt
 	&pxor	("xmm0","xmm4");		# 0 = ch
 	&pshufb	("xmm0","xmm5");		# MC ch
 	&movdqa	("xmm4",&QWP(0x40,$base));	# 4 : sbeu
 	&pshufb	("xmm4","xmm2");		# 4 = sbeu
 	&pxor	("xmm4","xmm0");		# 4 = ch
 	&movdqa	("xmm0",&QWP(0x50,$base));	# 0 : sbet
 	&pshufb	("xmm0","xmm3");		# 0 = sbet
 	&pxor	("xmm0","xmm4");		# 0 = ch
 	&palignr("xmm5","xmm5",12);
 &set_label("dec_entry");
 	# top of round
 	&movdqa	("xmm1","xmm6");		# 1 : i
 	&pandn	("xmm1","xmm0");		# 1 = i<<4
 	&psrld	("xmm1",4);			# 1 = i
 	&pand	("xmm0","xmm6");		# 0 = k
 	&movdqa	("xmm2",&QWP($k_inv+16,$const));# 2 : a/k
 	&pshufb	("xmm2","xmm0");		# 2 = a/k
 	&pxor	("xmm0","xmm1");		# 0 = j
 	&movdqa	("xmm3","xmm7");		# 3 : 1/i
 	&pshufb	("xmm3","xmm1");		# 3 = 1/i
 	&pxor	("xmm3","xmm2");		# 3 = iak = 1/i + a/k
 	&movdqa	("xmm4","xmm7");		# 4 : 1/j
 	&pshufb	("xmm4","xmm0");		# 4 = 1/j
 	&pxor	("xmm4","xmm2");		# 4 = jak = 1/j + a/k
 	&movdqa	("xmm2","xmm7");		# 2 : 1/iak
 	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
 	&pxor	("xmm2","xmm0");		# 2 = io
 	&movdqa	("xmm3","xmm7");		# 3 : 1/jak
 	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
 	&pxor	("xmm3","xmm1");		# 3 = jo
 	&movdqu	("xmm0",&QWP(0,$key));
 	&jnz	(&label("dec_loop"));
 	# middle of last round
 	&movdqa	("xmm4",&QWP(0x60,$base));	# 3 : sbou
 	&pshufb	("xmm4","xmm2");		# 4 = sbou
 	&pxor	("xmm4","xmm0");		# 4 = sb1u + k
 	&movdqa	("xmm0",&QWP(0x70,$base));	# 0 : sbot
 	&movdqa	("xmm2",&QWP(0,$magic));
 	&pshufb	("xmm0","xmm3");		# 0 = sb1t
 	&pxor	("xmm0","xmm4");		# 0 = A
 	&pshufb	("xmm0","xmm2");
 	&ret	();
 &function_end_B("_vpaes_decrypt_core");
 ########################################################
 ##                                                    ##
 ##                  AES key schedule                  ##
 ##                                                    ##
 ########################################################
 &function_begin_B("_vpaes_schedule_core");
 	&add	($const,&DWP(0,"esp"));
 	&movdqu	("xmm0",&QWP(0,$inp));		# load key (unaligned)
 	&movdqa	("xmm2",&QWP($k_rcon,$const));	# load rcon
 	# input transform
 	&movdqa	("xmm3","xmm0");
 	&lea	($base,&DWP($k_ipt,$const));
 	&movdqa	(&QWP(4,"esp"),"xmm2");		# xmm8
 	&call	("_vpaes_schedule_transform");
 	&movdqa	("xmm7","xmm0");
 	&test	($out,$out);
 	&jnz	(&label("schedule_am_decrypting"));
 	# encrypting, output zeroth round key after transform
 	&movdqu	(&QWP(0,$key),"xmm0");
 	&jmp	(&label("schedule_go"));
 &set_label("schedule_am_decrypting");
 	# decrypting, output zeroth round key after shiftrows
 	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
 	&pshufb	("xmm3","xmm1");
 	&movdqu	(&QWP(0,$key),"xmm3");
 	&xor	($magic,0x30);
 &set_label("schedule_go");
 	&cmp	($round,192);
 	&ja	(&label("schedule_256"));
 	&je	(&label("schedule_192"));
 	# 128: fall though
 ##
 ##  .schedule_128
 ##
 ##  128-bit specific part of key schedule.
 ##
 ##  This schedule is really simple, because all its parts
 ##  are accomplished by the subroutines.
 ##
 &set_label("schedule_128");
 	&mov	($round,10);
 &set_label("loop_schedule_128");
 	&call	("_vpaes_schedule_round");
 	&dec	($round);
 	&jz	(&label("schedule_mangle_last"));
 	&call	("_vpaes_schedule_mangle");	# write output
 	&jmp	(&label("loop_schedule_128"));
 ##
 ##  .aes_schedule_192
 ##
 ##  192-bit specific part of key schedule.
 ##
 ##  The main body of this schedule is the same as the 128-bit
 ##  schedule, but with more smearing.  The long, high side is
 ##  stored in %xmm7 as before, and the short, low side is in
 ##  the high bits of %xmm6.
 ##
 ##  This schedule is somewhat nastier, however, because each
 ##  round produces 192 bits of key material, or 1.5 round keys.
 ##  Therefore, on each cycle we do 2 rounds and produce 3 round
 ##  keys.
 ##
 &set_label("schedule_192",16);
 	&movdqu	("xmm0",&QWP(8,$inp));		# load key part 2 (very unaligned)
 	&call	("_vpaes_schedule_transform");	# input transform	
 	&movdqa	("xmm6","xmm0");		# save short part
 	&pxor	("xmm4","xmm4");		# clear 4
 	&movhlps("xmm6","xmm4");		# clobber low side with zeros
 	&mov	($round,4);
 &set_label("loop_schedule_192");
 	&call	("_vpaes_schedule_round");
 	&palignr("xmm0","xmm6",8);
 	&call	("_vpaes_schedule_mangle");	# save key n
 	&call	("_vpaes_schedule_192_smear");
 	&call	("_vpaes_schedule_mangle");	# save key n+1
 	&call	("_vpaes_schedule_round");
 	&dec	($round);
 	&jz	(&label("schedule_mangle_last"));
 	&call	("_vpaes_schedule_mangle");	# save key n+2
 	&call	("_vpaes_schedule_192_smear");
 	&jmp	(&label("loop_schedule_192"));
 ##
 ##  .aes_schedule_256
 ##
 ##  256-bit specific part of key schedule.
 ##
 ##  The structure here is very similar to the 128-bit
 ##  schedule, but with an additional "low side" in
 ##  %xmm6.  The low side's rounds are the same as the
 ##  high side's, except no rcon and no rotation.
 ##
 &set_label("schedule_256",16);
 	&movdqu	("xmm0",&QWP(16,$inp));		# load key part 2 (unaligned)
 	&call	("_vpaes_schedule_transform");	# input transform	
 	&mov	($round,7);
 &set_label("loop_schedule_256");
 	&call	("_vpaes_schedule_mangle");	# output low result
 	&movdqa	("xmm6","xmm0");		# save cur_lo in xmm6
 	# high round
 	&call	("_vpaes_schedule_round");
 	&dec	($round);
 	&jz	(&label("schedule_mangle_last"));
 	&call	("_vpaes_schedule_mangle");	
 	# low round. swap xmm7 and xmm6
 	&pshufd	("xmm0","xmm0",0xFF);
 	&movdqa	(&QWP(20,"esp"),"xmm7");
 	&movdqa	("xmm7","xmm6");
 	&call	("_vpaes_schedule_low_round");
 	&movdqa	("xmm7",&QWP(20,"esp"));
 	&jmp	(&label("loop_schedule_256"));
 ##
 ##  .aes_schedule_mangle_last
 ##
 ##  Mangler for last round of key schedule
 ##  Mangles %xmm0
 ##    when encrypting, outputs out(%xmm0) ^ 63
 ##    when decrypting, outputs unskew(%xmm0)
 ##
 ##  Always called right before return... jumps to cleanup and exits
 ##
 &set_label("schedule_mangle_last",16);
 	# schedule last round key from xmm0
 	&lea	($base,&DWP($k_deskew,$const));
 	&test	($out,$out);
 	&jnz	(&label("schedule_mangle_last_dec"));
 	# encrypting
 	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
 	&pshufb	("xmm0","xmm1");		# output permute
 	&lea	($base,&DWP($k_opt,$const));	# prepare to output transform
 	&add	($key,32);
 &set_label("schedule_mangle_last_dec");
 	&add	($key,-16);
 	&pxor	("xmm0",&QWP($k_s63,$const));
 	&call	("_vpaes_schedule_transform");	# output transform
 	&movdqu	(&QWP(0,$key),"xmm0");		# save last key
 	# cleanup
 	&pxor	("xmm0","xmm0");
 	&pxor	("xmm1","xmm1");
 	&pxor	("xmm2","xmm2");
 	&pxor	("xmm3","xmm3");
 	&pxor	("xmm4","xmm4");
 	&pxor	("xmm5","xmm5");
 	&pxor	("xmm6","xmm6");
 	&pxor	("xmm7","xmm7");
 	&ret	();
 &function_end_B("_vpaes_schedule_core");
 ##
 ##  .aes_schedule_192_smear
 ##
 ##  Smear the short, low side in the 192-bit key schedule.
 ##
 ##  Inputs:
 ##    %xmm7: high side, b  a  x  y
 ##    %xmm6:  low side, d  c  0  0
 ##    %xmm13: 0
 ##
 ##  Outputs:
 ##    %xmm6: b+c+d  b+c  0  0
 ##    %xmm0: b+c+d  b+c  b  a
 ##
 &function_begin_B("_vpaes_schedule_192_smear");
 	&pshufd	("xmm0","xmm6",0x80);		# d c 0 0 -> c 0 0 0
 	&pxor	("xmm6","xmm0");		# -> c+d c 0 0
 	&pshufd	("xmm0","xmm7",0xFE);		# b a _ _ -> b b b a
 	&pxor	("xmm6","xmm0");		# -> b+c+d b+c b a
 	&movdqa	("xmm0","xmm6");
 	&pxor	("xmm1","xmm1");
 	&movhlps("xmm6","xmm1");		# clobber low side with zeros
 	&ret	();
 &function_end_B("_vpaes_schedule_192_smear");
 ##
 ##  .aes_schedule_round
 ##
 ##  Runs one main round of the key schedule on %xmm0, %xmm7
 ##
 ##  Specifically, runs subbytes on the high dword of %xmm0
 ##  then rotates it by one byte and xors into the low dword of
 ##  %xmm7.
 ##
 ##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
 ##  next rcon.
 ##
 ##  Smears the dwords of %xmm7 by xoring the low into the
 ##  second low, result into third, result into highest.
 ##
 ##  Returns results in %xmm7 = %xmm0.
 ##  Clobbers %xmm1-%xmm5.
 ##
 &function_begin_B("_vpaes_schedule_round");
 	# extract rcon from xmm8
 	&movdqa	("xmm2",&QWP(8,"esp"));		# xmm8
 	&pxor	("xmm1","xmm1");
 	&palignr("xmm1","xmm2",15);
 	&palignr("xmm2","xmm2",15);
 	&pxor	("xmm7","xmm1");
 	# rotate
 	&pshufd	("xmm0","xmm0",0xFF);
 	&palignr("xmm0","xmm0",1);
 	# fall through...
 	&movdqa	(&QWP(8,"esp"),"xmm2");		# xmm8
 	# low round: same as high round, but no rotation and no rcon.
 &set_label("_vpaes_schedule_low_round");
 	# smear xmm7
 	&movdqa	("xmm1","xmm7");
 	&pslldq	("xmm7",4);
 	&pxor	("xmm7","xmm1");
 	&movdqa	("xmm1","xmm7");
 	&pslldq	("xmm7",8);
 	&pxor	("xmm7","xmm1");
 	&pxor	("xmm7",&QWP($k_s63,$const));
 	# subbyte
 	&movdqa	("xmm4",&QWP($k_s0F,$const));
 	&movdqa	("xmm5",&QWP($k_inv,$const));	# 4 : 1/j
 	&movdqa	("xmm1","xmm4");	
 	&pandn	("xmm1","xmm0");
 	&psrld	("xmm1",4);			# 1 = i
 	&pand	("xmm0","xmm4");		# 0 = k
 	&movdqa	("xmm2",&QWP($k_inv+16,$const));# 2 : a/k
 	&pshufb	("xmm2","xmm0");		# 2 = a/k
 	&pxor	("xmm0","xmm1");		# 0 = j
 	&movdqa	("xmm3","xmm5");		# 3 : 1/i
 	&pshufb	("xmm3","xmm1");		# 3 = 1/i
 	&pxor	("xmm3","xmm2");		# 3 = iak = 1/i + a/k
 	&movdqa	("xmm4","xmm5");		# 4 : 1/j
 	&pshufb	("xmm4","xmm0");		# 4 = 1/j
 	&pxor	("xmm4","xmm2");		# 4 = jak = 1/j + a/k
 	&movdqa	("xmm2","xmm5");		# 2 : 1/iak
 	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
 	&pxor	("xmm2","xmm0");		# 2 = io
 	&movdqa	("xmm3","xmm5");		# 3 : 1/jak
 	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
 	&pxor	("xmm3","xmm1");		# 3 = jo
 	&movdqa	("xmm4",&QWP($k_sb1,$const));	# 4 : sbou
 	&pshufb	("xmm4","xmm2");		# 4 = sbou
 	&movdqa	("xmm0",&QWP($k_sb1+16,$const));# 0 : sbot
 	&pshufb	("xmm0","xmm3");		# 0 = sb1t
 	&pxor	("xmm0","xmm4");		# 0 = sbox output
 	# add in smeared stuff
 	&pxor	("xmm0","xmm7");
 	&movdqa	("xmm7","xmm0");
 	&ret	();
 &function_end_B("_vpaes_schedule_round");
 ##
 ##  .aes_schedule_transform
 ##
 ##  Linear-transform %xmm0 according to tables at (%ebx)
 ##
 ##  Output in %xmm0
 ##  Clobbers %xmm1, %xmm2
 ##
 &function_begin_B("_vpaes_schedule_transform");
 	&movdqa	("xmm2",&QWP($k_s0F,$const));
 	&movdqa	("xmm1","xmm2");
 	&pandn	("xmm1","xmm0");
 	&psrld	("xmm1",4);
 	&pand	("xmm0","xmm2");
 	&movdqa	("xmm2",&QWP(0,$base));
 	&pshufb	("xmm2","xmm0");
 	&movdqa	("xmm0",&QWP(16,$base));
 	&pshufb	("xmm0","xmm1");
 	&pxor	("xmm0","xmm2");
 	&ret	();
 &function_end_B("_vpaes_schedule_transform");
 ##
 ##  .aes_schedule_mangle
 ##
 ##  Mangle xmm0 from (basis-transformed) standard version
 ##  to our version.
 ##
 ##  On encrypt,
 ##    xor with 0x63
 ##    multiply by circulant 0,1,1,1
 ##    apply shiftrows transform
 ##
 ##  On decrypt,
 ##    xor with 0x63
 ##    multiply by "inverse mixcolumns" circulant E,B,D,9
 ##    deskew
 ##    apply shiftrows transform
 ##
 ##
 ##  Writes out to (%edx), and increments or decrements it
 ##  Keeps track of round number mod 4 in %ecx
 ##  Preserves xmm0
 ##  Clobbers xmm1-xmm5
 ##
 &function_begin_B("_vpaes_schedule_mangle");
 	&movdqa	("xmm4","xmm0");	# save xmm0 for later
 	&movdqa	("xmm5",&QWP($k_mc_forward,$const));
 	&test	($out,$out);
 	&jnz	(&label("schedule_mangle_dec"));
 	# encrypting
 	&add	($key,16);
 	&pxor	("xmm4",&QWP($k_s63,$const));
 	&pshufb	("xmm4","xmm5");
 	&movdqa	("xmm3","xmm4");
 	&pshufb	("xmm4","xmm5");
 	&pxor	("xmm3","xmm4");
 	&pshufb	("xmm4","xmm5");
 	&pxor	("xmm3","xmm4");
 	&jmp	(&label("schedule_mangle_both"));
 &set_label("schedule_mangle_dec",16);
 	# inverse mix columns
 	&movdqa	("xmm2",&QWP($k_s0F,$const));
 	&lea	($inp,&DWP($k_dksd,$const));
 	&movdqa	("xmm1","xmm2");
 	&pandn	("xmm1","xmm4");
 	&psrld	("xmm1",4);			# 1 = hi
 	&pand	("xmm4","xmm2");		# 4 = lo
 	&movdqa	("xmm2",&QWP(0,$inp));
 	&pshufb	("xmm2","xmm4");
 	&movdqa	("xmm3",&QWP(0x10,$inp));
 	&pshufb	("xmm3","xmm1");
 	&pxor	("xmm3","xmm2");
 	&pshufb	("xmm3","xmm5");
 	&movdqa	("xmm2",&QWP(0x20,$inp));
 	&pshufb	("xmm2","xmm4");
 	&pxor	("xmm2","xmm3");
 	&movdqa	("xmm3",&QWP(0x30,$inp));
 	&pshufb	("xmm3","xmm1");
 	&pxor	("xmm3","xmm2");
 	&pshufb	("xmm3","xmm5");
 	&movdqa	("xmm2",&QWP(0x40,$inp));
 	&pshufb	("xmm2","xmm4");
 	&pxor	("xmm2","xmm3");
 	&movdqa	("xmm3",&QWP(0x50,$inp));
 	&pshufb	("xmm3","xmm1");
 	&pxor	("xmm3","xmm2");
 	&pshufb	("xmm3","xmm5");
 	&movdqa	("xmm2",&QWP(0x60,$inp));
 	&pshufb	("xmm2","xmm4");
 	&pxor	("xmm2","xmm3");
 	&movdqa	("xmm3",&QWP(0x70,$inp));
 	&pshufb	("xmm3","xmm1");
 	&pxor	("xmm3","xmm2");
 	&add	($key,-16);
 &set_label("schedule_mangle_both");
 	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
 	&pshufb	("xmm3","xmm1");
 	&add	($magic,-16);
 	&and	($magic,0x30);
 	&movdqu	(&QWP(0,$key),"xmm3");
 	&ret	();
 &function_end_B("_vpaes_schedule_mangle");
 #
 # Interface to OpenSSL
 #
 &function_begin("${PREFIX}_set_encrypt_key");
 	&mov	($inp,&wparam(0));		# inp
 	&lea	($base,&DWP(-56,"esp"));
 	&mov	($round,&wparam(1));		# bits
 	&and	($base,-16);
 	&mov	($key,&wparam(2));		# key
 	&xchg	($base,"esp");			# alloca
 	&mov	(&DWP(48,"esp"),$base);
 	&mov	($base,$round);
 	&shr	($base,5);
 	&add	($base,5);
 	&mov	(&DWP(240,$key),$base);		# AES_KEY->rounds = nbits/32+5;
 	&mov	($magic,0x30);
 	&mov	($out,0);
 	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
 	&call	("_vpaes_schedule_core");
 &set_label("pic_point");
 	&mov	("esp",&DWP(48,"esp"));
 	&xor	("eax","eax");
 &function_end("${PREFIX}_set_encrypt_key");
 &function_begin("${PREFIX}_set_decrypt_key");
 	&mov	($inp,&wparam(0));		# inp
 	&lea	($base,&DWP(-56,"esp"));
 	&mov	($round,&wparam(1));		# bits
 	&and	($base,-16);
 	&mov	($key,&wparam(2));		# key
 	&xchg	($base,"esp");			# alloca
 	&mov	(&DWP(48,"esp"),$base);
 	&mov	($base,$round);
 	&shr	($base,5);
 	&add	($base,5);
 	&mov	(&DWP(240,$key),$base);	# AES_KEY->rounds = nbits/32+5;
 	&shl	($base,4);
 	&lea	($key,&DWP(16,$key,$base));
 	&mov	($out,1);
 	&mov	($magic,$round);
 	&shr	($magic,1);
 	&and	($magic,32);
 	&xor	($magic,32);			# nbist==192?0:32;
 	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
 	&call	("_vpaes_schedule_core");
 &set_label("pic_point");
 	&mov	("esp",&DWP(48,"esp"));
 	&xor	("eax","eax");
 &function_end("${PREFIX}_set_decrypt_key");
 &function_begin("${PREFIX}_encrypt");
 	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
 	&call	("_vpaes_preheat");
 &set_label("pic_point");
 	&mov	($inp,&wparam(0));		# inp
 	&lea	($base,&DWP(-56,"esp"));
 	&mov	($out,&wparam(1));		# out
 	&and	($base,-16);
 	&mov	($key,&wparam(2));		# key
 	&xchg	($base,"esp");			# alloca
 	&mov	(&DWP(48,"esp"),$base);
 	&movdqu	("xmm0",&QWP(0,$inp));
 	&call	("_vpaes_encrypt_core");
 	&movdqu	(&QWP(0,$out),"xmm0");
 	&mov	("esp",&DWP(48,"esp"));
 &function_end("${PREFIX}_encrypt");
 &function_begin("${PREFIX}_decrypt");
 	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
 	&call	("_vpaes_preheat");
 &set_label("pic_point");
 	&mov	($inp,&wparam(0));		# inp
 	&lea	($base,&DWP(-56,"esp"));
 	&mov	($out,&wparam(1));		# out
 	&and	($base,-16);
 	&mov	($key,&wparam(2));		# key
 	&xchg	($base,"esp");			# alloca
 	&mov	(&DWP(48,"esp"),$base);
 	&movdqu	("xmm0",&QWP(0,$inp));
 	&call	("_vpaes_decrypt_core");
 	&movdqu	(&QWP(0,$out),"xmm0");
 	&mov	("esp",&DWP(48,"esp"));
 &function_end("${PREFIX}_decrypt");
 &function_begin("${PREFIX}_cbc_encrypt");
 	&mov	($inp,&wparam(0));		# inp
 	&mov	($out,&wparam(1));		# out
 	&mov	($round,&wparam(2));		# len
 	&mov	($key,&wparam(3));		# key
 	&sub	($round,16);
 	&jc	(&label("cbc_abort"));
 	&lea	($base,&DWP(-56,"esp"));
 	&mov	($const,&wparam(4));		# ivp
 	&and	($base,-16);
 	&mov	($magic,&wparam(5));		# enc
 	&xchg	($base,"esp");			# alloca
 	&movdqu	("xmm1",&QWP(0,$const));	# load IV
 	&sub	($out,$inp);
 	&mov	(&DWP(48,"esp"),$base);
 	&mov	(&DWP(0,"esp"),$out);		# save out
 	&mov	(&DWP(4,"esp"),$key)		# save key
 	&mov	(&DWP(8,"esp"),$const);		# save ivp
 	&mov	($out,$round);			# $out works as $len
 	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
 	&call	("_vpaes_preheat");
 &set_label("pic_point");
 	&cmp	($magic,0);
 	&je	(&label("cbc_dec_loop"));
 	&jmp	(&label("cbc_enc_loop"));
 &set_label("cbc_enc_loop",16);
 	&movdqu	("xmm0",&QWP(0,$inp));		# load input
 	&pxor	("xmm0","xmm1");		# inp^=iv
 	&call	("_vpaes_encrypt_core");
 	&mov	($base,&DWP(0,"esp"));		# restore out
 	&mov	($key,&DWP(4,"esp"));		# restore key
 	&movdqa	("xmm1","xmm0");
 	&movdqu	(&QWP(0,$base,$inp),"xmm0");	# write output
 	&lea	($inp,&DWP(16,$inp));
 	&sub	($out,16);
 	&jnc	(&label("cbc_enc_loop"));
 	&jmp	(&label("cbc_done"));
 &set_label("cbc_dec_loop",16);
 	&movdqu	("xmm0",&QWP(0,$inp));		# load input
 	&movdqa	(&QWP(16,"esp"),"xmm1");	# save IV
 	&movdqa	(&QWP(32,"esp"),"xmm0");	# save future IV
 	&call	("_vpaes_decrypt_core");
 	&mov	($base,&DWP(0,"esp"));		# restore out
 	&mov	($key,&DWP(4,"esp"));		# restore key
 	&pxor	("xmm0",&QWP(16,"esp"));	# out^=iv
 	&movdqa	("xmm1",&QWP(32,"esp"));	# load next IV
 	&movdqu	(&QWP(0,$base,$inp),"xmm0");	# write output
 	&lea	($inp,&DWP(16,$inp));
 	&sub	($out,16);
 	&jnc	(&label("cbc_dec_loop"));
 &set_label("cbc_done");
 	&mov	($base,&DWP(8,"esp"));		# restore ivp
 	&mov	("esp",&DWP(48,"esp"));
 	&movdqu	(&QWP(0,$base),"xmm1");		# write IV
 &set_label("cbc_abort");
 &function_end("${PREFIX}_cbc_encrypt");
 &asm_finish();
--- a/crypto/aes/asm/vpaes-x86_64.pl
+++ b/crypto/aes/asm/vpaes-x86_64.pl
--- a/crypto/arm_arch.h
+++ b/crypto/arm_arch.h
@@ -1,51 +0,0 @@
 #ifndef __ARM_ARCH_H__
 # define __ARM_ARCH_H__
 # if !defined(__ARM_ARCH__)
 #  if defined(__CC_ARM)
 #   define __ARM_ARCH__ __TARGET_ARCH_ARM
 #   if defined(__BIG_ENDIAN)
 #    define __ARMEB__
 #   else
 #    define __ARMEL__
 #   endif
 #  elif defined(__GNUC__)
  /*
   * Why doesn't gcc define __ARM_ARCH__? Instead it defines
   * bunch of below macros. See all_architectires[] table in
   * gcc/config/arm/arm.c. On a side note it defines
   * __ARMEL__/__ARMEB__ for little-/big-endian.
   */
 #   if   defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__)     || \
        defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__)     || \
        defined(__ARM_ARCH_7EM__)
 #    define __ARM_ARCH__ 7
 #   elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__)     || \
        defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__)     || \
        defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__)    || \
        defined(__ARM_ARCH_6T2__)
 #    define __ARM_ARCH__ 6
 #   elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__)     || \
        defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__)    || \
        defined(__ARM_ARCH_5TEJ__)
 #    define __ARM_ARCH__ 5
 #   elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__)
 #    define __ARM_ARCH__ 4
 #   else
 #    error "unsupported ARM architecture"
 #   endif
 #  endif
 # endif
 # ifdef OPENSSL_FIPSCANISTER
 #  include <openssl/fipssyms.h>
 # endif
 # if !__ASSEMBLER__
 extern unsigned int OPENSSL_armcap_P;
 #  define ARMV7_NEON      (1<<0)
 #  define ARMV7_TICK      (1<<1)
 # endif
 #endif
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -1,81 +0,0 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <setjmp.h>
 #include <signal.h>
 #include <crypto.h>
 #include "arm_arch.h"
 unsigned int OPENSSL_armcap_P;
 static sigset_t all_masked;
 static sigjmp_buf ill_jmp;
 static void ill_handler(int sig)
 {
    siglongjmp(ill_jmp, sig);
 }
 /*
 * Following subroutines could have been inlined, but it's not all
 * ARM compilers support inline assembler...
 */
 void _armv7_neon_probe(void);
 unsigned int _armv7_tick(void);
 unsigned int OPENSSL_rdtsc(void)
 {
    if (OPENSSL_armcap_P & ARMV7_TICK)
        return _armv7_tick();
    else
        return 0;
 }
 #if defined(__GNUC__) && __GNUC__>=2
 void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
 #endif
 void OPENSSL_cpuid_setup(void)
 {
    char *e;
    struct sigaction ill_oact, ill_act;
    sigset_t oset;
    static int trigger = 0;
    if (trigger)
        return;
    trigger = 1;
    if ((e = getenv("OPENSSL_armcap"))) {
        OPENSSL_armcap_P = strtoul(e, NULL, 0);
        return;
    }
    sigfillset(&all_masked);
    sigdelset(&all_masked, SIGILL);
    sigdelset(&all_masked, SIGTRAP);
    sigdelset(&all_masked, SIGFPE);
    sigdelset(&all_masked, SIGBUS);
    sigdelset(&all_masked, SIGSEGV);
    OPENSSL_armcap_P = 0;
    memset(&ill_act, 0, sizeof(ill_act));
    ill_act.sa_handler = ill_handler;
    ill_act.sa_mask = all_masked;
    sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
    sigaction(SIGILL, &ill_act, &ill_oact);
    if (sigsetjmp(ill_jmp, 1) == 0) {
        _armv7_neon_probe();
        OPENSSL_armcap_P |= ARMV7_NEON;
    }
    if (sigsetjmp(ill_jmp, 1) == 0) {
        _armv7_tick();
        OPENSSL_armcap_P |= ARMV7_TICK;
    }
    sigaction(SIGILL, &ill_oact, NULL);
    sigprocmask(SIG_SETMASK, &oset, NULL);
 }
--- a/crypto/armv4cpuid.S
+++ b/crypto/armv4cpuid.S
@@ -1,154 +0,0 @@
 #include "arm_arch.h"
 .text
 .code	32
 .align	5
 .global	_armv7_neon_probe
 .type	_armv7_neon_probe,%function
 _armv7_neon_probe:
 	.word	0xf26ee1fe	@ vorr	q15,q15,q15
 	.word	0xe12fff1e	@ bx	lr
 .size	_armv7_neon_probe,.-_armv7_neon_probe
 .global	_armv7_tick
 .type	_armv7_tick,%function
 _armv7_tick:
 	mrc	p15,0,r0,c9,c13,0
 	.word	0xe12fff1e	@ bx	lr
 .size	_armv7_tick,.-_armv7_tick
 .global	OPENSSL_atomic_add
 .type	OPENSSL_atomic_add,%function
 OPENSSL_atomic_add:
 #if __ARM_ARCH__>=6
 .Ladd:	ldrex	r2,[r0]
 	add	r3,r2,r1
 	strex	r2,r3,[r0]
 	cmp	r2,#0
 	bne	.Ladd
 	mov	r0,r3
 	.word	0xe12fff1e	@ bx	lr
 #else
 	stmdb	sp!,{r4-r6,lr}
 	ldr	r2,.Lspinlock
 	adr	r3,.Lspinlock
 	mov	r4,r0
 	mov	r5,r1
 	add	r6,r3,r2	@ &spinlock
 	b	.+8
 .Lspin:	bl	sched_yield
 	mov	r0,#-1
 	swp	r0,r0,[r6]
 	cmp	r0,#0
 	bne	.Lspin
 	ldr	r2,[r4]
 	add	r2,r2,r5
 	str	r2,[r4]
 	str	r0,[r6]		@ release spinlock
 	ldmia	sp!,{r4-r6,lr}
 	tst	lr,#1
 	moveq	pc,lr
 	.word	0xe12fff1e	@ bx	lr
 #endif
 .size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
 .global	OPENSSL_cleanse
 .type	OPENSSL_cleanse,%function
 OPENSSL_cleanse:
 	eor	ip,ip,ip
 	cmp	r1,#7
 	subhs	r1,r1,#4
 	bhs	.Lot
 	cmp	r1,#0
 	beq	.Lcleanse_done
 .Little:
 	strb	ip,[r0],#1
 	subs	r1,r1,#1
 	bhi	.Little
 	b	.Lcleanse_done
 .Lot:	tst	r0,#3
 	beq	.Laligned
 	strb	ip,[r0],#1
 	sub	r1,r1,#1
 	b	.Lot
 .Laligned:
 	str	ip,[r0],#4
 	subs	r1,r1,#4
 	bhs	.Laligned
 	adds	r1,r1,#4
 	bne	.Little
 .Lcleanse_done:
 	tst	lr,#1
 	moveq	pc,lr
 	.word	0xe12fff1e	@ bx	lr
 .size	OPENSSL_cleanse,.-OPENSSL_cleanse
 .global	OPENSSL_wipe_cpu
 .type	OPENSSL_wipe_cpu,%function
 OPENSSL_wipe_cpu:
 	ldr	r0,.LOPENSSL_armcap
 	adr	r1,.LOPENSSL_armcap
 	ldr	r0,[r1,r0]
 	eor	r2,r2,r2
 	eor	r3,r3,r3
 	eor	ip,ip,ip
 	tst	r0,#1
 	beq	.Lwipe_done
 	.word	0xf3000150	@ veor    q0, q0, q0
 	.word	0xf3022152	@ veor    q1, q1, q1
 	.word	0xf3044154	@ veor    q2, q2, q2
 	.word	0xf3066156	@ veor    q3, q3, q3
 	.word	0xf34001f0	@ veor    q8, q8, q8
 	.word	0xf34221f2	@ veor    q9, q9, q9
 	.word	0xf34441f4	@ veor    q10, q10, q10
 	.word	0xf34661f6	@ veor    q11, q11, q11
 	.word	0xf34881f8	@ veor    q12, q12, q12
 	.word	0xf34aa1fa	@ veor    q13, q13, q13
 	.word	0xf34cc1fc	@ veor    q14, q14, q14
 	.word	0xf34ee1fe	@ veor    q15, q15, q15
 .Lwipe_done:
 	mov	r0,sp
 	tst	lr,#1
 	moveq	pc,lr
 	.word	0xe12fff1e	@ bx	lr
 .size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
 .global	OPENSSL_instrument_bus
 .type	OPENSSL_instrument_bus,%function
 OPENSSL_instrument_bus:
 	eor	r0,r0,r0
 	tst	lr,#1
 	moveq	pc,lr
 	.word	0xe12fff1e	@ bx	lr
 .size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
 .global	OPENSSL_instrument_bus2
 .type	OPENSSL_instrument_bus2,%function
 OPENSSL_instrument_bus2:
 	eor	r0,r0,r0
 	tst	lr,#1
 	moveq	pc,lr
 	.word	0xe12fff1e	@ bx	lr
 .size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
 .align	5
 .LOPENSSL_armcap:
 .word	OPENSSL_armcap_P-.LOPENSSL_armcap
 #if __ARM_ARCH__>=6
 .align	5
 #else
 .Lspinlock:
 .word	atomic_add_spinlock-.Lspinlock
 .align	5
 .data
 .align	2
 atomic_add_spinlock:
 .word	0
 #endif
 .comm	OPENSSL_armcap_P,4,4
 .hidden	OPENSSL_armcap_P
--- a/crypto/asn1/.cvsignore
+++ b/crypto/asn1/.cvsignore
@@ -0,0 +1,4 @@
 lib
 Makefile.save
 *.flc
 semantic.cache
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -641,7 +641,7 @@ t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../cryptlib.h asn1_locl.h t_x509.c
+t_x509.o: ../cryptlib.h t_x509.c
 t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
 t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
    } else {
        if (len != 0) {
            if ((ret->length < len) || (ret->data == NULL)) {
                if (ret->data != NULL)
                    OPENSSL_free(ret->data);
                s = (unsigned char *)OPENSSL_malloc((int)len + 1);
                if (s == NULL) {
                    i = ERR_R_MALLOC_FAILURE;
                    goto err;
                }
                if (ret->data != NULL)
                    OPENSSL_free(ret->data);
            } else
                s = ret->data;
            memcpy(s, p, (int)len);
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -141,7 +141,6 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
 #endif
 #define HEADER_SIZE   8
 #define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 {
    BUF_MEM *b;
@@ -218,44 +217,29 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
            /* suck in c.slen bytes of data */
            want = c.slen;
            if (want > (len - off)) {
                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
                want -= (len - off);
                if (want > INT_MAX /* BIO_read takes an int length */  ||
                    len + want < len) {
                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
                    goto err;
                }
                if (!BUF_MEM_grow_clean(b, len + want)) {
                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
                    goto err;
                }
                while (want > 0) {
-                    /*
+                    i = BIO_read(in, &(b->data[len]), want);
-                     * Read content in chunks of increasing size
+                    if (i <= 0) {
-                     * so we can return an error for EOF without
+                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-                     * having to allocate the entire content length
+                                ASN1_R_NOT_ENOUGH_DATA);
                     * in one go.
                     */
                    size_t chunk = want > chunk_max ? chunk_max : want;
                    if (!BUF_MEM_grow_clean(b, len + chunk)) {
                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
                        goto err;
                    }
                    want -= chunk;
                    while (chunk > 0) {
                        i = BIO_read(in, &(b->data[len]), chunk);
                        if (i <= 0) {
                            ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
                                    ASN1_R_NOT_ENOUGH_DATA);
                            goto err;
                        }
                    /*
                     * This can't overflow because |len+want| didn't
                     * overflow.
                     */
-                        len += i;
+                    len += i;
-                        chunk -= i;
+                    want -= i;
                    }
                    if (chunk_max < INT_MAX/2)
                        chunk_max *= 2;
                }
            }
            if (off + c.slen < off) {
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -86,8 +86,7 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
    p = str;
    i2d(data, &p);
-    if (!EVP_Digest(str, i, md, len, type, NULL))
+    EVP_Digest(str, i, md, len, type, NULL);
        return 0;
    OPENSSL_free(str);
    return (1);
 }
@@ -104,8 +103,7 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
    if (!str)
        return (0);
-    if (!EVP_Digest(str, i, md, len, type, NULL))
+    EVP_Digest(str, i, md, len, type, NULL);
        return 0;
    OPENSSL_free(str);
    return (1);
 }
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -182,10 +182,10 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
    p = buf_in;
    i2d(data, &p);
-    if (!EVP_SignInit_ex(&ctx, type, NULL)
+    EVP_SignInit_ex(&ctx, type, NULL);
-        || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl)
+    EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl);
-        || !EVP_SignFinal(&ctx, (unsigned char *)buf_out,
+    if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out,
-                          (unsigned int *)&outl, pkey)) {
+                       (unsigned int *)&outl, pkey)) {
        outl = 0;
        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
        goto err;
@@ -221,89 +221,58 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
                   EVP_PKEY *pkey, const EVP_MD *type)
 {
    EVP_MD_CTX ctx;
    EVP_MD_CTX_init(&ctx);
    if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) {
        EVP_MD_CTX_cleanup(&ctx);
        return 0;
    }
    return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
 }
 int ASN1_item_sign_ctx(const ASN1_ITEM *it,
                       X509_ALGOR *algor1, X509_ALGOR *algor2,
                       ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
 {
    const EVP_MD *type;
    EVP_PKEY *pkey;
    unsigned char *buf_in = NULL, *buf_out = NULL;
-    size_t inl = 0, outl = 0, outll = 0;
+    int inl = 0, outl = 0, outll = 0;
    int signid, paramtype;
    int rv;
-    type = EVP_MD_CTX_md(ctx);
+    if (type == NULL) {
-    pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
+        int def_nid;
        if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
            type = EVP_get_digestbynid(def_nid);
    }
-    if (!type || !pkey) {
+    if (type == NULL) {
-        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST);
        return 0;
    }
-    if (pkey->ameth->item_sign) {
+    if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
-        rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature);
+        if (!pkey->ameth ||
-        if (rv == 1)
+            !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
-            outl = signature->length;
+                                    pkey->ameth->pkey_id)) {
-        /*-
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN,
-         * Return value meanings:
+                    ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
-         * <=0: error.
+            return 0;
-         *   1: method does everything.
+        }
         *   2: carry on as normal.
         *   3: ASN1 method sets algorithm identifiers: just sign.
         */
        if (rv <= 0)
            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
        if (rv <= 1)
            goto err;
    } else
-        rv = 2;
+        signid = type->pkey_type;
-    if (rv == 2) {
+    if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
-        if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
+        paramtype = V_ASN1_NULL;
-            if (!pkey->ameth ||
+    else
-                !OBJ_find_sigid_by_algs(&signid,
+        paramtype = V_ASN1_UNDEF;
                                        EVP_MD_nid(type),
                                        pkey->ameth->pkey_id)) {
                ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
                        ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
                return 0;
            }
        } else
            signid = type->pkey_type;
-        if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
+    if (algor1)
-            paramtype = V_ASN1_NULL;
+        X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
-        else
+    if (algor2)
-            paramtype = V_ASN1_UNDEF;
+        X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
        if (algor1)
            X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
        if (algor2)
            X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
    }
    EVP_MD_CTX_init(&ctx);
    inl = ASN1_item_i2d(asn, &buf_in, it);
    outll = outl = EVP_PKEY_size(pkey);
-    buf_out = OPENSSL_malloc((unsigned int)outl);
+    buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl);
    if ((buf_in == NULL) || (buf_out == NULL)) {
        outl = 0;
-        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
        goto err;
    }
-    if (!EVP_DigestSignUpdate(ctx, buf_in, inl)
+    EVP_SignInit_ex(&ctx, type, NULL);
-        || !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
+    EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl);
    if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out,
                       (unsigned int *)&outl, pkey)) {
        outl = 0;
-        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB);
        goto err;
    }
    if (signature->data != NULL)
@@ -318,7 +287,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
 err:
-    EVP_MD_CTX_cleanup(ctx);
+    EVP_MD_CTX_cleanup(&ctx);
    if (buf_in != NULL) {
        OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
        OPENSSL_free(buf_in);
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -638,7 +638,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
    mbflag |= MBSTRING_FLAG;
    stmp.data = NULL;
    stmp.length = 0;
    stmp.flags = 0;
    ret =
        ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
                           B_ASN1_UTF8STRING);
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -267,11 +267,6 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
    t -= offset * 60;           /* FIXME: may overflow in extreme cases */
    tm = OPENSSL_gmtime(&t, &data);
    /*
     * NB: -1, 0, 1 already valid return values so use -2 to indicate error.
     */
    if (tm == NULL)
        return -2;
 #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
    year = g2(s->data);
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -104,12 +104,8 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
    p = buf_in;
    i2d(data, &p);
-    if (!EVP_VerifyInit_ex(&ctx, type, NULL)
+    EVP_VerifyInit_ex(&ctx, type, NULL);
-        || !EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl)) {
+    EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl);
        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
        ret = 0;
        goto err;
    }
    OPENSSL_cleanse(buf_in, (unsigned int)inl);
    OPENSSL_free(buf_in);
@@ -137,6 +133,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
                     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
 {
    EVP_MD_CTX ctx;
    const EVP_MD *type = NULL;
    unsigned char *buf_in = NULL;
    int ret = -1, inl;
@@ -159,42 +156,23 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
        goto err;
    }
-    if (mdnid == NID_undef) {
+    type = EVP_get_digestbynid(mdnid);
-        if (!pkey->ameth || !pkey->ameth->item_verify) {
+    if (type == NULL) {
-            ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
-                    ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+                ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-            goto err;
+        goto err;
-        }
+    }
        ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey);
        /*
         * Return value of 2 means carry on, anything else means we exit
         * straight away: either a fatal error of the underlying verification
         * routine handles all verification.
         */
        if (ret != 2)
            goto err;
        ret = -1;
    } else {
        const EVP_MD *type;
        type = EVP_get_digestbynid(mdnid);
        if (type == NULL) {
            ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
                    ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
            goto err;
        }
-        /* Check public key OID matches public key type */
+    /* Check public key OID matches public key type */
-        if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
+    if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
-            ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
-            goto err;
+        goto err;
-        }
+    }
        if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) {
            ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
            ret = 0;
            goto err;
        }
    if (!EVP_VerifyInit_ex(&ctx, type, NULL)) {
        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
        ret = 0;
        goto err;
    }
    inl = ASN1_item_i2d(asn, &buf_in, it);
@@ -204,17 +182,13 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
        goto err;
    }
-    if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) {
+    EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl);
        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
        ret = 0;
        goto err;
    }
    OPENSSL_cleanse(buf_in, (unsigned int)inl);
    OPENSSL_free(buf_in);
-    if (EVP_DigestVerifyFinal(&ctx, signature->data,
+    if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,
-                              (size_t)signature->length) <= 0) {
+                        (unsigned int)signature->length, pkey) <= 0) {
        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
        ret = 0;
        goto err;
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -70,7 +70,6 @@ extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
 /* Keep this sorted in type order !! */
 static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
@@ -91,8 +90,7 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_EC
    &eckey_asn1_meth,
 #endif
-    &hmac_asn1_meth,
+    &hmac_asn1_meth
    &cmac_asn1_meth
 };
 typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
@@ -286,8 +284,6 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
    if (!ameth)
        return NULL;
    memset(ameth, 0, sizeof(EVP_PKEY_ASN1_METHOD));
    ameth->pkey_id = id;
    ameth->pkey_base_id = id;
    ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC;
@@ -318,9 +314,6 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
    ameth->old_priv_encode = 0;
    ameth->old_priv_decode = 0;
    ameth->item_verify = 0;
    ameth->item_sign = 0;
    ameth->pkey_size = 0;
    ameth->pkey_bits = 0;
@@ -372,9 +365,6 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
    dst->pkey_free = src->pkey_free;
    dst->pkey_ctrl = src->pkey_ctrl;
    dst->item_sign = src->item_sign;
    dst->item_verify = src->item_verify;
 }
 void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -236,7 +236,7 @@ typedef struct asn1_object_st {
 */
 # define ASN1_STRING_FLAG_MSTRING 0x040
 /* This is the base type that holds just about everything :-) */
-struct asn1_string_st {
+typedef struct asn1_string_st {
    int length;
    int type;
    unsigned char *data;
@@ -246,7 +246,7 @@ struct asn1_string_st {
     * non-zero 'unused bits' value, it will be handled correctly
     */
    long flags;
-};
+} ASN1_STRING;
 /*
 * ASN1_ENCODING structure: this is used to save the received encoding of an
@@ -294,6 +294,7 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
 * Declarations for template structures: for full definitions see asn1t.h
 */
 typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
 typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct ASN1_TLC_st ASN1_TLC;
 /* This is just an opaque pointer */
 typedef struct ASN1_VALUE_st ASN1_VALUE;
@@ -1204,7 +1205,6 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_ASN1_ITEM_I2D_FP                          193
 # define ASN1_F_ASN1_ITEM_PACK                            198
 # define ASN1_F_ASN1_ITEM_SIGN                            195
 # define ASN1_F_ASN1_ITEM_SIGN_CTX                        220
 # define ASN1_F_ASN1_ITEM_UNPACK                          199
 # define ASN1_F_ASN1_ITEM_VERIFY                          197
 # define ASN1_F_ASN1_MBSTRING_NCOPY                       122
@@ -1277,7 +1277,6 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_PKCS5_PBE2_SET_IV                         167
 # define ASN1_F_PKCS5_PBE_SET                             202
 # define ASN1_F_PKCS5_PBE_SET0_ALGOR                      215
 # define ASN1_F_PKCS5_PBKDF2_SET                          219
 # define ASN1_F_SMIME_READ_ASN1                           212
 # define ASN1_F_SMIME_TEXT                                213
 # define ASN1_F_X509_CINF_NEW                             168
@@ -1303,7 +1302,6 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
 # define ASN1_R_BUFFER_TOO_SMALL                          107
 # define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER           108
 # define ASN1_R_CONTEXT_NOT_INITIALISED                   217
 # define ASN1_R_DATA_IS_WRONG                             109
 # define ASN1_R_DECODE_ERROR                              110
 # define ASN1_R_DECODING_ERROR                            111
--- a/Show More
+++ b/Show More