Release OpenSSL 0.9.6a [engine]

The tag will be OpenSSL-engine-0_9_6a
Merge in changes from the 0.9.6-stable branch.
2001-04-05 17:48:04 +00:00 · 2001-04-05 10:55:19 +00:00 · 2001-04-04 16:34:38 +00:00 · 2001-04-02 17:34:41 +00:00 · 2001-03-30 16:21:20 +00:00 · 2001-03-30 16:02:44 +00:00
332 changed files with 6070 additions and 15763 deletions
--- a/357
+++ b/357
@@ -2,119 +2,257 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
+ Changes between 0.9.6 and 0.9.6a  [5 Apr 2001]

-  *) Make DSO load along a path given through an environment variable
-     (SHLIB_PATH) with shl_load().
+  *) Fix a couple of memory leaks in PKCS7_dataDecode()
+     [Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>]
+
+  *) Change Configure and Makefiles to provide EXE_EXT, which will contain
+     the default extension for executables, if any.  Also, make the perl
+     scripts that use symlink() to test if it really exists and use "cp"
+     if it doesn't.  All this made OpenSSL compilable and installable in
+     CygWin.
     [Richard Levitte]

-  *) Constify the ENGINE code as a result of BIGNUM constification.
-     Also constify the RSA code and most things related to it.  In a
-     few places, most notable in the depth of the ASN.1 code, ugly
-     casts back to non-const were required (to be solved at a later
-     time)
+  *) Fix for asn1_GetSequence() for indefinite length constructed data.
+     If SEQUENCE is length is indefinite just set c->slen to the total
+     amount of data available.
+     [Steve Henson, reported by shige@FreeBSD.org]
+     [This change does not apply to 0.9.7.]
+
+  *) Change bctest to avoid here-documents inside command substitution
+     (workaround for FreeBSD /bin/sh bug).
+     For compatibility with Ultrix, avoid shell functions (introduced
+     in the bctest version that searches along $PATH).
+     [Bodo Moeller]
+
+  *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes
+     with des_encrypt() defined on some operating systems, like Solaris
+     and UnixWare.
     [Richard Levitte]

-  *) Make it so the openssl application has all engines loaded by default.
+  *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
+     On the Importance of Eliminating Errors in Cryptographic
+     Computations, J. Cryptology 14 (2001) 2, 101-119,
+     http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
+     [Ulf Moeller]
+  
+  *) MIPS assembler BIGNUM division bug fix. 
+     [Andy Polyakov]
+
+  *) Disabled incorrect Alpha assembler code.
     [Richard Levitte]

-  *) Constify the BIGNUM routines a little more.
+  *) Fix PKCS#7 decode routines so they correctly update the length
+     after reading an EOC for the EXPLICIT tag.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Fix bug in PKCS#12 key generation routines. This was triggered
+     if a 3DES key was generated with a 0 initial byte. Include
+     PKCS12_BROKEN_KEYGEN compilation option to retain the old
+     (but broken) behaviour.
+     [Steve Henson]
+
+  *) Enhance bctest to search for a working bc along $PATH and print
+     it when found.
+     [Tim Rice <tim@multitalents.net> via Richard Levitte]
+
+  *) Fix memory leaks in err.c: free err_data string if necessary;
+     don't write to the wrong index in ERR_set_error_data.
+     [Bodo Moeller]
+
+  *) Implement ssl23_peek (analogous to ssl23_read), which previously
+     did not exist.
+     [Bodo Moeller]
+
+  *) Replace rdtsc with _emit statements for VC++ version 5.
+     [Jeremy Cooper <jeremy@baymoo.org>]
+
+  *) Make it possible to reuse SSLv2 sessions.
     [Richard Levitte]

+  *) In copy_email() check for >= 0 as a return value for
+     X509_NAME_get_index_by_NID() since 0 is a valid index.
+     [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
+
+  *) Avoid coredump with unsupported or invalid public keys by checking if
+     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+     PKCS7_verify() fails with non detached data.
+     [Steve Henson]
+
+  *) Don't use getenv in library functions when run as setuid/setgid.
+     New function OPENSSL_issetugid().
+     [Ulf Moeller]
+
+  *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+     due to incorrect handling of multi-threading:
+
+     1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+     2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+     3. Count how many times MemCheck_off() has been called so that
+        nested use can be treated correctly.  This also avoids 
+        inband-signalling in the previous code (which relied on the
+        assumption that thread ID 0 is impossible).
+     [Bodo Moeller]
+
+  *) Add "-rand" option also to s_client and s_server.
+     [Lutz Jaenicke]
+
+  *) Fix CPU detection on Irix 6.x.
+     [Kurt Hockenbury <khockenb@stevens-tech.edu> and
+      "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+     was empty.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Use the cached encoding of an X509_NAME structure rather than
+     copying it. This is apparently the reason for the libsafe "errors"
+     but the code is actually correct.
+     [Steve Henson]
+
+  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+     Bleichenbacher's DSA attack.
+     Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+     to be set and top=0 forces the highest bit to be set; top=-1 is new
+     and leaves the highest bit random.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) In the NCONF_...-based implementations for CONF_... queries
+     (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+     a temporary CONF structure with the data component set to NULL
+     (which gives segmentation faults in lh_retrieve).
+     Instead, use NULL for the CONF pointer in CONF_get_string and
+     CONF_get_number (which may use environment variables) and directly
+     return NULL from CONF_get_section.
+     [Bodo Moeller]
+
+  *) Fix potential buffer overrun for EBCDIC.
+     [Ulf Moeller]
+
+  *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+     keyUsage if basicConstraints absent for a CA.
+     [Steve Henson]
+
+  *) Make SMIME_write_PKCS7() write mail header values with a format that
+     is more generally accepted (no spaces before the semicolon), since
+     some programs can't parse those values properly otherwise.  Also make
+     sure BIO's that break lines after each write do not create invalid
+     headers.
+     [Richard Levitte]
+
+  *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+     macros previously used would not encode an empty SEQUENCE OF
+     and break the signature.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
+  *) Add some EVP_add_digest_alias registrations (as found in
+     OpenSSL_add_all_digests()) to SSL_library_init()
+     aka OpenSSL_add_ssl_algorithms().  This provides improved
+     compatibility with peers using X.509 certificates
+     with unconventional AlgorithmIdentifier OIDs.
+     [Bodo Moeller]
+
+  *) Fix for Irix with NO_ASM.
+     ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) ./config script fixes.
+     [Ulf Moeller, Richard Levitte]
+
+  *) Fix 'openssl passwd -1'.
+     [Bodo Moeller]
+
+  *) Change PKCS12_key_gen_asc() so it can cope with non null
+     terminated strings whose length is passed in the passlen
+     parameter, for example from PEM callbacks. This was done
+     by adding an extra length parameter to asc2uni().
+     [Steve Henson, reported by <oddissey@samsung.co.kr>]
+
+  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+     call failed, free the DSA structure.
+     [Bodo Moeller]
+
+  *) Fix to uni2asc() to cope with zero length Unicode strings.
+     These are present in some PKCS#12 files.
+     [Steve Henson]
+
+  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
+     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
+     when writing a 32767 byte record.
+     [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
+
+  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
+
+     (RSA objects have a reference count access to which is protected
+     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+     so they are meant to be shared between threads.)
+     [Bodo Moeller, Geoff Thorpe; original patch submitted by
+     "Reddie, Steven" <Steven.Reddie@ca.com>]
+
+  *) Fix a deadlock in CRYPTO_mem_leaks().
+     [Bodo Moeller]
+
+  *) Use better test patterns in bntest.
+     [Ulf M<>ller]
+
+  *) rand_win.c fix for Borland C.
+     [Ulf M<>ller]
+ 
+  *) BN_rshift bugfix for n == 0.
+     [Bodo Moeller]
+
+  *) Add a 'bctest' script that checks for some known 'bc' bugs
+     so that 'make test' does not abort just because 'bc' is broken.
+     [Bodo Moeller]
+
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
+     SSL3_RT_APPLICATION_DATA, return 0.
+     Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
+     [Bodo Moeller]
+
+  *) Fix SSL_peek:
+     Both ssl2_peek and ssl3_peek, which were totally broken in earlier
+     releases, have been re-implemented by renaming the previous
+     implementations of ssl2_read and ssl3_read to ssl2_read_internal
+     and ssl3_read_internal, respectively, and adding 'peek' parameters
+     to them.  The new ssl[23]_{read,peek} functions are calls to
+     ssl[23]_read_internal with the 'peek' flag set appropriately.
+     A 'peek' parameter has also been added to ssl3_read_bytes, which
+     does the actual work for ssl3_read_internal.
+     [Bodo Moeller]
+
+  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+     the method-specific "init()" handler. Also clean up ex_data after
+     calling the method-specific "finish()" handler. Previously, this was
+     happening the other way round.
+     [Geoff Thorpe]
+
+  *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
+     The previous value, 12, was not always sufficient for BN_mod_exp().
+     [Bodo Moeller]
+
  *) Make sure that shared libraries get the internal name engine with
     the full version number and not just 0.  This should mark the
     shared libraries as not backward compatible.  Of course, this should
     be changed again when we can guarantee backward binary compatibility.
     [Richard Levitte]

-  *) Add the following functions:
-
-	ENGINE_load_cswift()
-	ENGINE_load_chil()
-	ENGINE_load_atalla()
-	ENGINE_load_nuron()
-	ENGINE_load_builtin_engines()
-
-     That way, an application can itself choose if external engines that
-     are built-in in OpenSSL shall ever be used or not.  The benefit is
-     that applications won't have to be linked with libdl or other dso
-     libraries unless it's really needed.
-
-     Changed 'openssl engine' to load all engines on demand.
-     Changed the engine header files to avoid the duplication of some
-     declarations (they differed!).
-     [Richard Levitte]
-
-  *) 'openssl engine' can now list capabilities.
-     [Richard Levitte]
-
-  *) Better error reporting in 'openssl engine'.
-     [Richard Levitte]
-
-  *) Never call load_dh_param(NULL) in s_server.
-     [Bodo Moeller]
-
-  *) Add engine application.  It can currently list engines by name and
-     identity, and test if they are actually available.
-     [Richard Levitte]
-
-  *) Add support for shared libraries under Irix.
-     [Albert Chin-A-Young <china@thewrittenword.com>]
-
-  *) Improve RPM specification file by forcing symbolic linking and making
-     sure the installed documentation is also owned by root.root.
-     [Damien Miller <djm@mindrot.org>]
-
-  *) Add configuration option to build on Linux on both big-endian and
-     little-endian MIPS.
-     [Ralf Baechle <ralf@uni-koblenz.de>]
-
-  *) Give the OpenSSL applications more possibilities to make use of
-     keys (public as well as private) handled by engines.
-     [Richard Levitte]
-
-  *) Add OCSP code that comes from CertCo.
-     [Richard Levitte]
-
-  *) Add VMS support for the Rijndael code.
-     [Richard Levitte]
-
-  *) Added untested support for Nuron crypto accelerator.
-     [Ben Laurie]
-
-  *) Add support for external cryptographic devices.  This code was
-     previously distributed separately as the "engine" branch.
-     [Geoff Thorpe, Richard Levitte]
-
-  *) Rework the filename-translation in the DSO code. It is now possible to
-     have far greater control over how a "name" is turned into a filename
-     depending on the operating environment and any oddities about the
-     different shared library filenames on each system.
-     [Geoff Thorpe]
-
-  *) Support threads on FreeBSD-elf in Configure.
-     [Richard Levitte]
-
-  *) Add the possibility to create shared libraries on HP-UX
-     [Richard Levitte]
-
-  *) Fix for SHA1 assembly problem with MASM: it produces
-     warnings about corrupt line number information when assembling
-     with debugging information. This is caused by the overlapping
-     of two sections.
-     [Bernd Matthes <mainbug@celocom.de>, Steve Henson]
-
-  *) NCONF changes.
-     NCONF_get_number() has no error checking at all.  As a replacement,
-     NCONF_get_number_e() is defined (_e for "error checking") and is
-     promoted strongly.  The old NCONF_get_number is kept around for
-     binary backward compatibility.
-     Make it possible for methods to load from something other than a BIO,
-     by providing a function pointer that is given a name instead of a BIO.
-     For example, this could be used to load configuration data from an
-     LDAP server.
-     [Richard Levitte]
-
  *) Fix typo in get_cert_by_subject() in by_dir.c
     [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]

@@ -133,26 +271,6 @@
       static ones.
     [Richard Levitte]

-  *) Fix for non blocking accept BIOs. Added new I/O special reason
-     BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
-     with non blocking I/O was not possible because no retry code was
-     implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
-     this case.
-     [Steve Henson]
-
-  *) Added the beginnings of Rijndael support.
-     [Ben Laurie]
-
-  *) Fix for bug in DirectoryString mask setting. Add support for
-     X509_NAME_print_ex() in 'req' and X509_print_ex() function
-     to allow certificate printing to more controllable, additional
-     'certopt' option to 'x509' to allow new printing options to be
-     set.
-     [Steve Henson]
-
-  *) Clean old EAY MD5 hack from e_os.h.
-     [Richard Levitte]
-
  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.

     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
@@ -166,6 +284,9 @@
     matter what.
     [Richard Levitte]

+  *) Added several new manual pages for SSL_* function.
+     [Lutz Jaenicke]
+
 Changes between 0.9.5a and 0.9.6  [24 Sep 2000]

  *) In ssl23_get_client_hello, generate an error message when faced
--- a/142
+++ b/142
@@ -33,6 +33,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
 # [no-]shared	[don't] try to create shared libraries when supported.
+#               IT IS NOT RECOMMENDED TO USE "shared"!  Since this is a
+#               development branch, the positions of the ENGINE symbols
+#               in the transfer vector are constantly moving, so binary
+#               backward compatibility can't be guaranteed in any way.
 # no-asm        do not use assembler
 # no-dso        do not compile in any native shared-library methods. This
 #               will ensure that all methods just return NULL.
@@ -94,6 +98,11 @@ my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm
 my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
 my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";

+my $mips3_irix_asm="asm/mips3.o::::::::";
+# There seems to be boundary faults in asm/alpha.s.
+#my $alpha_asm="asm/alpha.o::::::::";
+my $alpha_asm="::::::::";
+
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined

@@ -132,18 +141,18 @@ my %table=(
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
@@ -154,7 +163,7 @@ my %table=(
 "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
 "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -177,17 +186,17 @@ my %table=(

 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o:::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o:::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o:::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o:::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",

 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -219,41 +228,41 @@ my %table=(
 #
 #!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn",

 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
 # Chris Ruemmler <ruemmler@cup.hp.com>
 # Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",

 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
 # egcs.  gcc 2.8.1 is also broken.

-"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
 # please report your OS and compiler version to the openssl-bugs@openssl.org
 # mailing list.
-"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",

-"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux-gcc fails, try this one:
-"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",

 # HPUX 10.X config.  Supports threads.
-"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
-"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",

-"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux10-gcc fails, try this one:
-"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",

 # HPUX 11.X from www.globus.org.
 # Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
@@ -267,9 +276,9 @@ my %table=(
 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:tru64-shared::.so",
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:tru64-shared::.so",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:tru64-shared::.so",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
 "FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### Alpha Linux with GNU C and Compaq C setups
@@ -285,13 +294,13 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",

 # assembler versions -- currently defunct:
-##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",

 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
@@ -299,18 +308,18 @@ my %table=(
 "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
-"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+"linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
@@ -322,16 +331,25 @@ my %table=(
 # Linux on ARM
 "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

-# UnixWare 2.0
-"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+# UnixWare 2.0x fails destest with -O
+"unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+
+# UnixWare 2.1
+"unixware-2.1","cc:-O -DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",

 # UnixWare 7
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",

 # IBM's AIX.
 "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",

 #
 # Cray T90 (SDSC)
@@ -358,12 +376,16 @@ my %table=(

 # DGUX, 88100.
 "dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
 "dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",

+# SCO 3 - Tim Rice <tim@multitalents.net>
+"sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
 "sco5-cc",  "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...

 # Sinix/ReliantUNIX RM400
@@ -421,6 +443,7 @@ my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32

 my $prefix="";
 my $openssldir="";
+my $exe_ext="";
 my $install_prefix="";
 my $no_threads=0;
 my $no_shared=1;
@@ -448,10 +471,10 @@ my $md5_obj="";
 my $sha1_obj="";
 my $rmd160_obj="";
 my $processor="";
-my $ranlib;
+my $default_ranlib;
 my $perl;

-$ranlib=&which("ranlib") or $ranlib="true";
+$default_ranlib= &which("ranlib") or $default_ranlib="true";
 $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
  or $perl="perl";

@@ -637,6 +660,7 @@ print "Configuring for $target\n";

 my $IsWindows=scalar grep /^$target$/,@WinTargets;

+$exe_ext=".exe" if ($target eq "CygWin32");
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";

@@ -650,7 +674,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
 print "IsWindows=$IsWindows\n";

 (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
- $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $shared_extension)=
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $shared_extension,my $ranlib)=
 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 $cflags="$flags$cflags" if ($flags ne "");

@@ -743,6 +767,11 @@ else
 	$no_shared = 1;
 	}

+if ($ranlib eq "")
+	{
+	$ranlib = $default_ranlib;
+	}
+
 #my ($bn1)=split(/\s+/,$bn_obj);
 #$bn1 = "" unless defined $bn1;
 #$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
@@ -834,6 +863,7 @@ while (<IN>)
 	s/^CFLAG=.*$/CFLAG= $cflags/;
 	s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
 	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
+	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
 	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
@@ -849,16 +879,7 @@ while (<IN>)
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
 	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
-	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
-		{
-		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/
-		}
-	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
-		{
-		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
-		}
+	s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.so.\$(SHLIB_MAJOR) .so/ if ($shared_extension ne "" && $shared_extension !~ /^\.s[ol]$/);
 	print OUT $_."\n";
 	}
 close(IN);
@@ -1146,7 +1167,7 @@ sub print_table_entry
 	my $bn_obj,my $des_obj,my $bf_obj,
 	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
 	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
-	my $shared_extension)=
+	my $shared_extension,my $ranlib)=
 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 			
 	print <<EOF
@@ -1171,5 +1192,6 @@ sub print_table_entry
 \$shared_target= $shared_target
 \$shared_cflag = $shared_cflag
 \$shared_extension = $shared_extension
+\$ranlib       = $ranlib
 EOF
 	}
--- a/449
+++ b/449
@@ -1,20 +1,22 @@
 OpenSSL  -  Frequently Asked Questions
 --------------------------------------

+[MISC] Miscellaneous questions
+
 * Which is the current version of OpenSSL?
 * Where is the documentation?
 * How can I contact the OpenSSL developers?
-* Do I need patent licenses to use OpenSSL?
-* Is OpenSSL thread-safe?
-* Why do I get a "PRNG not seeded" error message?
-* Why does the linker complain about undefined symbols?
 * Where can I get a compiled version of OpenSSL?
-* I've compiled a program under Windows and it crashes: why?
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-* I've called <some function> and it fails, why?
-* I just get a load of numbers for the error output, what do they mean?
-* Why do I get errors about unknown algorithms?
+* Why aren't tools like 'autoconf' and 'libtool' used?
+
+[LEGAL] Legal questions
+
+* Do I need patent licenses to use OpenSSL?
+* Can I use OpenSSL with GPL software? 
+
+[USER] Questions on using the OpenSSL applications
+
+* Why do I get a "PRNG not seeded" error message?
 * How do I create certificates or certificate requests?
 * Why can't I create certificate requests?
 * Why does <SSL program> fail with a certificate verify error?
@@ -22,19 +24,38 @@ OpenSSL  -  Frequently Asked Questions
 * How can I create DSA certificates?
 * Why can't I make an SSL connection using a DSA certificate?
 * How can I remove the passphrase on a private key?
-* Why can't the OpenSSH configure script detect OpenSSL?
+* Why can't I use OpenSSL certificates with SSL client authentication?
+* Why does my browser give a warning about a mismatched hostname?
+
+[BUILD] Questions about building and testing OpenSSL
+
+* Why does the linker complain about undefined symbols?
 * Why does the OpenSSL test fail with "bc: command not found"?
 * Why does the OpenSSL test fail with "bc: 1 no implemented"?
 * Why does the OpenSSL compilation fail on Alpha True64 Unix?
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 * Why does the OpenSSL compilation fail on Win32 with VC++?
-* Why aren't tools like 'autoconf' and 'libtool' used?

+[PROG] Questions about programming with OpenSSL
+
+* Is OpenSSL thread-safe?
+* I've compiled a program under Windows and it crashes: why?
+* How do I read or write a DER encoded buffer using the ASN1 functions?
+* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
+* I've called <some function> and it fails, why?
+* I just get a load of numbers for the error output, what do they mean?
+* Why do I get errors about unknown algorithms?
+* Why can't the OpenSSH configure script detect OpenSSL?
+* Can I use OpenSSL's SSL library with non-blocking I/O?
+
+===============================================================================
+
+[MISC] ========================================================================

 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6 was released on September 24th, 2000.
+OpenSSL 0.9.6a was released on April 5th, 2001.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -80,6 +101,27 @@ OpenSSL.  Information on the OpenSSL mailing lists is available from
 <URL: http://www.openssl.org>.


+* Where can I get a compiled version of OpenSSL?
+
+Some applications that use OpenSSL are distributed in binary form.
+When using such an application, you don't need to install OpenSSL
+yourself; the application will include the required parts (e.g. DLLs).
+
+If you want to install OpenSSL on a Windows system and you don't have
+a C compiler, read the "Mingw32" section of INSTALL.W32 for information
+on how to obtain and install the free GNU C compiler.
+
+A number of Linux and *BSD distributions include OpenSSL.
+
+
+* Why aren't tools like 'autoconf' and 'libtool' used?
+
+autoconf will probably be used in future OpenSSL versions. If it was
+less Unix-centric, it might have been used much earlier.
+
+
+[LEGAL] =======================================================================
+
 * Do I need patent licenses to use OpenSSL?

 The patents section of the README file lists patents that may apply to
@@ -91,17 +133,25 @@ You can configure OpenSSL so as not to use RC5 and IDEA by using
 ./config no-rc5 no-idea


-* Is OpenSSL thread-safe?
+* Can I use OpenSSL with GPL software?

-Yes (with limitations: an SSL connection may not concurrently be used
-by multiple threads).  On Windows and many Unix systems, OpenSSL
-automatically uses the multi-threaded versions of the standard
-libraries.  If your platform is not one of these, consult the INSTALL
-file.
+On many systems including the major Linux and BSD distributions, yes (the
+GPL does not place restrictions on using libraries that are part of the
+normal operating system distribution).

-Multi-threaded applications must provide two callback functions to
-OpenSSL.  This is described in the threads(3) manpage.
+On other systems, the situation is less clear. Some GPL software copyright
+holders claim that you infringe on their rights if you use OpenSSL with
+their software on operating systems that don't normally include OpenSSL.

+If you develop open source software that uses OpenSSL, you may find it
+useful to choose an other license than the GPL, or state explicitely that
+"This program is released under the GPL with the additional exemption that
+compiling, linking, and/or using OpenSSL is allowed."  If you are using
+GPL software developed by others, you may want to ask the copyright holder
+for permission to use their software with OpenSSL.
+
+
+[USER] ========================================================================

 * Why do I get a "PRNG not seeded" error message?

@@ -140,6 +190,101 @@ versions.  However, be warned that /dev/random is usually a blocking
 device, which may have some effects on OpenSSL.


+* How do I create certificates or certificate requests?
+
+Check out the CA.pl(1) manual page. This provides a simple wrapper round
+the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
+out the manual pages for the individual utilities and the certificate
+extensions documentation (currently in doc/openssl.txt).
+
+
+* Why can't I create certificate requests?
+
+You typically get the error:
+
+	unable to find 'distinguished_name' in config
+	problems making Certificate Request
+
+This is because it can't find the configuration file. Check out the
+DIAGNOSTICS section of req(1) for more information.
+
+
+* Why does <SSL program> fail with a certificate verify error?
+
+This problem is usually indicated by log messages saying something like
+"unable to get local issuer certificate" or "self signed certificate".
+When a certificate is verified its root CA must be "trusted" by OpenSSL
+this typically means that the CA certificate must be placed in a directory
+or file and the relevant program configured to read it. The OpenSSL program
+'verify' behaves in a similar way and issues similar error messages: check
+the verify(1) program manual page for more information.
+
+
+* Why can I only use weak ciphers when I connect to a server using OpenSSL?
+
+This is almost certainly because you are using an old "export grade" browser
+which only supports weak encryption. Upgrade your browser to support 128 bit
+ciphers.
+
+
+* How can I create DSA certificates?
+
+Check the CA.pl(1) manual page for a DSA certificate example.
+
+
+* Why can't I make an SSL connection to a server using a DSA certificate?
+
+Typically you'll see a message saying there are no shared ciphers when
+the same setup works fine with an RSA certificate. There are two possible
+causes. The client may not support connections to DSA servers most web
+browsers (including Netscape and MSIE) only support connections to servers
+supporting RSA cipher suites. The other cause is that a set of DH parameters
+has not been supplied to the server. DH parameters can be created with the
+dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
+check the source to s_server in apps/s_server.c for an example.
+
+
+* How can I remove the passphrase on a private key?
+
+Firstly you should be really *really* sure you want to do this. Leaving
+a private key unencrypted is a major security risk. If you decide that
+you do have to do this check the EXAMPLES sections of the rsa(1) and
+dsa(1) manual pages.
+
+
+* Why can't I use OpenSSL certificates with SSL client authentication?
+
+What will typically happen is that when a server requests authentication
+it will either not include your certificate or tell you that you have
+no client certificates (Netscape) or present you with an empty list box
+(MSIE). The reason for this is that when a server requests a client
+certificate it includes a list of CAs names which it will accept. Browsers
+will only let you select certificates from the list on the grounds that
+there is little point presenting a certificate which the server will
+reject.
+
+The solution is to add the relevant CA certificate to your servers "trusted
+CA list". How you do this depends on the server sofware in uses. You can
+print out the servers list of acceptable CAs using the OpenSSL s_client tool:
+
+openssl s_client -connect www.some.host:443 -prexit
+
+If your server only requests certificates on certain URLs then you may need
+to manually issue an HTTP GET command to get the list when s_client connects:
+
+GET /some/page/needing/a/certificate.html
+
+If your CA does not appear in the list then this confirms the problem.
+
+
+* Why does my browser give a warning about a mismatched hostname?
+
+Browsers expect the server's hostname to match the value in the commonName
+(CN) field of the certificate. If it does not then you get a warning.
+
+
+[BUILD] =======================================================================
+
 * Why does the linker complain about undefined symbols?

 Maybe the compilation was interrupted, and make doesn't notice that
@@ -164,17 +309,99 @@ If none of these helps, you may want to try using the current snapshot.
 If the problem persists, please submit a bug report.


-* Where can I get a compiled version of OpenSSL?
+* Why does the OpenSSL test fail with "bc: command not found"?

-Some applications that use OpenSSL are distributed in binary form.
-When using such an application, you don't need to install OpenSSL
-yourself; the application will include the required parts (e.g. DLLs).
+You didn't install "bc", the Unix calculator.  If you want to run the
+tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.

-If you want to install OpenSSL on a Windows system and you don't have
-a C compiler, read the "Mingw32" section of INSTALL.W32 for information
-on how to obtain and install the free GNU C compiler.

-A number of Linux and *BSD distributions include OpenSSL.
+* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+
+On some SCO installations or versions, bc has a bug that gets triggered
+when you run the test suite (using "make test").  The message returned is
+"bc: 1 not implemented".
+
+The best way to deal with this is to find another implementation of bc
+and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+for download instructions) can be safely used, for example.
+
+
+* Why does the OpenSSL compilation fail on Alpha True64 Unix?
+
+On some Alpha installations running True64 Unix and Compaq C, the compilation
+of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
+memory to continue compilation.'  As far as the tests have shown, this may be
+a compiler bug.  What happens is that it eats up a lot of resident memory
+to build something, probably a table.  The problem is clearly in the
+optimization code, because if one eliminates optimization completely (-O0),
+the compilation goes through (and the compiler consumes about 2MB of resident
+memory instead of 240MB or whatever one's limit is currently).
+
+There are three options to solve this problem:
+
+1. set your current data segment size soft limit higher.  Experience shows
+that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do
+this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
+kbytes to set the limit to.
+
+2. If you have a hard limit that is lower than what you need and you can't
+get it changed, you can compile all of OpenSSL with -O0 as optimization
+level.  This is however not a very nice thing to do for those who expect to
+get the best result from OpenSSL.  A bit more complicated solution is the
+following:
+
+----- snip:start -----
+  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
+       sed -e 's/ -O[0-9] / -O0 /'`"
+  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
+  make
+----- snip:end -----
+
+This will only compile sha_dgst.c with -O0, the rest with the optimization
+level chosen by the configuration process.  When the above is done, do the
+test and installation and you're set.
+
+
+* Why does the OpenSSL compilation fail with "ar: command not found"?
+
+Getting this message is quite usual on Solaris 2, because Sun has hidden
+away 'ar' and other development commands in directories that aren't in
+$PATH by default.  One of those directories is '/usr/ccs/bin'.  The
+quickest way to fix this is to do the following (it assumes you use sh
+or any sh-compatible shell):
+
+----- snip:start -----
+  PATH=${PATH}:/usr/ccs/bin; export PATH
+----- snip:end -----
+
+and then redo the compilation.  What you should really do is make sure
+'/usr/ccs/bin' is permanently in your $PATH, for example through your
+'.profile' (again, assuming you use a sh-compatible shell).
+
+
+* Why does the OpenSSL compilation fail on Win32 with VC++?
+
+Sometimes, you may get reports from VC++ command line (cl) that it
+can't find standard include files like stdio.h and other weirdnesses.
+One possible cause is that the environment isn't correctly set up.
+To solve that problem, one should run VCVARS32.BAT which is found in
+the 'bin' subdirectory of the VC++ installation directory (somewhere
+under 'Program Files').  This needs to be done prior to running NMAKE,
+and the changes are only valid for the current DOS session.
+
+
+[PROG] ========================================================================
+
+* Is OpenSSL thread-safe?
+
+Yes (with limitations: an SSL connection may not concurrently be used
+by multiple threads).  On Windows and many Unix systems, OpenSSL
+automatically uses the multi-threaded versions of the standard
+libraries.  If your platform is not one of these, consult the INSTALL
+file.
+
+Multi-threaded applications must provide two callback functions to
+OpenSSL.  This is described in the threads(3) manpage.


 * I've compiled a program under Windows and it crashes: why?
@@ -261,68 +488,6 @@ is forgetting to load OpenSSL's table of algorithms with
 OpenSSL_add_all_algorithms(). See the manual page for more information.


-* How do I create certificates or certificate requests?
-
-Check out the CA.pl(1) manual page. This provides a simple wrapper round
-the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
-out the manual pages for the individual utilities and the certificate
-extensions documentation (currently in doc/openssl.txt).
-
-
-* Why can't I create certificate requests?
-
-You typically get the error:
-
-	unable to find 'distinguished_name' in config
-	problems making Certificate Request
-
-This is because it can't find the configuration file. Check out the
-DIAGNOSTICS section of req(1) for more information.
-
-
-* Why does <SSL program> fail with a certificate verify error?
-
-This problem is usually indicated by log messages saying something like
-"unable to get local issuer certificate" or "self signed certificate".
-When a certificate is verified its root CA must be "trusted" by OpenSSL
-this typically means that the CA certificate must be placed in a directory
-or file and the relevant program configured to read it. The OpenSSL program
-'verify' behaves in a similar way and issues similar error messages: check
-the verify(1) program manual page for more information.
-
-
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-
-This is almost certainly because you are using an old "export grade" browser
-which only supports weak encryption. Upgrade your browser to support 128 bit
-ciphers.
-
-
-* How can I create DSA certificates?
-
-Check the CA.pl(1) manual page for a DSA certificate example.
-
-
-* Why can't I make an SSL connection to a server using a DSA certificate?
-
-Typically you'll see a message saying there are no shared ciphers when
-the same setup works fine with an RSA certificate. There are two possible
-causes. The client may not support connections to DSA servers most web
-browsers (including Netscape and MSIE) only support connections to servers
-supporting RSA cipher suites. The other cause is that a set of DH parameters
-has not been supplied to the server. DH parameters can be created with the
-dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
-check the source to s_server in apps/s_server.c for an example.
-
-
-* How can I remove the passphrase on a private key?
-
-Firstly you should be really *really* sure you want to do this. Leaving
-a private key unencrypted is a major security risk. If you decide that
-you do have to do this check the EXAMPLES sections of the rsa(1) and
-dsa(1) manual pages.
-
-
 * Why can't the OpenSSH configure script detect OpenSSL?

 There is a problem with OpenSSH 1.2.2p1, in that the configure script
@@ -364,97 +529,19 @@ applied to the OpenSSH distribution:
 ----- snip:end -----


-* Why does the OpenSSL test fail with "bc: command not found"?
+* Can I use OpenSSL's SSL library with non-blocking I/O?

-You didn't install "bc", the Unix calculator.  If you want to run the
-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
+Yes; make sure to read the SSL_get_error(3) manual page!
+
+A pitfall to avoid: Don't assume that SSL_read() will just read from
+the underlying transport or that SSL_write() will just write to it --
+it is also possible that SSL_write() cannot do any useful work until
+there is data to read, or that SSL_read() cannot do anything until it
+is possible to send data.  One reason for this is that the peer may
+request a new TLS/SSL handshake at any time during the protocol,
+requiring a bi-directional message exchange; both SSL_read() and
+SSL_write() will try to continue any pending handshake.


-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-
-On some SCO installations or versions, bc has a bug that gets triggered when
-you run the test suite (using "make test").  The message returned is "bc:
-1 not implemented".  The best way to deal with this is to find another
-implementation of bc and compile/install it.  For example, GNU bc (see
-http://www.gnu.org/software/software.html for download instructions) can
-be safely used.
-
-
-* Why does the OpenSSL compilation fail on Alpha True64 Unix?
-
-On some Alpha installations running True64 Unix and Compaq C, the compilation
-of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
-memory to continue compilation.'  As far as the tests have shown, this may be
-a compiler bug.  What happens is that it eats up a lot of resident memory
-to build something, probably a table.  The problem is clearly in the
-optimization code, because if one eliminates optimization completely (-O0),
-the compilation goes through (and the compiler consumes about 2MB of resident
-memory instead of 240MB or whatever one's limit is currently).
-
-There are three options to solve this problem:
-
-1. set your current data segment size soft limit higher.  Experience shows
-that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do
-this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
-kbytes to set the limit to.
-
-2. If you have a hard limit that is lower than what you need and you can't
-get it changed, you can compile all of OpenSSL with -O0 as optimization
-level.  This is however not a very nice thing to do for those who expect to
-get the best result from OpenSSL.  A bit more complicated solution is the
-following:
-
----- snip:start -----
-  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
-       sed -e 's/ -O[0-9] / -O0 /'`"
-  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
-  make
----- snip:end -----
-
-This will only compile sha_dgst.c with -O0, the rest with the optimization
-level chosen by the configuration process.  When the above is done, do the
-test and installation and you're set.
-
-
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-
-Getting this message is quite usual on Solaris 2, because Sun has hidden
-away 'ar' and other development commands in directories that aren't in
-$PATH by default.  One of those directories is '/usr/ccs/bin'.  The
-quickest way to fix this is to do the following (it assumes you use sh
-or any sh-compatible shell):
-
----- snip:start -----
-  PATH=${PATH}:/usr/ccs/bin; export PATH
----- snip:end -----
-
-and then redo the compilation.  What you should really do is make sure
-'/usr/ccs/bin' is permanently in your $PATH, for example through your
-'.profile' (again, assuming you use a sh-compatible shell).
-
-
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-
-Sometimes, you may get reports from VC++ command line (cl) that it
-can't find standard include files like stdio.h and other weirdnesses.
-One possible cause is that the environment isn't correctly set up.
-To solve that problem, one should run VCVARS32.BAT which is found in
-the 'bin' subdirectory of the VC++ installation directory (somewhere
-under 'Program Files').  This needs to be done prior to running NMAKE,
-and the changes are only valid for the current DOS session.
-
-
-* Why aren't tools like 'autoconf' and 'libtool' used?
-
-autoconf is a nice tool, but is unfortunately very Unix-centric.
-Although one can come up with solution to have ports keep in track,
-there's also some work needed for that, and can be quite painful at
-times.  If there was a 'autoconf'-like tool that generated perl
-scripts or something similarly general, it would probably be used
-in OpenSSL much earlier.
-
-libtool has repeatadly been reported by some members of the OpenSSL
-development and others to be a pain to use.  So far, those in the
-development team who have said anything about this have expressed
-a wish to avoid libtool for that reason.
+===============================================================================

--- a/5
+++ b/5
@@ -57,7 +57,10 @@

  shared        In addition to the usual static libraries, create shared
                libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.
+                shared libraries" below.  THIS IS NOT RECOMMENDED!  Since
+                this is a development branch, the positions of the ENGINE
+                symbols in the transfer vector are constantly moving, so
+                binary backward compatibility can't be guaranteed in any way.

  no-asm        Do not use assembler code.

--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------

 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/Makefile.org
+++ b/Makefile.org
@@ -57,8 +57,9 @@ CC= gcc
 #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 DEPFLAG= 
-PEX_LIBS= -L. -L.. -L../.. -L../../..
+PEX_LIBS= 
 EX_LIBS= 
+EXE_EXT= 
 AR=ar r
 RANLIB= ranlib
 PERL= perl
@@ -161,9 +162,9 @@ SHLIBDIRS= crypto ssl
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso engine rijndael \
+	bn rsa dsa dh dso engine \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

 MAKEFILE= Makefile.ssl
 MAKE=     make -f Makefile.ssl
@@ -201,7 +202,7 @@ sub_all:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' all ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
@@ -220,7 +221,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a
 	fi
 libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' build-shared; \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
@@ -242,7 +243,7 @@ link-shared:
 		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
 			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
 			for j in $${tmp:-x}; do \
-				( set -x; ln -s -f $$prev lib$$i$$j ); \
+				( set -x; ln -f -s $$prev lib$$i$$j ); \
 				prev=lib$$i$$j; \
 			done; \
 		fi; \
@@ -250,60 +251,34 @@ link-shared:

 build-shared: clean-shared do_$(SHLIB_TARGET) link-shared

-do_bsd-gcc-shared: linux-shared
-do_linux-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+do_bsd-gcc-shared: do_gnu-shared
+do_linux-shared: do_gnu-shared
+do_gnu-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
+	libs="$$libs -l$$i"; \
 	done

 # This assumes that GNU utilities are *not* used
 do_tru64-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
 		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 		-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
+	libs="$$libs -l$$i"; \
 	done

 # This assumes that GNU utilities are *not* used
 do_solaris-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+	  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
-	done
-
-# This assumes that GNU utilities are *not* used
-do_irix-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
-	done
-
-# This assumes that GNU utilities are *not* used
-do_hpux-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; /usr/ccs/bin/ld +vnocompatwarnings \
-		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
-	done
-
-# This assumes that GNU utilities are *not* used
-do_hpux64-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; /usr/ccs/bin/ld -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
+	libs="$$libs -l$$i"; \
 	done

 Makefile.ssl: Makefile.org
@@ -375,7 +350,7 @@ test:   tests

 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' EXE_EXT='${EXE_EXT}' tests );
 	@apps/openssl version -a

 report:
@@ -466,7 +441,7 @@ install: all install_docs
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i; echo "installing $$i..."; \
-		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
+		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \
 	fi; \
 	done
 	@for i in $(LIBS) ;\
@@ -499,19 +474,19 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
+	@echo installing man 1 and man 5
 	@for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
-		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
 			 --release=$(VERSION) `basename $$i`) \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
+	@echo installing man 3 and man 7
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
-		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`) \
--- a/25
+++ b/25
@@ -5,6 +5,31 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
+      o Compatibility fix: the function des_encrypt() renamed to
+        des_encrypt1() to avoid clashes with some Unixen libc.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded enviroments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range().
+      o Add "-rand" option to openssl s_client and s_server.
+
  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:

      o Some documentation for BIO and SSL libraries.
--- a/2
+++ b/2
@@ -1,5 +1,5 @@

- OpenSSL 0.9.7-dev 24 Sep 2000
+ OpenSSL 0.9.6a [engine] 5 Apr 2001

 Copyright (c) 1998-2000 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/README.ENGINE
+++ b/README.ENGINE
@@ -25,6 +25,25 @@
  What already exists is fairly stable as far as it has been tested, but
  the test base has been a bit small most of the time.

+  Because of this experimental status and what's lacking, the ENGINE
+  component is not yet part of the default OpenSSL distribution.  However,
+  we have made a separate kit for those who want to try this out, to be
+  found in the same places as the default OpenSSL distribution, but with
+  "-engine-" being part of the kit file name.  For example, version 0.9.6
+  is distributed in the following two files:
+
+      openssl-0.9.6.tar.gz
+      openssl-engine-0.9.6.tar.gz
+
+  NOTES
+  =====
+
+  openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
+  not need to download both.
+
+  openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
+  crypto device.  The internal OpenSSL functions are contained in the
+  engine "openssl", and will be used by default.

  No external crypto device is chosen unless you say so.  You have actively
  tell the openssl utility commands to use it through a new command line
--- a/30
+++ b/30
@@ -1,10 +1,10 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2000/10/26 21:07:27 $
+  ______________                           $Date: 2001/04/05 17:48:02 $

  DEVELOPMENT STATE

-    o  OpenSSL 0.9.7:  Under development...
+    o  OpenSSL 0.9.6a: Released on April      5th, 2001
    o  OpenSSL 0.9.6:  Released on September 24th, 2000
    o  OpenSSL 0.9.5a: Released on April      1st, 2000
    o  OpenSSL 0.9.5:  Released on February  28th, 2000
@@ -18,14 +18,13 @@

  AVAILABLE PATCHES

-    o CA.pl patch (Damien Miller)
-
  IN PROGRESS

    o Steve is currently working on (in no particular order):
        ASN1 code redesign, butchery, replacement.
+        OCSP
        EVP cipher enhancement.
-     /* Proper (or at least usable) certificate chain verification. */
+        Enhanced certificate chain verification.
 	Private key, certificate and CRL API and implementation.
 	Developing and bugfixing PKCS#7 (S/MIME code).
        Various X509 issues: character sets, certificate request extensions.
@@ -34,17 +33,30 @@
    o Richard is currently working on:
 	UTIL (a new set of library functions to support some higher level
 	      functionality that is currently missing).
-	Dynamic thread-lock support.
 	Shared library support for VMS.
+	OCSP
+	Kerberos 5 authentication
+	Constification

  NEEDS PATCH

-    o  non-blocking socket on AIX
-    o  $(PERL) in */Makefile.ssl
-    o  "Sign the certificate?" - "n" creates empty certificate file
+    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
+
+    o  OpenSSL_0_9_6-stable:
+       #include <openssl/e_os.h> in exported header files is illegal since
+       e_os.h is suitable only for library-internal use.
+
+    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
+       or an error is reported

  OPEN ISSUES

+    o  crypto/ex_data.c is not really thread-safe and so must be used
+       with care (e.g., extra locking where necessary, or don't call
+       CRYPTO_get_ex_new_index once multiple threads exist).
+       The current API is not suitable for everything that it pretends
+       to offer.
+
    o  The Makefile hierarchy and build mechanism is still not a round thing:

       1. The config vs. Configure scripts
--- a/532
+++ b/532
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -18,6 +18,7 @@ RM=		rm -f

 PEX_LIBS=
 EX_LIBS= 
+EXE_EXT= 

 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)

@@ -32,13 +33,13 @@ PROGRAM= openssl

 SCRIPTS=CA.sh CA.pl der_chop

-EXE= $(PROGRAM)
+EXE= $(PROGRAM)$(EXE_EXT)

 E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa rsautl dsa dsaparam \
 	x509 genrsa gendsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
-	pkcs8 spkac smime rand engine
+	pkcs8 spkac smime rand

 PROGS= $(PROGRAM).c

@@ -54,14 +55,14 @@ E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
 	rsa.o rsautl.o dsa.o dsaparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
-	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o
+	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o

 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c rsautl.c dsa.c dsaparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
-	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c
+	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c

 SRC=$(E_SRC)

@@ -77,7 +78,7 @@ top:

 all:	exe

-exe:	$(EXE)
+exe:	$(PROGRAM)

 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
@@ -150,20 +151,18 @@ app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 app_rand.o: ../include/openssl/des.h ../include/openssl/dh.h
 app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 app_rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-app_rand.o: ../include/openssl/engine.h ../include/openssl/evp.h
-app_rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-app_rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
-app_rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-app_rand.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-app_rand.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
-app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-app_rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-app_rand.o: ../include/openssl/x509_vfy.h apps.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+app_rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+app_rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+app_rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+app_rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -171,18 +170,16 @@ apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 apps.o: ../include/openssl/des.h ../include/openssl/dh.h
 apps.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 apps.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-apps.o: ../include/openssl/engine.h ../include/openssl/err.h
-apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
-apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-apps.o: ../include/openssl/md4.h ../include/openssl/md5.h
-apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-apps.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+apps.o: ../include/openssl/err.h ../include/openssl/evp.h
+apps.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+apps.o: ../include/openssl/md2.h ../include/openssl/md4.h
+apps.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
 apps.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-apps.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-apps.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+apps.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
 apps.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
@@ -194,17 +191,15 @@ asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 asn1pars.o: ../include/openssl/des.h ../include/openssl/dh.h
 asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
-asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h
-asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h
-asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-asn1pars.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+asn1pars.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+asn1pars.o: ../include/openssl/md2.h ../include/openssl/md4.h
+asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 asn1pars.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-asn1pars.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 asn1pars.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -225,8 +220,7 @@ ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ca.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-ca.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+ca.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
 ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
@@ -239,18 +233,16 @@ ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
 ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ciphers.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
-ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ciphers.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ciphers.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ciphers.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ciphers.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ciphers.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-ciphers.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -264,17 +256,15 @@ crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 crl.o: ../include/openssl/des.h ../include/openssl/dh.h
 crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 crl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-crl.o: ../include/openssl/engine.h ../include/openssl/err.h
-crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
-crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-crl.o: ../include/openssl/md4.h ../include/openssl/md5.h
-crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-crl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+crl.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+crl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 crl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-crl.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 crl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -287,17 +277,15 @@ crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 crl2p7.o: ../include/openssl/des.h ../include/openssl/dh.h
 crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
-crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h
-crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h
-crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-crl2p7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl2p7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+crl2p7.o: ../include/openssl/md2.h ../include/openssl/md4.h
+crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 crl2p7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-crl2p7.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 crl2p7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -319,7 +307,6 @@ dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-dgst.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -340,8 +327,7 @@ dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-dh.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-dh.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
 dh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
@@ -363,7 +349,6 @@ dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-dsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -385,7 +370,6 @@ dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-dsaparam.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -407,36 +391,10 @@ enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-enc.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-engine.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-engine.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-engine.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
-engine.o: ../include/openssl/crypto.h ../include/openssl/des.h
-engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-engine.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-engine.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-engine.o: ../include/openssl/err.h ../include/openssl/evp.h
-engine.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-engine.o: ../include/openssl/md2.h ../include/openssl/md4.h
-engine.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-engine.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-engine.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-engine.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-engine.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
-engine.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -444,18 +402,16 @@ errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
 errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
 errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-errstr.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
-errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-errstr.o: ../include/openssl/md2.h ../include/openssl/md4.h
-errstr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+errstr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+errstr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-errstr.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-errstr.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -479,7 +435,6 @@ gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-gendh.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -501,7 +456,6 @@ gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-gendsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -523,7 +477,6 @@ genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-genrsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 genrsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -535,17 +488,15 @@ nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 nseq.o: ../include/openssl/des.h ../include/openssl/dh.h
 nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
-nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h
-nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h
-nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-nseq.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+nseq.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+nseq.o: ../include/openssl/md2.h ../include/openssl/md4.h
+nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 nseq.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-nseq.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 nseq.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -557,18 +508,16 @@ openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
 openssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
 openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-openssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-openssl.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-openssl.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -583,20 +532,19 @@ passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 passwd.o: ../include/openssl/des.h ../include/openssl/dh.h
 passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 passwd.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
-passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h
-passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h
-passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-passwd.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
-passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
+passwd.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+passwd.o: ../include/openssl/md2.h ../include/openssl/md4.h
+passwd.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+passwd.o: ../include/openssl/x509_vfy.h apps.h
 pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -614,8 +562,7 @@ pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-pkcs12.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-pkcs12.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+pkcs12.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
@@ -637,7 +584,6 @@ pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 pkcs7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-pkcs7.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -659,8 +605,7 @@ pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-pkcs8.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-pkcs8.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+pkcs8.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
@@ -681,7 +626,6 @@ rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
 rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-rand.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -703,7 +647,6 @@ req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-req.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -726,7 +669,6 @@ rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 rsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-rsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -748,7 +690,6 @@ rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 rsautl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 rsautl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-rsautl.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 rsautl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -760,18 +701,16 @@ s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_cb.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_cb.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_cb.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_cb.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s_cb.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_cb.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s_cb.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-s_cb.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -795,8 +734,7 @@ s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s_client.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-s_client.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -821,8 +759,7 @@ s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s_server.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-s_server.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -837,17 +774,15 @@ s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_socket.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_socket.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s_socket.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
+s_socket.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_socket.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 s_socket.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_socket.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 s_socket.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
@@ -862,18 +797,16 @@ s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_time.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_time.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_time.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_time.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s_time.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_time.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s_time.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-s_time.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -888,18 +821,16 @@ sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
 sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
 sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-sess_id.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
-sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-sess_id.o: ../include/openssl/md2.h ../include/openssl/md4.h
-sess_id.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+sess_id.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+sess_id.o: ../include/openssl/evp.h ../include/openssl/idea.h
+sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+sess_id.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-sess_id.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-sess_id.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -923,7 +854,6 @@ smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 smime.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-smime.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -944,8 +874,7 @@ speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-speed.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-speed.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
 speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
@@ -967,7 +896,6 @@ spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 spkac.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-spkac.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -989,7 +917,6 @@ verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 verify.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-verify.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -1002,16 +929,14 @@ version.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 version.o: ../include/openssl/des.h ../include/openssl/dh.h
 version.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-version.o: ../include/openssl/engine.h ../include/openssl/evp.h
-version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-version.o: ../include/openssl/md2.h ../include/openssl/md4.h
-version.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+version.o: ../include/openssl/md4.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+version.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
 version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-version.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-version.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 version.o: ../include/openssl/sha.h ../include/openssl/stack.h
 version.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
@@ -1033,7 +958,6 @@ x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 x509.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-x509.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -142,21 +142,18 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
 		}
 	if (file == NULL || !RAND_load_file(file, -1))
 		{
-		if (RAND_status() == 0)
+		if (RAND_status() == 0 && !dont_warn)
 			{
-			if (!dont_warn)
+			BIO_printf(bio_e,"unable to load 'random state'\n");
+			BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
+			BIO_printf(bio_e,"with much random data.\n");
+			if (consider_randfile) /* explanation does not apply when a file is explicitly named */
 				{
-				BIO_printf(bio_e,"unable to load 'random state'\n");
-				BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
-				BIO_printf(bio_e,"with much random data.\n");
-				if (consider_randfile) /* explanation does not apply when a file is explicitly named */
-					{
-					BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
-					BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
-					}
+				BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
+				BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
 				}
-			return 0;
 			}
+		return 0;
 		}
 	seeded = 1;
 	return 1;
@@ -180,8 +177,10 @@ long app_RAND_load_files(char *name)
 		if (*n == '\0') break;

 		egd=RAND_egd(n);
-		if (egd > 0) tot+=egd;
-		tot+=RAND_load_file(n,-1);
+		if (egd > 0)
+			tot+=egd;
+		else
+			tot+=RAND_load_file(n,-1);
 		if (last) break;
 		}
 	if (tot > 512)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -74,14 +74,6 @@
 #  include "bss_file.c"
 #endif

-typedef struct {
-	char *name;
-	unsigned long flag;
-	unsigned long mask;
-} NAME_EX_TBL;
-
-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
-
 int app_init(long mesgwin);
 #ifdef undef /* never finished - probably never will be :-) */
 int args_from_file(char *file, int *argc, char **argv[])
@@ -553,7 +545,7 @@ end:
 	return(x);
 	}

-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -563,14 +555,6 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
-	if (format == FORMAT_ENGINE)
-		{
-		if (!e)
-			BIO_printf(bio_err,"no engine specified\n");
-		else
-			pkey = ENGINE_load_private_key(e, file, pass);
-		goto end;
-		}
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -610,7 +594,7 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
 	return(pkey);
 	}

-EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -620,14 +604,6 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
-	if (format == FORMAT_ENGINE)
-		{
-		if (!e)
-			BIO_printf(bio_err,"no engine specified\n");
-		else
-			pkey = ENGINE_load_public_key(e, file, NULL);
-		goto end;
-		}
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -720,43 +696,16 @@ end:
 	return(othercerts);
 	}

-
-#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
-/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT		0
-/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
-/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
-/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
-
-int set_cert_ex(unsigned long *flags, const char *arg)
-{
-	static const NAME_EX_TBL cert_tbl[] = {
-		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},
-		{ "no_header", X509_FLAG_NO_HEADER, 0},
-		{ "no_version", X509_FLAG_NO_VERSION, 0},
-		{ "no_serial", X509_FLAG_NO_SERIAL, 0},
-		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
-		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
-		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
-		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
-		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
-		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
-		{ "no_aux", X509_FLAG_NO_AUX, 0},
-		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
-		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-		{ NULL, 0, 0}
-	};
-	return set_table_opts(flags, arg, cert_tbl);
-}
+typedef struct {
+	char *name;
+	unsigned long flag;
+	unsigned long mask;
+} NAME_EX_TBL;

 int set_name_ex(unsigned long *flags, const char *arg)
 {
-	static const NAME_EX_TBL ex_tbl[] = {
+	char c;
+	const NAME_EX_TBL *ptbl, ex_tbl[] = {
 		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
 		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
 		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
@@ -784,13 +733,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
 		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
 		{ NULL, 0, 0}
 	};
-	return set_table_opts(flags, arg, ex_tbl);
-}

-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
-{
-	char c;
-	const NAME_EX_TBL *ptbl;
 	c = arg[0];

 	if(c == '-') {
@@ -801,7 +744,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T
 		arg++;
 	} else c = 1;

-	for(ptbl = in_tbl; ptbl->name; ptbl++) {
+	for(ptbl = ex_tbl; ptbl->name; ptbl++) {
 		if(!strcmp(arg, ptbl->name)) {
 			*flags &= ~ptbl->mask;
 			if(c) *flags |= ptbl->flag;
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -67,7 +67,6 @@
 #include <openssl/x509.h>
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
-#include <openssl/engine.h>

 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
 int app_RAND_write_file(const char *file, BIO *bio_e);
@@ -122,16 +121,14 @@ extern BIO *bio_err;
 #    ifdef _O_BINARY
 #      define apps_startup() \
 		_fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		SSLeay_add_all_algorithms(); ENGINE_load_builtin_engines()
+		SSLeay_add_all_algorithms()
 #    else
 #      define apps_startup() \
 		_fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		SSLeay_add_all_algorithms(); ENGINE_load_builtin_engines()
+		SSLeay_add_all_algorithms()
 #    endif
 #  else
-#    define apps_startup() \
-		do_pipe_sig(); SSLeay_add_all_algorithms(); \
-		ENGINE_load_builtin_engines()
+#    define apps_startup()	do_pipe_sig(); SSLeay_add_all_algorithms();
 #  endif
 #endif

@@ -150,13 +147,12 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 int dump_cert_text(BIO *out, X509 *x);
 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
-int set_cert_ex(unsigned long *flags, const char *arg);
 int set_name_ex(unsigned long *flags, const char *arg);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
 int add_oid_section(BIO *err, LHASH *conf);
 X509 *load_cert(BIO *err, char *file, int format);
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e);
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e);
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
 STACK_OF(X509) *load_certs(BIO *err, char *file, int format);

 #define FORMAT_UNDEF    0
@@ -166,7 +162,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 #define FORMAT_NETSCAPE 4
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
-#define FORMAT_ENGINE   7
+/* Since this is currently inofficial, let's give it a high number */
+#define FORMAT_ENGINE   127

 #define NETSCAPE_CERT_HDR	"certificate"

--- a/apps/ca.c
+++ b/apps/ca.c
@@ -153,8 +153,7 @@ static char *ca_usage[]={
 " -days arg       - number of days to certify the certificate for\n",
 " -md arg         - md to use, one of md2, md5, sha or sha1\n",
 " -policy arg     - The CA 'policy' to support\n",
-" -keyfile arg    - private key file\n",
-" -keyform arg    - private key file format (PEM or ENGINE)\n",
+" -keyfile arg    - PEM private key file\n",
 " -key arg        - key to decode the private key if it is encrypted\n",
 " -cert file      - The CA certificate\n",
 " -in file        - The input PEM encoded certificate request(s)\n",
@@ -237,7 +236,6 @@ int MAIN(int argc, char **argv)
 	char *policy=NULL;
 	char *keyfile=NULL;
 	char *certfile=NULL;
-	int keyform=FORMAT_PEM;
 	char *infile=NULL;
 	char *spkac_file=NULL;
 	char *ss_cert_file=NULL;
@@ -339,11 +337,6 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			keyfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyform=str2fmt(*(++argv));
-			}
 		else if (strcmp(*argv,"-passin") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -570,31 +563,14 @@ bad:
 		BIO_printf(bio_err,"Error getting password\n");
 		goto err;
 		}
-	if (keyform == FORMAT_ENGINE)
+	if (BIO_read_filename(in,keyfile) <= 0)
 		{
-		if (!e)
-			{
-			BIO_printf(bio_err,"no engine specified\n");
-			goto err;
-			}
-		pkey = ENGINE_load_private_key(e, keyfile, key);
-		}
-	else if (keyform == FORMAT_PEM)
-		{
-		if (BIO_read_filename(in,keyfile) <= 0)
-			{
-			perror(keyfile);
-			BIO_printf(bio_err,"trying to load CA private key\n");
-			goto err;
-			}
-		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
-		}
-	else
-		{
-		BIO_printf(bio_err,"bad input format specified for key file\n");
+		perror(keyfile);
+		BIO_printf(bio_err,"trying to load CA private key\n");
 		goto err;
 		}
-	if(key) memset(key,0,strlen(key));
+		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
+		if(key) memset(key,0,strlen(key));
 	if (pkey == NULL)
 		{
 		BIO_printf(bio_err,"unable to load CA private key\n");
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -74,7 +74,7 @@
 #undef PROG
 #define PROG	dgst_main

-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
 		EVP_PKEY *key, unsigned char *sigin, int siglen);

 int MAIN(int, char **);
@@ -93,10 +93,9 @@ int MAIN(int argc, char **argv)
 	char pname[PROG_NAME_SIZE];
 	int separator=0;
 	int debug=0;
-	int keyform=FORMAT_PEM;
 	const char *outfile = NULL, *keyfile = NULL;
 	const char *sigfile = NULL, *randfile = NULL;
-	int out_bin = -1, want_pub = 0, do_verify = 0;
+	char out_bin = -1, want_pub = 0, do_verify = 0;
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
@@ -158,11 +157,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			sigfile=*(++argv);
 			}
-		else if (strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) break;
-			keyform=str2fmt(*(++argv));
-			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) break;
@@ -202,7 +196,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
 		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
-		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
@@ -287,47 +280,20 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

-	if(keyfile)
-		{
-		if (keyform == FORMAT_PEM)
-			{
-			BIO *keybio;
-			keybio = BIO_new_file(keyfile, "r");
-			if(!keybio)
-				{
-				BIO_printf(bio_err,
-					"Error opening key file %s\n",
-					keyfile);
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			if(want_pub) 
-				sigkey = PEM_read_bio_PUBKEY(keybio,
-					NULL, NULL, NULL);
-			else
-				sigkey = PEM_read_bio_PrivateKey(keybio,
-					NULL, NULL, NULL);
-			BIO_free(keybio);
-			}
-		else if (keyform == FORMAT_ENGINE)
-			{
-			if (!e)
-				{
-				BIO_printf(bio_err,"no engine specified\n");
-				goto end;
-				}
-			if (want_pub)
-				sigkey = ENGINE_load_public_key(e, keyfile, NULL);
-			else
-				sigkey = ENGINE_load_private_key(e, keyfile, NULL);
-			}
-		else
-			{
-			BIO_printf(bio_err,
-				"bad input format specified for key file\n");
+	if(keyfile) {
+		BIO *keybio;
+		keybio = BIO_new_file(keyfile, "r");
+		if(!keybio) {
+			BIO_printf(bio_err, "Error opening key file %s\n",
+								keyfile);
+			ERR_print_errors(bio_err);
 			goto end;
-			}
+		}
 		
+		if(want_pub) 
+			sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
+		else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
+		BIO_free(keybio);
 		if(!sigkey) {
 			BIO_printf(bio_err, "Error reading key file %s\n",
 								keyfile);
@@ -399,7 +365,7 @@ end:
 	EXIT(err);
 	}

-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
 			EVP_PKEY *key, unsigned char *sigin, int siglen)
 	{
 	int len;
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -96,10 +96,9 @@ int MAIN(int argc, char **argv)
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*inrand=NULL;
+	char *infile,*outfile,*prog,*inrand=NULL,*engine=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
-	char *engine=NULL;

 	apps_startup();

@@ -137,11 +136,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-		else if(strcmp(*argv, "-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine = *(++argv);
-			}
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
@@ -188,7 +182,6 @@ bad:
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
 		}
@@ -232,24 +225,6 @@ bad:
 			}
 		}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (need_rand)
 		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
@@ -338,7 +313,7 @@ bad:
 		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
 			bits_p,bits_p);
 		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
-		printf("\t\treturn(NULL);\n");
+		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
 		printf("\treturn(dsa);\n\t}\n");
 		}

--- a/apps/enc.c
+++ b/apps/enc.c
@@ -317,11 +317,6 @@ bad:
 				LN_rc5_cfb64, LN_rc5_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
 #endif
-#ifndef NO_RIJNDAEL
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s\n",
-				   LN_rijndael_ecb_k128_b128,"","","","");
-#endif
-			
 			goto end;
 			}
 		argc--;
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -1,243 +0,0 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/engine.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG	engine_main
-
-static char *engine_usage[]={
-"usage: engine opts [engine ...]\n",
-" -v          - verbose mode, a textual listing of the engines in OpenSSL\n",
-" -c          - for each engine, also list the capabilities\n",
-" -t          - for each engine, check that they are really available\n",
-NULL
-};
-
-static void identity(void *ptr)
-	{
-	return;
-	}
-
-static int append_buf(char **buf, char *s, int *size, int step)
-	{
-	int l = strlen(s);
-
-	if (*buf == NULL)
-		{
-		*size = step;
-		*buf = OPENSSL_malloc(*size);
-		if (*buf == NULL)
-			return 0;
-		**buf = '\0';
-		}
-
-	if (**buf != '\0')
-		l += 2;		/* ", " */
-
-	if (strlen(*buf) + strlen(s) >= *size)
-		{
-		*size += step;
-		*buf = OPENSSL_realloc(*buf, *size);
-		}
-
-	if (*buf == NULL)
-		return 0;
-
-	if (**buf != '\0')
-		strcat(*buf, ", ");
-	strcat(*buf, s);
-
-	return 1;
-	}
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	int ret=1,i;
-	char **pp;
-	int verbose=0, list_cap=0, test_avail=0;
-	ENGINE *e;
-	STACK *engines = sk_new_null();
-	int badops=0;
-	BIO *bio_out=NULL;
-
-	apps_startup();
-	SSL_load_error_strings();
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	bio_out = BIO_push(tmpbio, bio_out);
-	}
-#endif
-
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if (strcmp(*argv,"-v") == 0)
-			verbose=1;
-		else if (strcmp(*argv,"-c") == 0)
-			list_cap=1;
-		else if (strcmp(*argv,"-t") == 0)
-			test_avail=1;
-		else if ((strncmp(*argv,"-h",2) == 0) ||
-			 (strcmp(*argv,"-?") == 0))
-			{
-			badops=1;
-			break;
-			}
-		else
-			{
-			sk_push(engines,*argv);
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-		for (pp=engine_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
-		goto end;
-		}
-
-	if (sk_num(engines) == 0)
-		{
-		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
-			{
-			sk_push(engines,(char *)ENGINE_get_id(e));
-			}
-		}
-
-	for (i=0; i<sk_num(engines); i++)
-		{
-		const char *id = sk_value(engines,i);
-		if ((e = ENGINE_by_id(id)) != NULL)
-			{
-			const char *name = ENGINE_get_name(e);
-			BIO_printf(bio_out, "%s (%s)", name, id);
-			if (list_cap || test_avail)
-				BIO_printf(bio_out, ":");
-			if (test_avail)
-				{
-				if (ENGINE_init(e))
-					{
-					BIO_printf(bio_out, " available");
-					ENGINE_finish(e);
-					}
-				else
-					{
-					BIO_printf(bio_out, " unavailable");
-					ERR_clear_error();
-					}
-				}
-			if (list_cap)
-				{
-				int cap_size = 256;
-				char *cap_buf = NULL;
-
-				if (ENGINE_get_RSA(e) != NULL
-					&& !append_buf(&cap_buf, "RSA",
-						&cap_size, 256))
-					goto end;
-				if (ENGINE_get_DSA(e) != NULL
-					&& !append_buf(&cap_buf, "DSA",
-						&cap_size, 256))
-					goto end;
-				if (ENGINE_get_DH(e) != NULL
-					&& !append_buf(&cap_buf, "DH",
-						&cap_size, 256))
-					goto end;
-				if (ENGINE_get_RAND(e) != NULL
-					&& !append_buf(&cap_buf, "RAND",
-						&cap_size, 256))
-					goto end;
-
-				if (*cap_buf != '\0')
-					BIO_printf(bio_out, " [%s]", cap_buf);
-
-				OPENSSL_free(cap_buf);
-				}
-			BIO_printf(bio_out, "\n");
-			}
-		else
-			ERR_print_errors(bio_err);
-		}
-
-	ret=0;
-end:
-	ERR_print_errors(bio_err);
-	sk_pop_free(engines, identity);
-	if (bio_out != NULL) BIO_free_all(bio_out);
-	EXIT(ret);
-	}
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -112,7 +112,6 @@ int main(int Argc, char *Argv[])
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

 	ERR_load_crypto_strings();
-	ENGINE_load_builtin_engines();

 	/* Lets load up our environment a little */
 	p=getenv("OPENSSL_CONF");
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -272,6 +272,7 @@ int MAIN(int argc, char **argv)
 			}
 		while (!done);
 		}
+	ret = 0;

 err:
 	ERR_print_errors(bio_err);
@@ -315,7 +316,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	strncat(out_buf, "$", 1);
 	strncat(out_buf, salt, 8);
 	assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
-	salt_out = out_buf + 6;
+	salt_out = out_buf + 2 + strlen(magic);
 	salt_len = strlen(salt_out);
 	assert(salt_len <= 8);
 	
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -35,7 +35,6 @@ extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
 extern int rand_main(int argc,char *argv[]);
-extern int engine_main(int argc,char *argv[]);

 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -110,7 +109,6 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
 	{FUNC_TYPE_GENERAL,"smime",smime_main},
 	{FUNC_TYPE_GENERAL,"rand",rand_main},
-	{FUNC_TYPE_GENERAL,"engine",engine_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
 	{FUNC_TYPE_MD,"md4",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
--- a/apps/req.c
+++ b/apps/req.c
@@ -102,7 +102,7 @@
 * -nodes	- no des encryption
 * -config file	- Load configuration file.
 * -key file	- make a request using key in file (or use it for verification).
- * -keyform arg	- key file format.
+ * -keyform	- key file format.
 * -rand file(s) - load the file(s) into the PRNG.
 * -newkey	- make a key and a request.
 * -modulus	- print RSA modulus.
@@ -145,7 +145,6 @@ int MAIN(int argc, char **argv)
 #ifndef NO_DSA
 	DSA *dsa_params=NULL;
 #endif
-	unsigned long nmflag = 0;
 	int ex=1,x509=0,days=30;
 	X509 *x509ss=NULL;
 	X509_REQ *req=NULL;
@@ -153,7 +152,7 @@ int MAIN(int argc, char **argv)
 	int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
-	int nodes=0,kludge=0,newhdr=0,subject=0;
+	int nodes=0,kludge=0,newhdr=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
 	char *engine=NULL;
 	char *extensions = NULL;
@@ -331,13 +330,6 @@ int MAIN(int argc, char **argv)
 			nodes=1;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
-		else if (strcmp(*argv,"-nameopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
-			}
-		else if (strcmp(*argv,"-subject") == 0)
-			subject=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-x509") == 0)
@@ -733,16 +725,15 @@ loop:

 	if (newreq || x509)
 		{
-#ifndef NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-			digest=EVP_dss1();
-#endif
-
 		if (pkey == NULL)
 			{
 			BIO_printf(bio_err,"you need to specify a private key\n");
 			goto end;
 			}
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+			digest=EVP_dss1();
+#endif
 		if (req == NULL)
 			{
 			req=X509_REQ_new();
@@ -851,7 +842,7 @@ loop:
 			BIO_printf(bio_err,"verify OK\n");
 		}

-	if (noout && !text && !modulus && !subject)
+	if (noout && !text && !modulus)
 		{
 		ex=0;
 		goto end;
@@ -888,14 +879,6 @@ loop:
 			X509_REQ_print(out,req);
 		}

-	if(subject) 
-		{
-		if(x509)
-			print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
-		else
-			print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
-		}
-
 	if (modulus)
 		{
 		EVP_PKEY *pubkey;
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -265,7 +265,7 @@ bad:
 	else if (informat == FORMAT_NETSCAPE)
 		{
 		BUF_MEM *buf=NULL;
-		const unsigned char *p;
+		unsigned char *p;
 		int size=0;

 		buf=BUF_MEM_new();
@@ -346,14 +346,14 @@ bad:
 			BIO_printf(out,"RSA key ok\n");
 		else if (r == 0)
 			{
-			long err;
+			long e;

-			while ((err = ERR_peek_error()) != 0 &&
-				ERR_GET_LIB(err) == ERR_LIB_RSA &&
-				ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
-				ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
+			while ((e = ERR_peek_error()) != 0 &&
+				ERR_GET_LIB(e) == ERR_LIB_RSA &&
+				ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
+				ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
 				{
-				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
+				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
 				ERR_get_error(); /* remove e from error stack */
 				}
 			}
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -86,7 +86,6 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
-	char *engine = NULL;
 	char *keyfile = NULL;
 	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
 	int keyform = FORMAT_PEM;
@@ -98,6 +97,7 @@ int MAIN(int argc, char **argv)
 	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
 	int rsa_inlen, rsa_outlen = 0;
 	int keysize;
+	char *engine=NULL;

 	int ret = 1;

@@ -180,11 +180,11 @@ int MAIN(int argc, char **argv)
 	
 	switch(key_type) {
 		case KEY_PRIVKEY:
-		pkey = load_key(bio_err, keyfile, keyform, NULL, e);
+		pkey = load_key(bio_err, keyfile, keyform, NULL);
 		break;

 		case KEY_PUBKEY:
-		pkey = load_pubkey(bio_err, keyfile, keyform, e);
+		pkey = load_pubkey(bio_err, keyfile, keyform);
 		break;

 		case KEY_CERT:
@@ -304,6 +304,7 @@ static void usage()
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
 	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
+	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
 	BIO_printf(bio_err, "-raw            use no padding\n");
 	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -79,6 +79,7 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>
 #include <openssl/engine.h>
 #include "s_apps.h"

@@ -153,8 +154,8 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
+	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
-
 	}

 int MAIN(int, char **);
@@ -181,6 +182,7 @@ int MAIN(int argc, char **argv)
 	int prexit = 0;
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
+	char *inrand=NULL;
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
 #ifdef WINDOWS
@@ -320,6 +322,11 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-nbio") == 0)
 			{ c_nbio=1; }
 #endif
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inrand= *(++argv);
+			}
 		else if	(strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -341,7 +348,14 @@ bad:
 		goto end;
 		}

-	app_RAND_load_file(NULL, bio_err, 0);
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));

 	if (bio_c_out == NULL)
 		{
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -83,6 +83,7 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
+#include <openssl/rand.h>
 #include <openssl/engine.h>
 #include "s_apps.h"

@@ -245,6 +246,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}

@@ -415,7 +417,12 @@ int MAIN(int argc, char *argv[])
 	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
+	char *inrand=NULL;
+	char *engine_id=NULL;
 	ENGINE *e=NULL;
+#ifndef NO_DH
+	DH *dh=NULL;
+#endif

 #if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_server_method();
@@ -567,6 +574,11 @@ int MAIN(int argc, char *argv[])
 		else if	(strcmp(*argv,"-tls1") == 0)
 			{ meth=TLSv1_server_method(); }
 #endif
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inrand= *(++argv);
+			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -588,7 +600,14 @@ bad:
 		goto end;
 		}

-	app_RAND_load_file(NULL, bio_err, 0);
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));

 	if (bio_s_out == NULL)
 		{
@@ -679,13 +698,7 @@ bad:
 #ifndef NO_DH
 	if (!no_dhe)
 		{
-		DH *dh=NULL;
-
-		if (dhfile)
-			dh = load_dh_param(dhfile);
-		else if (s_cert_file)
-			dh = load_dh_param(s_cert_file);
-
+		dh=load_dh_param(dhfile ? dhfile : s_cert_file);
 		if (dh != NULL)
 			{
 			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
@@ -712,7 +725,8 @@ bad:

 #ifndef NO_RSA
 #if 1
-	SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
+	if (!no_tmp_rsa)
+		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
 #else
 	if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
 		{
@@ -1372,15 +1386,29 @@ static int www_body(char *hostname, int s, unsigned char *context)

 			/* skip the '/' */
 			p= &(buf[5]);
-			dot=0;
+
+			dot = 1;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ') break;
-				if (	(e[0] == '.') &&
-					(strncmp(&(e[-1]),"/../",4) == 0))
-					dot=1;
+				if (e[0] == ' ')
+					break;
+
+				switch (dot)
+					{
+				case 1:
+					dot = (e[0] == '.') ? 2 : 0;
+					break;
+				case 2:
+					dot = (e[0] == '.') ? 3 : 0;
+					break;
+				case 3:
+					dot = (e[0] == '/') ? -1 : 0;
+					break;
+					}
+				if (dot == 0)
+					dot = (e[0] == '/') ? 1 : 0;
 				}
-			
+			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */

 			if (*e == '\0')
 				{
@@ -1404,9 +1432,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				break;
 				}

+#if 0
 			/* append if a directory lookup */
 			if (e[-1] == '/')
 				strcat(p,"index.html");
+#endif

 			/* if a directory, do the index thang */
 			if (stat(p,&st_buf) < 0)
@@ -1418,7 +1448,13 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				}
 			if (S_ISDIR(st_buf.st_mode))
 				{
+#if 0 /* must check buffer size */
 				strcat(p,"/index.html");
+#else
+				BIO_puts(io,text);
+				BIO_printf(io,"'%s' is a directory\r\n",p);
+				break;
+#endif
 				}

 			if ((file=BIO_new_file(p,"r")) == NULL)
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -399,7 +399,7 @@ int MAIN(int argc, char **argv)
 	} else keyfile = NULL;

 	if(keyfile) {
-		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) {
+		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
 			ERR_print_errors(bio_err);
 			goto end;
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -88,7 +88,7 @@
 #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 # define TIMES
 #endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__)
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
 # define TIMEB
 #endif

@@ -739,7 +739,7 @@ int MAIN(int argc, char **argv)
 #ifndef NO_RSA
 	for (i=0; i<RSA_NUM; i++)
 		{
-		const unsigned char *p;
+		unsigned char *p;

 		p=rsa_data[i];
 		rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
@@ -865,6 +865,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif

+#ifndef NO_DSA
 	dsa_c[R_DSA_512][0]=count/1000;
 	dsa_c[R_DSA_512][1]=count/1000/2;
 	for (i=1; i<DSA_NUM; i++)
@@ -882,6 +883,7 @@ int MAIN(int argc, char **argv)
 				}
 			}				
 		}
+#endif

 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
@@ -1207,7 +1209,7 @@ int MAIN(int argc, char **argv)
 			{
 			BIO_printf(bio_err,"RSA verify failure.  No RSA verify will be done.\n");
 			ERR_print_errors(bio_err);
-			dsa_doit[j] = 0;
+			rsa_doit[j] = 0;
 			}
 		else
 			{
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -106,7 +106,6 @@ static char *x509_usage[]={
 " -fingerprint    - print the certificate fingerprint\n",
 " -alias          - output certificate alias\n",
 " -noout          - no certificate output\n",
-" -ocspid         - print OCSP hash values for the subject name and public key\n",
 " -trustout       - output a \"trusted\" certificate\n",
 " -clrtrust       - clear all trusted purposes\n",
 " -clrreject      - clear all rejected purposes\n",
@@ -132,7 +131,6 @@ static char *x509_usage[]={
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
 " -engine e       - use engine e, possibly a hardware device.\n",
-" -certopt arg    - various certificate text options\n",
 NULL
 };

@@ -164,7 +162,6 @@ int MAIN(int argc, char **argv)
 	char *CAkeyfile=NULL,*CAserial=NULL;
 	char *alias=NULL;
 	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
-	int ocspid=0;
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
@@ -180,7 +177,7 @@ int MAIN(int argc, char **argv)
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
-	unsigned long nmflag = 0, certflag = 0;
+	unsigned long nmflag = 0;
 	char *engine=NULL;

 	reqfile=0;
@@ -333,11 +330,6 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
-		else if (strcmp(*argv,"-certopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_cert_ex(&certflag, *(++argv))) goto bad;
-			}
 		else if (strcmp(*argv,"-nameopt") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -414,8 +406,6 @@ int MAIN(int argc, char **argv)
 			clrext = 1;
 			}
 #endif
-		else if (strcmp(*argv,"-ocspid") == 0)
-			ocspid= ++num;
 		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
 			{
 			/* ok */
@@ -811,7 +801,7 @@ bad:
 				}
 			else if (text == i)
 				{
-				X509_print_ex(out,x,nmflag, certflag);
+				X509_print(out,x);
 				}
 			else if (startdate == i)
 				{
@@ -853,7 +843,7 @@ bad:
 				if (Upkey == NULL)
 					{
 					Upkey=load_key(bio_err,
-						keyfile,keyformat, passin, e);
+						keyfile,keyformat, passin);
 					if (Upkey == NULL) goto end;
 					}
 #ifndef NO_DSA
@@ -871,8 +861,7 @@ bad:
 				if (CAkeyfile != NULL)
 					{
 					CApkey=load_key(bio_err,
-						CAkeyfile,CAkeyformat, passin,
-						e);
+						CAkeyfile,CAkeyformat, passin);
 					if (CApkey == NULL) goto end;
 					}
 #ifndef NO_DSA
@@ -899,14 +888,16 @@ bad:
 				else
 					{
 					pk=load_key(bio_err,
-						keyfile,FORMAT_PEM, passin, e);
+						keyfile,FORMAT_PEM, passin);
 					if (pk == NULL) goto end;
 					}

 				BIO_printf(bio_err,"Generating certificate request\n");

+#ifndef NO_DSA
 		                if (pk->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
+#endif

 				rq=X509_to_X509_REQ(x,pk,digest);
 				EVP_PKEY_free(pk);
@@ -922,10 +913,6 @@ bad:
 					}
 				noout=1;
 				}
-			else if (ocspid == i)
-				{
-				X509_ocspid_print(out, x);
-				}
 			}
 		}

--- a/73
+++ b/73
@@ -49,10 +49,18 @@ if [ "x$XREL" != "x" ]; then
 		echo "whatever-whatever-sco5"; exit 0
 		;;
 	    4.2MP)
-		if [ "x$VERSION" = "x2.1.1" ]; then
+		if [ "x$VERSION" = "x2.01" ]; then
+		    echo "${MACHINE}-whatever-unixware201"; exit 0
+		elif [ "x$VERSION" = "x2.02" ]; then
+		    echo "${MACHINE}-whatever-unixware202"; exit 0
+		elif [ "x$VERSION" = "x2.03" ]; then
+		    echo "${MACHINE}-whatever-unixware203"; exit 0
+		elif [ "x$VERSION" = "x2.1.1" ]; then
 		    echo "${MACHINE}-whatever-unixware211"; exit 0
 		elif [ "x$VERSION" = "x2.1.2" ]; then
 		    echo "${MACHINE}-whatever-unixware212"; exit 0
+		elif [ "x$VERSION" = "x2.1.3" ]; then
+		    echo "${MACHINE}-whatever-unixware213"; exit 0
 		else
 		    echo "${MACHINE}-whatever-unixware2"; exit 0
 		fi
@@ -79,6 +87,14 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "m68k-apple-aux3"; exit 0
 	;;

+    AIX:[3456789]:4:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
+	;;
+
+    AIX:*:[56789]:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
+	;;
+
    AIX:*)
 	echo "${MACHINE}-ibm-aix"; exit 0
 	;;
@@ -393,10 +409,16 @@ case "$GUESSOS" in
 	;;
  mips4-sgi-irix64)
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
-	echo "         invoke './Configre irix64-mips4-$CC' *manually*."
-	echo "         Type Ctrl-C if you don't want to continue."
+	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+	echo "         Type return if you want to continue, Ctrl-C to abort."
 	read waste < /dev/tty
-	options="$options -mips4"
+        CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+        CPU=${CPU:-0}
+        if [ $CPU -ge 5000 ]; then
+                options="$options -mips4"
+        else
+                options="$options -mips3"
+        fi
 	OUT="irix-mips3-$CC"
 	;;
  alpha-*-linux2)
@@ -413,22 +435,7 @@ case "$GUESSOS" in
 	    esac
 	fi
 	;;
-  mips-*-linux?)
-          cat >dummy.c <<EOF
-#include <stdio.h>  /* for printf() prototype */
-        int main (argc, argv) int argc; char *argv[]; {
-#ifdef __MIPSEB__
-  printf ("linux-%s\n", argv[1]);
-#endif
-#ifdef __MIPSEL__
-  printf ("linux-%sel\n", argv[1]);
-#endif
-  return 0;
-}
-EOF
-	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
-	rm dummy dummy.c
-	;;
+  mips-*-linux?) OUT="linux-mips" ;;
  ppc-*-linux2) OUT="linux-ppc" ;;
  m68k-*-linux*) OUT="linux-m68k" ;;
  ia64-*-linux?) OUT="linux-ia64" ;;
@@ -438,11 +445,11 @@ EOF
 	#till 64-bit glibc for SPARC is operational:-(
 	#echo "WARNING! If you wish to build 64-bit library, then you have to"
 	#echo "         invoke './Configure linux64-sparcv9' *manually*."
-	#echo "         Type Ctrl-C if you don't want to continue."
+	#echo "         Type return if you want to continue, Ctrl-C to abort."
 	#read waste < /dev/tty
 	OUT="linux-sparcv9" ;;
  sparc-*-linux2)
-	KARCH=`awk '/type/{print$3}' /proc/cpuinfo`
+	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
 	case ${KARCH:-sun4} in
 	sun4u*)	OUT="linux-sparcv9" ;;
 	sun4m)	OUT="linux-sparcv8" ;;
@@ -450,6 +457,7 @@ EOF
 	*)	OUT="linux-sparcv7" ;;
 	esac ;;
  arm*-*-linux2) OUT="linux-elf-arm" ;;
+  s390-*-linux2) OUT="linux-s390" ;;
  *-*-linux2) OUT="linux-elf" ;;
  *-*-linux1) OUT="linux-aout" ;;
  sun4u*-*-solaris2)
@@ -457,7 +465,7 @@ EOF
 	if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
-		echo "         Type Ctrl-C if you don't want to continue."
+		echo "         Type return if you want to continue, Ctrl-C to abort."
 		read waste < /dev/tty
 	fi
 	OUT="solaris-sparcv9-$CC" ;;
@@ -481,9 +489,12 @@ EOF
  *-*-unixware7) OUT="unixware-7" ;;
  *-*-UnixWare7) OUT="unixware-7" ;;
  *-*-Unixware7) OUT="unixware-7" ;;
-  *-*-unixware[1-2]*) OUT="unixware-2.0" ;;
-  *-*-UnixWare[1-2]*) OUT="unixware-2.0" ;;
-  *-*-Unixware[1-2]*) OUT="unixware-2.0" ;;
+  *-*-unixware20*) OUT="unixware-2.0" ;;
+  *-*-unixware21*) OUT="unixware-2.1" ;;
+  *-*-UnixWare20*) OUT="unixware-2.0" ;;
+  *-*-UnixWare21*) OUT="unixware-2.1" ;;
+  *-*-Unixware20*) OUT="unixware-2.0" ;;
+  *-*-Unixware21*) OUT="unixware-2.1" ;;
  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
@@ -509,6 +520,16 @@ esac
 #  options="$options -DATALLA"
 #fi

+#get some basic shared lib support (behnke@trustcenter.de)
+case "$OUT" in
+   solaris-*-gcc)
+	if  [ "$SHARED" = "true" ] 
+	 then
+	  options="$options -DPIC -fPIC"
+        fi
+     ;;
+esac
+
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
 then
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -29,13 +29,13 @@ SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
 	bn rsa dsa dh dso engine \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp rijndael
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

 GENERAL=Makefile README crypto-lib.com install.com

 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o
+LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o

 SRC= $(LIBSRC)

@@ -198,3 +198,6 @@ tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
 tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
+uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
+uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+uid.o: ../include/openssl/symhacks.h
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -171,9 +171,7 @@ a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_digest.o: ../../include/openssl/opensslconf.h
 a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 a_digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_digest.o: ../../include/openssl/rc5.h
-a_digest.o: ../../include/openssl/rijndael-alg-fst.h
-a_digest.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+a_digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 a_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -298,12 +296,11 @@ a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_sign.o: ../../include/openssl/rijndael-alg-fst.h
-a_sign.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-a_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_sign.o: ../cryptlib.h
 a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -317,12 +314,11 @@ a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 a_strex.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_strex.o: ../../include/openssl/rijndael-alg-fst.h
-a_strex.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-a_strex.o: ../../include/openssl/x509_vfy.h charmap.h
+a_strex.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_strex.o: charmap.h
 a_strnid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_strnid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
@@ -378,9 +374,7 @@ a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_verify.o: ../../include/openssl/opensslconf.h
 a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 a_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_verify.o: ../../include/openssl/rc5.h
-a_verify.o: ../../include/openssl/rijndael-alg-fst.h
-a_verify.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+a_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 a_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -459,8 +453,7 @@ d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-d2i_pr.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
@@ -477,8 +470,7 @@ d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-d2i_pu.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
@@ -589,8 +581,7 @@ i2d_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-i2d_pr.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
@@ -607,8 +598,7 @@ i2d_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-i2d_pu.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
@@ -668,8 +658,7 @@ n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 n_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-n_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-n_pkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+n_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -688,12 +677,10 @@ nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-nsseq.o: ../../include/openssl/rijndael-alg-fst.h
-nsseq.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-nsseq.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-nsseq.o: ../../include/openssl/x509_vfy.h
+nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 p5_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p5_pbe.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -709,12 +696,11 @@ p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p5_pbe.o: ../../include/openssl/rijndael-alg-fst.h
-p5_pbe.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-p5_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbe.o: ../cryptlib.h
 p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -730,12 +716,11 @@ p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p5_pbev2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 p5_pbev2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p5_pbev2.o: ../../include/openssl/rijndael-alg-fst.h
-p5_pbev2.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p5_pbev2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbev2.o: ../cryptlib.h
 p7_dgst.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p7_dgst.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p7_dgst.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -750,8 +735,7 @@ p7_dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_dgst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_dgst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_dgst.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p7_dgst.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_dgst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_dgst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -770,8 +754,7 @@ p7_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_enc.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p7_enc.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -790,9 +773,7 @@ p7_enc_c.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_enc_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_enc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_enc_c.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_enc_c.o: ../../include/openssl/rc5.h
-p7_enc_c.o: ../../include/openssl/rijndael-alg-fst.h
-p7_enc_c.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_enc_c.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_enc_c.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_enc_c.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_enc_c.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -811,8 +792,7 @@ p7_evp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_evp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_evp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_evp.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p7_evp.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_evp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_evp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_evp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -831,8 +811,7 @@ p7_i_s.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_i_s.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_i_s.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_i_s.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_i_s.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p7_i_s.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_i_s.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_i_s.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_i_s.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_i_s.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -851,8 +830,7 @@ p7_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p7_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -871,9 +849,7 @@ p7_recip.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_recip.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_recip.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_recip.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_recip.o: ../../include/openssl/rc5.h
-p7_recip.o: ../../include/openssl/rijndael-alg-fst.h
-p7_recip.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_recip.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_recip.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_recip.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_recip.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -892,8 +868,7 @@ p7_s_e.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_s_e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_s_e.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_s_e.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_s_e.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p7_s_e.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_s_e.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_s_e.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_s_e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_s_e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -912,9 +887,7 @@ p7_signd.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_signd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_signd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_signd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_signd.o: ../../include/openssl/rc5.h
-p7_signd.o: ../../include/openssl/rijndael-alg-fst.h
-p7_signd.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_signd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_signd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_signd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_signd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -933,9 +906,7 @@ p7_signi.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_signi.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_signi.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_signi.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_signi.o: ../../include/openssl/rc5.h
-p7_signi.o: ../../include/openssl/rijndael-alg-fst.h
-p7_signi.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_signi.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_signi.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_signi.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_signi.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -954,8 +925,7 @@ p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p8_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p8_pkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p8_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -975,13 +945,11 @@ t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_bitst.o: ../../include/openssl/rijndael-alg-fst.h
-t_bitst.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../cryptlib.h
+t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -997,13 +965,11 @@ t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_crl.o: ../../include/openssl/rijndael-alg-fst.h
-t_crl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../cryptlib.h
+t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
@@ -1028,13 +994,11 @@ t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_req.o: ../../include/openssl/rijndael-alg-fst.h
-t_req.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_req.o: ../cryptlib.h
+t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1049,8 +1013,7 @@ t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 t_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_spki.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-t_spki.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+t_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1070,13 +1033,11 @@ t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_x509.o: ../../include/openssl/rijndael-alg-fst.h
-t_x509.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../cryptlib.h
+t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1091,8 +1052,7 @@ t_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-t_x509a.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1111,8 +1071,7 @@ x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_algor.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_algor.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_algor.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1131,9 +1090,7 @@ x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_attrib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_attrib.o: ../../include/openssl/rc5.h
-x_attrib.o: ../../include/openssl/rijndael-alg-fst.h
-x_attrib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_attrib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_attrib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1152,8 +1109,7 @@ x_cinf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_cinf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_cinf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_cinf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_cinf.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_cinf.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_cinf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_cinf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_cinf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_cinf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1172,8 +1128,7 @@ x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_crl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1192,8 +1147,7 @@ x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_exten.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_exten.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_exten.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1212,8 +1166,7 @@ x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_info.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_info.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1232,8 +1185,7 @@ x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_name.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_name.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1252,8 +1204,7 @@ x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_pkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1272,9 +1223,7 @@ x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_pubkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_pubkey.o: ../../include/openssl/rc5.h
-x_pubkey.o: ../../include/openssl/rijndael-alg-fst.h
-x_pubkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_pubkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_pubkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_pubkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_pubkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1293,8 +1242,7 @@ x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_req.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_req.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1313,8 +1261,7 @@ x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_sig.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1333,8 +1280,7 @@ x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_spki.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1353,8 +1299,7 @@ x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_val.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_val.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1374,8 +1319,7 @@ x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_x509.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1395,8 +1339,7 @@ x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_x509a.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -491,24 +491,12 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,

 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
 {
-	if(flags == XN_FLAG_COMPAT)
-		return X509_NAME_print(out, nm, indent);
 	return do_name_ex(send_bio_chars, out, nm, indent, flags);
 }


 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
 {
-	if(flags == XN_FLAG_COMPAT)
-		{
-		BIO *btmp;
-		int ret;
-		btmp = BIO_new_fp(fp, BIO_NOCLOSE);
-		if(!btmp) return -1;
-		ret = X509_NAME_print(btmp, nm, indent);
-		BIO_free(btmp);
-		return ret;
-		}
 	return do_name_ex(send_fp_chars, fp, nm, indent, flags);
 }

--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -956,21 +956,6 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_D2I_NETSCAPE_SPKAC			 143
 #define ASN1_F_D2I_NETSCAPE_SPKI			 144
 #define ASN1_F_D2I_NOTICEREF				 268
-#define ASN1_F_D2I_OCSP_BASICRESP			 293
-#define ASN1_F_D2I_OCSP_CERTID				 294
-#define ASN1_F_D2I_OCSP_CERTSTATUS			 295
-#define ASN1_F_D2I_OCSP_CRLID				 296
-#define ASN1_F_D2I_OCSP_ONEREQ				 297
-#define ASN1_F_D2I_OCSP_REQINFO				 298
-#define ASN1_F_D2I_OCSP_REQUEST				 299
-#define ASN1_F_D2I_OCSP_RESPBYTES			 300
-#define ASN1_F_D2I_OCSP_RESPDATA			 301
-#define ASN1_F_D2I_OCSP_RESPID				 302
-#define ASN1_F_D2I_OCSP_RESPONSE			 303
-#define ASN1_F_D2I_OCSP_REVOKEDINFO			 304
-#define ASN1_F_D2I_OCSP_SERVICELOC			 305
-#define ASN1_F_D2I_OCSP_SIGNATURE			 306
-#define ASN1_F_D2I_OCSP_SINGLERESP			 307
 #define ASN1_F_D2I_OTHERNAME				 287
 #define ASN1_F_D2I_PBE2PARAM				 262
 #define ASN1_F_D2I_PBEPARAM				 249
@@ -1042,21 +1027,6 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_NETSCAPE_SPKAC_NEW			 190
 #define ASN1_F_NETSCAPE_SPKI_NEW			 191
 #define ASN1_F_NOTICEREF_NEW				 272
-#define ASN1_F_OCSP_BASICRESP_NEW			 308
-#define ASN1_F_OCSP_CERTID_NEW				 309
-#define ASN1_F_OCSP_CERTSTATUS_NEW			 310
-#define ASN1_F_OCSP_CRLID_NEW				 311
-#define ASN1_F_OCSP_ONEREQ_NEW				 312
-#define ASN1_F_OCSP_REQINFO_NEW				 313
-#define ASN1_F_OCSP_REQUEST_NEW				 314
-#define ASN1_F_OCSP_RESPBYTES_NEW			 315
-#define ASN1_F_OCSP_RESPDATA_NEW			 316
-#define ASN1_F_OCSP_RESPID_NEW				 317
-#define ASN1_F_OCSP_RESPONSE_NEW			 318
-#define ASN1_F_OCSP_REVOKEDINFO_NEW			 319
-#define ASN1_F_OCSP_SERVICELOC_NEW			 320
-#define ASN1_F_OCSP_SIGNATURE_NEW			 321
-#define ASN1_F_OCSP_SINGLERESP_NEW			 322
 #define ASN1_F_OTHERNAME_NEW				 288
 #define ASN1_F_PBE2PARAM_NEW				 264
 #define ASN1_F_PBEPARAM_NEW				 251
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -141,21 +141,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"d2i_NETSCAPE_SPKAC"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"d2i_NETSCAPE_SPKI"},
 {ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0),	"d2i_NOTICEREF"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_BASICRESP,0),	"d2i_OCSP_BASICRESP"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTID,0),	"d2i_OCSP_CERTID"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTSTATUS,0),	"d2i_OCSP_CERTSTATUS"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_CRLID,0),	"d2i_OCSP_CRLID"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_ONEREQ,0),	"d2i_OCSP_ONEREQ"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_REQINFO,0),	"d2i_OCSP_REQINFO"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_REQUEST,0),	"d2i_OCSP_REQUEST"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPBYTES,0),	"d2i_OCSP_RESPBYTES"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPDATA,0),	"d2i_OCSP_RESPDATA"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPID,0),	"d2i_OCSP_RESPID"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPONSE,0),	"d2i_OCSP_RESPONSE"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_REVOKEDINFO,0),	"d2i_OCSP_REVOKEDINFO"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_SERVICELOC,0),	"d2i_OCSP_SERVICELOC"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_SIGNATURE,0),	"d2i_OCSP_SIGNATURE"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_SINGLERESP,0),	"d2i_OCSP_SINGLERESP"},
 {ERR_PACK(0,ASN1_F_D2I_OTHERNAME,0),	"d2i_OTHERNAME"},
 {ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),	"d2i_PBE2PARAM"},
 {ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),	"d2i_PBEPARAM"},
@@ -227,21 +212,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_new"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_new"},
 {ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0),	"NOTICEREF_new"},
-{ERR_PACK(0,ASN1_F_OCSP_BASICRESP_NEW,0),	"OCSP_BASICRESP_new"},
-{ERR_PACK(0,ASN1_F_OCSP_CERTID_NEW,0),	"OCSP_CERTID_new"},
-{ERR_PACK(0,ASN1_F_OCSP_CERTSTATUS_NEW,0),	"OCSP_CERTSTATUS_new"},
-{ERR_PACK(0,ASN1_F_OCSP_CRLID_NEW,0),	"OCSP_CRLID_new"},
-{ERR_PACK(0,ASN1_F_OCSP_ONEREQ_NEW,0),	"OCSP_ONEREQ_new"},
-{ERR_PACK(0,ASN1_F_OCSP_REQINFO_NEW,0),	"OCSP_REQINFO_new"},
-{ERR_PACK(0,ASN1_F_OCSP_REQUEST_NEW,0),	"OCSP_REQUEST_new"},
-{ERR_PACK(0,ASN1_F_OCSP_RESPBYTES_NEW,0),	"OCSP_RESPBYTES_new"},
-{ERR_PACK(0,ASN1_F_OCSP_RESPDATA_NEW,0),	"OCSP_RESPDATA_new"},
-{ERR_PACK(0,ASN1_F_OCSP_RESPID_NEW,0),	"OCSP_RESPID_new"},
-{ERR_PACK(0,ASN1_F_OCSP_RESPONSE_NEW,0),	"OCSP_RESPONSE_new"},
-{ERR_PACK(0,ASN1_F_OCSP_REVOKEDINFO_NEW,0),	"OCSP_REVOKEDINFO_new"},
-{ERR_PACK(0,ASN1_F_OCSP_SERVICELOC_NEW,0),	"OCSP_SERVICELOC_new"},
-{ERR_PACK(0,ASN1_F_OCSP_SIGNATURE_NEW,0),	"OCSP_SIGNATURE_new"},
-{ERR_PACK(0,ASN1_F_OCSP_SINGLERESP_NEW,0),	"OCSP_SINGLERESP_new"},
 {ERR_PACK(0,ASN1_F_OTHERNAME_NEW,0),	"OTHERNAME_new"},
 {ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),	"PBE2PARAM_new"},
 {ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),	"PBEPARAM_new"},
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -301,7 +301,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length)
 		return(0);
 		}
 	if (c->inf == (1|V_ASN1_CONSTRUCTED))
-		c->slen= *length+ *(c->pp)-c->p;
+		c->slen= *length;
 	c->eos=0;
 	return(1);
 	}
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -76,8 +76,8 @@ extern "C" {
 	ASN1_CTX c; \
 	type ret=NULL; \
 	\
-	c.pp=(unsigned char **)pp; \
-	c.q= *(unsigned char **)pp; \
+	c.pp=pp; \
+	c.q= *pp; \
 	c.error=ERR_R_NESTED_ASN1_ERROR; \
 	if ((a == NULL) || ((*a) == NULL)) \
 		{ if ((ret=(type)func()) == NULL) \
@@ -85,13 +85,13 @@ extern "C" {
 	else	ret=(*a);

 #define M_ASN1_D2I_Init() \
-	c.p= *(unsigned char **)pp; \
+	c.p= *pp; \
 	c.max=(length == 0)?0:(c.p+length);

 #define M_ASN1_D2I_Finish_2(a) \
 	if (!asn1_Finish(&c)) \
 		{ c.line=__LINE__; goto err; } \
-	*(unsigned char **)pp=c.p; \
+	*pp=c.p; \
 	if (a != NULL) (*a)=ret; \
 	return(ret);

@@ -99,7 +99,7 @@ extern "C" {
 	M_ASN1_D2I_Finish_2(a); \
 err:\
 	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
+	asn1_add_error(*pp,(int)(c.q- *pp)); \
 	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
 	return(NULL)

@@ -196,6 +196,9 @@ err:\
 	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);

+#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
+	if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
 	if ((c.slen != 0) && \
 		(M_ASN1_next == \
@@ -389,6 +392,9 @@ err:\
 		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);

+#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
+		if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_I2D_len_IMP_SET(a,f,x) \
 		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);

@@ -452,6 +458,15 @@ err:\
 			ret+=ASN1_object_size(1,v,mtag); \
 			}

+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+		if (a)\
+			{ \
+			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+						 V_ASN1_UNIVERSAL, \
+						 IS_SEQUENCE); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
 /* Put Macros */
 #define M_ASN1_I2D_put(a,f)	f(a,&p)

@@ -536,6 +551,14 @@ err:\
 					       IS_SEQUENCE); \
 			}

+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+		if (a) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+					       IS_SEQUENCE); \
+			}
+
 #define M_ASN1_I2D_seq_total() \
 		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
 		if (pp == NULL) return(r); \
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -84,8 +84,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 		{
 #ifndef NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL)
 			{
 			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
 			goto err;
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -84,8 +84,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 		{
 #ifndef NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,pp,length)) == NULL)
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
--- a/crypto/asn1/d2i_r_pr.c
+++ b/crypto/asn1/d2i_r_pr.c
@@ -75,7 +75,7 @@ ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
 	return(&method);
 	}

-RSA *d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length)
+RSA *d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length)
 	{
 	int i=ASN1_R_PARSING;
 	ASN1_INTEGER *bs=NULL;
--- a/crypto/asn1/d2i_r_pu.c
+++ b/crypto/asn1/d2i_r_pu.c
@@ -68,7 +68,7 @@
 #define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
 #endif

-RSA *d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length)
+RSA *d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length)
 	{
 	int i=ASN1_R_PARSING;
 	ASN1_INTEGER *bs=NULL;
--- a/crypto/asn1/i2d_r_pr.c
+++ b/crypto/asn1/i2d_r_pr.c
@@ -64,7 +64,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>

-int i2d_RSAPrivateKey(const RSA *a, unsigned char **pp)
+int i2d_RSAPrivateKey(RSA *a, unsigned char **pp)
 	{
 	BIGNUM *num[9];
 	unsigned char data[1];
--- a/crypto/asn1/i2d_r_pu.c
+++ b/crypto/asn1/i2d_r_pu.c
@@ -64,7 +64,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>

-int i2d_RSAPublicKey(const RSA *a, unsigned char **pp)
+int i2d_RSAPublicKey(RSA *a, unsigned char **pp)
 	{
 	BIGNUM *num[2];
 	ASN1_INTEGER bs;
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -80,12 +80,12 @@ static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, lo
 static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
 static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);

-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
+int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
 {
 	return i2d_RSA_NET(a, pp, cb, 0);
 }

-int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
+int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	{
 	int i,j,l[6];
 	NETSCAPE_PKEY *pkey;
@@ -205,18 +205,18 @@ err:
 	}


-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
+RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
 {
 	return d2i_RSA_NET(a, pp, length, cb, 0);
 }

-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
+RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey)
 	{
 	RSA *ret=NULL;
 	ASN1_OCTET_STRING *os=NULL;
 	ASN1_CTX c;

-	c.pp=(unsigned char **)pp; /* TMP UGLY CAST */
+	c.pp=pp;
 	c.error=ASN1_R_DECODING_ERROR;

 	M_ASN1_D2I_Init();
@@ -231,8 +231,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), in
 		}
 	M_ASN1_BIT_STRING_free(os);
 	c.q=c.p;
-	if ((ret=d2i_RSA_NET_2(a,(const unsigned char **)&c.p, /* TMP UGLY CAST */
-			       c.slen,cb, sgckey)) == NULL) goto err;
+	if ((ret=d2i_RSA_NET_2(a,&c.p,c.slen,cb, sgckey)) == NULL) goto err;
 	/* Note: some versions of IIS key files use length values that are
 	 * too small for the surrounding SEQUENCEs. This following line
 	 * effectively disable length checking.
@@ -242,13 +241,13 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), in
 	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
 	}

-RSA *d2i_Netscape_RSA_2(RSA **a, const unsigned char **pp, long length,
+RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
 	     int (*cb)())
 {
 	return d2i_RSA_NET_2(a, pp, length, cb, 0);
 }

-RSA *d2i_RSA_NET_2(RSA **a, const unsigned char **pp, long length,
+RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
 	     int (*cb)(), int sgckey)
 	{
 	NETSCAPE_PKEY *pkey=NULL;
@@ -262,7 +261,7 @@ RSA *d2i_RSA_NET_2(RSA **a, const unsigned char **pp, long length,
 	ASN1_CTX c;

 	c.error=ERR_R_NESTED_ASN1_ERROR;
-	c.pp=(unsigned char **)pp;
+	c.pp=pp;

 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
@@ -311,8 +310,7 @@ RSA *d2i_RSA_NET_2(RSA **a, const unsigned char **pp, long length,
 		}
 		
 	zz=pkey->private_key->data;
-	if ((ret=d2i_RSAPrivateKey(a,(const unsigned char **)&zz, /* TMP UGLY CAST */
-		pkey->private_key->length)) == NULL)
+	if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
 		{
 		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
 		goto err;
--- a/crypto/asn1/p7_lib.c
+++ b/crypto/asn1/p7_lib.c
@@ -307,12 +307,14 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
 			}
 		if (Tinf == (1|V_ASN1_CONSTRUCTED))
 			{
+			c.q=c.p;
 			if (!ASN1_check_infinite_end(&c.p,c.slen))
 				{
 				c.error=ERR_R_MISSING_ASN1_EOS;
 				c.line=__LINE__;
 				goto err;
 				}
+			c.slen-=(c.p-c.q);
 			}
 		}
 	else
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -74,7 +74,7 @@ static int print(BIO *fp,const char *str,BIGNUM *num,
 		unsigned char *buf,int off);
 #ifndef NO_RSA
 #ifndef NO_FP_API
-int RSA_print_fp(FILE *fp, const RSA *x, int off)
+int RSA_print_fp(FILE *fp, RSA *x, int off)
        {
        BIO *b;
        int ret;
@@ -91,7 +91,7 @@ int RSA_print_fp(FILE *fp, const RSA *x, int off)
        }
 #endif

-int RSA_print(BIO *bp, const RSA *x, int off)
+int RSA_print(BIO *bp, RSA *x, int off)
 	{
 	char str[128];
 	const char *s;
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -72,11 +72,6 @@

 #ifndef NO_FP_API
 int X509_print_fp(FILE *fp, X509 *x)
-	{
-	return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-	}
-
-int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
        {
        BIO *b;
        int ret;
@@ -87,23 +82,17 @@ int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cfla
                return(0);
 		}
        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_print_ex(b, x, nmflag, cflag);
+        ret=X509_print(b, x);
        BIO_free(b);
        return(ret);
        }
 #endif

 int X509_print(BIO *bp, X509 *x)
-{
-	return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-}
-
-int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	{
 	long l;
 	int ret=0,i,j,n;
-	char *m=NULL,*s, mlch = ' ';
-	int nmindent = 0;
+	char *m=NULL,*s;
 	X509_CINF *ci;
 	ASN1_INTEGER *bs;
 	EVP_PKEY *pkey=NULL;
@@ -111,127 +100,89 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	X509_EXTENSION *ex;
 	ASN1_STRING *str=NULL;

-	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-			mlch = '\n';
-			nmindent = 16;
-	}
-
-	if(nmflags == X509_FLAG_COMPAT)
-		nmindent = 16;
-
 	ci=x->cert_info;
-	if(!(cflag & X509_FLAG_NO_HEADER))
-		{
-		if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
-		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_VERSION))
-		{
-		l=X509_get_version(x);
-		if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_SERIAL))
-		{
+	if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+	if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
+	l=X509_get_version(x);
+	if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+	if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;

-		if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
-
-		bs=X509_get_serialNumber(x);
-		if (bs->length <= 4)
+	bs=X509_get_serialNumber(x);
+	if (bs->length <= 4)
+		{
+		l=ASN1_INTEGER_get(bs);
+		if (l < 0)
 			{
-			l=ASN1_INTEGER_get(bs);
-			if (l < 0)
-				{
-				l= -l;
-				neg="-";
-				}
-			else
-				neg="";
-			if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
+			l= -l;
+			neg="-";
+			}
+		else
+			neg="";
+		if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
+			goto err;
+		}
+	else
+		{
+		neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+		if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
+
+		for (i=0; i<bs->length; i++)
+			{
+			if (BIO_printf(bp,"%02x%c",bs->data[i],
+				((i+1 == bs->length)?'\n':':')) <= 0)
 				goto err;
 			}
-		else
-			{
-			neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
-			if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
-
-			for (i=0; i<bs->length; i++)
-				{
-				if (BIO_printf(bp,"%02x%c",bs->data[i],
-					((i+1 == bs->length)?'\n':':')) <= 0)
-					goto err;
-				}
-			}
-
 		}

-	if(!(cflag & X509_FLAG_NO_SIGNAME))
-		{
-		i=OBJ_obj2nid(ci->signature->algorithm);
-		if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
-			(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
-			goto err;
-		}
+	i=OBJ_obj2nid(ci->signature->algorithm);
+	if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
+		goto err;

-	if(!(cflag & X509_FLAG_NO_ISSUER))
-		{
-		if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
-		if (!X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags)) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_VALIDITY))
-		{
-		if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
-		if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-		if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
-		if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-		if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
-		if (BIO_write(bp,"\n",1) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_SUBJECT))
-		{
-		if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
-		if (!X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags)) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_PUBKEY))
-		{
-		if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
-			goto err;
-		i=OBJ_obj2nid(ci->key->algor->algorithm);
-		if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
-			(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+	if (BIO_write(bp,"        Issuer: ",16) <= 0) goto err;
+	if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
+	if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
+	if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
+	if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
+	if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
+	if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
+	if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
+	if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
+	if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
+		goto err;
+	i=OBJ_obj2nid(ci->key->algor->algorithm);
+	if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;

-		pkey=X509_get_pubkey(x);
-		if (pkey == NULL)
-			{
-			BIO_printf(bp,"%12sUnable to load Public Key\n","");
-			ERR_print_errors(bp);
-			}
-		else
+	pkey=X509_get_pubkey(x);
+	if (pkey == NULL)
+		{
+		BIO_printf(bp,"%12sUnable to load Public Key\n","");
+		ERR_print_errors(bp);
+		}
+	else
 #ifndef NO_RSA
-		if (pkey->type == EVP_PKEY_RSA)
-			{
-			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-			BN_num_bits(pkey->pkey.rsa->n));
-			RSA_print(bp,pkey->pkey.rsa,16);
-			}
-		else
+	if (pkey->type == EVP_PKEY_RSA)
+		{
+		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+		BN_num_bits(pkey->pkey.rsa->n));
+		RSA_print(bp,pkey->pkey.rsa,16);
+		}
+	else
 #endif
 #ifndef NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-			{
-			BIO_printf(bp,"%12sDSA Public Key:\n","");
-			DSA_print(bp,pkey->pkey.dsa,16);
-			}
-		else
-#endif
-			BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-		EVP_PKEY_free(pkey);
+	if (pkey->type == EVP_PKEY_DSA)
+		{
+		BIO_printf(bp,"%12sDSA Public Key:\n","");
+		DSA_print(bp,pkey->pkey.dsa,16);
 		}
-
-	if (cflag & X509_FLAG_NO_EXTENSIONS)
-		n = 0;
 	else
-		n=X509_get_ext_count(x);
+#endif
+		BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+	EVP_PKEY_free(pkey);
+
+	n=X509_get_ext_count(x);
 	if (n > 0)
 		{
 		BIO_printf(bp,"%8sX509v3 extensions:\n","");
@@ -245,7 +196,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 			j=X509_EXTENSION_get_critical(ex);
 			if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
 				goto err;
-			if(!X509V3_EXT_print(bp, ex, cflag, 16))
+			if(!X509V3_EXT_print(bp, ex, 0, 16))
 				{
 				BIO_printf(bp, "%16s", "");
 				M_ASN1_OCTET_STRING_print(bp,ex->value);
@@ -254,27 +205,21 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 			}
 		}

-	if(!(cflag & X509_FLAG_NO_SIGDUMP))
-		{
-		i=OBJ_obj2nid(x->sig_alg->algorithm);
-		if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
-			(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;

-		n=x->signature->length;
-		s=(char *)x->signature->data;
-		for (i=0; i<n; i++)
-			{
-			if ((i%18) == 0)
-				if (BIO_write(bp,"\n        ",9) <= 0) goto err;
-			if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
-				((i+1) == n)?"":":") <= 0) goto err;
-			}
-		if (BIO_write(bp,"\n",1) != 1) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_AUX))
+	n=x->signature->length;
+	s=(char *)x->signature->data;
+	for (i=0; i<n; i++)
 		{
-		if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
+		if ((i%18) == 0)
+			if (BIO_write(bp,"\n        ",9) <= 0) goto err;
+		if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
+			((i+1) == n)?"":":") <= 0) goto err;
 		}
+	if (BIO_write(bp,"\n",1) != 1) goto err;
+	if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
 	ret=1;
 err:
 	if (str != NULL) ASN1_STRING_free(str);
@@ -282,56 +227,6 @@ err:
 	return(ret);
 	}

-int X509_ocspid_print (BIO *bp, X509 *x)
-	{
-	unsigned char *der=NULL ;
-	unsigned char *dertmp;
-	int derlen;
-	int i;
-	SHA_CTX SHA1buf ;
-	unsigned char SHA1md[SHA_DIGEST_LENGTH];
-
-	/* display the hash of the subject as it would appear
-	   in OCSP requests */
-	if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
-		goto err;
-	derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
-	if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
-		goto err;
-	i2d_X509_NAME(x->cert_info->subject, &dertmp);
-
-	SHA1_Init(&SHA1buf);
-	SHA1_Update(&SHA1buf, der, derlen);
-	SHA1_Final(SHA1md,&SHA1buf);
-	for (i=0; i < SHA_DIGEST_LENGTH; i++)
-		{
-		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
-		}
-	OPENSSL_free (der);
-	der=NULL;
-
-	/* display the hash of the public key as it would appear
-	   in OCSP requests */
-	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
-		goto err;
-
-	SHA1_Init(&SHA1buf);
-	SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data,
-		x->cert_info->key->public_key->length);
-	SHA1_Final(SHA1md,&SHA1buf);
-	for (i=0; i < SHA_DIGEST_LENGTH; i++)
-		{
-		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
-			goto err;
-		}
-	BIO_printf(bp,"\n");
-
-	return (1);
-err:
-	if (der != NULL) OPENSSL_free(der);
-	return(0);
-	}
-
 int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
 	{
 	int i,n;
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)

 	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					 i2d_X509_EXTENSION);

 	M_ASN1_I2D_seq_total();

 	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					 i2d_X509_EXTENSION);

 	M_ASN1_I2D_finish();
@@ -121,7 +121,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
 	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
 					 i2d_X509_REVOKED);
-	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					     i2d_X509_EXTENSION,0,
 					     V_ASN1_SEQUENCE,v1);

@@ -138,7 +138,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
 	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
 					 i2d_X509_REVOKED);
-	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					     i2d_X509_EXTENSION,0,
 					     V_ASN1_SEQUENCE,v1);

@@ -260,7 +260,7 @@ X509_CRL_INFO *X509_CRL_INFO_new(void)
 	M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
 	ret->nextUpdate=NULL;
 	M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
-	M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null);
+	ret->extensions = NULL;
 	sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -141,10 +141,12 @@ static int i2d_X509_NAME_entries(X509_NAME *a)
 			}
 		size+=i2d_X509_NAME_ENTRY(ne,NULL);
 		}
-
-	ret+=ASN1_object_size(1,size,V_ASN1_SET);
 	if (fe != NULL)
+		{
+		/* SET OF needed only if entries is non empty */
+		ret+=ASN1_object_size(1,size,V_ASN1_SET);
 		fe->size=size;
+		}

 	r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);

--- a/crypto/bio/Makefile.ssl
+++ b/crypto/bio/Makefile.ssl
@@ -96,13 +96,13 @@ b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 b_dump.o: ../cryptlib.h
-b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-b_print.o: ../cryptlib.h
+b_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+b_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h
 b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -123,8 +123,7 @@ bf_buff.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 bf_buff.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 bf_buff.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 bf_buff.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-bf_buff.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-bf_buff.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+bf_buff.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 bf_buff.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 bf_buff.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 bf_buff.o: ../../include/openssl/symhacks.h ../cryptlib.h
@@ -142,11 +141,10 @@ bf_nbio.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 bf_nbio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 bf_nbio.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-bf_nbio.o: ../../include/openssl/rijndael-alg-fst.h
-bf_nbio.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-bf_nbio.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-bf_nbio.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-bf_nbio.o: ../../include/openssl/symhacks.h ../cryptlib.h
+bf_nbio.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bf_nbio.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_nbio.o: ../cryptlib.h
 bf_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bf_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -160,8 +158,7 @@ bf_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 bf_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 bf_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 bf_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-bf_null.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-bf_null.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+bf_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 bf_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 bf_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 bf_null.o: ../../include/openssl/symhacks.h ../cryptlib.h
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -69,6 +69,7 @@
 #ifndef NO_SYS_TYPES_H
 #include <sys/types.h>
 #endif
+#include <openssl/bn.h>         /* To get BN_LLONG properly defined */
 #include <openssl/bio.h>

 #ifdef BN_LLONG
@@ -151,7 +152,7 @@ static void _dopr(char **sbuffer, char **buffer,

 /* some handy macros */
 #define char_to_int(p) (p - '0')
-#define OSSL_MAX(p,q) ((p >= q) ? p : q)
+#define MAX(p,q) ((p >= q) ? p : q)

 static void
 _dopr(
@@ -502,13 +503,13 @@ fmtint(
    convert[place] = 0;

    zpadlen = max - place;
-    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
+    spadlen = min - MAX(max, place) - (signvalue ? 1 : 0);
    if (zpadlen < 0)
        zpadlen = 0;
    if (spadlen < 0)
        spadlen = 0;
    if (flags & DP_F_ZERO) {
-        zpadlen = OSSL_MAX(zpadlen, spadlen);
+        zpadlen = MAX(zpadlen, spadlen);
        spadlen = 0;
    }
    if (flags & DP_F_MINUS)
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -519,10 +519,10 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 	{
 	int ret=0;
 	struct sockaddr_in server,client;
-	int s= -1,cs;
+	int s=INVALID_SOCKET,cs;
 	unsigned char ip[4];
 	unsigned short port;
-	char *str,*e;
+	char *str=NULL,*e;
 	const char *h,*p;
 	unsigned long l;
 	int err_num;
@@ -553,7 +553,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 		h="*";
 		}

-	if (!BIO_get_port(p,&port)) return(INVALID_SOCKET);
+	if (!BIO_get_port(p,&port)) goto err;

 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
@@ -563,7 +563,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 		server.sin_addr.s_addr=INADDR_ANY;
 	else
 		{
-		if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
+                if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
 		l=(unsigned long)
 			((unsigned long)ip[0]<<24L)|
 			((unsigned long)ip[1]<<16L)|
@@ -661,7 +661,6 @@ int BIO_accept(int sock, char **addr)
 	ret=accept(sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
-		if(BIO_sock_should_retry(ret)) return -2;
 		SYSerr(SYS_F_ACCEPT,get_last_socket_error());
 		BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
 		goto end;
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -179,7 +179,7 @@ extern "C" {
 #define BIO_retry_type(a)		((a)->flags & BIO_FLAGS_RWS)
 #define BIO_should_retry(a)		((a)->flags & BIO_FLAGS_SHOULD_RETRY)

-/* The next three are used in conjunction with the
+/* The next two are used in conjunction with the
 * BIO_should_io_special() condition.  After this returns true,
 * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
 * stack and return the 'reason' for the special and the offending BIO.
@@ -188,8 +188,6 @@ extern "C" {
 #define BIO_RR_SSL_X509_LOOKUP		0x01
 /* Returned from the connect BIO when a connect would have blocked */
 #define BIO_RR_CONNECT			0x02
-/* Returned from the accept BIO when an accept would have blocked */
-#define BIO_RR_ACCEPT			0x03

 /* These are passed by the BIO callback */
 #define BIO_CB_FREE	0x01
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -236,20 +236,8 @@ again:
 			c->state=ACPT_S_OK;
 			goto again;
 			}
-		BIO_clear_retry_flags(b);
-		b->retry_reason=0;
 		i=BIO_accept(c->accept_sock,&(c->addr));
-
-		/* -2 return means we should retry */
-		if(i == -2)
-			{
-			BIO_set_retry_special(b);
-			b->retry_reason=BIO_RR_ACCEPT;
-			return -1;
-			}
-
 		if (i < 0) return(i);
-
 		bio=BIO_new_socket(i,BIO_CLOSE);
 		if (bio == NULL) goto err;

--- a/crypto/bn/asm/mips3.s
+++ b/crypto/bn/asm/mips3.s
@@ -586,13 +586,13 @@ LEAF(bn_div_3_words)
 	ld	a0,(a3)
 	move	ta2,a1
 	ld	a1,-8(a3)
-	move	ta3,ra
-	move	v1,zero
+	bne	a0,a2,.L_bn_div_3_words_proceed
 	li	v0,-1
-	beq	a0,a2,.L_bn_div_3_words_skip_div
+	jr	ra
+.L_bn_div_3_words_proceed:
+	move	ta3,ra
 	bal	bn_div_words
 	move	ra,ta3
-.L_bn_div_3_words_skip_div:
 	dmultu	ta2,v0
 	ld	t2,-16(a3)
 	move	ta0,zero
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -239,7 +239,7 @@ typedef struct bignum_st
 	} BIGNUM;

 /* Used for temp variables */
-#define BN_CTX_NUM	12
+#define BN_CTX_NUM	16
 #define BN_CTX_NUM_POS	12
 typedef struct bignum_ctx
 	{
@@ -328,6 +328,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx);
 void	BN_CTX_end(BN_CTX *ctx);
 int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
 int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int	BN_rand_range(BIGNUM *rnd, BIGNUM *range);
 int	BN_num_bits(const BIGNUM *a);
 int	BN_num_bits_word(BN_ULONG);
 BIGNUM *BN_new(void);
@@ -345,35 +346,33 @@ int	BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int	BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
 int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 	       BN_CTX *ctx);
-int	BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int	BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
+int	BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+int	BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
 BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
 BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
 int	BN_mul_word(BIGNUM *a, BN_ULONG w);
 int	BN_add_word(BIGNUM *a, BN_ULONG w);
 int	BN_sub_word(BIGNUM *a, BN_ULONG w);
 int	BN_set_word(BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_get_word(const BIGNUM *a);
+BN_ULONG BN_get_word(BIGNUM *a);
 int	BN_cmp(const BIGNUM *a, const BIGNUM *b);
 void	BN_free(BIGNUM *a);
 int	BN_is_bit_set(const BIGNUM *a, int n);
 int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
-int	BN_lshift1(BIGNUM *r, const BIGNUM *a);
-int	BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
-int	BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m,BN_CTX *ctx);
-int	BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int	BN_lshift1(BIGNUM *r, BIGNUM *a);
+int	BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx);
+int	BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+		   const BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 int	BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int	BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
-	const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
-	BN_CTX *ctx,BN_MONT_CTX *m_ctx);
-int	BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m,BN_CTX *ctx);
+			const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int	BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
+		BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx);
+int	BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
+	BIGNUM *m,BN_CTX *ctx);
 int	BN_mask_bits(BIGNUM *a,int n);
-int	BN_mod_mul(BIGNUM *ret, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
 #ifndef NO_FP_API
 int	BN_print_fp(FILE *fp, const BIGNUM *a);
 #endif
@@ -382,9 +381,9 @@ int	BN_print(BIO *fp, const BIGNUM *a);
 #else
 int	BN_print(void *fp, const BIGNUM *a);
 #endif
-int	BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
-int	BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
-int	BN_rshift1(BIGNUM *r, const BIGNUM *a);
+int	BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx);
+int	BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+int	BN_rshift1(BIGNUM *r, BIGNUM *a);
 void	BN_clear(BIGNUM *a);
 BIGNUM *BN_dup(const BIGNUM *a);
 int	BN_ucmp(const BIGNUM *a, const BIGNUM *b);
@@ -395,11 +394,9 @@ char *	BN_bn2dec(const BIGNUM *a);
 int 	BN_hex2bn(BIGNUM **a, const char *str);
 int 	BN_dec2bn(BIGNUM **a, const char *str);
 int	BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
-BIGNUM *BN_mod_inverse(BIGNUM *ret,
-	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
-	const BIGNUM *add, const BIGNUM *rem,
-	void (*callback)(int,int,void *),void *cb_arg);
+BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,BIGNUM *add,
+		BIGNUM *rem,void (*callback)(int,int,void *),void *cb_arg);
 int	BN_is_prime(const BIGNUM *p,int nchecks,
 		void (*callback)(int,int,void *),
 		BN_CTX *ctx,void *cb_arg);
@@ -410,8 +407,8 @@ void	ERR_load_BN_strings(void );

 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
-	BN_MONT_CTX *mont, BN_CTX *ctx);
+int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
+			  BN_CTX *ctx);
 int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
 void BN_MONT_CTX_free(BN_MONT_CTX *mont);
 int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
@@ -430,11 +427,11 @@ void	BN_RECP_CTX_init(BN_RECP_CTX *recp);
 BN_RECP_CTX *BN_RECP_CTX_new(void);
 void	BN_RECP_CTX_free(BN_RECP_CTX *recp);
 int	BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
-int	BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+int	BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y,
 		BN_RECP_CTX *recp,BN_CTX *ctx);
 int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *m, BN_CTX *ctx);
-int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
 		BN_RECP_CTX *recp, BN_CTX *ctx);

 /* library internal functions */
@@ -443,7 +440,6 @@ int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
 	(a):bn_expand2((a),(bits)/BN_BITS2+1))
 #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
 BIGNUM *bn_expand2(BIGNUM *a, int words);
-BIGNUM *bn_dup_expand(const BIGNUM *a, int words);

 #define bn_fix_top(a) \
        { \
@@ -472,6 +468,8 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 # define bn_dump(a,b)
 #endif

+int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -498,16 +496,19 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 #define BN_F_BN_MPI2BN					 112
 #define BN_F_BN_NEW					 113
 #define BN_F_BN_RAND					 114
+#define BN_F_BN_RAND_RANGE				 122
 #define BN_F_BN_USUB					 115

 /* Reason codes. */
 #define BN_R_ARG2_LT_ARG3				 100
 #define BN_R_BAD_RECIPROCAL				 101
+#define BN_R_BIGNUM_TOO_LONG				 114
 #define BN_R_CALLED_WITH_EVEN_MODULUS			 102
 #define BN_R_DIV_BY_ZERO				 103
 #define BN_R_ENCODING_ERROR				 104
 #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
 #define BN_R_INVALID_LENGTH				 106
+#define BN_R_INVALID_RANGE				 115
 #define BN_R_NOT_INITIALIZED				 107
 #define BN_R_NO_INVERSE					 108
 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -180,13 +180,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,

 	BN_CTX_start(ctx);
 	tmp=BN_CTX_get(ctx);
-	tmp->neg=0;
 	snum=BN_CTX_get(ctx);
 	sdiv=BN_CTX_get(ctx);
 	if (dv == NULL)
 		res=BN_CTX_get(ctx);
 	else	res=dv;
-	if (res == NULL) goto err;
+	if (sdiv==NULL || res == NULL) goto err;
+	tmp->neg=0;

 	/* First we normalise the numbers */
 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@@ -237,7 +237,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	for (i=0; i<loop-1; i++)
 		{
 		BN_ULONG q,l0;
-#ifdef BN_DIV3W
+#if defined(BN_DIV3W) && !defined(NO_ASM)
+		BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
 		q=bn_div_3_words(wnump,d1,d0);
 #else
 		BN_ULONG n0,n1,rem=0;
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -84,6 +84,7 @@ static ERR_STRING_DATA BN_str_functs[]=
 {ERR_PACK(0,BN_F_BN_MPI2BN,0),	"BN_mpi2bn"},
 {ERR_PACK(0,BN_F_BN_NEW,0),	"BN_new"},
 {ERR_PACK(0,BN_F_BN_RAND,0),	"BN_rand"},
+{ERR_PACK(0,BN_F_BN_RAND_RANGE,0),	"BN_rand_range"},
 {ERR_PACK(0,BN_F_BN_USUB,0),	"BN_usub"},
 {0,NULL}
 	};
@@ -92,11 +93,13 @@ static ERR_STRING_DATA BN_str_reasons[]=
 	{
 {BN_R_ARG2_LT_ARG3                       ,"arg2 lt arg3"},
 {BN_R_BAD_RECIPROCAL                     ,"bad reciprocal"},
+{BN_R_BIGNUM_TOO_LONG                    ,"bignum too long"},
 {BN_R_CALLED_WITH_EVEN_MODULUS           ,"called with even modulus"},
 {BN_R_DIV_BY_ZERO                        ,"div by zero"},
 {BN_R_ENCODING_ERROR                     ,"encoding error"},
 {BN_R_EXPAND_ON_STATIC_BIGNUM_DATA       ,"expand on static bignum data"},
 {BN_R_INVALID_LENGTH                     ,"invalid length"},
+{BN_R_INVALID_RANGE                      ,"invalid range"},
 {BN_R_NOT_INITIALIZED                    ,"not initialized"},
 {BN_R_NO_INVERSE                         ,"no inverse"},
 {BN_R_TOO_MANY_TEMPORARY_VARIABLES       ,"too many temporary variables"},
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -117,8 +117,7 @@
 #define TABLE_SIZE	32

 /* slow but works */
-int BN_mod_mul(BIGNUM *ret, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-	BN_CTX *ctx)
+int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
 	{
 	BIGNUM *t;
 	int r=0;
@@ -142,7 +141,7 @@ err:


 /* this one works - simple but works */
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)
 	{
 	int i,bits,ret=0;
 	BIGNUM *v,*rr;
@@ -177,7 +176,7 @@ err:
 	}


-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	       BN_CTX *ctx)
 	{
 	int ret;
@@ -326,13 +325,13 @@ err:
 	}


-int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
 		    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
 	{
 	int i,j,bits,ret=0,wstart,wend,window,wvalue;
 	int start=1,ts=0;
 	BIGNUM *d,*r;
-	const BIGNUM *aa;
+	BIGNUM *aa;
 	BIGNUM val[TABLE_SIZE];
 	BN_MONT_CTX *mont=NULL;

@@ -591,9 +590,8 @@ err:


 /* The old fallback, simple version :-) */
-int BN_mod_exp_simple(BIGNUM *r,
-	const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
-	BN_CTX *ctx)
+int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
+	     BN_CTX *ctx)
 	{
 	int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0;
 	int start=1;
--- a/crypto/bn/bn_exp2.c
+++ b/crypto/bn/bn_exp2.c
@@ -115,14 +115,13 @@

 #define TABLE_SIZE	32

-int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
-	const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
-	BN_CTX *ctx, BN_MONT_CTX *in_mont)
+int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
+	     BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
 	{
 	int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
 	int r_is_one=1,ts1=0,ts2=0;
 	BIGNUM *d,*r;
-	const BIGNUM *a_mod_m;
+	BIGNUM *a_mod_m;
 	BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE];
 	BN_MONT_CTX *mont=NULL;

--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -144,8 +144,7 @@ err:
 	}

 /* solves ax == 1 (mod n) */
-BIGNUM *BN_mod_inverse(BIGNUM *in,
-	const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
 	{
 	BIGNUM *A,*B,*X,*Y,*M,*D,*R=NULL;
 	BIGNUM *T,*ret=NULL;
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -62,6 +62,7 @@
 #endif

 #include <assert.h>
+#include <limits.h>
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
@@ -304,35 +305,48 @@ BIGNUM *BN_new(void)
 	return(ret);
 	}

-/* This is used both by bn_expand2() and bn_dup_expand() */
-/* The caller MUST check that words > b->dmax before calling this */
-static BN_ULONG *internal_bn_expand(const BIGNUM *b, int words)
+/* This is an internal function that should not be used in applications.
+ * It ensures that 'b' has enough room for a 'words' word number number.
+ * It is mostly used by the various BIGNUM routines. If there is an error,
+ * NULL is returned. If not, 'b' is returned. */
+
+BIGNUM *bn_expand2(BIGNUM *b, int words)
 	{
-	BN_ULONG *A,*a = NULL;
+	BN_ULONG *A,*a;
 	const BN_ULONG *B;
 	int i;

-	bn_check_top(b);	
-	if (BN_get_flags(b,BN_FLG_STATIC_DATA))
+	bn_check_top(b);
+
+	if (words > b->dmax)
 		{
-		BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
-		return(NULL);
-		}
-	a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
-	if (A == NULL)
-		{
-		BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
+		if (words > (INT_MAX/(4*BN_BITS2)))
+			{
+			BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG);
+			return NULL;
+			}
+			
+		bn_check_top(b);	
+		if (BN_get_flags(b,BN_FLG_STATIC_DATA))
+			{
+			BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+			return(NULL);
+			}
+		a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
+		if (A == NULL)
+			{
+			BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
 #if 1
-	B=b->d;
-	/* Check if the previous number needs to be copied */
-	if (B != NULL)
-		{
+		B=b->d;
+		/* Check if the previous number needs to be copied */
+		if (B != NULL)
+			{
 #if 0
-		/* This lot is an unrolled loop to copy b->top 
-		 * BN_ULONGs from B to A
-		 */
+			/* This lot is an unrolled loop to copy b->top 
+			 * BN_ULONGs from B to A
+			 */
 /*
 * I have nothing against unrolling but it's usually done for
 * several reasons, namely:
@@ -356,170 +370,107 @@ static BN_ULONG *internal_bn_expand(const BIGNUM *b, int words)
 *
 *					<appro@fy.chalmers.se>
 */
-		for (i=b->top&(~7); i>0; i-=8)
-			{
-			A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
-			A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
-			A+=8;
-			B+=8;
-			}
-		switch (b->top&7)
-			{
-		case 7:
-			A[6]=B[6];
-		case 6:
-			A[5]=B[5];
-		case 5:
-			A[4]=B[4];
-		case 4:
-			A[3]=B[3];
-		case 3:
-			A[2]=B[2];
-		case 2:
-			A[1]=B[1];
-		case 1:
-			A[0]=B[0];
-		case 0:
-			/* I need the 'case 0' entry for utrix cc.
-			 * If the optimizer is turned on, it does the
-			 * switch table by doing
-			 * a=top&7
-			 * a--;
-			 * goto jump_table[a];
-			 * If top is 0, this makes us jump to 0xffffffc 
-			 * which is rather bad :-(.
-			 * eric 23-Apr-1998
-			 */
-			;
-			}
+			for (i=b->top&(~7); i>0; i-=8)
+				{
+				A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
+				A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
+				A+=8;
+				B+=8;
+				}
+			switch (b->top&7)
+				{
+			case 7:
+				A[6]=B[6];
+			case 6:
+				A[5]=B[5];
+			case 5:
+				A[4]=B[4];
+			case 4:
+				A[3]=B[3];
+			case 3:
+				A[2]=B[2];
+			case 2:
+				A[1]=B[1];
+			case 1:
+				A[0]=B[0];
+			case 0:
+				/* I need the 'case 0' entry for utrix cc.
+				 * If the optimizer is turned on, it does the
+				 * switch table by doing
+				 * a=top&7
+				 * a--;
+				 * goto jump_table[a];
+				 * If top is 0, this makes us jump to 0xffffffc 
+				 * which is rather bad :-(.
+				 * eric 23-Apr-1998
+				 */
+				;
+				}
 #else
-		for (i=b->top>>2; i>0; i--,A+=4,B+=4)
-			{
-			/*
-			 * The fact that the loop is unrolled
-			 * 4-wise is a tribute to Intel. It's
-			 * the one that doesn't have enough
-			 * registers to accomodate more data.
-			 * I'd unroll it 8-wise otherwise:-)
-			 *
-			 *		<appro@fy.chalmers.se>
-			 */
-			BN_ULONG a0,a1,a2,a3;
-			a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
-			A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
-			}
-		switch (b->top&3)
-			{
-		case 3:	A[2]=B[2];
-		case 2:	A[1]=B[1];
-		case 1:	A[0]=B[0];
-		case 0:	; /* ultrix cc workaround, see above */
-			}
+			for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+				{
+				/*
+				 * The fact that the loop is unrolled
+				 * 4-wise is a tribute to Intel. It's
+				 * the one that doesn't have enough
+				 * registers to accomodate more data.
+				 * I'd unroll it 8-wise otherwise:-)
+				 *
+				 *		<appro@fy.chalmers.se>
+				 */
+				BN_ULONG a0,a1,a2,a3;
+				a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+				A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+				}
+			switch (b->top&3)
+				{
+				case 3:	A[2]=B[2];
+				case 2:	A[1]=B[1];
+				case 1:	A[0]=B[0];
+				case 0:	; /* ultrix cc workaround, see above */
+				}
 #endif
-		}
+			OPENSSL_free(b->d);
+			}

-	/* Now need to zero any data between b->top and b->max */
+		b->d=a;
+		b->dmax=words;

-	A= &(a[b->top]);
-	for (i=(words - b->top)>>3; i>0; i--,A+=8)
-		{
-		A[0]=0; A[1]=0; A[2]=0; A[3]=0;
-		A[4]=0; A[5]=0; A[6]=0; A[7]=0;
-		}
-	for (i=(words - b->top)&7; i>0; i--,A++)
-		A[0]=0;
+		/* Now need to zero any data between b->top and b->max */
+
+		A= &(b->d[b->top]);
+		for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
+			{
+			A[0]=0; A[1]=0; A[2]=0; A[3]=0;
+			A[4]=0; A[5]=0; A[6]=0; A[7]=0;
+			}
+		for (i=(b->dmax - b->top)&7; i>0; i--,A++)
+			A[0]=0;
 #else
-	memset(A,0,sizeof(BN_ULONG)*(words+1));
-	memcpy(A,b->d,sizeof(b->d[0])*b->top);
+			memset(A,0,sizeof(BN_ULONG)*(words+1));
+			memcpy(A,b->d,sizeof(b->d[0])*b->top);
+			b->d=a;
+			b->max=words;
 #endif
 		
-	return(a);
-	}
+/*		memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */
+/*	{ int i; for (i=b->max; i<words+1; i++) p[i]=i;} */

-/* This is an internal function that can be used instead of bn_expand2()
- * when there is a need to copy BIGNUMs instead of only expanding the
- * data part, while still expanding them.
- * Especially useful when needing to expand BIGNUMs that are declared
- * 'const' and should therefore not be changed.
- * The reason to use this instead of a BN_dup() followed by a bn_expand2()
- * is memory allocation overhead.  A BN_dup() followed by a bn_expand2()
- * will allocate new memory for the BIGNUM data twice, and free it once,
- * while bn_dup_expand() makes sure allocation is made only once.
- */
-
-BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
-	{
-	BIGNUM *r = NULL;
-
-	if (words > b->dmax)
-		{
-		BN_ULONG *a = internal_bn_expand(b, words);
-
-		if (a)
-			{
-			r = BN_new();
-			if (r)
-				{
-				r->top = b->top;
-				r->dmax = words;
-				r->neg = b->neg;
-				r->d = a;
-				}
-			else
-				{
-				/* r == NULL, BN_new failure */
-				OPENSSL_free(a);
-				}
-			}
-		/* If a == NULL, there was an error in allocation in
-		   internal_bn_expand(), and NULL should be returned */
 		}
-	else
-		{
-		r = BN_dup(b);
-		}
-
-	return r;
-	}
-
-/* This is an internal function that should not be used in applications.
- * It ensures that 'b' has enough room for a 'words' word number number.
- * It is mostly used by the various BIGNUM routines. If there is an error,
- * NULL is returned. If not, 'b' is returned. */
-
-BIGNUM *bn_expand2(BIGNUM *b, int words)
-	{
-	if (words > b->dmax)
-		{
-		BN_ULONG *a = internal_bn_expand(b, words);
-
-		if (a)
-			{
-			OPENSSL_free(b->d);
-			b->d=a;
-			b->dmax=words;
-			}
-		else
-			b = NULL;
-		}
-	return b;
+	return(b);
 	}

 BIGNUM *BN_dup(const BIGNUM *a)
 	{
-	BIGNUM *r, *t;
+	BIGNUM *r;

 	if (a == NULL) return NULL;

 	bn_check_top(a);

-	t = BN_new();
-	if (t == NULL) return(NULL);
-	r = BN_copy(t, a);
-	/* now  r == t || r == NULL */
-	if (r == NULL)
-		BN_free(t);
-	return r;
+	r=BN_new();
+	if (r == NULL) return(NULL);
+	return((BIGNUM *)BN_copy(r,a));
 	}

 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
@@ -569,7 +520,7 @@ void BN_clear(BIGNUM *a)
 	a->neg=0;
 	}

-BN_ULONG BN_get_word(const BIGNUM *a)
+BN_ULONG BN_get_word(BIGNUM *a)
 	{
 	int i,n;
 	BN_ULONG ret=0;
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -69,7 +69,7 @@

 #define MONT_WORD /* use the faster word-based algorithm */

-int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
 			  BN_MONT_CTX *mont, BN_CTX *ctx)
 	{
 	BIGNUM *tmp,*tmp2;
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -608,7 +608,7 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
 	}
 #endif /* BN_RECURSION */

-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 	{
 	int top,al,bl;
 	BIGNUM *rr;
@@ -620,7 +620,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 	BIGNUM *t;
 	int j,k;
 #endif
-	BIGNUM *free_a = NULL, *free_b = NULL;

 #ifdef BN_COUNT
 	printf("BN_mul %d * %d\n",a->top,b->top);
@@ -678,21 +677,17 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 		{
 		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
 			{
-			BIGNUM *tmp_bn = free_b;
-			b = free_b = bn_dup_expand(b,al);
-			free_b->d[bl]=0;
+			bn_wexpand(b,al);
+			b->d[bl]=0;
 			bl++;
 			i--;
-			if (tmp_bn) BN_free(tmp_bn);
 			}
 		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
 			{
-			BIGNUM *tmp_bn = free_a;
-			a = free_a = bn_dup_expand(a,bl);
-			free_a->d[al]=0;
+			bn_wexpand(a,bl);
+			a->d[al]=0;
 			al++;
 			i++;
-			if (tmp_bn) BN_free(tmp_bn);
 			}
 		if (i == 0)
 			{
@@ -710,17 +705,14 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 				}
 			else
 				{
-				BIGNUM *tmp_a = free_a,*tmp_b = free_b;
-				a = free_a = bn_dup_expand(a,k);
-				b = free_b = bn_dup_expand(b,k);
-				if (tmp_a) BN_free(tmp_a);
-				if (tmp_b) BN_free(tmp_b);
+				bn_wexpand(a,k);
+				bn_wexpand(b,k);
 				bn_wexpand(t,k*4);
 				bn_wexpand(rr,k*4);
-				for (i=free_a->top; i<k; i++)
-					free_a->d[i]=0;
-				for (i=free_b->top; i<k; i++)
-					free_b->d[i]=0;
+				for (i=a->top; i<k; i++)
+					a->d[i]=0;
+				for (i=b->top; i<k; i++)
+					b->d[i]=0;
 				bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
 				}
 			rr->top=top;
@@ -739,8 +731,6 @@ end:
 	if (r != rr) BN_copy(r,rr);
 	ret=1;
 err:
-	if (free_a) BN_free(free_a);
-	if (free_b) BN_free(free_b);
 	BN_CTX_end(ctx);
 	return(ret);
 	}
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -125,13 +125,12 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
 	const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
 static int probable_prime(BIGNUM *rnd, int bits);
 static int probable_prime_dh(BIGNUM *rnd, int bits,
-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
 static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);

-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
-	const BIGNUM *add, const BIGNUM *rem,
-	void (*callback)(int,int,void *), void *cb_arg)
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, BIGNUM *add,
+	     BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg)
 	{
 	BIGNUM *rnd=NULL;
 	BIGNUM t;
@@ -377,8 +376,8 @@ again:
 	return(1);
 	}

-static int probable_prime_dh(BIGNUM *rnd, int bits,
-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
+static int probable_prime_dh(BIGNUM *rnd, int bits, BIGNUM *add, BIGNUM *rem,
+	     BN_CTX *ctx)
 	{
 	int i,ret=0;
 	BIGNUM *t1;
@@ -414,8 +413,8 @@ err:
 	return(ret);
 	}

-static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
-	const BIGNUM *rem, BN_CTX *ctx)
+static int probable_prime_dh_safe(BIGNUM *p, int bits, BIGNUM *padd,
+	     BIGNUM *rem, BN_CTX *ctx)
 	{
 	int i,ret=0;
 	BIGNUM *t1,*qadd,*q;
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -76,7 +76,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)

 	bytes=(bits+7)/8;
 	bit=(bits-1)%8;
-	mask=0xff<<bit;
+	mask=0xff<<(bit+1);

 	buf=(unsigned char *)OPENSSL_malloc(bytes);
 	if (buf == NULL)
@@ -100,25 +100,48 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 			goto err;
 		}

-	if (top)
+#if 1
+	if (pseudorand == 2)
 		{
-		if (bit == 0)
+		/* generate patterns that are more likely to trigger BN
+		   library bugs */
+		int i;
+		unsigned char c;
+
+		for (i = 0; i < bytes; i++)
 			{
-			buf[0]=1;
-			buf[1]|=0x80;
+			RAND_pseudo_bytes(&c, 1);
+			if (c >= 128 && i > 0)
+				buf[i] = buf[i-1];
+			else if (c < 42)
+				buf[i] = 0;
+			else if (c < 84)
+				buf[i] = 255;
+			}
+		}
+#endif
+
+	if (top != -1)
+		{
+		if (top)
+			{
+			if (bit == 0)
+				{
+				buf[0]=1;
+				buf[1]|=0x80;
+				}
+			else
+				{
+				buf[0]|=(3<<(bit-1));
+				}
 			}
 		else
 			{
-			buf[0]|=(3<<(bit-1));
-			buf[0]&= ~(mask<<1);
+			buf[0]|=(1<<bit);
 			}
 		}
-	else
-		{
-		buf[0]|=(1<<bit);
-		buf[0]&= ~(mask<<1);
-		}
-	if (bottom) /* set bottom bits to whatever odd is */
+	buf[0] &= ~mask;
+	if (bottom) /* set bottom bit if requested */
 		buf[bytes-1]|=1;
 	if (!BN_bin2bn(buf,bytes,rnd)) goto err;
 	ret=1;
@@ -140,3 +163,61 @@ int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
 	{
 	return bnrand(1, rnd, bits, top, bottom);
 	}
+
+#if 1
+int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+	{
+	return bnrand(2, rnd, bits, top, bottom);
+	}
+#endif
+
+/* random number r:  0 <= r < range */
+int	BN_rand_range(BIGNUM *r, BIGNUM *range)
+	{
+	int n;
+
+	if (range->neg || BN_is_zero(range))
+		{
+		BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+		return 0;
+		}
+
+	n = BN_num_bits(range); /* n > 0 */
+
+	if (n == 1)
+		{
+		if (!BN_zero(r)) return 0;
+		}
+	else if (BN_is_bit_set(range, n - 2))
+		{
+		do
+			{
+			/* range = 11..._2, so each iteration succeeds with probability >= .75 */
+			if (!BN_rand(r, n, -1, 0)) return 0;
+			}
+		while (BN_cmp(r, range) >= 0);
+		}
+	else
+		{
+		/* range = 10..._2,
+		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
+		do
+			{
+			if (!BN_rand(r, n + 1, -1, 0)) return 0;
+			/* If  r < 3*range,  use  r := r MOD range
+			 * (which is either  r, r - range,  or  r - 2*range).
+			 * Otherwise, iterate once more.
+			 * Since  3*range = 11..._2, each iteration succeeds with
+			 * probability >= .75. */
+			if (BN_cmp(r ,range) >= 0)
+				{
+				if (!BN_sub(r, r, range)) return 0;
+				if (BN_cmp(r, range) >= 0)
+					if (!BN_sub(r, r, range)) return 0;
+				}
+			}
+		while (BN_cmp(r, range) >= 0);
+		}
+
+	return 1;
+	}
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -100,12 +100,11 @@ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
 	return(1);
 	}

-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
-	BN_RECP_CTX *recp, BN_CTX *ctx)
+int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_RECP_CTX *recp,
+	     BN_CTX *ctx)
 	{
 	int ret=0;
 	BIGNUM *a;
-	const BIGNUM *ca;

 	BN_CTX_start(ctx);
 	if ((a = BN_CTX_get(ctx)) == NULL) goto err;
@@ -115,20 +114,19 @@ int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
 			{ if (!BN_sqr(a,x,ctx)) goto err; }
 		else
 			{ if (!BN_mul(a,x,y,ctx)) goto err; }
-		ca = a;
 		}
 	else
-		ca=x; /* Just do the mod */
+		a=x; /* Just do the mod */

-	BN_div_recp(NULL,r,ca,recp,ctx);
+	BN_div_recp(NULL,r,a,recp,ctx);
 	ret=1;
 err:
 	BN_CTX_end(ctx);
 	return(ret);
 	}

-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
-	BN_RECP_CTX *recp, BN_CTX *ctx)
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp,
+	     BN_CTX *ctx)
 	{
 	int i,j,ret=0;
 	BIGNUM *a,*b,*d,*r;
@@ -203,7 +201,7 @@ err:
 * We actually calculate with an extra word of precision, so
 * we can do faster division if the remainder is not required.
 */
-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
+int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx)
 	{
 	int ret= -1;
 	BIGNUM t;
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"

-int BN_lshift1(BIGNUM *r, const BIGNUM *a)
+int BN_lshift1(BIGNUM *r, BIGNUM *a)
 	{
 	register BN_ULONG *ap,*rp,t,c;
 	int i;
@@ -92,7 +92,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
 	return(1);
 	}

-int BN_rshift1(BIGNUM *r, const BIGNUM *a)
+int BN_rshift1(BIGNUM *r, BIGNUM *a)
 	{
 	BN_ULONG *ap,*rp,t,c;
 	int i;
@@ -153,7 +153,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
 	return(1);
 	}

-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
+int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
 	{
 	int i,j,nw,lb,rb;
 	BN_ULONG *t,*f;
@@ -172,6 +172,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
 		r->neg=a->neg;
 		if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
 		}
+	else
+		{
+		if (n == 0)
+			return 1; /* or the copying loop will go berserk */
+		}

 	f= &(a->d[nw]);
 	t=r->d;
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
@@ -62,11 +62,11 @@

 /* r must not be a */
 /* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
-int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx)
 	{
 	int max,al;
 	int ret = 0;
-	BIGNUM *tmp,*rr,*free_a = NULL;
+	BIGNUM *tmp,*rr;

 #ifdef BN_COUNT
 printf("BN_sqr %d * %d\n",a->top,a->top);
@@ -124,10 +124,8 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
 			k=j+j;
 			if (al == j)
 				{
-				BIGNUM *tmp_bn = free_a;
-				if ((a = free_a = bn_dup_expand(a,k*2)) == NULL) goto err;
+				if (bn_wexpand(a,k*2) == NULL) goto err;
 				if (bn_wexpand(tmp,k*2) == NULL) goto err;
-				if (tmp_bn) BN_free(tmp_bn);
 				bn_sqr_recursive(rr->d,a->d,al,tmp->d);
 				}
 			else
@@ -147,7 +145,6 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
 	if (rr != r) BN_copy(r,rr);
 	ret = 1;
 err:
-	if (free_a) BN_free(free_a);
 	BN_CTX_end(ctx);
 	return(ret);
 	}
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -107,11 +107,9 @@ static const char rnd_seed[] = "string to make the random number generator think
 static void message(BIO *out, char *m)
 	{
 	fprintf(stderr, "test %s\n", m);
-#if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */
 	BIO_puts(out, "print \"test ");
 	BIO_puts(out, m);
 	BIO_puts(out, "\\n\"\n");
-#endif
 	}

 int main(int argc, char *argv[])
@@ -122,9 +120,7 @@ int main(int argc, char *argv[])

 	results = 0;

-	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
-	                                       * even check its return value
-	                                       * (which we should) */
+	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */

 	argc--;
 	argv++;
@@ -253,10 +249,10 @@ int test_add(BIO *bp)
 	BN_init(&b);
 	BN_init(&c);

-	BN_rand(&a,512,0,0);
+	BN_bntest_rand(&a,512,0,0);
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(&b,450+i,0,0);
+		BN_bntest_rand(&b,450+i,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -305,14 +301,14 @@ int test_sub(BIO *bp)
 		{
 		if (i < num1)
 			{
-			BN_rand(&a,512,0,0);
+			BN_bntest_rand(&a,512,0,0);
 			BN_copy(&b,&a);
 			if (BN_set_bit(&a,i)==0) return(0);
 			BN_add_word(&b,i);
 			}
 		else
 			{
-			BN_rand(&b,400+i-num1,0,0);
+			BN_bntest_rand(&b,400+i-num1,0,0);
 			a.neg=rand_neg();
 			b.neg=rand_neg();
 			}
@@ -362,13 +358,13 @@ int test_div(BIO *bp, BN_CTX *ctx)
 		{
 		if (i < num1)
 			{
-			BN_rand(&a,400,0,0);
+			BN_bntest_rand(&a,400,0,0);
 			BN_copy(&b,&a);
 			BN_lshift(&a,&a,i);
 			BN_add_word(&a,i);
 			}
 		else
-			BN_rand(&b,50+3*(i-num1),0,0);
+			BN_bntest_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -432,13 +428,13 @@ int test_div_recp(BIO *bp, BN_CTX *ctx)
 		{
 		if (i < num1)
 			{
-			BN_rand(&a,400,0,0);
+			BN_bntest_rand(&a,400,0,0);
 			BN_copy(&b,&a);
 			BN_lshift(&a,&a,i);
 			BN_add_word(&a,i);
 			}
 		else
-			BN_rand(&b,50+3*(i-num1),0,0);
+			BN_bntest_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		BN_RECP_CTX_set(&recp,&b,ctx);
@@ -509,11 +505,11 @@ int test_mul(BIO *bp)
 		{
 		if (i <= num1)
 			{
-			BN_rand(&a,100,0,0);
-			BN_rand(&b,100,0,0);
+			BN_bntest_rand(&a,100,0,0);
+			BN_bntest_rand(&b,100,0,0);
 			}
 		else
-			BN_rand(&b,i-num1,0,0);
+			BN_bntest_rand(&b,i-num1,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -562,7 +558,7 @@ int test_sqr(BIO *bp, BN_CTX *ctx)

 	for (i=0; i<num0; i++)
 		{
-		BN_rand(&a,40+i*10,0,0);
+		BN_bntest_rand(&a,40+i*10,0,0);
 		a.neg=rand_neg();
 		if (bp == NULL)
 			for (j=0; j<100; j++)
@@ -613,15 +609,15 @@ int test_mont(BIO *bp, BN_CTX *ctx)

 	mont=BN_MONT_CTX_new();

-	BN_rand(&a,100,0,0); /**/
-	BN_rand(&b,100,0,0); /**/
+	BN_bntest_rand(&a,100,0,0); /**/
+	BN_bntest_rand(&b,100,0,0); /**/
 	for (i=0; i<num2; i++)
 		{
 		int bits = (200*(i+1))/num2;

 		if (bits == 0)
 			continue;
-		BN_rand(&n,bits,0,1);
+		BN_bntest_rand(&n,bits,0,1);
 		BN_MONT_CTX_set(mont,&n,ctx);

 		BN_to_montgomery(&A,&a,mont,ctx);
@@ -683,10 +679,10 @@ int test_mod(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();

-	BN_rand(a,1024,0,0); /**/
+	BN_bntest_rand(a,1024,0,0); /**/
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(b,450+i*10,0,0); /**/
+		BN_bntest_rand(b,450+i*10,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
 		if (bp == NULL)
@@ -732,11 +728,11 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();

-	BN_rand(c,1024,0,0); /**/
+	BN_bntest_rand(c,1024,0,0); /**/
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(a,475+i*10,0,0); /**/
-		BN_rand(b,425+i*11,0,0); /**/
+		BN_bntest_rand(a,475+i*10,0,0); /**/
+		BN_bntest_rand(b,425+i*11,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
 	/*	if (bp == NULL)
@@ -772,7 +768,6 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 		if(!BN_is_zero(b))
 		    {
 		    fprintf(stderr,"Modulo multiply test failed!\n");
-		    ERR_print_errors_fp(stderr);
 		    return 0;
 		    }
 		}
@@ -795,11 +790,11 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();

-	BN_rand(c,30,0,1); /* must be odd for montgomery */
+	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
 	for (i=0; i<num2; i++)
 		{
-		BN_rand(a,20+i*5,0,0); /**/
-		BN_rand(b,2+i,0,0); /**/
+		BN_bntest_rand(a,20+i*5,0,0); /**/
+		BN_bntest_rand(b,2+i,0,0); /**/

 		if (!BN_mod_exp(d,a,b,c,ctx))
 			return(00);
@@ -849,8 +844,8 @@ int test_exp(BIO *bp, BN_CTX *ctx)

 	for (i=0; i<num2; i++)
 		{
-		BN_rand(a,20+i*5,0,0); /**/
-		BN_rand(b,2+i,0,0); /**/
+		BN_bntest_rand(a,20+i*5,0,0); /**/
+		BN_bntest_rand(b,2+i,0,0); /**/

 		if (!BN_exp(d,a,b,ctx))
 			return(00);
@@ -900,7 +895,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
 	else
 	    {
 	    a=BN_new();
-	    BN_rand(a,200,0,0); /**/
+	    BN_bntest_rand(a,200,0,0); /**/
 	    a->neg=rand_neg();
 	    }
 	for (i=0; i<num0; i++)
@@ -952,7 +947,7 @@ int test_lshift1(BIO *bp)
 	b=BN_new();
 	c=BN_new();

-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
@@ -996,7 +991,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx)
 	e=BN_new();
 	BN_one(c);

-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
@@ -1039,7 +1034,7 @@ int test_rshift1(BIO *bp)
 	b=BN_new();
 	c=BN_new();

-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -90,11 +90,10 @@ struct conf_method_st
 	int (MS_FAR *init)(CONF *conf);
 	int (MS_FAR *destroy)(CONF *conf);
 	int (MS_FAR *destroy_data)(CONF *conf);
-	int (MS_FAR *load_bio)(CONF *conf, BIO *bp, long *eline);
+	int (MS_FAR *load)(CONF *conf, BIO *bp, long *eline);
 	int (MS_FAR *dump)(CONF *conf, BIO *bp);
 	int (MS_FAR *is_number)(CONF *conf, char c);
 	int (MS_FAR *to_int)(CONF *conf, char c);
-	int (MS_FAR *load)(CONF *conf, const char *name, long *eline);
 	};

 int CONF_set_default_method(CONF_METHOD *meth);
@@ -137,17 +136,10 @@ int NCONF_load_fp(CONF *conf, FILE *fp,long *eline);
 int NCONF_load_bio(CONF *conf, BIO *bp,long *eline);
 STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section);
 char *NCONF_get_string(CONF *conf,char *group,char *name);
-int NCONF_get_number_e(CONF *conf,char *group,char *name,long *result);
+long NCONF_get_number(CONF *conf,char *group,char *name);
 int NCONF_dump_fp(CONF *conf, FILE *out);
 int NCONF_dump_bio(CONF *conf, BIO *out);

-#if 0 /* The following function has no error checking,
-	 and should therefore be avoided */
-long NCONF_get_number(CONF *conf,char *group,char *name);
-#else
-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r);
-#endif
-

 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -164,12 +156,9 @@ long NCONF_get_number(CONF *conf,char *group,char *name);
 #define CONF_F_NCONF_DUMP_BIO				 105
 #define CONF_F_NCONF_DUMP_FP				 106
 #define CONF_F_NCONF_GET_NUMBER				 107
-#define CONF_F_NCONF_GET_NUMBER_E			 112
 #define CONF_F_NCONF_GET_SECTION			 108
 #define CONF_F_NCONF_GET_STRING				 109
-#define CONF_F_NCONF_LOAD				 113
 #define CONF_F_NCONF_LOAD_BIO				 110
-#define CONF_F_NCONF_LOAD_FP				 114
 #define CONF_F_NCONF_NEW				 111
 #define CONF_F_STR_COPY					 101

@@ -180,7 +169,6 @@ long NCONF_get_number(CONF *conf,char *group,char *name);
 #define CONF_R_NO_CONF					 105
 #define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE		 106
 #define CONF_R_NO_SECTION				 107
-#define CONF_R_NO_VALUE					 108
 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
 #define CONF_R_VARIABLE_HAS_NO_VALUE			 104

--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -153,9 +153,6 @@ char *_CONF_get_string(CONF *conf, char *section, char *name)
 		return(Getenv(name));
 	}

-#if 0 /* There's no way to provide error checking with this function, so
-	 force implementors of the higher levels to get a string and read
-	 the number themselves. */
 long _CONF_get_number(CONF *conf, char *section, char *name)
 	{
 	char *str;
@@ -172,7 +169,6 @@ long _CONF_get_number(CONF *conf, char *section, char *name)
 		str++;
 		}
 	}
-#endif

 int _CONF_new_data(CONF *conf)
 	{
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -81,8 +81,7 @@ static int def_init_default(CONF *conf);
 static int def_init_WIN32(CONF *conf);
 static int def_destroy(CONF *conf);
 static int def_destroy_data(CONF *conf);
-static int def_load(CONF *conf, const char *name, long *eline);
-static int def_load_bio(CONF *conf, BIO *bp, long *eline);
+static int def_load(CONF *conf, BIO *bp, long *eline);
 static int def_dump(CONF *conf, BIO *bp);
 static int def_is_number(CONF *conf, char c);
 static int def_to_int(CONF *conf, char c);
@@ -95,11 +94,10 @@ static CONF_METHOD default_method = {
 	def_init_default,
 	def_destroy,
 	def_destroy_data,
-	def_load_bio,
+	def_load,
 	def_dump,
 	def_is_number,
-	def_to_int,
-	def_load
+	def_to_int
 	};

 static CONF_METHOD WIN32_method = {
@@ -108,11 +106,10 @@ static CONF_METHOD WIN32_method = {
 	def_init_WIN32,
 	def_destroy,
 	def_destroy_data,
-	def_load_bio,
+	def_load,
 	def_dump,
 	def_is_number,
-	def_to_int,
-	def_load
+	def_to_int
 	};

 CONF_METHOD *NCONF_default()
@@ -180,29 +177,7 @@ static int def_destroy_data(CONF *conf)
 	return 1;
 	}

-static int def_load(CONF *conf, const char *name, long *line)
-	{
-	int ret;
-	BIO *in=NULL;
-
-#ifdef VMS
-	in=BIO_new_file(name, "r");
-#else
-	in=BIO_new_file(name, "rb");
-#endif
-	if (in == NULL)
-		{
-		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
-		return 0;
-		}
-
-	ret = def_load_bio(conf, in, line);
-	BIO_free(in);
-
-	return ret;
-	}
-
-static int def_load_bio(CONF *conf, BIO *in, long *line)
+static int def_load(CONF *conf, BIO *in, long *line)
 	{
 #define BUFSIZE	512
 	char btmp[16];
--- a/crypto/conf/conf_err.c
+++ b/crypto/conf/conf_err.c
@@ -73,12 +73,9 @@ static ERR_STRING_DATA CONF_str_functs[]=
 {ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0),	"NCONF_dump_bio"},
 {ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0),	"NCONF_dump_fp"},
 {ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0),	"NCONF_get_number"},
-{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0),	"NCONF_get_number_e"},
 {ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0),	"NCONF_get_section"},
 {ERR_PACK(0,CONF_F_NCONF_GET_STRING,0),	"NCONF_get_string"},
-{ERR_PACK(0,CONF_F_NCONF_LOAD,0),	"NCONF_load"},
 {ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0),	"NCONF_load_bio"},
-{ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0),	"NCONF_load_fp"},
 {ERR_PACK(0,CONF_F_NCONF_NEW,0),	"NCONF_new"},
 {ERR_PACK(0,CONF_F_STR_COPY,0),	"STR_COPY"},
 {0,NULL}
@@ -92,7 +89,6 @@ static ERR_STRING_DATA CONF_str_reasons[]=
 {CONF_R_NO_CONF                          ,"no conf"},
 {CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE  ,"no conf or environment variable"},
 {CONF_R_NO_SECTION                       ,"no section"},
-{CONF_R_NO_VALUE                         ,"no value"},
 {CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
 {CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
 {0,NULL}
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -131,46 +131,59 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)

 STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
 	{
-	CONF ctmp;
+	if (conf == NULL)
+		{
+		return NULL;
+		}
+	else
+		{
+		CONF ctmp;

-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
+		if (default_CONF_method == NULL)
+			default_CONF_method = NCONF_default();

-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
-	return NCONF_get_section(&ctmp, section);
+		default_CONF_method->init(&ctmp);
+		ctmp.data = conf;
+		return NCONF_get_section(&ctmp, section);
+		}
 	}

 char *CONF_get_string(LHASH *conf,char *group,char *name)
 	{
-	CONF ctmp;
+	if (conf == NULL)
+		{
+		return NCONF_get_string(NULL, group, name);
+		}
+	else
+		{
+		CONF ctmp;

-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
+		if (default_CONF_method == NULL)
+			default_CONF_method = NCONF_default();

-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
-	return NCONF_get_string(&ctmp, group, name);
+		default_CONF_method->init(&ctmp);
+		ctmp.data = conf;
+		return NCONF_get_string(&ctmp, group, name);
+		}
 	}

 long CONF_get_number(LHASH *conf,char *group,char *name)
 	{
-	CONF ctmp;
-	int status;
-	long result = 0;
-
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
-
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
-	status = NCONF_get_number_e(&ctmp, group, name, &result);
-	if (status == 0)
+	if (conf == NULL)
 		{
-		/* This function does not believe in errors... */
-		ERR_get_error();
+		return NCONF_get_number(NULL, group, name);
+		}
+	else
+		{
+		CONF ctmp;
+
+		if (default_CONF_method == NULL)
+			default_CONF_method = NCONF_default();
+
+		default_CONF_method->init(&ctmp);
+		ctmp.data = conf;
+		return NCONF_get_number(&ctmp, group, name);
 		}
-	return result;
 	}

 void CONF_free(LHASH *conf)
@@ -252,13 +265,24 @@ void NCONF_free_data(CONF *conf)

 int NCONF_load(CONF *conf, const char *file, long *eline)
 	{
-	if (conf == NULL)
+	int ret;
+	BIO *in=NULL;
+
+#ifdef VMS
+	in=BIO_new_file(file, "r");
+#else
+	in=BIO_new_file(file, "rb");
+#endif
+	if (in == NULL)
 		{
-		CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF);
+		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
 		return 0;
 		}

-	return conf->meth->load(conf, file, eline);
+	ret = NCONF_load_bio(conf, in, eline);
+	BIO_free(in);
+
+	return ret;
 	}

 #ifndef NO_FP_API
@@ -268,7 +292,7 @@ int NCONF_load_fp(CONF *conf, FILE *fp,long *eline)
 	int ret;
 	if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE)))
 		{
-		CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB);
+		CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
 		return 0;
 		}
 	ret = NCONF_load_bio(conf, btmp, eline);
@@ -285,7 +309,7 @@ int NCONF_load_bio(CONF *conf, BIO *bp,long *eline)
 		return 0;
 		}

-	return conf->meth->load_bio(conf, bp, eline);
+	return conf->meth->load(conf, bp, eline);
 	}

 STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section)
@@ -319,33 +343,25 @@ char *NCONF_get_string(CONF *conf,char *group,char *name)
                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
 		return NULL;
 		}
-	CONFerr(CONF_F_NCONF_GET_STRING,
-		CONF_R_NO_VALUE);
 	return NULL;
 	}

-int NCONF_get_number_e(CONF *conf,char *group,char *name,long *result)
+long NCONF_get_number(CONF *conf,char *group,char *name)
 	{
-	char *str;
-
-	if (result == NULL)
+#if 0 /* As with _CONF_get_string(), we rely on the possibility of finding
+         an environment variable with a suitable name.  Unfortunately, there's
+         no way with the current API to see if we found one or not...
+         The meaning of this is that if a number is not found anywhere, it
+         will always default to 0. */
+	if (conf == NULL)
 		{
-		CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER);
+		CONFerr(CONF_F_NCONF_GET_NUMBER,
+                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
 		return 0;
 		}
-
-	str = NCONF_get_string(conf,group,name);
-
-	if (str == NULL)
-		return 0;
-
-	for (;conf->meth->is_number(conf, *str);)
-		{
-		*result = (*result)*10 + conf->meth->to_int(conf, *str);
-		str++;
-		}
-
-	return 1;
+#endif
+	
+	return _CONF_get_number(conf, group, name);
 	}

 #ifndef NO_FP_API
@@ -374,19 +390,3 @@ int NCONF_dump_bio(CONF *conf, BIO *out)
 	return conf->meth->dump(conf, out);
 	}

-/* This function should be avoided */
-#undef NCONF_get_number
-long NCONF_get_number(CONF *conf,char *group,char *name)
-	{
-	int status;
-	long ret=0;
-
-	status = NCONF_get_number_e(conf, group, name, &ret);
-	if (status == 0)
-		{
-		/* This function does not believe in errors... */
-		ERR_get_error();
-		}
-	return ret;
-	}
-
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -88,7 +88,7 @@ $! Define The Different Encryption Types.
 $!
 $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
 		  "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
-		  "BN,RSA,DSA,DH,DSO,ENGINE,RIJNDAEL,"+ -
+		  "BN,RSA,DSA,DH,DSO,ENGINE,"+ -
 		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
 		  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
 		  "CONF,TXT_DB,PKCS7,PKCS12,COMP"
@@ -174,7 +174,7 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err"
+$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
@@ -208,7 +208,6 @@ $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
 	"dso_openssl,dso_win32,dso_vms"
 $ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
 	"hw_atalla,hw_cswift,hw_ncipher"
-$ LIB_RIJNDAEL = "rijndael-alg-fst"
 $ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
 	"bss_mem,bss_null,bss_fd,"+ -
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -278,10 +278,12 @@ int CRYPTO_is_mem_check_on(void);
 const char *SSLeay_version(int type);
 unsigned long SSLeay(void);

+int OPENSSL_issetugid(void);
+
 int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp,
 	     CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx);
+void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad,int idx);
 int CRYPTO_dup_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, CRYPTO_EX_DATA *to,
 	     CRYPTO_EX_DATA *from);
 void CRYPTO_free_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, void *obj, CRYPTO_EX_DATA *ad);
--- a/crypto/des/asm/des-586.pl
+++ b/crypto/des/asm/des-586.pl
@@ -20,11 +20,11 @@ $L="edi";
 $R="esi";

 &external_label("des_SPtrans");
-&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt1",1);
 &des_encrypt("des_encrypt2",0);
 &des_encrypt3("des_encrypt3",1);
 &des_encrypt3("des_decrypt3",0);
-&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ncbc_encrypt","des_encrypt1","des_encrypt1",0,4,5,3,5,-1);
 &cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);

 &asm_finish();
--- a/crypto/des/asm/des686.pl
+++ b/crypto/des/asm/des686.pl
@@ -46,7 +46,7 @@ EOF
 $L="edi";
 $R="esi";

-&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt1",1);
 &des_encrypt("des_encrypt2",0);

 &des_encrypt3("des_encrypt3",1);
--- a/crypto/des/asm/readme
+++ b/crypto/des/asm/readme
@@ -8,7 +8,7 @@ assembler for the inner DES routines in libdes :-).

 The file to implement in assembler is des_enc.c.  Replace the following
 4 functions
-des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
 des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
 des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
 des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
--- a/crypto/des/cbc_cksm.c
+++ b/crypto/des/cbc_cksm.c
@@ -82,7 +82,7 @@ DES_LONG des_cbc_cksum(const unsigned char *in, des_cblock *output,
 			
 		tin0^=tout0; tin[0]=tin0;
 		tin1^=tout1; tin[1]=tin1;
-		des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+		des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
 		/* fix 15/10/91 eay - thanks to keithr@sco.COM */
 		tout0=tin[0];
 		tout1=tin[1];
--- a/crypto/des/cfb64enc.c
+++ b/crypto/des/cfb64enc.c
@@ -82,7 +82,7 @@ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 				{
 				c2l(iv,v0); ti[0]=v0;
 				c2l(iv,v1); ti[1]=v1;
-				des_encrypt(ti,schedule,DES_ENCRYPT);
+				des_encrypt1(ti,schedule,DES_ENCRYPT);
 				iv = &(*ivec)[0];
 				v0=ti[0]; l2c(v0,iv);
 				v0=ti[1]; l2c(v0,iv);
@@ -102,7 +102,7 @@ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 				{
 				c2l(iv,v0); ti[0]=v0;
 				c2l(iv,v1); ti[1]=v1;
-				des_encrypt(ti,schedule,DES_ENCRYPT);
+				des_encrypt1(ti,schedule,DES_ENCRYPT);
 				iv = &(*ivec)[0];
 				v0=ti[0]; l2c(v0,iv);
 				v0=ti[1]; l2c(v0,iv);
--- a/crypto/des/cfb_enc.c
+++ b/crypto/des/cfb_enc.c
@@ -100,7 +100,7 @@ void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
 			l-=n;
 			ti[0]=v0;
 			ti[1]=v1;
-			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
 			c2ln(in,d0,d1,n);
 			in+=n;
 			d0=(d0^ti[0])&mask0;
@@ -132,7 +132,7 @@ void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
 			l-=n;
 			ti[0]=v0;
 			ti[1]=v1;
-			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
 			c2ln(in,d0,d1,n);
 			in+=n;
 			/* 30-08-94 - eay - changed because l>>32 and
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -147,14 +147,14 @@ void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
 	Data is a pointer to 2 unsigned long's and ks is the
 	des_key_schedule to use.  enc, is non zero specifies encryption,
 	zero if decryption. */
-void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt1(DES_LONG *data,des_key_schedule ks, int enc);

-/* 	This functions is the same as des_encrypt() except that the DES
+/* 	This functions is the same as des_encrypt1() except that the DES
 	initial permutation (IP) and final permutation (FP) have been left
-	out.  As for des_encrypt(), you should not use this function.
+	out.  As for des_encrypt1(), you should not use this function.
 	It is used by the routines in the library that implement triple DES.
 	IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
-	as des_encrypt() des_encrypt() des_encrypt() except faster :-). */
+	as des_encrypt1() des_encrypt1() des_encrypt1() except faster :-). */
 void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);

 void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@@ -58,7 +58,7 @@

 #include "des_locl.h"

-void des_encrypt(DES_LONG *data, des_key_schedule ks, int enc)
+void des_encrypt1(DES_LONG *data, des_key_schedule ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
--- a/crypto/des/des_opts.c
+++ b/crypto/des/des_opts.c
@@ -118,7 +118,7 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#define des_encrypt  des_encrypt_u4_cisc_idx
+#define des_encrypt1 des_encrypt_u4_cisc_idx
 #define des_encrypt2 des_encrypt2_u4_cisc_idx
 #define des_encrypt3 des_encrypt3_u4_cisc_idx
 #define des_decrypt3 des_decrypt3_u4_cisc_idx
@@ -130,11 +130,11 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_cisc_idx
+#define des_encrypt1 des_encrypt_u16_cisc_idx
 #define des_encrypt2 des_encrypt2_u16_cisc_idx
 #define des_encrypt3 des_encrypt3_u16_cisc_idx
 #define des_decrypt3 des_decrypt3_u16_cisc_idx
@@ -146,11 +146,11 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc1_idx
+#define des_encrypt1 des_encrypt_u4_risc1_idx
 #define des_encrypt2 des_encrypt2_u4_risc1_idx
 #define des_encrypt3 des_encrypt3_u4_risc1_idx
 #define des_decrypt3 des_decrypt3_u4_risc1_idx
@@ -166,11 +166,11 @@ extern void exit();
 #define DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc2_idx
+#define des_encrypt1 des_encrypt_u4_risc2_idx
 #define des_encrypt2 des_encrypt2_u4_risc2_idx
 #define des_encrypt3 des_encrypt3_u4_risc2_idx
 #define des_decrypt3 des_decrypt3_u4_risc2_idx
@@ -182,11 +182,11 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc1_idx
+#define des_encrypt1 des_encrypt_u16_risc1_idx
 #define des_encrypt2 des_encrypt2_u16_risc1_idx
 #define des_encrypt3 des_encrypt3_u16_risc1_idx
 #define des_decrypt3 des_decrypt3_u16_risc1_idx
@@ -198,11 +198,11 @@ extern void exit();
 #define DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc2_idx
+#define des_encrypt1 des_encrypt_u16_risc2_idx
 #define des_encrypt2 des_encrypt2_u16_risc2_idx
 #define des_encrypt3 des_encrypt3_u16_risc2_idx
 #define des_decrypt3 des_decrypt3_u16_risc2_idx
@@ -218,11 +218,11 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_cisc_ptr
+#define des_encrypt1 des_encrypt_u4_cisc_ptr
 #define des_encrypt2 des_encrypt2_u4_cisc_ptr
 #define des_encrypt3 des_encrypt3_u4_cisc_ptr
 #define des_decrypt3 des_decrypt3_u4_cisc_ptr
@@ -234,11 +234,11 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_cisc_ptr
+#define des_encrypt1 des_encrypt_u16_cisc_ptr
 #define des_encrypt2 des_encrypt2_u16_cisc_ptr
 #define des_encrypt3 des_encrypt3_u16_cisc_ptr
 #define des_decrypt3 des_decrypt3_u16_cisc_ptr
@@ -250,11 +250,11 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc1_ptr
+#define des_encrypt1 des_encrypt_u4_risc1_ptr
 #define des_encrypt2 des_encrypt2_u4_risc1_ptr
 #define des_encrypt3 des_encrypt3_u4_risc1_ptr
 #define des_decrypt3 des_decrypt3_u4_risc1_ptr
@@ -270,11 +270,11 @@ extern void exit();
 #define DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc2_ptr
+#define des_encrypt1 des_encrypt_u4_risc2_ptr
 #define des_encrypt2 des_encrypt2_u4_risc2_ptr
 #define des_encrypt3 des_encrypt3_u4_risc2_ptr
 #define des_decrypt3 des_decrypt3_u4_risc2_ptr
@@ -286,11 +286,11 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc1_ptr
+#define des_encrypt1 des_encrypt_u16_risc1_ptr
 #define des_encrypt2 des_encrypt2_u16_risc1_ptr
 #define des_encrypt3 des_encrypt3_u16_risc1_ptr
 #define des_decrypt3 des_decrypt3_u16_risc1_ptr
@@ -302,11 +302,11 @@ extern void exit();
 #define DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc2_ptr
+#define des_encrypt1 des_encrypt_u16_risc2_ptr
 #define des_encrypt2 des_encrypt2_u16_risc2_ptr
 #define des_encrypt3 des_encrypt3_u16_risc2_ptr
 #define des_decrypt3 des_decrypt3_u16_risc2_ptr
@@ -453,7 +453,7 @@ int main(int argc, char **argv)
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+			des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d < 3.0);
 	ca=count;
--- a/crypto/des/dess.cpp
+++ b/crypto/des/dess.cpp
@@ -45,19 +45,19 @@ void main(int argc,char *argv[])
 		{
 		for (i=0; i<1000; i++) /**/
 			{
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			GetTSC(s1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			GetTSC(e1);
 			GetTSC(s2);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			GetTSC(e2);
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			}

 		printf("des %d %d (%d)\n",
--- a/crypto/des/ecb_enc.c
+++ b/crypto/des/ecb_enc.c
@@ -114,7 +114,7 @@ void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,

 	c2l(in,l); ll[0]=l;
 	c2l(in,l); ll[1]=l;
-	des_encrypt(ll,ks,enc);
+	des_encrypt1(ll,ks,enc);
 	l=ll[0]; l2c(l,out);
 	l=ll[1]; l2c(l,out);
 	l=ll[0]=ll[1]=0;
--- a/crypto/des/ede_cbcm_enc.c
+++ b/crypto/des/ede_cbcm_enc.c
@@ -95,7 +95,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
 	    {
 	    tin[0]=m0;
 	    tin[1]=m1;
-	    des_encrypt(tin,ks3,1);
+	    des_encrypt1(tin,ks3,1);
 	    m0=tin[0];
 	    m1=tin[1];

@@ -113,13 +113,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,

 	    tin[0]=tin0;
 	    tin[1]=tin1;
-	    des_encrypt(tin,ks1,1);
+	    des_encrypt1(tin,ks1,1);
 	    tin[0]^=m0;
 	    tin[1]^=m1;
-	    des_encrypt(tin,ks2,0);
+	    des_encrypt1(tin,ks2,0);
 	    tin[0]^=m0;
 	    tin[1]^=m1;
-	    des_encrypt(tin,ks1,1);
+	    des_encrypt1(tin,ks1,1);
 	    tout0=tin[0];
 	    tout1=tin[1];

@@ -146,7 +146,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
 	    {
 	    tin[0]=m0;
 	    tin[1]=m1;
-	    des_encrypt(tin,ks3,1);
+	    des_encrypt1(tin,ks3,1);
 	    m0=tin[0];
 	    m1=tin[1];

@@ -158,13 +158,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,

 	    tin[0]=tin0;
 	    tin[1]=tin1;
-	    des_encrypt(tin,ks1,0);
+	    des_encrypt1(tin,ks1,0);
 	    tin[0]^=m0;
 	    tin[1]^=m1;
-	    des_encrypt(tin,ks2,1);
+	    des_encrypt1(tin,ks2,1);
 	    tin[0]^=m0;
 	    tin[1]^=m1;
-	    des_encrypt(tin,ks1,0);
+	    des_encrypt1(tin,ks1,0);
 	    tout0=tin[0];
 	    tout1=tin[1];

--- a/crypto/des/ncbc_enc.c
+++ b/crypto/des/ncbc_enc.c
@@ -89,7 +89,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			c2l(in,tin1);
 			tin0^=tout0; tin[0]=tin0;
 			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
@@ -98,7 +98,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			c2ln(in,tin0,tin1,l+8);
 			tin0^=tout0; tin[0]=tin0;
 			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
@@ -116,7 +116,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			{
 			c2l(in,tin0); tin[0]=tin0;
 			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2c(tout0,out);
@@ -128,7 +128,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			{
 			c2l(in,tin0); tin[0]=tin0;
 			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2cn(tout0,tout1,out,l+8);
--- a/crypto/des/ofb64enc.c
+++ b/crypto/des/ofb64enc.c
@@ -87,7 +87,7 @@ void des_ofb64_encrypt(register const unsigned char *in,
 		{
 		if (n == 0)
 			{
-			des_encrypt(ti,schedule,DES_ENCRYPT);
+			des_encrypt1(ti,schedule,DES_ENCRYPT);
 			dp=d;
 			t=ti[0]; l2c(t,dp);
 			t=ti[1]; l2c(t,dp);
--- a/crypto/des/ofb_enc.c
+++ b/crypto/des/ofb_enc.c
@@ -101,7 +101,7 @@ void des_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
 		{
 		ti[0]=v0;
 		ti[1]=v1;
-		des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+		des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
 		vv0=ti[0];
 		vv1=ti[1];
 		c2ln(in,d0,d1,n);
--- a/crypto/des/pcbc_enc.c
+++ b/crypto/des/pcbc_enc.c
@@ -85,7 +85,7 @@ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
 				c2ln(in,sin0,sin1,length);
 			tin[0]=sin0^xor0;
 			tin[1]=sin1^xor1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
 			tout0=tin[0];
 			tout1=tin[1];
 			xor0=sin0^tout0;
@@ -103,7 +103,7 @@ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
 			c2l(in,sin1);
 			tin[0]=sin0;
 			tin[1]=sin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			if (length >= 8)
--- a/crypto/des/speed.c
+++ b/crypto/des/speed.c
@@ -204,7 +204,7 @@ int main(int argc, char **argv)
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+			des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d < 3.0);
 	ca=count;
@@ -241,7 +241,7 @@ int main(int argc, char **argv)
 		{
 		DES_LONG data[2];

-		des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+		des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
 		}
 	d=Time_F(STOP);
 	printf("%ld des_encrypt's in %.2f second\n",count,d);
--- a/crypto/des/xcbc_enc.c
+++ b/crypto/des/xcbc_enc.c
@@ -138,7 +138,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
 			c2l(in,tin1);
 			tin0^=tout0^inW0; tin[0]=tin0;
 			tin1^=tout1^inW1; tin[1]=tin1;
-			des_encrypt(tin,schedule,DES_ENCRYPT);
+			des_encrypt1(tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]^outW0; l2c(tout0,out);
 			tout1=tin[1]^outW1; l2c(tout1,out);
 			}
@@ -147,7 +147,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
 			c2ln(in,tin0,tin1,l+8);
 			tin0^=tout0^inW0; tin[0]=tin0;
 			tin1^=tout1^inW1; tin[1]=tin1;
-			des_encrypt(tin,schedule,DES_ENCRYPT);
+			des_encrypt1(tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]^outW0; l2c(tout0,out);
 			tout1=tin[1]^outW1; l2c(tout1,out);
 			}
@@ -163,7 +163,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
 			{
 			c2l(in,tin0); tin[0]=tin0^outW0;
 			c2l(in,tin1); tin[1]=tin1^outW1;
-			des_encrypt(tin,schedule,DES_DECRYPT);
+			des_encrypt1(tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0^inW0;
 			tout1=tin[1]^xor1^inW1;
 			l2c(tout0,out);
@@ -175,7 +175,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
 			{
 			c2l(in,tin0); tin[0]=tin0^outW0;
 			c2l(in,tin1); tin[1]=tin1^outW1;
-			des_encrypt(tin,schedule,DES_DECRYPT);
+			des_encrypt1(tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0^inW0;
 			tout1=tin[1]^xor1^inW1;
 			l2cn(tout0,tout1,out,l+8);
--- a/crypto/dh/Makefile.ssl
+++ b/crypto/dh/Makefile.ssl
@@ -115,8 +115,7 @@ dh_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-dh_key.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
@@ -134,8 +133,7 @@ dh_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-dh_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -100,7 +100,6 @@ DH_METHOD *DH_OpenSSL(void)
 static int generate_key(DH *dh)
 	{
 	int ok=0;
-	unsigned int i;
 	BN_CTX ctx;
 	BN_MONT_CTX *mont;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
@@ -109,15 +108,11 @@ static int generate_key(DH *dh)

 	if (dh->priv_key == NULL)
 		{
-		i=dh->length;
-		if (i == 0)
-			{
-			/* Make the number p-1 bits long */
-			i=BN_num_bits(dh->p)-1;
-			}
 		priv_key=BN_new();
 		if (priv_key == NULL) goto err;
-		if (!BN_rand(priv_key,i,0,0)) goto err;
+		do
+			if (!BN_rand_range(priv_key, dh->p)) goto err;
+		while (BN_is_zero(priv_key));
 		}
 	else
 		priv_key=dh->priv_key;
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -168,13 +168,13 @@ DH *DH_new_method(ENGINE *engine)
 	ret->method_mont_p=NULL;
 	ret->references = 1;
 	ret->flags=meth->flags;
+	CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
 	if ((meth->init != NULL) && !meth->init(ret))
 		{
+		CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
 		OPENSSL_free(ret);
 		ret=NULL;
 		}
-	else
-		CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
 	return(ret);
 	}

@@ -196,12 +196,12 @@ void DH_free(DH *r)
 	}
 #endif

-	CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
-
 	meth = ENGINE_get_DH(r->engine);
 	if(meth->finish) meth->finish(r);
 	ENGINE_finish(r->engine);

+	CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
+
 	if (r->p != NULL) BN_clear_free(r->p);
 	if (r->g != NULL) BN_clear_free(r->g);
 	if (r->q != NULL) BN_clear_free(r->q);
--- a/Show More
+++ b/Show More