make update

Merge in the latest fixes from 0.9.6a-beta3.
These changes will be part of OpenSSL 0.9.6a beta3 [engine]
2001-03-30 16:02:44 +00:00 · 2001-03-30 15:31:42 +00:00 · 2001-03-30 13:41:55 +00:00 · 2001-03-30 13:40:16 +00:00 · 2001-03-29 22:15:23 +00:00 · 2001-03-27 23:57:54 +00:00
325 changed files with 5719 additions and 15585 deletions
--- a/344
+++ b/344
@@ -2,24 +2,235 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
+ Changes between 0.9.6 and 0.9.6a  [xx XXX 2001]

-  *) Make DSO load along a path given through an environment variable
-     (SHLIB_PATH) with shl_load().
+  *) Fix for asn1_GetSequence() for indefinite length constructed data.
+     If SEQUENCE is length is indefinite just set c->slen to the total
+     amount of data available.
+     [Steve Henson, reported by shige@FreeBSD.org]
+     [This change does not apply to 0.9.7.]
+
+  *) Change bctest to avoid here-documents inside command substitution
+     (workaround for FreeBSD /bin/sh bug).
+     [Bodo Moeller]
+
+  *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes
+     with des_encrypt() defined on some operating systems, like Solaris
+     and UnixWare.
     [Richard Levitte]

-  *) Constify the ENGINE code as a result of BIGNUM constification.
-     Also constify the RSA code and most things related to it.  In a
-     few places, most notable in the depth of the ASN.1 code, ugly
-     casts back to non-const were required (to be solved at a later
-     time)
+  *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
+     On the Importance of Eliminating Errors in Cryptographic
+     Computations, J. Cryptology 14 (2001) 2, 101-119,
+     http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
+     [Ulf Moeller]
+  
+  *) MIPS assembler BIGNUM division bug fix. 
+     [Andy Polyakov]
+
+  *) Fix PKCS#7 decode routines so they correctly update the length
+     after reading an EOC for the EXPLICIT tag.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Fix bug in PKCS#12 key generation routines. This was triggered
+     if a 3DES key was generated with a 0 initial byte. Include
+     PKCS12_BROKEN_KEYGEN compilation option to retain the old
+     (but broken) behaviour.
+     [Steve Henson]
+
+  *) Enhance bctest to search for a working bc along $PATH and print
+     it when found.
+     [Tim Rice <tim@multitalents.net> via Richard Levitte]
+
+  *) Fix memory leaks in err.c: free err_data string if necessary;
+     don't write to the wrong index in ERR_set_error_data.
+     [Bodo Moeller]
+
+  *) Implement ssl23_peek (analogous to ssl23_read), which previously
+     did not exist.
+     [Bodo Moeller]
+
+  *) Replace rdtsc with _emit statements for VC++ version 5.
+     [Jeremy Cooper <jeremy@baymoo.org>]
+
+  *) Make it possible to reuse SSLv2 sessions.
     [Richard Levitte]

-  *) Make it so the openssl application has all engines loaded by default.
+  *) In copy_email() check for >= 0 as a return value for
+     X509_NAME_get_index_by_NID() since 0 is a valid index.
+     [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
+
+  *) Avoid coredump with unsupported or invalid public keys by checking if
+     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+     PKCS7_verify() fails with non detached data.
+     [Steve Henson]
+
+  *) Don't use getenv in library functions when run as setuid/setgid.
+     New function OPENSSL_issetugid().
+     [Ulf Moeller]
+
+  *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+     due to incorrect handling of multi-threading:
+
+     1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+     2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+     3. Count how many times MemCheck_off() has been called so that
+        nested use can be treated correctly.  This also avoids 
+        inband-signalling in the previous code (which relied on the
+        assumption that thread ID 0 is impossible).
+     [Bodo Moeller]
+
+  *) Add "-rand" option also to s_client and s_server.
+     [Lutz Jaenicke]
+
+  *) Fix CPU detection on Irix 6.x.
+     [Kurt Hockenbury <khockenb@stevens-tech.edu> and
+      "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+     was empty.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Use the cached encoding of an X509_NAME structure rather than
+     copying it. This is apparently the reason for the libsafe "errors"
+     but the code is actually correct.
+     [Steve Henson]
+
+  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+     Bleichenbacher's DSA attack.
+     Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+     to be set and top=0 forces the highest bit to be set; top=-1 is new
+     and leaves the highest bit random.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) In the NCONF_...-based implementations for CONF_... queries
+     (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+     a temporary CONF structure with the data component set to NULL
+     (which gives segmentation faults in lh_retrieve).
+     Instead, use NULL for the CONF pointer in CONF_get_string and
+     CONF_get_number (which may use environment variables) and directly
+     return NULL from CONF_get_section.
+     [Bodo Moeller]
+
+  *) Fix potential buffer overrun for EBCDIC.
+     [Ulf Moeller]
+
+  *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+     keyUsage if basicConstraints absent for a CA.
+     [Steve Henson]
+
+  *) Make SMIME_write_PKCS7() write mail header values with a format that
+     is more generally accepted (no spaces before the semicolon), since
+     some programs can't parse those values properly otherwise.  Also make
+     sure BIO's that break lines after each write do not create invalid
+     headers.
     [Richard Levitte]

-  *) Constify the BIGNUM routines a little more.
-     [Richard Levitte]
+  *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+     macros previously used would not encode an empty SEQUENCE OF
+     and break the signature.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
+  *) Add some EVP_add_digest_alias registrations (as found in
+     OpenSSL_add_all_digests()) to SSL_library_init()
+     aka OpenSSL_add_ssl_algorithms().  This provides improved
+     compatibility with peers using X.509 certificates
+     with unconventional AlgorithmIdentifier OIDs.
+     [Bodo Moeller]
+
+  *) Fix for Irix with NO_ASM.
+     ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) ./config script fixes.
+     [Ulf Moeller, Richard Levitte]
+
+  *) Fix 'openssl passwd -1'.
+     [Bodo Moeller]
+
+  *) Change PKCS12_key_gen_asc() so it can cope with non null
+     terminated strings whose length is passed in the passlen
+     parameter, for example from PEM callbacks. This was done
+     by adding an extra length parameter to asc2uni().
+     [Steve Henson, reported by <oddissey@samsung.co.kr>]
+
+  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+     call failed, free the DSA structure.
+     [Bodo Moeller]
+
+  *) Fix to uni2asc() to cope with zero length Unicode strings.
+     These are present in some PKCS#12 files.
+     [Steve Henson]
+
+  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
+     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
+     when writing a 32767 byte record.
+     [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
+
+  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
+
+     (RSA objects have a reference count access to which is protected
+     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+     so they are meant to be shared between threads.)
+     [Bodo Moeller, Geoff Thorpe; original patch submitted by
+     "Reddie, Steven" <Steven.Reddie@ca.com>]
+
+  *) Fix a deadlock in CRYPTO_mem_leaks().
+     [Bodo Moeller]
+
+  *) Use better test patterns in bntest.
+     [Ulf M<>ller]
+
+  *) rand_win.c fix for Borland C.
+     [Ulf M<>ller]
+ 
+  *) BN_rshift bugfix for n == 0.
+     [Bodo Moeller]
+
+  *) Add a 'bctest' script that checks for some known 'bc' bugs
+     so that 'make test' does not abort just because 'bc' is broken.
+     [Bodo Moeller]
+
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
+     SSL3_RT_APPLICATION_DATA, return 0.
+     Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
+     [Bodo Moeller]
+
+  *) Fix SSL_peek:
+     Both ssl2_peek and ssl3_peek, which were totally broken in earlier
+     releases, have been re-implemented by renaming the previous
+     implementations of ssl2_read and ssl3_read to ssl2_read_internal
+     and ssl3_read_internal, respectively, and adding 'peek' parameters
+     to them.  The new ssl[23]_{read,peek} functions are calls to
+     ssl[23]_read_internal with the 'peek' flag set appropriately.
+     A 'peek' parameter has also been added to ssl3_read_bytes, which
+     does the actual work for ssl3_read_internal.
+     [Bodo Moeller]
+
+  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+     the method-specific "init()" handler. Also clean up ex_data after
+     calling the method-specific "finish()" handler. Previously, this was
+     happening the other way round.
+     [Geoff Thorpe]
+
+  *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
+     The previous value, 12, was not always sufficient for BN_mod_exp().
+     [Bodo Moeller]

  *) Make sure that shared libraries get the internal name engine with
     the full version number and not just 0.  This should mark the
@@ -27,94 +238,6 @@
     be changed again when we can guarantee backward binary compatibility.
     [Richard Levitte]

-  *) Add the following functions:
-
-	ENGINE_load_cswift()
-	ENGINE_load_chil()
-	ENGINE_load_atalla()
-	ENGINE_load_nuron()
-	ENGINE_load_builtin_engines()
-
-     That way, an application can itself choose if external engines that
-     are built-in in OpenSSL shall ever be used or not.  The benefit is
-     that applications won't have to be linked with libdl or other dso
-     libraries unless it's really needed.
-
-     Changed 'openssl engine' to load all engines on demand.
-     Changed the engine header files to avoid the duplication of some
-     declarations (they differed!).
-     [Richard Levitte]
-
-  *) 'openssl engine' can now list capabilities.
-     [Richard Levitte]
-
-  *) Better error reporting in 'openssl engine'.
-     [Richard Levitte]
-
-  *) Never call load_dh_param(NULL) in s_server.
-     [Bodo Moeller]
-
-  *) Add engine application.  It can currently list engines by name and
-     identity, and test if they are actually available.
-     [Richard Levitte]
-
-  *) Add support for shared libraries under Irix.
-     [Albert Chin-A-Young <china@thewrittenword.com>]
-
-  *) Improve RPM specification file by forcing symbolic linking and making
-     sure the installed documentation is also owned by root.root.
-     [Damien Miller <djm@mindrot.org>]
-
-  *) Add configuration option to build on Linux on both big-endian and
-     little-endian MIPS.
-     [Ralf Baechle <ralf@uni-koblenz.de>]
-
-  *) Give the OpenSSL applications more possibilities to make use of
-     keys (public as well as private) handled by engines.
-     [Richard Levitte]
-
-  *) Add OCSP code that comes from CertCo.
-     [Richard Levitte]
-
-  *) Add VMS support for the Rijndael code.
-     [Richard Levitte]
-
-  *) Added untested support for Nuron crypto accelerator.
-     [Ben Laurie]
-
-  *) Add support for external cryptographic devices.  This code was
-     previously distributed separately as the "engine" branch.
-     [Geoff Thorpe, Richard Levitte]
-
-  *) Rework the filename-translation in the DSO code. It is now possible to
-     have far greater control over how a "name" is turned into a filename
-     depending on the operating environment and any oddities about the
-     different shared library filenames on each system.
-     [Geoff Thorpe]
-
-  *) Support threads on FreeBSD-elf in Configure.
-     [Richard Levitte]
-
-  *) Add the possibility to create shared libraries on HP-UX
-     [Richard Levitte]
-
-  *) Fix for SHA1 assembly problem with MASM: it produces
-     warnings about corrupt line number information when assembling
-     with debugging information. This is caused by the overlapping
-     of two sections.
-     [Bernd Matthes <mainbug@celocom.de>, Steve Henson]
-
-  *) NCONF changes.
-     NCONF_get_number() has no error checking at all.  As a replacement,
-     NCONF_get_number_e() is defined (_e for "error checking") and is
-     promoted strongly.  The old NCONF_get_number is kept around for
-     binary backward compatibility.
-     Make it possible for methods to load from something other than a BIO,
-     by providing a function pointer that is given a name instead of a BIO.
-     For example, this could be used to load configuration data from an
-     LDAP server.
-     [Richard Levitte]
-
  *) Fix typo in get_cert_by_subject() in by_dir.c
     [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]

@@ -133,26 +256,6 @@
       static ones.
     [Richard Levitte]

-  *) Fix for non blocking accept BIOs. Added new I/O special reason
-     BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
-     with non blocking I/O was not possible because no retry code was
-     implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
-     this case.
-     [Steve Henson]
-
-  *) Added the beginnings of Rijndael support.
-     [Ben Laurie]
-
-  *) Fix for bug in DirectoryString mask setting. Add support for
-     X509_NAME_print_ex() in 'req' and X509_print_ex() function
-     to allow certificate printing to more controllable, additional
-     'certopt' option to 'x509' to allow new printing options to be
-     set.
-     [Steve Henson]
-
-  *) Clean old EAY MD5 hack from e_os.h.
-     [Richard Levitte]
-
  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.

     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
@@ -166,6 +269,9 @@
     matter what.
     [Richard Levitte]

+  *) Added several new manual pages for SSL_* function.
+     [Lutz Jaenicke]
+
 Changes between 0.9.5a and 0.9.6  [24 Sep 2000]

  *) In ssl23_get_client_hello, generate an error message when faced
--- a/133
+++ b/133
@@ -33,6 +33,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
 # [no-]shared	[don't] try to create shared libraries when supported.
+#               IT IS NOT RECOMMENDED TO USE "shared"!  Since this is a
+#               development branch, the positions of the ENGINE symbols
+#               in the transfer vector are constantly moving, so binary
+#               backward compatibility can't be guaranteed in any way.
 # no-asm        do not use assembler
 # no-dso        do not compile in any native shared-library methods. This
 #               will ensure that all methods just return NULL.
@@ -94,6 +98,11 @@ my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm
 my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
 my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";

+my $mips3_irix_asm="asm/mips3.o::::::::";
+# There seems to be boundary faults in asm/alpha.s.
+#my $alpha_asm="asm/alpha.o::::::::";
+my $alpha_asm="::::::::";
+
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined

@@ -132,18 +141,18 @@ my %table=(
 # surrounds it with #APP #NO_APP comment pair which (at least Solaris
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
@@ -154,7 +163,7 @@ my %table=(
 "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
 "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -177,17 +186,17 @@ my %table=(

 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o:::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o:::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o:::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o:::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",

 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -219,41 +228,41 @@ my %table=(
 #
 #!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn",

 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
 # Chris Ruemmler <ruemmler@cup.hp.com>
 # Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",

 # HPUX 9.X config.
 # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
 # egcs.  gcc 2.8.1 is also broken.

-"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
 # please report your OS and compiler version to the openssl-bugs@openssl.org
 # mailing list.
-"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",

-"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux-gcc fails, try this one:
-"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",

 # HPUX 10.X config.  Supports threads.
-"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
-"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",

-"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
 # If hpux10-gcc fails, try this one:
-"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",

 # HPUX 11.X from www.globus.org.
 # Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
@@ -267,9 +276,9 @@ my %table=(
 # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:tru64-shared::.so",
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:tru64-shared::.so",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:tru64-shared::.so",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
 "FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### Alpha Linux with GNU C and Compaq C setups
@@ -285,13 +294,13 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",

 # assembler versions -- currently defunct:
-##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",

 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
@@ -299,18 +308,18 @@ my %table=(
 "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
-"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+"linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
 "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
@@ -322,9 +331,14 @@ my %table=(
 # Linux on ARM
 "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

-# UnixWare 2.0
-"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+# UnixWare 2.0x fails destest with -O
+"unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium:-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+
+# UnixWare 2.1
+"unixware-2.1","cc:-O -DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread:-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",

 # UnixWare 7
 "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
@@ -332,6 +346,8 @@ my %table=(
 # IBM's AIX.
 "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",

 #
 # Cray T90 (SDSC)
@@ -361,9 +377,13 @@ my %table=(
 "dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
 "dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",

+# SCO 3 - Tim Rice <tim@multitalents.net>
+"sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
 "sco5-cc",  "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
 "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...

 # Sinix/ReliantUNIX RM400
@@ -448,10 +468,10 @@ my $md5_obj="";
 my $sha1_obj="";
 my $rmd160_obj="";
 my $processor="";
-my $ranlib;
+my $default_ranlib;
 my $perl;

-$ranlib=&which("ranlib") or $ranlib="true";
+$default_ranlib= &which("ranlib") or $default_ranlib="true";
 $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
  or $perl="perl";

@@ -650,7 +670,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
 print "IsWindows=$IsWindows\n";

 (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
- $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $shared_extension)=
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $shared_extension,my $ranlib)=
 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 $cflags="$flags$cflags" if ($flags ne "");

@@ -743,6 +763,11 @@ else
 	$no_shared = 1;
 	}

+if ($ranlib eq "")
+	{
+	$ranlib = $default_ranlib;
+	}
+
 #my ($bn1)=split(/\s+/,$bn_obj);
 #$bn1 = "" unless defined $bn1;
 #$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
@@ -849,16 +874,7 @@ while (<IN>)
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
 	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
-	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
-		{
-		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/
-		}
-	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
-		{
-		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
-		}
+	s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.so.\$(SHLIB_MAJOR) .so/ if ($shared_extension ne "" && $shared_extension !~ /^\.s[ol]$/);
 	print OUT $_."\n";
 	}
 close(IN);
@@ -1146,7 +1162,7 @@ sub print_table_entry
 	my $bn_obj,my $des_obj,my $bf_obj,
 	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
 	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
-	my $shared_extension)=
+	my $shared_extension,my $ranlib)=
 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 			
 	print <<EOF
@@ -1171,5 +1187,6 @@ sub print_table_entry
 \$shared_target= $shared_target
 \$shared_cflag = $shared_cflag
 \$shared_extension = $shared_extension
+\$ranlib       = $ranlib
 EOF
 	}
--- a/28
+++ b/28
@@ -27,8 +27,6 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the OpenSSL test fail with "bc: 1 no implemented"?
 * Why does the OpenSSL compilation fail on Alpha True64 Unix?
 * Why does the OpenSSL compilation fail with "ar: command not found"?
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-* Why aren't tools like 'autoconf' and 'libtool' used?


 * Which is the current version of OpenSSL?
@@ -432,29 +430,3 @@ and then redo the compilation.  What you should really do is make sure
 '/usr/ccs/bin' is permanently in your $PATH, for example through your
 '.profile' (again, assuming you use a sh-compatible shell).

-
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-
-Sometimes, you may get reports from VC++ command line (cl) that it
-can't find standard include files like stdio.h and other weirdnesses.
-One possible cause is that the environment isn't correctly set up.
-To solve that problem, one should run VCVARS32.BAT which is found in
-the 'bin' subdirectory of the VC++ installation directory (somewhere
-under 'Program Files').  This needs to be done prior to running NMAKE,
-and the changes are only valid for the current DOS session.
-
-
-* Why aren't tools like 'autoconf' and 'libtool' used?
-
-autoconf is a nice tool, but is unfortunately very Unix-centric.
-Although one can come up with solution to have ports keep in track,
-there's also some work needed for that, and can be quite painful at
-times.  If there was a 'autoconf'-like tool that generated perl
-scripts or something similarly general, it would probably be used
-in OpenSSL much earlier.
-
-libtool has repeatadly been reported by some members of the OpenSSL
-development and others to be a pain to use.  So far, those in the
-development team who have said anything about this have expressed
-a wish to avoid libtool for that reason.
-
--- a/5
+++ b/5
@@ -57,7 +57,10 @@

  shared        In addition to the usual static libraries, create shared
                libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.
+                shared libraries" below.  THIS IS NOT RECOMMENDED!  Since
+                this is a development branch, the positions of the ENGINE
+                symbols in the transfer vector are constantly moving, so
+                binary backward compatibility can't be guaranteed in any way.

  no-asm        Do not use assembler code.

--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------

 /* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/Makefile.org
+++ b/Makefile.org
@@ -57,7 +57,7 @@ CC= gcc
 #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 DEPFLAG= 
-PEX_LIBS= -L. -L.. -L../.. -L../../..
+PEX_LIBS= 
 EX_LIBS= 
 AR=ar r
 RANLIB= ranlib
@@ -161,9 +161,9 @@ SHLIBDIRS= crypto ssl
 SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh dso engine rijndael \
+	bn rsa dsa dh dso engine \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

 MAKEFILE= Makefile.ssl
 MAKE=     make -f Makefile.ssl
@@ -220,7 +220,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a
 	fi
 libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-L. -lcrypto' build-shared; \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
@@ -242,7 +242,7 @@ link-shared:
 		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
 			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
 			for j in $${tmp:-x}; do \
-				( set -x; ln -s -f $$prev lib$$i$$j ); \
+				( set -x; ln -f -s $$prev lib$$i$$j ); \
 				prev=lib$$i$$j; \
 			done; \
 		fi; \
@@ -251,59 +251,33 @@ link-shared:
 build-shared: clean-shared do_$(SHLIB_TARGET) link-shared

 do_bsd-gcc-shared: linux-shared
-do_linux-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+do_linux-shared: do_gnu-shared
+do_gnu-shared:
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
+	libs="$$libs -l$$i"; \
 	done

 # This assumes that GNU utilities are *not* used
 do_tru64-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
 	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
 		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 		-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
+	libs="$$libs -l$$i"; \
 	done

 # This assumes that GNU utilities are *not* used
 do_solaris-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+	( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+	  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
-	done
-
-# This assumes that GNU utilities are *not* used
-do_irix-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
-	done
-
-# This assumes that GNU utilities are *not* used
-do_hpux-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; /usr/ccs/bin/ld +vnocompatwarnings \
-		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
-	done
-
-# This assumes that GNU utilities are *not* used
-do_hpux64-shared:
-	libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
-	( set -x; /usr/ccs/bin/ld -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
-	libs="$$libs -L. -l$$i"; \
+	libs="$$libs -l$$i"; \
 	done

 Makefile.ssl: Makefile.org
@@ -499,19 +473,19 @@ install_docs:
 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
 		$(INSTALL_PREFIX)$(MANDIR)/man7
+	@echo installing man 1 and man 5
 	@for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
-		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
 			 --release=$(VERSION) `basename $$i`) \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
 	done
+	@echo installing man 3 and man 7
 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
-		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
 		(cd `dirname $$i`; \
 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`) \
--- a/25
+++ b/25
@@ -5,6 +5,31 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
+      o Compatibility fix: the function des_encrypt() renamed to
+        des_encrypt1() to avoid clashes with some Unixen libc.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded enviroments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range().
+      o Add "-rand" option to openssl s_client and s_server.
+
  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:

      o Some documentation for BIO and SSL libraries.
--- a/2
+++ b/2
@@ -1,5 +1,5 @@

- OpenSSL 0.9.7-dev 24 Sep 2000
+ OpenSSL 0.9.6a-beta3 [engine] 30 Mar 2001

 Copyright (c) 1998-2000 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/README.ENGINE
+++ b/README.ENGINE
@@ -25,6 +25,25 @@
  What already exists is fairly stable as far as it has been tested, but
  the test base has been a bit small most of the time.

+  Because of this experimental status and what's lacking, the ENGINE
+  component is not yet part of the default OpenSSL distribution.  However,
+  we have made a separate kit for those who want to try this out, to be
+  found in the same places as the default OpenSSL distribution, but with
+  "-engine-" being part of the kit file name.  For example, version 0.9.6
+  is distributed in the following two files:
+
+      openssl-0.9.6.tar.gz
+      openssl-engine-0.9.6.tar.gz
+
+  NOTES
+  =====
+
+  openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
+  not need to download both.
+
+  openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
+  crypto device.  The internal OpenSSL functions are contained in the
+  engine "openssl", and will be used by default.

  No external crypto device is chosen unless you say so.  You have actively
  tell the openssl utility commands to use it through a new command line
--- a/66
+++ b/66
@@ -1,10 +1,46 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2000/10/26 21:07:27 $
+  ______________                           $Date: 2001/03/26 17:09:12 $

  DEVELOPMENT STATE

-    o  OpenSSL 0.9.7:  Under development...
+    o  OpenSSL 0.9.6a: Bugfix release -- under development...
+                       Beta 1 released on March 13th, 2001
+	HP-UX 10.20 (hpux-parisc-cc)		- PASSED [normal+engine]
+	HP-UX 10.20 (hpux-parisc-gcc)		- PASSED [normal+engine]
+	HP-UX 11.00 32bit (hpux-parisc-gcc)	- FAILED [engine]
+		"openssl speed rsa1024 -engine cswift" fails unless
+		libswift.sl is renamed to libswift.so.
+		[CORRECTED]
+	HP MPE/iX				- PASSED [presumed normal]
+	Linux 2.2.17 SMP (linux-elf)		- PASSED [normal+engine]
+	Windows (VC-WIN32)			- FAILED [presumed normal]
+		Missing line in ms/32all.bat:
+			perl util\mkfiles.pl >MINFO
+		[CORRECTED]
+		In randfile.c, line 214, signed and unsigned int are mixed.
+		[CORRECTED]
+		In s_client.c and s_server.c, RAND_status() needs to get
+		declared (#include <openssl/rand.h>)
+		[CORRECTED]
+	OpenVMS (any version)			- FAILED [normal+engine]
+		Missing instructions in building script.
+		[CORRECTED]
+	AIX 4.3					- FAILED [engine]
+		Needs -DDSO_DLFCN and -DHAVE_DLFCN_H to work.
+		[CORRECTED] (but will not be automagically configured)
+	Irix 6.5.11				- FAILED [presumed normal]
+		BN_sqr test fails.
+        solaris64-sparcv9-cc (SunOS 5.8)        - PASSED [normal+engine]
+	BSDI 4.0.1 (bsdi-elf-gcc)		- FAILED [engine]
+		Needs -DDSO_DLFCN, -DHAVE_DLFCN_H and -ldl to work.
+		[CORRECTED]
+	mingw32 w/ gcc 2.95.2			- PASSED [presumed normal]
+
+                       Beta 2 released on March 21st, 2001
+	OpenVMS (tested on VMS 7.2-1 for Alpha)	- PASSED [presumed normal]
+        solaris64-sparcv9-cc (SunOS 5.8)        - PASSED [normal]
+
    o  OpenSSL 0.9.6:  Released on September 24th, 2000
    o  OpenSSL 0.9.5a: Released on April      1st, 2000
    o  OpenSSL 0.9.5:  Released on February  28th, 2000
@@ -18,14 +54,13 @@

  AVAILABLE PATCHES

-    o CA.pl patch (Damien Miller)
-
  IN PROGRESS

    o Steve is currently working on (in no particular order):
        ASN1 code redesign, butchery, replacement.
+        OCSP
        EVP cipher enhancement.
-     /* Proper (or at least usable) certificate chain verification. */
+        Enhanced certificate chain verification.
 	Private key, certificate and CRL API and implementation.
 	Developing and bugfixing PKCS#7 (S/MIME code).
        Various X509 issues: character sets, certificate request extensions.
@@ -34,17 +69,30 @@
    o Richard is currently working on:
 	UTIL (a new set of library functions to support some higher level
 	      functionality that is currently missing).
-	Dynamic thread-lock support.
 	Shared library support for VMS.
+	OCSP
+	Kerberos 5 authentication
+	Constification

  NEEDS PATCH

-    o  non-blocking socket on AIX
-    o  $(PERL) in */Makefile.ssl
-    o  "Sign the certificate?" - "n" creates empty certificate file
+    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
+
+    o  OpenSSL_0_9_6-stable:
+       #include <openssl/e_os.h> in exported header files is illegal since
+       e_os.h is suitable only for library-internal use.
+
+    o  Whenever strncpy is used, make sure the resulting string is NULL-terminated
+       or an error is reported

  OPEN ISSUES

+    o  crypto/ex_data.c is not really thread-safe and so must be used
+       with care (e.g., extra locking where necessary, or don't call
+       CRYPTO_get_ex_new_index once multiple threads exist).
+       The current API is not suitable for everything that it pretends
+       to offer.
+
    o  The Makefile hierarchy and build mechanism is still not a round thing:

       1. The config vs. Configure scripts
--- a/482
+++ b/482
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -38,7 +38,7 @@ E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa rsautl dsa dsaparam \
 	x509 genrsa gendsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
-	pkcs8 spkac smime rand engine
+	pkcs8 spkac smime rand

 PROGS= $(PROGRAM).c

@@ -54,14 +54,14 @@ E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
 	rsa.o rsautl.o dsa.o dsaparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
-	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o
+	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o

 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c rsautl.c dsa.c dsaparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
-	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c
+	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c

 SRC=$(E_SRC)

@@ -150,20 +150,18 @@ app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 app_rand.o: ../include/openssl/des.h ../include/openssl/dh.h
 app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 app_rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-app_rand.o: ../include/openssl/engine.h ../include/openssl/evp.h
-app_rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-app_rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
-app_rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-app_rand.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-app_rand.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
-app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-app_rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-app_rand.o: ../include/openssl/x509_vfy.h apps.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+app_rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+app_rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+app_rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+app_rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -171,18 +169,16 @@ apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 apps.o: ../include/openssl/des.h ../include/openssl/dh.h
 apps.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 apps.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-apps.o: ../include/openssl/engine.h ../include/openssl/err.h
-apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
-apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-apps.o: ../include/openssl/md4.h ../include/openssl/md5.h
-apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-apps.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+apps.o: ../include/openssl/err.h ../include/openssl/evp.h
+apps.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+apps.o: ../include/openssl/md2.h ../include/openssl/md4.h
+apps.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
 apps.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-apps.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-apps.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+apps.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
 apps.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
@@ -194,17 +190,15 @@ asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 asn1pars.o: ../include/openssl/des.h ../include/openssl/dh.h
 asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
-asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h
-asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h
-asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-asn1pars.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+asn1pars.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+asn1pars.o: ../include/openssl/md2.h ../include/openssl/md4.h
+asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 asn1pars.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-asn1pars.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 asn1pars.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -225,8 +219,7 @@ ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ca.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-ca.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+ca.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
 ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
@@ -239,18 +232,16 @@ ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
 ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
 ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-ciphers.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
-ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-ciphers.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ciphers.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ciphers.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ciphers.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ciphers.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-ciphers.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -264,17 +255,15 @@ crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 crl.o: ../include/openssl/des.h ../include/openssl/dh.h
 crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 crl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-crl.o: ../include/openssl/engine.h ../include/openssl/err.h
-crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
-crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-crl.o: ../include/openssl/md4.h ../include/openssl/md5.h
-crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-crl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+crl.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+crl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 crl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-crl.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 crl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -287,17 +276,15 @@ crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 crl2p7.o: ../include/openssl/des.h ../include/openssl/dh.h
 crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
-crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h
-crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h
-crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-crl2p7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl2p7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+crl2p7.o: ../include/openssl/md2.h ../include/openssl/md4.h
+crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 crl2p7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-crl2p7.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 crl2p7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -319,7 +306,6 @@ dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-dgst.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -340,8 +326,7 @@ dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-dh.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-dh.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
 dh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
@@ -363,7 +348,6 @@ dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-dsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -385,7 +369,6 @@ dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-dsaparam.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -407,36 +390,10 @@ enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-enc.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-engine.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-engine.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-engine.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
-engine.o: ../include/openssl/crypto.h ../include/openssl/des.h
-engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-engine.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-engine.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-engine.o: ../include/openssl/err.h ../include/openssl/evp.h
-engine.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-engine.o: ../include/openssl/md2.h ../include/openssl/md4.h
-engine.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-engine.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-engine.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-engine.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-engine.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
-engine.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -444,18 +401,16 @@ errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
 errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
 errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-errstr.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
-errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-errstr.o: ../include/openssl/md2.h ../include/openssl/md4.h
-errstr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+errstr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+errstr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-errstr.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-errstr.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -479,7 +434,6 @@ gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-gendh.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -501,7 +455,6 @@ gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-gendsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -523,7 +476,6 @@ genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-genrsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 genrsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -535,17 +487,15 @@ nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 nseq.o: ../include/openssl/des.h ../include/openssl/dh.h
 nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
-nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h
-nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h
-nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-nseq.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+nseq.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+nseq.o: ../include/openssl/md2.h ../include/openssl/md4.h
+nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 nseq.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-nseq.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 nseq.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -557,18 +507,16 @@ openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
 openssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
 openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-openssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
-openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-openssl.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-openssl.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -583,20 +531,19 @@ passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 passwd.o: ../include/openssl/des.h ../include/openssl/dh.h
 passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 passwd.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
-passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h
-passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h
-passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
-passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-passwd.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
-passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
+passwd.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+passwd.o: ../include/openssl/md2.h ../include/openssl/md4.h
+passwd.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+passwd.o: ../include/openssl/x509_vfy.h apps.h
 pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -614,8 +561,7 @@ pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-pkcs12.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-pkcs12.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+pkcs12.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
@@ -637,7 +583,6 @@ pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 pkcs7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-pkcs7.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -659,8 +604,7 @@ pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
 pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-pkcs8.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-pkcs8.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+pkcs8.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
@@ -681,7 +625,6 @@ rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
 rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-rand.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -703,7 +646,6 @@ req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-req.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -726,7 +668,6 @@ rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 rsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-rsa.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -748,7 +689,6 @@ rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 rsautl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 rsautl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-rsautl.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 rsautl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -760,18 +700,16 @@ s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_cb.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_cb.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_cb.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_cb.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s_cb.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_cb.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s_cb.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-s_cb.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -795,8 +733,7 @@ s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s_client.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-s_client.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -821,8 +758,7 @@ s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s_server.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-s_server.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -837,17 +773,15 @@ s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_socket.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
-s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
-s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_socket.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s_socket.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
+s_socket.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_socket.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
 s_socket.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s_socket.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 s_socket.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
@@ -862,18 +796,16 @@ s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
 s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
 s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-s_time.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
-s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-s_time.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s_time.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_time.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s_time.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_time.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s_time.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-s_time.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -888,18 +820,16 @@ sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
 sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
 sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
 sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
-sess_id.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
-sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-sess_id.o: ../include/openssl/md2.h ../include/openssl/md4.h
-sess_id.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+sess_id.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+sess_id.o: ../include/openssl/evp.h ../include/openssl/idea.h
+sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+sess_id.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-sess_id.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-sess_id.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
@@ -923,7 +853,6 @@ smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 smime.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-smime.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -944,8 +873,7 @@ speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-speed.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-speed.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
 speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
@@ -967,7 +895,6 @@ spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 spkac.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-spkac.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -989,7 +916,6 @@ verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 verify.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-verify.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -1002,16 +928,14 @@ version.o: ../include/openssl/conf.h ../include/openssl/crypto.h
 version.o: ../include/openssl/des.h ../include/openssl/dh.h
 version.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
 version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-version.o: ../include/openssl/engine.h ../include/openssl/evp.h
-version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-version.o: ../include/openssl/md2.h ../include/openssl/md4.h
-version.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+version.o: ../include/openssl/md4.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+version.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
 version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-version.o: ../include/openssl/rc5.h ../include/openssl/rijndael-alg-fst.h
-version.o: ../include/openssl/rijndael.h ../include/openssl/ripemd.h
+version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 version.o: ../include/openssl/sha.h ../include/openssl/stack.h
 version.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
@@ -1033,7 +957,6 @@ x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
 x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 x509.o: ../include/openssl/rand.h ../include/openssl/rc2.h
 x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-x509.o: ../include/openssl/rijndael-alg-fst.h ../include/openssl/rijndael.h
 x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -142,21 +142,18 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
 		}
 	if (file == NULL || !RAND_load_file(file, -1))
 		{
-		if (RAND_status() == 0)
+		if (RAND_status() == 0 && !dont_warn)
 			{
-			if (!dont_warn)
+			BIO_printf(bio_e,"unable to load 'random state'\n");
+			BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
+			BIO_printf(bio_e,"with much random data.\n");
+			if (consider_randfile) /* explanation does not apply when a file is explicitly named */
 				{
-				BIO_printf(bio_e,"unable to load 'random state'\n");
-				BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
-				BIO_printf(bio_e,"with much random data.\n");
-				if (consider_randfile) /* explanation does not apply when a file is explicitly named */
-					{
-					BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
-					BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
-					}
+				BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
+				BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
 				}
-			return 0;
 			}
+		return 0;
 		}
 	seeded = 1;
 	return 1;
@@ -180,8 +177,10 @@ long app_RAND_load_files(char *name)
 		if (*n == '\0') break;

 		egd=RAND_egd(n);
-		if (egd > 0) tot+=egd;
-		tot+=RAND_load_file(n,-1);
+		if (egd > 0)
+			tot+=egd;
+		else
+			tot+=RAND_load_file(n,-1);
 		if (last) break;
 		}
 	if (tot > 512)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -74,14 +74,6 @@
 #  include "bss_file.c"
 #endif

-typedef struct {
-	char *name;
-	unsigned long flag;
-	unsigned long mask;
-} NAME_EX_TBL;
-
-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
-
 int app_init(long mesgwin);
 #ifdef undef /* never finished - probably never will be :-) */
 int args_from_file(char *file, int *argc, char **argv[])
@@ -553,7 +545,7 @@ end:
 	return(x);
 	}

-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -563,14 +555,6 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
-	if (format == FORMAT_ENGINE)
-		{
-		if (!e)
-			BIO_printf(bio_err,"no engine specified\n");
-		else
-			pkey = ENGINE_load_private_key(e, file, pass);
-		goto end;
-		}
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -610,7 +594,7 @@ EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e)
 	return(pkey);
 	}

-EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -620,14 +604,6 @@ EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e)
 		BIO_printf(err,"no keyfile specified\n");
 		goto end;
 		}
-	if (format == FORMAT_ENGINE)
-		{
-		if (!e)
-			BIO_printf(bio_err,"no engine specified\n");
-		else
-			pkey = ENGINE_load_public_key(e, file, NULL);
-		goto end;
-		}
 	key=BIO_new(BIO_s_file());
 	if (key == NULL)
 		{
@@ -720,43 +696,16 @@ end:
 	return(othercerts);
 	}

-
-#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
-/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT		0
-/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
-/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
-/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
-
-int set_cert_ex(unsigned long *flags, const char *arg)
-{
-	static const NAME_EX_TBL cert_tbl[] = {
-		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},
-		{ "no_header", X509_FLAG_NO_HEADER, 0},
-		{ "no_version", X509_FLAG_NO_VERSION, 0},
-		{ "no_serial", X509_FLAG_NO_SERIAL, 0},
-		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
-		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
-		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
-		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
-		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
-		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
-		{ "no_aux", X509_FLAG_NO_AUX, 0},
-		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
-		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-		{ NULL, 0, 0}
-	};
-	return set_table_opts(flags, arg, cert_tbl);
-}
+typedef struct {
+	char *name;
+	unsigned long flag;
+	unsigned long mask;
+} NAME_EX_TBL;

 int set_name_ex(unsigned long *flags, const char *arg)
 {
-	static const NAME_EX_TBL ex_tbl[] = {
+	char c;
+	const NAME_EX_TBL *ptbl, ex_tbl[] = {
 		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
 		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
 		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
@@ -784,13 +733,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
 		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
 		{ NULL, 0, 0}
 	};
-	return set_table_opts(flags, arg, ex_tbl);
-}

-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
-{
-	char c;
-	const NAME_EX_TBL *ptbl;
 	c = arg[0];

 	if(c == '-') {
@@ -801,7 +744,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T
 		arg++;
 	} else c = 1;

-	for(ptbl = in_tbl; ptbl->name; ptbl++) {
+	for(ptbl = ex_tbl; ptbl->name; ptbl++) {
 		if(!strcmp(arg, ptbl->name)) {
 			*flags &= ~ptbl->mask;
 			if(c) *flags |= ptbl->flag;
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -67,7 +67,6 @@
 #include <openssl/x509.h>
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
-#include <openssl/engine.h>

 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
 int app_RAND_write_file(const char *file, BIO *bio_e);
@@ -122,16 +121,14 @@ extern BIO *bio_err;
 #    ifdef _O_BINARY
 #      define apps_startup() \
 		_fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		SSLeay_add_all_algorithms(); ENGINE_load_builtin_engines()
+		SSLeay_add_all_algorithms()
 #    else
 #      define apps_startup() \
 		_fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		SSLeay_add_all_algorithms(); ENGINE_load_builtin_engines()
+		SSLeay_add_all_algorithms()
 #    endif
 #  else
-#    define apps_startup() \
-		do_pipe_sig(); SSLeay_add_all_algorithms(); \
-		ENGINE_load_builtin_engines()
+#    define apps_startup()	do_pipe_sig(); SSLeay_add_all_algorithms();
 #  endif
 #endif

@@ -150,13 +147,12 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 int dump_cert_text(BIO *out, X509 *x);
 void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
-int set_cert_ex(unsigned long *flags, const char *arg);
 int set_name_ex(unsigned long *flags, const char *arg);
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
 int add_oid_section(BIO *err, LHASH *conf);
 X509 *load_cert(BIO *err, char *file, int format);
-EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass, ENGINE *e);
-EVP_PKEY *load_pubkey(BIO *err, char *file, int format, ENGINE *e);
+EVP_PKEY *load_key(BIO *err, char *file, int format, char *pass);
+EVP_PKEY *load_pubkey(BIO *err, char *file, int format);
 STACK_OF(X509) *load_certs(BIO *err, char *file, int format);

 #define FORMAT_UNDEF    0
@@ -166,7 +162,8 @@ STACK_OF(X509) *load_certs(BIO *err, char *file, int format);
 #define FORMAT_NETSCAPE 4
 #define FORMAT_PKCS12   5
 #define FORMAT_SMIME    6
-#define FORMAT_ENGINE   7
+/* Since this is currently inofficial, let's give it a high number */
+#define FORMAT_ENGINE   127

 #define NETSCAPE_CERT_HDR	"certificate"

--- a/apps/ca.c
+++ b/apps/ca.c
@@ -153,8 +153,7 @@ static char *ca_usage[]={
 " -days arg       - number of days to certify the certificate for\n",
 " -md arg         - md to use, one of md2, md5, sha or sha1\n",
 " -policy arg     - The CA 'policy' to support\n",
-" -keyfile arg    - private key file\n",
-" -keyform arg    - private key file format (PEM or ENGINE)\n",
+" -keyfile arg    - PEM private key file\n",
 " -key arg        - key to decode the private key if it is encrypted\n",
 " -cert file      - The CA certificate\n",
 " -in file        - The input PEM encoded certificate request(s)\n",
@@ -237,7 +236,6 @@ int MAIN(int argc, char **argv)
 	char *policy=NULL;
 	char *keyfile=NULL;
 	char *certfile=NULL;
-	int keyform=FORMAT_PEM;
 	char *infile=NULL;
 	char *spkac_file=NULL;
 	char *ss_cert_file=NULL;
@@ -339,11 +337,6 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			keyfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyform=str2fmt(*(++argv));
-			}
 		else if (strcmp(*argv,"-passin") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -570,31 +563,14 @@ bad:
 		BIO_printf(bio_err,"Error getting password\n");
 		goto err;
 		}
-	if (keyform == FORMAT_ENGINE)
+	if (BIO_read_filename(in,keyfile) <= 0)
 		{
-		if (!e)
-			{
-			BIO_printf(bio_err,"no engine specified\n");
-			goto err;
-			}
-		pkey = ENGINE_load_private_key(e, keyfile, key);
-		}
-	else if (keyform == FORMAT_PEM)
-		{
-		if (BIO_read_filename(in,keyfile) <= 0)
-			{
-			perror(keyfile);
-			BIO_printf(bio_err,"trying to load CA private key\n");
-			goto err;
-			}
-		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
-		}
-	else
-		{
-		BIO_printf(bio_err,"bad input format specified for key file\n");
+		perror(keyfile);
+		BIO_printf(bio_err,"trying to load CA private key\n");
 		goto err;
 		}
-	if(key) memset(key,0,strlen(key));
+		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
+		if(key) memset(key,0,strlen(key));
 	if (pkey == NULL)
 		{
 		BIO_printf(bio_err,"unable to load CA private key\n");
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -74,7 +74,7 @@
 #undef PROG
 #define PROG	dgst_main

-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
 		EVP_PKEY *key, unsigned char *sigin, int siglen);

 int MAIN(int, char **);
@@ -93,10 +93,9 @@ int MAIN(int argc, char **argv)
 	char pname[PROG_NAME_SIZE];
 	int separator=0;
 	int debug=0;
-	int keyform=FORMAT_PEM;
 	const char *outfile = NULL, *keyfile = NULL;
 	const char *sigfile = NULL, *randfile = NULL;
-	int out_bin = -1, want_pub = 0, do_verify = 0;
+	char out_bin = -1, want_pub = 0, do_verify = 0;
 	EVP_PKEY *sigkey = NULL;
 	unsigned char *sigbuf = NULL;
 	int siglen = 0;
@@ -158,11 +157,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) break;
 			sigfile=*(++argv);
 			}
-		else if (strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) break;
-			keyform=str2fmt(*(++argv));
-			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) break;
@@ -202,7 +196,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
 		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
 		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
-		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
@@ -287,47 +280,20 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

-	if(keyfile)
-		{
-		if (keyform == FORMAT_PEM)
-			{
-			BIO *keybio;
-			keybio = BIO_new_file(keyfile, "r");
-			if(!keybio)
-				{
-				BIO_printf(bio_err,
-					"Error opening key file %s\n",
-					keyfile);
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			if(want_pub) 
-				sigkey = PEM_read_bio_PUBKEY(keybio,
-					NULL, NULL, NULL);
-			else
-				sigkey = PEM_read_bio_PrivateKey(keybio,
-					NULL, NULL, NULL);
-			BIO_free(keybio);
-			}
-		else if (keyform == FORMAT_ENGINE)
-			{
-			if (!e)
-				{
-				BIO_printf(bio_err,"no engine specified\n");
-				goto end;
-				}
-			if (want_pub)
-				sigkey = ENGINE_load_public_key(e, keyfile, NULL);
-			else
-				sigkey = ENGINE_load_private_key(e, keyfile, NULL);
-			}
-		else
-			{
-			BIO_printf(bio_err,
-				"bad input format specified for key file\n");
+	if(keyfile) {
+		BIO *keybio;
+		keybio = BIO_new_file(keyfile, "r");
+		if(!keybio) {
+			BIO_printf(bio_err, "Error opening key file %s\n",
+								keyfile);
+			ERR_print_errors(bio_err);
 			goto end;
-			}
+		}
 		
+		if(want_pub) 
+			sigkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
+		else sigkey = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
+		BIO_free(keybio);
 		if(!sigkey) {
 			BIO_printf(bio_err, "Error reading key file %s\n",
 								keyfile);
@@ -399,7 +365,7 @@ end:
 	EXIT(err);
 	}

-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
 			EVP_PKEY *key, unsigned char *sigin, int siglen)
 	{
 	int len;
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -96,10 +96,9 @@ int MAIN(int argc, char **argv)
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*inrand=NULL;
+	char *infile,*outfile,*prog,*inrand=NULL,*engine=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
-	char *engine=NULL;

 	apps_startup();

@@ -137,11 +136,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
-		else if(strcmp(*argv, "-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine = *(++argv);
-			}
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
@@ -188,7 +182,6 @@ bad:
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
 		}
@@ -232,24 +225,6 @@ bad:
 			}
 		}

-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto end;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	if (need_rand)
 		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
@@ -338,7 +313,7 @@ bad:
 		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
 			bits_p,bits_p);
 		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
-		printf("\t\treturn(NULL);\n");
+		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
 		printf("\treturn(dsa);\n\t}\n");
 		}

--- a/apps/enc.c
+++ b/apps/enc.c
@@ -317,11 +317,6 @@ bad:
 				LN_rc5_cfb64, LN_rc5_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
 #endif
-#ifndef NO_RIJNDAEL
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s\n",
-				   LN_rijndael_ecb_k128_b128,"","","","");
-#endif
-			
 			goto end;
 			}
 		argc--;
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -1,243 +0,0 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/engine.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG	engine_main
-
-static char *engine_usage[]={
-"usage: engine opts [engine ...]\n",
-" -v          - verbose mode, a textual listing of the engines in OpenSSL\n",
-" -c          - for each engine, also list the capabilities\n",
-" -t          - for each engine, check that they are really available\n",
-NULL
-};
-
-static void identity(void *ptr)
-	{
-	return;
-	}
-
-static int append_buf(char **buf, char *s, int *size, int step)
-	{
-	int l = strlen(s);
-
-	if (*buf == NULL)
-		{
-		*size = step;
-		*buf = OPENSSL_malloc(*size);
-		if (*buf == NULL)
-			return 0;
-		**buf = '\0';
-		}
-
-	if (**buf != '\0')
-		l += 2;		/* ", " */
-
-	if (strlen(*buf) + strlen(s) >= *size)
-		{
-		*size += step;
-		*buf = OPENSSL_realloc(*buf, *size);
-		}
-
-	if (*buf == NULL)
-		return 0;
-
-	if (**buf != '\0')
-		strcat(*buf, ", ");
-	strcat(*buf, s);
-
-	return 1;
-	}
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	int ret=1,i;
-	char **pp;
-	int verbose=0, list_cap=0, test_avail=0;
-	ENGINE *e;
-	STACK *engines = sk_new_null();
-	int badops=0;
-	BIO *bio_out=NULL;
-
-	apps_startup();
-	SSL_load_error_strings();
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	bio_out = BIO_push(tmpbio, bio_out);
-	}
-#endif
-
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if (strcmp(*argv,"-v") == 0)
-			verbose=1;
-		else if (strcmp(*argv,"-c") == 0)
-			list_cap=1;
-		else if (strcmp(*argv,"-t") == 0)
-			test_avail=1;
-		else if ((strncmp(*argv,"-h",2) == 0) ||
-			 (strcmp(*argv,"-?") == 0))
-			{
-			badops=1;
-			break;
-			}
-		else
-			{
-			sk_push(engines,*argv);
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-		for (pp=engine_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
-		goto end;
-		}
-
-	if (sk_num(engines) == 0)
-		{
-		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
-			{
-			sk_push(engines,(char *)ENGINE_get_id(e));
-			}
-		}
-
-	for (i=0; i<sk_num(engines); i++)
-		{
-		const char *id = sk_value(engines,i);
-		if ((e = ENGINE_by_id(id)) != NULL)
-			{
-			const char *name = ENGINE_get_name(e);
-			BIO_printf(bio_out, "%s (%s)", name, id);
-			if (list_cap || test_avail)
-				BIO_printf(bio_out, ":");
-			if (test_avail)
-				{
-				if (ENGINE_init(e))
-					{
-					BIO_printf(bio_out, " available");
-					ENGINE_finish(e);
-					}
-				else
-					{
-					BIO_printf(bio_out, " unavailable");
-					ERR_clear_error();
-					}
-				}
-			if (list_cap)
-				{
-				int cap_size = 256;
-				char *cap_buf = NULL;
-
-				if (ENGINE_get_RSA(e) != NULL
-					&& !append_buf(&cap_buf, "RSA",
-						&cap_size, 256))
-					goto end;
-				if (ENGINE_get_DSA(e) != NULL
-					&& !append_buf(&cap_buf, "DSA",
-						&cap_size, 256))
-					goto end;
-				if (ENGINE_get_DH(e) != NULL
-					&& !append_buf(&cap_buf, "DH",
-						&cap_size, 256))
-					goto end;
-				if (ENGINE_get_RAND(e) != NULL
-					&& !append_buf(&cap_buf, "RAND",
-						&cap_size, 256))
-					goto end;
-
-				if (*cap_buf != '\0')
-					BIO_printf(bio_out, " [%s]", cap_buf);
-
-				OPENSSL_free(cap_buf);
-				}
-			BIO_printf(bio_out, "\n");
-			}
-		else
-			ERR_print_errors(bio_err);
-		}
-
-	ret=0;
-end:
-	ERR_print_errors(bio_err);
-	sk_pop_free(engines, identity);
-	if (bio_out != NULL) BIO_free_all(bio_out);
-	EXIT(ret);
-	}
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -112,7 +112,6 @@ int main(int Argc, char *Argv[])
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

 	ERR_load_crypto_strings();
-	ENGINE_load_builtin_engines();

 	/* Lets load up our environment a little */
 	p=getenv("OPENSSL_CONF");
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -272,6 +272,7 @@ int MAIN(int argc, char **argv)
 			}
 		while (!done);
 		}
+	ret = 0;

 err:
 	ERR_print_errors(bio_err);
@@ -315,7 +316,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	strncat(out_buf, "$", 1);
 	strncat(out_buf, salt, 8);
 	assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
-	salt_out = out_buf + 6;
+	salt_out = out_buf + 2 + strlen(magic);
 	salt_len = strlen(salt_out);
 	assert(salt_len <= 8);
 	
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -35,7 +35,6 @@ extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
 extern int rand_main(int argc,char *argv[]);
-extern int engine_main(int argc,char *argv[]);

 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -110,7 +109,6 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
 	{FUNC_TYPE_GENERAL,"smime",smime_main},
 	{FUNC_TYPE_GENERAL,"rand",rand_main},
-	{FUNC_TYPE_GENERAL,"engine",engine_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
 	{FUNC_TYPE_MD,"md4",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
--- a/apps/req.c
+++ b/apps/req.c
@@ -102,7 +102,7 @@
 * -nodes	- no des encryption
 * -config file	- Load configuration file.
 * -key file	- make a request using key in file (or use it for verification).
- * -keyform arg	- key file format.
+ * -keyform	- key file format.
 * -rand file(s) - load the file(s) into the PRNG.
 * -newkey	- make a key and a request.
 * -modulus	- print RSA modulus.
@@ -145,7 +145,6 @@ int MAIN(int argc, char **argv)
 #ifndef NO_DSA
 	DSA *dsa_params=NULL;
 #endif
-	unsigned long nmflag = 0;
 	int ex=1,x509=0,days=30;
 	X509 *x509ss=NULL;
 	X509_REQ *req=NULL;
@@ -153,7 +152,7 @@ int MAIN(int argc, char **argv)
 	int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
-	int nodes=0,kludge=0,newhdr=0,subject=0;
+	int nodes=0,kludge=0,newhdr=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
 	char *engine=NULL;
 	char *extensions = NULL;
@@ -331,13 +330,6 @@ int MAIN(int argc, char **argv)
 			nodes=1;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
-		else if (strcmp(*argv,"-nameopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
-			}
-		else if (strcmp(*argv,"-subject") == 0)
-			subject=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-x509") == 0)
@@ -733,16 +725,15 @@ loop:

 	if (newreq || x509)
 		{
-#ifndef NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-			digest=EVP_dss1();
-#endif
-
 		if (pkey == NULL)
 			{
 			BIO_printf(bio_err,"you need to specify a private key\n");
 			goto end;
 			}
+#ifndef NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+			digest=EVP_dss1();
+#endif
 		if (req == NULL)
 			{
 			req=X509_REQ_new();
@@ -851,7 +842,7 @@ loop:
 			BIO_printf(bio_err,"verify OK\n");
 		}

-	if (noout && !text && !modulus && !subject)
+	if (noout && !text && !modulus)
 		{
 		ex=0;
 		goto end;
@@ -888,14 +879,6 @@ loop:
 			X509_REQ_print(out,req);
 		}

-	if(subject) 
-		{
-		if(x509)
-			print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
-		else
-			print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
-		}
-
 	if (modulus)
 		{
 		EVP_PKEY *pubkey;
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -265,7 +265,7 @@ bad:
 	else if (informat == FORMAT_NETSCAPE)
 		{
 		BUF_MEM *buf=NULL;
-		const unsigned char *p;
+		unsigned char *p;
 		int size=0;

 		buf=BUF_MEM_new();
@@ -346,14 +346,14 @@ bad:
 			BIO_printf(out,"RSA key ok\n");
 		else if (r == 0)
 			{
-			long err;
+			long e;

-			while ((err = ERR_peek_error()) != 0 &&
-				ERR_GET_LIB(err) == ERR_LIB_RSA &&
-				ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
-				ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
+			while ((e = ERR_peek_error()) != 0 &&
+				ERR_GET_LIB(e) == ERR_LIB_RSA &&
+				ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
+				ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
 				{
-				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
+				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
 				ERR_get_error(); /* remove e from error stack */
 				}
 			}
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -86,7 +86,6 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 	BIO *in = NULL, *out = NULL;
 	char *infile = NULL, *outfile = NULL;
-	char *engine = NULL;
 	char *keyfile = NULL;
 	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
 	int keyform = FORMAT_PEM;
@@ -98,6 +97,7 @@ int MAIN(int argc, char **argv)
 	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
 	int rsa_inlen, rsa_outlen = 0;
 	int keysize;
+	char *engine=NULL;

 	int ret = 1;

@@ -180,11 +180,11 @@ int MAIN(int argc, char **argv)
 	
 	switch(key_type) {
 		case KEY_PRIVKEY:
-		pkey = load_key(bio_err, keyfile, keyform, NULL, e);
+		pkey = load_key(bio_err, keyfile, keyform, NULL);
 		break;

 		case KEY_PUBKEY:
-		pkey = load_pubkey(bio_err, keyfile, keyform, e);
+		pkey = load_pubkey(bio_err, keyfile, keyform);
 		break;

 		case KEY_CERT:
@@ -304,6 +304,7 @@ static void usage()
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
 	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
+	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
 	BIO_printf(bio_err, "-raw            use no padding\n");
 	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -79,6 +79,7 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>
 #include <openssl/engine.h>
 #include "s_apps.h"

@@ -153,8 +154,8 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
 	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
+	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
-
 	}

 int MAIN(int, char **);
@@ -181,6 +182,7 @@ int MAIN(int argc, char **argv)
 	int prexit = 0;
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
+	char *inrand=NULL;
 	char *engine_id=NULL;
 	ENGINE *e=NULL;
 #ifdef WINDOWS
@@ -320,6 +322,11 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-nbio") == 0)
 			{ c_nbio=1; }
 #endif
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inrand= *(++argv);
+			}
 		else if	(strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -341,7 +348,14 @@ bad:
 		goto end;
 		}

-	app_RAND_load_file(NULL, bio_err, 0);
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));

 	if (bio_c_out == NULL)
 		{
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -83,6 +83,7 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
+#include <openssl/rand.h>
 #include <openssl/engine.h>
 #include "s_apps.h"

@@ -245,6 +246,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
 	}

@@ -415,7 +417,12 @@ int MAIN(int argc, char *argv[])
 	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
+	char *inrand=NULL;
+	char *engine_id=NULL;
 	ENGINE *e=NULL;
+#ifndef NO_DH
+	DH *dh=NULL;
+#endif

 #if !defined(NO_SSL2) && !defined(NO_SSL3)
 	meth=SSLv23_server_method();
@@ -567,6 +574,11 @@ int MAIN(int argc, char *argv[])
 		else if	(strcmp(*argv,"-tls1") == 0)
 			{ meth=TLSv1_server_method(); }
 #endif
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inrand= *(++argv);
+			}
 		else if (strcmp(*argv,"-engine") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -588,7 +600,14 @@ bad:
 		goto end;
 		}

-	app_RAND_load_file(NULL, bio_err, 0);
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));

 	if (bio_s_out == NULL)
 		{
@@ -679,13 +698,7 @@ bad:
 #ifndef NO_DH
 	if (!no_dhe)
 		{
-		DH *dh=NULL;
-
-		if (dhfile)
-			dh = load_dh_param(dhfile);
-		else if (s_cert_file)
-			dh = load_dh_param(s_cert_file);
-
+		dh=load_dh_param(dhfile ? dhfile : s_cert_file);
 		if (dh != NULL)
 			{
 			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
@@ -712,7 +725,8 @@ bad:

 #ifndef NO_RSA
 #if 1
-	SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
+	if (!no_tmp_rsa)
+		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
 #else
 	if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
 		{
@@ -1372,15 +1386,29 @@ static int www_body(char *hostname, int s, unsigned char *context)

 			/* skip the '/' */
 			p= &(buf[5]);
-			dot=0;
+
+			dot = 1;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ') break;
-				if (	(e[0] == '.') &&
-					(strncmp(&(e[-1]),"/../",4) == 0))
-					dot=1;
+				if (e[0] == ' ')
+					break;
+
+				switch (dot)
+					{
+				case 1:
+					dot = (e[0] == '.') ? 2 : 0;
+					break;
+				case 2:
+					dot = (e[0] == '.') ? 3 : 0;
+					break;
+				case 3:
+					dot = (e[0] == '/') ? -1 : 0;
+					break;
+					}
+				if (dot == 0)
+					dot = (e[0] == '/') ? 1 : 0;
 				}
-			
+			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */

 			if (*e == '\0')
 				{
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -399,7 +399,7 @@ int MAIN(int argc, char **argv)
 	} else keyfile = NULL;

 	if(keyfile) {
-		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) {
+		if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
 			ERR_print_errors(bio_err);
 			goto end;
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -88,7 +88,7 @@
 #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 # define TIMES
 #endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__)
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
 # define TIMEB
 #endif

@@ -739,7 +739,7 @@ int MAIN(int argc, char **argv)
 #ifndef NO_RSA
 	for (i=0; i<RSA_NUM; i++)
 		{
-		const unsigned char *p;
+		unsigned char *p;

 		p=rsa_data[i];
 		rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
@@ -865,6 +865,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif

+#ifndef NO_DSA
 	dsa_c[R_DSA_512][0]=count/1000;
 	dsa_c[R_DSA_512][1]=count/1000/2;
 	for (i=1; i<DSA_NUM; i++)
@@ -882,6 +883,7 @@ int MAIN(int argc, char **argv)
 				}
 			}				
 		}
+#endif

 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
@@ -1207,7 +1209,7 @@ int MAIN(int argc, char **argv)
 			{
 			BIO_printf(bio_err,"RSA verify failure.  No RSA verify will be done.\n");
 			ERR_print_errors(bio_err);
-			dsa_doit[j] = 0;
+			rsa_doit[j] = 0;
 			}
 		else
 			{
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -106,7 +106,6 @@ static char *x509_usage[]={
 " -fingerprint    - print the certificate fingerprint\n",
 " -alias          - output certificate alias\n",
 " -noout          - no certificate output\n",
-" -ocspid         - print OCSP hash values for the subject name and public key\n",
 " -trustout       - output a \"trusted\" certificate\n",
 " -clrtrust       - clear all trusted purposes\n",
 " -clrreject      - clear all rejected purposes\n",
@@ -132,7 +131,6 @@ static char *x509_usage[]={
 " -clrext         - delete extensions before signing and input certificate\n",
 " -nameopt arg    - various certificate name options\n",
 " -engine e       - use engine e, possibly a hardware device.\n",
-" -certopt arg    - various certificate text options\n",
 NULL
 };

@@ -164,7 +162,6 @@ int MAIN(int argc, char **argv)
 	char *CAkeyfile=NULL,*CAserial=NULL;
 	char *alias=NULL;
 	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
-	int ocspid=0;
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
@@ -180,7 +177,7 @@ int MAIN(int argc, char **argv)
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
-	unsigned long nmflag = 0, certflag = 0;
+	unsigned long nmflag = 0;
 	char *engine=NULL;

 	reqfile=0;
@@ -333,11 +330,6 @@ int MAIN(int argc, char **argv)
 			alias= *(++argv);
 			trustout = 1;
 			}
-		else if (strcmp(*argv,"-certopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_cert_ex(&certflag, *(++argv))) goto bad;
-			}
 		else if (strcmp(*argv,"-nameopt") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -414,8 +406,6 @@ int MAIN(int argc, char **argv)
 			clrext = 1;
 			}
 #endif
-		else if (strcmp(*argv,"-ocspid") == 0)
-			ocspid= ++num;
 		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
 			{
 			/* ok */
@@ -811,7 +801,7 @@ bad:
 				}
 			else if (text == i)
 				{
-				X509_print_ex(out,x,nmflag, certflag);
+				X509_print(out,x);
 				}
 			else if (startdate == i)
 				{
@@ -853,7 +843,7 @@ bad:
 				if (Upkey == NULL)
 					{
 					Upkey=load_key(bio_err,
-						keyfile,keyformat, passin, e);
+						keyfile,keyformat, passin);
 					if (Upkey == NULL) goto end;
 					}
 #ifndef NO_DSA
@@ -871,8 +861,7 @@ bad:
 				if (CAkeyfile != NULL)
 					{
 					CApkey=load_key(bio_err,
-						CAkeyfile,CAkeyformat, passin,
-						e);
+						CAkeyfile,CAkeyformat, passin);
 					if (CApkey == NULL) goto end;
 					}
 #ifndef NO_DSA
@@ -899,14 +888,16 @@ bad:
 				else
 					{
 					pk=load_key(bio_err,
-						keyfile,FORMAT_PEM, passin, e);
+						keyfile,FORMAT_PEM, passin);
 					if (pk == NULL) goto end;
 					}

 				BIO_printf(bio_err,"Generating certificate request\n");

+#ifndef NO_DSA
 		                if (pk->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
+#endif

 				rq=X509_to_X509_REQ(x,pk,digest);
 				EVP_PKEY_free(pk);
@@ -922,10 +913,6 @@ bad:
 					}
 				noout=1;
 				}
-			else if (ocspid == i)
-				{
-				X509_ocspid_print(out, x);
-				}
 			}
 		}

--- a/73
+++ b/73
@@ -49,10 +49,18 @@ if [ "x$XREL" != "x" ]; then
 		echo "whatever-whatever-sco5"; exit 0
 		;;
 	    4.2MP)
-		if [ "x$VERSION" = "x2.1.1" ]; then
+		if [ "x$VERSION" = "x2.01" ]; then
+		    echo "${MACHINE}-whatever-unixware201"; exit 0
+		elif [ "x$VERSION" = "x2.02" ]; then
+		    echo "${MACHINE}-whatever-unixware202"; exit 0
+		elif [ "x$VERSION" = "x2.03" ]; then
+		    echo "${MACHINE}-whatever-unixware203"; exit 0
+		elif [ "x$VERSION" = "x2.1.1" ]; then
 		    echo "${MACHINE}-whatever-unixware211"; exit 0
 		elif [ "x$VERSION" = "x2.1.2" ]; then
 		    echo "${MACHINE}-whatever-unixware212"; exit 0
+		elif [ "x$VERSION" = "x2.1.3" ]; then
+		    echo "${MACHINE}-whatever-unixware213"; exit 0
 		else
 		    echo "${MACHINE}-whatever-unixware2"; exit 0
 		fi
@@ -79,6 +87,14 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "m68k-apple-aux3"; exit 0
 	;;

+    AIX:[3456789]:4:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
+	;;
+
+    AIX:*:[56789]:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
+	;;
+
    AIX:*)
 	echo "${MACHINE}-ibm-aix"; exit 0
 	;;
@@ -393,10 +409,16 @@ case "$GUESSOS" in
 	;;
  mips4-sgi-irix64)
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
-	echo "         invoke './Configre irix64-mips4-$CC' *manually*."
-	echo "         Type Ctrl-C if you don't want to continue."
+	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+	echo "         Type return if you want to continue, Ctrl-C to abort."
 	read waste < /dev/tty
-	options="$options -mips4"
+        CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+        CPU=${CPU:-0}
+        if [ $CPU -ge 5000 ]; then
+                options="$options -mips4"
+        else
+                options="$options -mips3"
+        fi
 	OUT="irix-mips3-$CC"
 	;;
  alpha-*-linux2)
@@ -413,22 +435,7 @@ case "$GUESSOS" in
 	    esac
 	fi
 	;;
-  mips-*-linux?)
-          cat >dummy.c <<EOF
-#include <stdio.h>  /* for printf() prototype */
-        int main (argc, argv) int argc; char *argv[]; {
-#ifdef __MIPSEB__
-  printf ("linux-%s\n", argv[1]);
-#endif
-#ifdef __MIPSEL__
-  printf ("linux-%sel\n", argv[1]);
-#endif
-  return 0;
-}
-EOF
-	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
-	rm dummy dummy.c
-	;;
+  mips-*-linux?) OUT="linux-mips" ;;
  ppc-*-linux2) OUT="linux-ppc" ;;
  m68k-*-linux*) OUT="linux-m68k" ;;
  ia64-*-linux?) OUT="linux-ia64" ;;
@@ -438,11 +445,11 @@ EOF
 	#till 64-bit glibc for SPARC is operational:-(
 	#echo "WARNING! If you wish to build 64-bit library, then you have to"
 	#echo "         invoke './Configure linux64-sparcv9' *manually*."
-	#echo "         Type Ctrl-C if you don't want to continue."
+	#echo "         Type return if you want to continue, Ctrl-C to abort."
 	#read waste < /dev/tty
 	OUT="linux-sparcv9" ;;
  sparc-*-linux2)
-	KARCH=`awk '/type/{print$3}' /proc/cpuinfo`
+	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
 	case ${KARCH:-sun4} in
 	sun4u*)	OUT="linux-sparcv9" ;;
 	sun4m)	OUT="linux-sparcv8" ;;
@@ -450,6 +457,7 @@ EOF
 	*)	OUT="linux-sparcv7" ;;
 	esac ;;
  arm*-*-linux2) OUT="linux-elf-arm" ;;
+  s390-*-linux2) OUT="linux-s390" ;;
  *-*-linux2) OUT="linux-elf" ;;
  *-*-linux1) OUT="linux-aout" ;;
  sun4u*-*-solaris2)
@@ -457,7 +465,7 @@ EOF
 	if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
-		echo "         Type Ctrl-C if you don't want to continue."
+		echo "         Type return if you want to continue, Ctrl-C to abort."
 		read waste < /dev/tty
 	fi
 	OUT="solaris-sparcv9-$CC" ;;
@@ -481,9 +489,12 @@ EOF
  *-*-unixware7) OUT="unixware-7" ;;
  *-*-UnixWare7) OUT="unixware-7" ;;
  *-*-Unixware7) OUT="unixware-7" ;;
-  *-*-unixware[1-2]*) OUT="unixware-2.0" ;;
-  *-*-UnixWare[1-2]*) OUT="unixware-2.0" ;;
-  *-*-Unixware[1-2]*) OUT="unixware-2.0" ;;
+  *-*-unixware20*) OUT="unixware-2.0" ;;
+  *-*-unixware21*) OUT="unixware-2.1" ;;
+  *-*-UnixWare20*) OUT="unixware-2.0" ;;
+  *-*-UnixWare21*) OUT="unixware-2.1" ;;
+  *-*-Unixware20*) OUT="unixware-2.0" ;;
+  *-*-Unixware21*) OUT="unixware-2.1" ;;
  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
@@ -509,6 +520,16 @@ esac
 #  options="$options -DATALLA"
 #fi

+#get some basic shared lib support (behnke@trustcenter.de)
+case "$OUT" in
+   solaris-*-gcc)
+	if  [ "$SHARED" = "true" ] 
+	 then
+	  options="$options -DPIC -fPIC"
+        fi
+     ;;
+esac
+
 # gcc < 2.8 does not support -mcpu=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
 then
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -29,13 +29,13 @@ SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
 	bn rsa dsa dh dso engine \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp rijndael
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp

 GENERAL=Makefile README crypto-lib.com install.com

 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o
+LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o

 SRC= $(LIBSRC)

@@ -198,3 +198,6 @@ tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
 tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
 tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
+uid.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
+uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+uid.o: ../include/openssl/symhacks.h
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -171,9 +171,7 @@ a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_digest.o: ../../include/openssl/opensslconf.h
 a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 a_digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_digest.o: ../../include/openssl/rc5.h
-a_digest.o: ../../include/openssl/rijndael-alg-fst.h
-a_digest.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+a_digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 a_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -298,12 +296,11 @@ a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_sign.o: ../../include/openssl/rijndael-alg-fst.h
-a_sign.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-a_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_sign.o: ../cryptlib.h
 a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -317,12 +314,11 @@ a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 a_strex.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-a_strex.o: ../../include/openssl/rijndael-alg-fst.h
-a_strex.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-a_strex.o: ../../include/openssl/x509_vfy.h charmap.h
+a_strex.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_strex.o: charmap.h
 a_strnid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 a_strnid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
@@ -378,9 +374,7 @@ a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 a_verify.o: ../../include/openssl/opensslconf.h
 a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 a_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-a_verify.o: ../../include/openssl/rc5.h
-a_verify.o: ../../include/openssl/rijndael-alg-fst.h
-a_verify.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+a_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 a_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -459,8 +453,7 @@ d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-d2i_pr.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
@@ -477,8 +470,7 @@ d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-d2i_pu.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
@@ -589,8 +581,7 @@ i2d_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-i2d_pr.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
@@ -607,8 +598,7 @@ i2d_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-i2d_pu.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
@@ -668,8 +658,7 @@ n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 n_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-n_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-n_pkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+n_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -688,12 +677,10 @@ nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-nsseq.o: ../../include/openssl/rijndael-alg-fst.h
-nsseq.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-nsseq.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-nsseq.o: ../../include/openssl/x509_vfy.h
+nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 p5_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p5_pbe.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -709,12 +696,11 @@ p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p5_pbe.o: ../../include/openssl/rijndael-alg-fst.h
-p5_pbe.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-p5_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbe.o: ../cryptlib.h
 p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -730,12 +716,11 @@ p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p5_pbev2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 p5_pbev2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-p5_pbev2.o: ../../include/openssl/rijndael-alg-fst.h
-p5_pbev2.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p5_pbev2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbev2.o: ../cryptlib.h
 p7_dgst.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 p7_dgst.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 p7_dgst.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -750,8 +735,7 @@ p7_dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_dgst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_dgst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_dgst.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p7_dgst.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_dgst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_dgst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -770,8 +754,7 @@ p7_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_enc.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p7_enc.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -790,9 +773,7 @@ p7_enc_c.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_enc_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_enc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_enc_c.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_enc_c.o: ../../include/openssl/rc5.h
-p7_enc_c.o: ../../include/openssl/rijndael-alg-fst.h
-p7_enc_c.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_enc_c.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_enc_c.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_enc_c.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_enc_c.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -811,8 +792,7 @@ p7_evp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_evp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_evp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_evp.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p7_evp.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_evp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_evp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_evp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -831,8 +811,7 @@ p7_i_s.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_i_s.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_i_s.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_i_s.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_i_s.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p7_i_s.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_i_s.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_i_s.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_i_s.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_i_s.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -851,8 +830,7 @@ p7_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p7_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -871,9 +849,7 @@ p7_recip.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_recip.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_recip.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_recip.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_recip.o: ../../include/openssl/rc5.h
-p7_recip.o: ../../include/openssl/rijndael-alg-fst.h
-p7_recip.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_recip.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_recip.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_recip.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_recip.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -892,8 +868,7 @@ p7_s_e.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_s_e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_s_e.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_s_e.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_s_e.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p7_s_e.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_s_e.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_s_e.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_s_e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_s_e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -912,9 +887,7 @@ p7_signd.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_signd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_signd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_signd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_signd.o: ../../include/openssl/rc5.h
-p7_signd.o: ../../include/openssl/rijndael-alg-fst.h
-p7_signd.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_signd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_signd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_signd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_signd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -933,9 +906,7 @@ p7_signi.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p7_signi.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p7_signi.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p7_signi.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p7_signi.o: ../../include/openssl/rc5.h
-p7_signi.o: ../../include/openssl/rijndael-alg-fst.h
-p7_signi.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p7_signi.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p7_signi.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p7_signi.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p7_signi.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -954,8 +925,7 @@ p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 p8_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-p8_pkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 p8_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -975,13 +945,11 @@ t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_bitst.o: ../../include/openssl/rijndael-alg-fst.h
-t_bitst.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../cryptlib.h
+t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -997,13 +965,11 @@ t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_crl.o: ../../include/openssl/rijndael-alg-fst.h
-t_crl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../cryptlib.h
+t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
@@ -1028,13 +994,11 @@ t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_req.o: ../../include/openssl/rijndael-alg-fst.h
-t_req.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_req.o: ../cryptlib.h
+t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1049,8 +1013,7 @@ t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 t_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_spki.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-t_spki.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+t_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1070,13 +1033,11 @@ t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
 t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-t_x509.o: ../../include/openssl/rijndael-alg-fst.h
-t_x509.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../cryptlib.h
+t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
 t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
 t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -1091,8 +1052,7 @@ t_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-t_x509a.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1111,8 +1071,7 @@ x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_algor.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_algor.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_algor.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1131,9 +1090,7 @@ x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_attrib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_attrib.o: ../../include/openssl/rc5.h
-x_attrib.o: ../../include/openssl/rijndael-alg-fst.h
-x_attrib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_attrib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_attrib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1152,8 +1109,7 @@ x_cinf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_cinf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_cinf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_cinf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_cinf.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_cinf.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_cinf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_cinf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_cinf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_cinf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1172,8 +1128,7 @@ x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_crl.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1192,8 +1147,7 @@ x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_exten.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_exten.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_exten.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1212,8 +1166,7 @@ x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_info.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_info.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1232,8 +1185,7 @@ x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_name.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_name.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1252,8 +1204,7 @@ x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_pkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1272,9 +1223,7 @@ x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_pubkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_pubkey.o: ../../include/openssl/rc5.h
-x_pubkey.o: ../../include/openssl/rijndael-alg-fst.h
-x_pubkey.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_pubkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_pubkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_pubkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_pubkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1293,8 +1242,7 @@ x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_req.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_req.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1313,8 +1261,7 @@ x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_sig.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1333,8 +1280,7 @@ x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_spki.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1353,8 +1299,7 @@ x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_val.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_val.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1374,8 +1319,7 @@ x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_x509.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
@@ -1395,8 +1339,7 @@ x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
 x_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-x_x509a.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 x_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -491,24 +491,12 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,

 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
 {
-	if(flags == XN_FLAG_COMPAT)
-		return X509_NAME_print(out, nm, indent);
 	return do_name_ex(send_bio_chars, out, nm, indent, flags);
 }


 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
 {
-	if(flags == XN_FLAG_COMPAT)
-		{
-		BIO *btmp;
-		int ret;
-		btmp = BIO_new_fp(fp, BIO_NOCLOSE);
-		if(!btmp) return -1;
-		ret = X509_NAME_print(btmp, nm, indent);
-		BIO_free(btmp);
-		return ret;
-		}
 	return do_name_ex(send_fp_chars, fp, nm, indent, flags);
 }

--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -956,21 +956,6 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_D2I_NETSCAPE_SPKAC			 143
 #define ASN1_F_D2I_NETSCAPE_SPKI			 144
 #define ASN1_F_D2I_NOTICEREF				 268
-#define ASN1_F_D2I_OCSP_BASICRESP			 293
-#define ASN1_F_D2I_OCSP_CERTID				 294
-#define ASN1_F_D2I_OCSP_CERTSTATUS			 295
-#define ASN1_F_D2I_OCSP_CRLID				 296
-#define ASN1_F_D2I_OCSP_ONEREQ				 297
-#define ASN1_F_D2I_OCSP_REQINFO				 298
-#define ASN1_F_D2I_OCSP_REQUEST				 299
-#define ASN1_F_D2I_OCSP_RESPBYTES			 300
-#define ASN1_F_D2I_OCSP_RESPDATA			 301
-#define ASN1_F_D2I_OCSP_RESPID				 302
-#define ASN1_F_D2I_OCSP_RESPONSE			 303
-#define ASN1_F_D2I_OCSP_REVOKEDINFO			 304
-#define ASN1_F_D2I_OCSP_SERVICELOC			 305
-#define ASN1_F_D2I_OCSP_SIGNATURE			 306
-#define ASN1_F_D2I_OCSP_SINGLERESP			 307
 #define ASN1_F_D2I_OTHERNAME				 287
 #define ASN1_F_D2I_PBE2PARAM				 262
 #define ASN1_F_D2I_PBEPARAM				 249
@@ -1042,21 +1027,6 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_NETSCAPE_SPKAC_NEW			 190
 #define ASN1_F_NETSCAPE_SPKI_NEW			 191
 #define ASN1_F_NOTICEREF_NEW				 272
-#define ASN1_F_OCSP_BASICRESP_NEW			 308
-#define ASN1_F_OCSP_CERTID_NEW				 309
-#define ASN1_F_OCSP_CERTSTATUS_NEW			 310
-#define ASN1_F_OCSP_CRLID_NEW				 311
-#define ASN1_F_OCSP_ONEREQ_NEW				 312
-#define ASN1_F_OCSP_REQINFO_NEW				 313
-#define ASN1_F_OCSP_REQUEST_NEW				 314
-#define ASN1_F_OCSP_RESPBYTES_NEW			 315
-#define ASN1_F_OCSP_RESPDATA_NEW			 316
-#define ASN1_F_OCSP_RESPID_NEW				 317
-#define ASN1_F_OCSP_RESPONSE_NEW			 318
-#define ASN1_F_OCSP_REVOKEDINFO_NEW			 319
-#define ASN1_F_OCSP_SERVICELOC_NEW			 320
-#define ASN1_F_OCSP_SIGNATURE_NEW			 321
-#define ASN1_F_OCSP_SINGLERESP_NEW			 322
 #define ASN1_F_OTHERNAME_NEW				 288
 #define ASN1_F_PBE2PARAM_NEW				 264
 #define ASN1_F_PBEPARAM_NEW				 251
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -141,21 +141,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"d2i_NETSCAPE_SPKAC"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"d2i_NETSCAPE_SPKI"},
 {ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0),	"d2i_NOTICEREF"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_BASICRESP,0),	"d2i_OCSP_BASICRESP"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTID,0),	"d2i_OCSP_CERTID"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTSTATUS,0),	"d2i_OCSP_CERTSTATUS"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_CRLID,0),	"d2i_OCSP_CRLID"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_ONEREQ,0),	"d2i_OCSP_ONEREQ"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_REQINFO,0),	"d2i_OCSP_REQINFO"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_REQUEST,0),	"d2i_OCSP_REQUEST"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPBYTES,0),	"d2i_OCSP_RESPBYTES"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPDATA,0),	"d2i_OCSP_RESPDATA"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPID,0),	"d2i_OCSP_RESPID"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPONSE,0),	"d2i_OCSP_RESPONSE"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_REVOKEDINFO,0),	"d2i_OCSP_REVOKEDINFO"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_SERVICELOC,0),	"d2i_OCSP_SERVICELOC"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_SIGNATURE,0),	"d2i_OCSP_SIGNATURE"},
-{ERR_PACK(0,ASN1_F_D2I_OCSP_SINGLERESP,0),	"d2i_OCSP_SINGLERESP"},
 {ERR_PACK(0,ASN1_F_D2I_OTHERNAME,0),	"d2i_OTHERNAME"},
 {ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),	"d2i_PBE2PARAM"},
 {ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),	"d2i_PBEPARAM"},
@@ -227,21 +212,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_new"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_new"},
 {ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0),	"NOTICEREF_new"},
-{ERR_PACK(0,ASN1_F_OCSP_BASICRESP_NEW,0),	"OCSP_BASICRESP_new"},
-{ERR_PACK(0,ASN1_F_OCSP_CERTID_NEW,0),	"OCSP_CERTID_new"},
-{ERR_PACK(0,ASN1_F_OCSP_CERTSTATUS_NEW,0),	"OCSP_CERTSTATUS_new"},
-{ERR_PACK(0,ASN1_F_OCSP_CRLID_NEW,0),	"OCSP_CRLID_new"},
-{ERR_PACK(0,ASN1_F_OCSP_ONEREQ_NEW,0),	"OCSP_ONEREQ_new"},
-{ERR_PACK(0,ASN1_F_OCSP_REQINFO_NEW,0),	"OCSP_REQINFO_new"},
-{ERR_PACK(0,ASN1_F_OCSP_REQUEST_NEW,0),	"OCSP_REQUEST_new"},
-{ERR_PACK(0,ASN1_F_OCSP_RESPBYTES_NEW,0),	"OCSP_RESPBYTES_new"},
-{ERR_PACK(0,ASN1_F_OCSP_RESPDATA_NEW,0),	"OCSP_RESPDATA_new"},
-{ERR_PACK(0,ASN1_F_OCSP_RESPID_NEW,0),	"OCSP_RESPID_new"},
-{ERR_PACK(0,ASN1_F_OCSP_RESPONSE_NEW,0),	"OCSP_RESPONSE_new"},
-{ERR_PACK(0,ASN1_F_OCSP_REVOKEDINFO_NEW,0),	"OCSP_REVOKEDINFO_new"},
-{ERR_PACK(0,ASN1_F_OCSP_SERVICELOC_NEW,0),	"OCSP_SERVICELOC_new"},
-{ERR_PACK(0,ASN1_F_OCSP_SIGNATURE_NEW,0),	"OCSP_SIGNATURE_new"},
-{ERR_PACK(0,ASN1_F_OCSP_SINGLERESP_NEW,0),	"OCSP_SINGLERESP_new"},
 {ERR_PACK(0,ASN1_F_OTHERNAME_NEW,0),	"OTHERNAME_new"},
 {ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),	"PBE2PARAM_new"},
 {ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),	"PBEPARAM_new"},
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -301,7 +301,7 @@ int asn1_GetSequence(ASN1_CTX *c, long *length)
 		return(0);
 		}
 	if (c->inf == (1|V_ASN1_CONSTRUCTED))
-		c->slen= *length+ *(c->pp)-c->p;
+		c->slen= *length;
 	c->eos=0;
 	return(1);
 	}
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -76,8 +76,8 @@ extern "C" {
 	ASN1_CTX c; \
 	type ret=NULL; \
 	\
-	c.pp=(unsigned char **)pp; \
-	c.q= *(unsigned char **)pp; \
+	c.pp=pp; \
+	c.q= *pp; \
 	c.error=ERR_R_NESTED_ASN1_ERROR; \
 	if ((a == NULL) || ((*a) == NULL)) \
 		{ if ((ret=(type)func()) == NULL) \
@@ -85,13 +85,13 @@ extern "C" {
 	else	ret=(*a);

 #define M_ASN1_D2I_Init() \
-	c.p= *(unsigned char **)pp; \
+	c.p= *pp; \
 	c.max=(length == 0)?0:(c.p+length);

 #define M_ASN1_D2I_Finish_2(a) \
 	if (!asn1_Finish(&c)) \
 		{ c.line=__LINE__; goto err; } \
-	*(unsigned char **)pp=c.p; \
+	*pp=c.p; \
 	if (a != NULL) (*a)=ret; \
 	return(ret);

@@ -99,7 +99,7 @@ extern "C" {
 	M_ASN1_D2I_Finish_2(a); \
 err:\
 	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
+	asn1_add_error(*pp,(int)(c.q- *pp)); \
 	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
 	return(NULL)

@@ -196,6 +196,9 @@ err:\
 	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);

+#define M_ASN1_I2D_put_SEQUENCE_opt_ex_type(type,a,f) \
+	if (a) M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
 	if ((c.slen != 0) && \
 		(M_ASN1_next == \
@@ -389,6 +392,9 @@ err:\
 		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
 			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);

+#define M_ASN1_I2D_len_SEQUENCE_opt_ex_type(type,a,f) \
+		if (a) M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_I2D_len_IMP_SET(a,f,x) \
 		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);

@@ -452,6 +458,15 @@ err:\
 			ret+=ASN1_object_size(1,v,mtag); \
 			}

+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+		if (a)\
+			{ \
+			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+						 V_ASN1_UNIVERSAL, \
+						 IS_SEQUENCE); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
 /* Put Macros */
 #define M_ASN1_I2D_put(a,f)	f(a,&p)

@@ -536,6 +551,14 @@ err:\
 					       IS_SEQUENCE); \
 			}

+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(type,a,f,mtag,tag,v) \
+		if (a) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+					       IS_SEQUENCE); \
+			}
+
 #define M_ASN1_I2D_seq_total() \
 		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
 		if (pp == NULL) return(r); \
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -84,8 +84,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
 		{
 #ifndef NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL)
 			{
 			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
 			goto err;
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -84,8 +84,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
 		{
 #ifndef NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,pp,length)) == NULL)
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
--- a/crypto/asn1/d2i_r_pr.c
+++ b/crypto/asn1/d2i_r_pr.c
@@ -75,7 +75,7 @@ ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
 	return(&method);
 	}

-RSA *d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length)
+RSA *d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length)
 	{
 	int i=ASN1_R_PARSING;
 	ASN1_INTEGER *bs=NULL;
--- a/crypto/asn1/d2i_r_pu.c
+++ b/crypto/asn1/d2i_r_pu.c
@@ -68,7 +68,7 @@
 #define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
 #endif

-RSA *d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length)
+RSA *d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length)
 	{
 	int i=ASN1_R_PARSING;
 	ASN1_INTEGER *bs=NULL;
--- a/crypto/asn1/i2d_r_pr.c
+++ b/crypto/asn1/i2d_r_pr.c
@@ -64,7 +64,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>

-int i2d_RSAPrivateKey(const RSA *a, unsigned char **pp)
+int i2d_RSAPrivateKey(RSA *a, unsigned char **pp)
 	{
 	BIGNUM *num[9];
 	unsigned char data[1];
--- a/crypto/asn1/i2d_r_pu.c
+++ b/crypto/asn1/i2d_r_pu.c
@@ -64,7 +64,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>

-int i2d_RSAPublicKey(const RSA *a, unsigned char **pp)
+int i2d_RSAPublicKey(RSA *a, unsigned char **pp)
 	{
 	BIGNUM *num[2];
 	ASN1_INTEGER bs;
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -80,12 +80,12 @@ static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, lo
 static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
 static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);

-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
+int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
 {
 	return i2d_RSA_NET(a, pp, cb, 0);
 }

-int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
+int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	{
 	int i,j,l[6];
 	NETSCAPE_PKEY *pkey;
@@ -205,18 +205,18 @@ err:
 	}


-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
+RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
 {
 	return d2i_RSA_NET(a, pp, length, cb, 0);
 }

-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
+RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey)
 	{
 	RSA *ret=NULL;
 	ASN1_OCTET_STRING *os=NULL;
 	ASN1_CTX c;

-	c.pp=(unsigned char **)pp; /* TMP UGLY CAST */
+	c.pp=pp;
 	c.error=ASN1_R_DECODING_ERROR;

 	M_ASN1_D2I_Init();
@@ -231,8 +231,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), in
 		}
 	M_ASN1_BIT_STRING_free(os);
 	c.q=c.p;
-	if ((ret=d2i_RSA_NET_2(a,(const unsigned char **)&c.p, /* TMP UGLY CAST */
-			       c.slen,cb, sgckey)) == NULL) goto err;
+	if ((ret=d2i_RSA_NET_2(a,&c.p,c.slen,cb, sgckey)) == NULL) goto err;
 	/* Note: some versions of IIS key files use length values that are
 	 * too small for the surrounding SEQUENCEs. This following line
 	 * effectively disable length checking.
@@ -242,13 +241,13 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), in
 	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
 	}

-RSA *d2i_Netscape_RSA_2(RSA **a, const unsigned char **pp, long length,
+RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
 	     int (*cb)())
 {
 	return d2i_RSA_NET_2(a, pp, length, cb, 0);
 }

-RSA *d2i_RSA_NET_2(RSA **a, const unsigned char **pp, long length,
+RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
 	     int (*cb)(), int sgckey)
 	{
 	NETSCAPE_PKEY *pkey=NULL;
@@ -262,7 +261,7 @@ RSA *d2i_RSA_NET_2(RSA **a, const unsigned char **pp, long length,
 	ASN1_CTX c;

 	c.error=ERR_R_NESTED_ASN1_ERROR;
-	c.pp=(unsigned char **)pp;
+	c.pp=pp;

 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
@@ -311,8 +310,7 @@ RSA *d2i_RSA_NET_2(RSA **a, const unsigned char **pp, long length,
 		}
 		
 	zz=pkey->private_key->data;
-	if ((ret=d2i_RSAPrivateKey(a,(const unsigned char **)&zz, /* TMP UGLY CAST */
-		pkey->private_key->length)) == NULL)
+	if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
 		{
 		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
 		goto err;
--- a/crypto/asn1/p7_lib.c
+++ b/crypto/asn1/p7_lib.c
@@ -307,12 +307,14 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
 			}
 		if (Tinf == (1|V_ASN1_CONSTRUCTED))
 			{
+			c.q=c.p;
 			if (!ASN1_check_infinite_end(&c.p,c.slen))
 				{
 				c.error=ERR_R_MISSING_ASN1_EOS;
 				c.line=__LINE__;
 				goto err;
 				}
+			c.slen-=(c.p-c.q);
 			}
 		}
 	else
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -74,7 +74,7 @@ static int print(BIO *fp,const char *str,BIGNUM *num,
 		unsigned char *buf,int off);
 #ifndef NO_RSA
 #ifndef NO_FP_API
-int RSA_print_fp(FILE *fp, const RSA *x, int off)
+int RSA_print_fp(FILE *fp, RSA *x, int off)
        {
        BIO *b;
        int ret;
@@ -91,7 +91,7 @@ int RSA_print_fp(FILE *fp, const RSA *x, int off)
        }
 #endif

-int RSA_print(BIO *bp, const RSA *x, int off)
+int RSA_print(BIO *bp, RSA *x, int off)
 	{
 	char str[128];
 	const char *s;
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -72,11 +72,6 @@

 #ifndef NO_FP_API
 int X509_print_fp(FILE *fp, X509 *x)
-	{
-	return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-	}
-
-int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
        {
        BIO *b;
        int ret;
@@ -87,23 +82,17 @@ int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cfla
                return(0);
 		}
        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_print_ex(b, x, nmflag, cflag);
+        ret=X509_print(b, x);
        BIO_free(b);
        return(ret);
        }
 #endif

 int X509_print(BIO *bp, X509 *x)
-{
-	return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-}
-
-int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	{
 	long l;
 	int ret=0,i,j,n;
-	char *m=NULL,*s, mlch = ' ';
-	int nmindent = 0;
+	char *m=NULL,*s;
 	X509_CINF *ci;
 	ASN1_INTEGER *bs;
 	EVP_PKEY *pkey=NULL;
@@ -111,127 +100,89 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	X509_EXTENSION *ex;
 	ASN1_STRING *str=NULL;

-	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-			mlch = '\n';
-			nmindent = 16;
-	}
-
-	if(nmflags == X509_FLAG_COMPAT)
-		nmindent = 16;
-
 	ci=x->cert_info;
-	if(!(cflag & X509_FLAG_NO_HEADER))
-		{
-		if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
-		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_VERSION))
-		{
-		l=X509_get_version(x);
-		if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_SERIAL))
-		{
+	if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+	if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
+	l=X509_get_version(x);
+	if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+	if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;

-		if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
-
-		bs=X509_get_serialNumber(x);
-		if (bs->length <= 4)
+	bs=X509_get_serialNumber(x);
+	if (bs->length <= 4)
+		{
+		l=ASN1_INTEGER_get(bs);
+		if (l < 0)
 			{
-			l=ASN1_INTEGER_get(bs);
-			if (l < 0)
-				{
-				l= -l;
-				neg="-";
-				}
-			else
-				neg="";
-			if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
+			l= -l;
+			neg="-";
+			}
+		else
+			neg="";
+		if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
+			goto err;
+		}
+	else
+		{
+		neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+		if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
+
+		for (i=0; i<bs->length; i++)
+			{
+			if (BIO_printf(bp,"%02x%c",bs->data[i],
+				((i+1 == bs->length)?'\n':':')) <= 0)
 				goto err;
 			}
-		else
-			{
-			neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
-			if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
-
-			for (i=0; i<bs->length; i++)
-				{
-				if (BIO_printf(bp,"%02x%c",bs->data[i],
-					((i+1 == bs->length)?'\n':':')) <= 0)
-					goto err;
-				}
-			}
-
 		}

-	if(!(cflag & X509_FLAG_NO_SIGNAME))
-		{
-		i=OBJ_obj2nid(ci->signature->algorithm);
-		if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
-			(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
-			goto err;
-		}
+	i=OBJ_obj2nid(ci->signature->algorithm);
+	if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
+		goto err;

-	if(!(cflag & X509_FLAG_NO_ISSUER))
-		{
-		if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
-		if (!X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags)) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_VALIDITY))
-		{
-		if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
-		if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-		if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
-		if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-		if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
-		if (BIO_write(bp,"\n",1) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_SUBJECT))
-		{
-		if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
-		if (!X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags)) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_PUBKEY))
-		{
-		if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
-			goto err;
-		i=OBJ_obj2nid(ci->key->algor->algorithm);
-		if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
-			(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+	if (BIO_write(bp,"        Issuer: ",16) <= 0) goto err;
+	if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
+	if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
+	if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
+	if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
+	if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
+	if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
+	if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
+	if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
+	if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
+		goto err;
+	i=OBJ_obj2nid(ci->key->algor->algorithm);
+	if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;

-		pkey=X509_get_pubkey(x);
-		if (pkey == NULL)
-			{
-			BIO_printf(bp,"%12sUnable to load Public Key\n","");
-			ERR_print_errors(bp);
-			}
-		else
+	pkey=X509_get_pubkey(x);
+	if (pkey == NULL)
+		{
+		BIO_printf(bp,"%12sUnable to load Public Key\n","");
+		ERR_print_errors(bp);
+		}
+	else
 #ifndef NO_RSA
-		if (pkey->type == EVP_PKEY_RSA)
-			{
-			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-			BN_num_bits(pkey->pkey.rsa->n));
-			RSA_print(bp,pkey->pkey.rsa,16);
-			}
-		else
+	if (pkey->type == EVP_PKEY_RSA)
+		{
+		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+		BN_num_bits(pkey->pkey.rsa->n));
+		RSA_print(bp,pkey->pkey.rsa,16);
+		}
+	else
 #endif
 #ifndef NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-			{
-			BIO_printf(bp,"%12sDSA Public Key:\n","");
-			DSA_print(bp,pkey->pkey.dsa,16);
-			}
-		else
-#endif
-			BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-		EVP_PKEY_free(pkey);
+	if (pkey->type == EVP_PKEY_DSA)
+		{
+		BIO_printf(bp,"%12sDSA Public Key:\n","");
+		DSA_print(bp,pkey->pkey.dsa,16);
 		}
-
-	if (cflag & X509_FLAG_NO_EXTENSIONS)
-		n = 0;
 	else
-		n=X509_get_ext_count(x);
+#endif
+		BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+	EVP_PKEY_free(pkey);
+
+	n=X509_get_ext_count(x);
 	if (n > 0)
 		{
 		BIO_printf(bp,"%8sX509v3 extensions:\n","");
@@ -245,7 +196,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 			j=X509_EXTENSION_get_critical(ex);
 			if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
 				goto err;
-			if(!X509V3_EXT_print(bp, ex, cflag, 16))
+			if(!X509V3_EXT_print(bp, ex, 0, 16))
 				{
 				BIO_printf(bp, "%16s", "");
 				M_ASN1_OCTET_STRING_print(bp,ex->value);
@@ -254,27 +205,21 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 			}
 		}

-	if(!(cflag & X509_FLAG_NO_SIGDUMP))
-		{
-		i=OBJ_obj2nid(x->sig_alg->algorithm);
-		if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
-			(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
+		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;

-		n=x->signature->length;
-		s=(char *)x->signature->data;
-		for (i=0; i<n; i++)
-			{
-			if ((i%18) == 0)
-				if (BIO_write(bp,"\n        ",9) <= 0) goto err;
-			if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
-				((i+1) == n)?"":":") <= 0) goto err;
-			}
-		if (BIO_write(bp,"\n",1) != 1) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_AUX))
+	n=x->signature->length;
+	s=(char *)x->signature->data;
+	for (i=0; i<n; i++)
 		{
-		if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
+		if ((i%18) == 0)
+			if (BIO_write(bp,"\n        ",9) <= 0) goto err;
+		if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
+			((i+1) == n)?"":":") <= 0) goto err;
 		}
+	if (BIO_write(bp,"\n",1) != 1) goto err;
+	if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
 	ret=1;
 err:
 	if (str != NULL) ASN1_STRING_free(str);
@@ -282,56 +227,6 @@ err:
 	return(ret);
 	}

-int X509_ocspid_print (BIO *bp, X509 *x)
-	{
-	unsigned char *der=NULL ;
-	unsigned char *dertmp;
-	int derlen;
-	int i;
-	SHA_CTX SHA1buf ;
-	unsigned char SHA1md[SHA_DIGEST_LENGTH];
-
-	/* display the hash of the subject as it would appear
-	   in OCSP requests */
-	if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
-		goto err;
-	derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
-	if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
-		goto err;
-	i2d_X509_NAME(x->cert_info->subject, &dertmp);
-
-	SHA1_Init(&SHA1buf);
-	SHA1_Update(&SHA1buf, der, derlen);
-	SHA1_Final(SHA1md,&SHA1buf);
-	for (i=0; i < SHA_DIGEST_LENGTH; i++)
-		{
-		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
-		}
-	OPENSSL_free (der);
-	der=NULL;
-
-	/* display the hash of the public key as it would appear
-	   in OCSP requests */
-	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
-		goto err;
-
-	SHA1_Init(&SHA1buf);
-	SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data,
-		x->cert_info->key->public_key->length);
-	SHA1_Final(SHA1md,&SHA1buf);
-	for (i=0; i < SHA_DIGEST_LENGTH; i++)
-		{
-		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
-			goto err;
-		}
-	BIO_printf(bp,"\n");
-
-	return (1);
-err:
-	if (der != NULL) OPENSSL_free(der);
-	return(0);
-	}
-
 int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
 	{
 	int i,n;
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -71,14 +71,14 @@ int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)

 	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_len_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					 i2d_X509_EXTENSION);

 	M_ASN1_I2D_seq_total();

 	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
-	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_put_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					 i2d_X509_EXTENSION);

 	M_ASN1_I2D_finish();
@@ -121,7 +121,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
 	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
 					 i2d_X509_REVOKED);
-	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					     i2d_X509_EXTENSION,0,
 					     V_ASN1_SEQUENCE,v1);

@@ -138,7 +138,7 @@ int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_TIME); }
 	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
 					 i2d_X509_REVOKED);
-	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_ex_type(X509_EXTENSION,a->extensions,
 					     i2d_X509_EXTENSION,0,
 					     V_ASN1_SEQUENCE,v1);

@@ -260,7 +260,7 @@ X509_CRL_INFO *X509_CRL_INFO_new(void)
 	M_ASN1_New(ret->lastUpdate,M_ASN1_UTCTIME_new);
 	ret->nextUpdate=NULL;
 	M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
-	M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null);
+	ret->extensions = NULL;
 	sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -141,10 +141,12 @@ static int i2d_X509_NAME_entries(X509_NAME *a)
 			}
 		size+=i2d_X509_NAME_ENTRY(ne,NULL);
 		}
-
-	ret+=ASN1_object_size(1,size,V_ASN1_SET);
 	if (fe != NULL)
+		{
+		/* SET OF needed only if entries is non empty */
+		ret+=ASN1_object_size(1,size,V_ASN1_SET);
 		fe->size=size;
+		}

 	r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);

--- a/crypto/bio/Makefile.ssl
+++ b/crypto/bio/Makefile.ssl
@@ -96,13 +96,13 @@ b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 b_dump.o: ../cryptlib.h
-b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
-b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-b_print.o: ../cryptlib.h
+b_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+b_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h
 b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
 b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -123,8 +123,7 @@ bf_buff.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 bf_buff.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 bf_buff.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 bf_buff.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-bf_buff.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-bf_buff.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+bf_buff.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 bf_buff.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 bf_buff.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 bf_buff.o: ../../include/openssl/symhacks.h ../cryptlib.h
@@ -142,11 +141,10 @@ bf_nbio.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 bf_nbio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
 bf_nbio.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-bf_nbio.o: ../../include/openssl/rijndael-alg-fst.h
-bf_nbio.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
-bf_nbio.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-bf_nbio.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-bf_nbio.o: ../../include/openssl/symhacks.h ../cryptlib.h
+bf_nbio.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bf_nbio.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_nbio.o: ../cryptlib.h
 bf_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 bf_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -160,8 +158,7 @@ bf_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 bf_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 bf_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 bf_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-bf_null.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-bf_null.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+bf_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 bf_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 bf_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 bf_null.o: ../../include/openssl/symhacks.h ../cryptlib.h
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -69,6 +69,7 @@
 #ifndef NO_SYS_TYPES_H
 #include <sys/types.h>
 #endif
+#include <openssl/bn.h>         /* To get BN_LLONG properly defined */
 #include <openssl/bio.h>

 #ifdef BN_LLONG
@@ -151,7 +152,7 @@ static void _dopr(char **sbuffer, char **buffer,

 /* some handy macros */
 #define char_to_int(p) (p - '0')
-#define OSSL_MAX(p,q) ((p >= q) ? p : q)
+#define MAX(p,q) ((p >= q) ? p : q)

 static void
 _dopr(
@@ -502,13 +503,13 @@ fmtint(
    convert[place] = 0;

    zpadlen = max - place;
-    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
+    spadlen = min - MAX(max, place) - (signvalue ? 1 : 0);
    if (zpadlen < 0)
        zpadlen = 0;
    if (spadlen < 0)
        spadlen = 0;
    if (flags & DP_F_ZERO) {
-        zpadlen = OSSL_MAX(zpadlen, spadlen);
+        zpadlen = MAX(zpadlen, spadlen);
        spadlen = 0;
    }
    if (flags & DP_F_MINUS)
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -519,10 +519,10 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 	{
 	int ret=0;
 	struct sockaddr_in server,client;
-	int s= -1,cs;
+	int s=INVALID_SOCKET,cs;
 	unsigned char ip[4];
 	unsigned short port;
-	char *str,*e;
+	char *str=NULL,*e;
 	const char *h,*p;
 	unsigned long l;
 	int err_num;
@@ -553,7 +553,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 		h="*";
 		}

-	if (!BIO_get_port(p,&port)) return(INVALID_SOCKET);
+	if (!BIO_get_port(p,&port)) goto err;

 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
@@ -563,7 +563,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 		server.sin_addr.s_addr=INADDR_ANY;
 	else
 		{
-		if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
+                if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
 		l=(unsigned long)
 			((unsigned long)ip[0]<<24L)|
 			((unsigned long)ip[1]<<16L)|
@@ -661,7 +661,6 @@ int BIO_accept(int sock, char **addr)
 	ret=accept(sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
-		if(BIO_sock_should_retry(ret)) return -2;
 		SYSerr(SYS_F_ACCEPT,get_last_socket_error());
 		BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
 		goto end;
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -179,7 +179,7 @@ extern "C" {
 #define BIO_retry_type(a)		((a)->flags & BIO_FLAGS_RWS)
 #define BIO_should_retry(a)		((a)->flags & BIO_FLAGS_SHOULD_RETRY)

-/* The next three are used in conjunction with the
+/* The next two are used in conjunction with the
 * BIO_should_io_special() condition.  After this returns true,
 * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
 * stack and return the 'reason' for the special and the offending BIO.
@@ -188,8 +188,6 @@ extern "C" {
 #define BIO_RR_SSL_X509_LOOKUP		0x01
 /* Returned from the connect BIO when a connect would have blocked */
 #define BIO_RR_CONNECT			0x02
-/* Returned from the accept BIO when an accept would have blocked */
-#define BIO_RR_ACCEPT			0x03

 /* These are passed by the BIO callback */
 #define BIO_CB_FREE	0x01
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -236,20 +236,8 @@ again:
 			c->state=ACPT_S_OK;
 			goto again;
 			}
-		BIO_clear_retry_flags(b);
-		b->retry_reason=0;
 		i=BIO_accept(c->accept_sock,&(c->addr));
-
-		/* -2 return means we should retry */
-		if(i == -2)
-			{
-			BIO_set_retry_special(b);
-			b->retry_reason=BIO_RR_ACCEPT;
-			return -1;
-			}
-
 		if (i < 0) return(i);
-
 		bio=BIO_new_socket(i,BIO_CLOSE);
 		if (bio == NULL) goto err;

--- a/crypto/bn/asm/mips3.s
+++ b/crypto/bn/asm/mips3.s
@@ -586,13 +586,13 @@ LEAF(bn_div_3_words)
 	ld	a0,(a3)
 	move	ta2,a1
 	ld	a1,-8(a3)
-	move	ta3,ra
-	move	v1,zero
+	bne	a0,a2,.L_bn_div_3_words_proceed
 	li	v0,-1
-	beq	a0,a2,.L_bn_div_3_words_skip_div
+	jr	ra
+.L_bn_div_3_words_proceed:
+	move	ta3,ra
 	bal	bn_div_words
 	move	ra,ta3
-.L_bn_div_3_words_skip_div:
 	dmultu	ta2,v0
 	ld	t2,-16(a3)
 	move	ta0,zero
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -239,7 +239,7 @@ typedef struct bignum_st
 	} BIGNUM;

 /* Used for temp variables */
-#define BN_CTX_NUM	12
+#define BN_CTX_NUM	16
 #define BN_CTX_NUM_POS	12
 typedef struct bignum_ctx
 	{
@@ -328,6 +328,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx);
 void	BN_CTX_end(BN_CTX *ctx);
 int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
 int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int	BN_rand_range(BIGNUM *rnd, BIGNUM *range);
 int	BN_num_bits(const BIGNUM *a);
 int	BN_num_bits_word(BN_ULONG);
 BIGNUM *BN_new(void);
@@ -345,35 +346,33 @@ int	BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int	BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
 int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 	       BN_CTX *ctx);
-int	BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int	BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
+int	BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+int	BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
 BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
 BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
 int	BN_mul_word(BIGNUM *a, BN_ULONG w);
 int	BN_add_word(BIGNUM *a, BN_ULONG w);
 int	BN_sub_word(BIGNUM *a, BN_ULONG w);
 int	BN_set_word(BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_get_word(const BIGNUM *a);
+BN_ULONG BN_get_word(BIGNUM *a);
 int	BN_cmp(const BIGNUM *a, const BIGNUM *b);
 void	BN_free(BIGNUM *a);
 int	BN_is_bit_set(const BIGNUM *a, int n);
 int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
-int	BN_lshift1(BIGNUM *r, const BIGNUM *a);
-int	BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
-int	BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m,BN_CTX *ctx);
-int	BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int	BN_lshift1(BIGNUM *r, BIGNUM *a);
+int	BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx);
+int	BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+		   const BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 int	BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int	BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
-	const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
-	BN_CTX *ctx,BN_MONT_CTX *m_ctx);
-int	BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m,BN_CTX *ctx);
+			const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int	BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
+		BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx);
+int	BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
+	BIGNUM *m,BN_CTX *ctx);
 int	BN_mask_bits(BIGNUM *a,int n);
-int	BN_mod_mul(BIGNUM *ret, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
 #ifndef NO_FP_API
 int	BN_print_fp(FILE *fp, const BIGNUM *a);
 #endif
@@ -382,9 +381,9 @@ int	BN_print(BIO *fp, const BIGNUM *a);
 #else
 int	BN_print(void *fp, const BIGNUM *a);
 #endif
-int	BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
-int	BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
-int	BN_rshift1(BIGNUM *r, const BIGNUM *a);
+int	BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx);
+int	BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+int	BN_rshift1(BIGNUM *r, BIGNUM *a);
 void	BN_clear(BIGNUM *a);
 BIGNUM *BN_dup(const BIGNUM *a);
 int	BN_ucmp(const BIGNUM *a, const BIGNUM *b);
@@ -395,11 +394,9 @@ char *	BN_bn2dec(const BIGNUM *a);
 int 	BN_hex2bn(BIGNUM **a, const char *str);
 int 	BN_dec2bn(BIGNUM **a, const char *str);
 int	BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
-BIGNUM *BN_mod_inverse(BIGNUM *ret,
-	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
-	const BIGNUM *add, const BIGNUM *rem,
-	void (*callback)(int,int,void *),void *cb_arg);
+BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,BIGNUM *add,
+		BIGNUM *rem,void (*callback)(int,int,void *),void *cb_arg);
 int	BN_is_prime(const BIGNUM *p,int nchecks,
 		void (*callback)(int,int,void *),
 		BN_CTX *ctx,void *cb_arg);
@@ -410,8 +407,8 @@ void	ERR_load_BN_strings(void );

 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
-	BN_MONT_CTX *mont, BN_CTX *ctx);
+int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
+			  BN_CTX *ctx);
 int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
 void BN_MONT_CTX_free(BN_MONT_CTX *mont);
 int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
@@ -430,11 +427,11 @@ void	BN_RECP_CTX_init(BN_RECP_CTX *recp);
 BN_RECP_CTX *BN_RECP_CTX_new(void);
 void	BN_RECP_CTX_free(BN_RECP_CTX *recp);
 int	BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
-int	BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+int	BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y,
 		BN_RECP_CTX *recp,BN_CTX *ctx);
 int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *m, BN_CTX *ctx);
-int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
 		BN_RECP_CTX *recp, BN_CTX *ctx);

 /* library internal functions */
@@ -443,7 +440,6 @@ int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
 	(a):bn_expand2((a),(bits)/BN_BITS2+1))
 #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
 BIGNUM *bn_expand2(BIGNUM *a, int words);
-BIGNUM *bn_dup_expand(const BIGNUM *a, int words);

 #define bn_fix_top(a) \
        { \
@@ -472,6 +468,8 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 # define bn_dump(a,b)
 #endif

+int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -498,16 +496,19 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 #define BN_F_BN_MPI2BN					 112
 #define BN_F_BN_NEW					 113
 #define BN_F_BN_RAND					 114
+#define BN_F_BN_RAND_RANGE				 122
 #define BN_F_BN_USUB					 115

 /* Reason codes. */
 #define BN_R_ARG2_LT_ARG3				 100
 #define BN_R_BAD_RECIPROCAL				 101
+#define BN_R_BIGNUM_TOO_LONG				 114
 #define BN_R_CALLED_WITH_EVEN_MODULUS			 102
 #define BN_R_DIV_BY_ZERO				 103
 #define BN_R_ENCODING_ERROR				 104
 #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
 #define BN_R_INVALID_LENGTH				 106
+#define BN_R_INVALID_RANGE				 115
 #define BN_R_NOT_INITIALIZED				 107
 #define BN_R_NO_INVERSE					 108
 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -180,13 +180,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,

 	BN_CTX_start(ctx);
 	tmp=BN_CTX_get(ctx);
-	tmp->neg=0;
 	snum=BN_CTX_get(ctx);
 	sdiv=BN_CTX_get(ctx);
 	if (dv == NULL)
 		res=BN_CTX_get(ctx);
 	else	res=dv;
-	if (res == NULL) goto err;
+	if (sdiv==NULL || res == NULL) goto err;
+	tmp->neg=0;

 	/* First we normalise the numbers */
 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@@ -237,7 +237,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	for (i=0; i<loop-1; i++)
 		{
 		BN_ULONG q,l0;
-#ifdef BN_DIV3W
+#if defined(BN_DIV3W) && !defined(NO_ASM)
+		BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
 		q=bn_div_3_words(wnump,d1,d0);
 #else
 		BN_ULONG n0,n1,rem=0;
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -84,6 +84,7 @@ static ERR_STRING_DATA BN_str_functs[]=
 {ERR_PACK(0,BN_F_BN_MPI2BN,0),	"BN_mpi2bn"},
 {ERR_PACK(0,BN_F_BN_NEW,0),	"BN_new"},
 {ERR_PACK(0,BN_F_BN_RAND,0),	"BN_rand"},
+{ERR_PACK(0,BN_F_BN_RAND_RANGE,0),	"BN_rand_range"},
 {ERR_PACK(0,BN_F_BN_USUB,0),	"BN_usub"},
 {0,NULL}
 	};
@@ -92,11 +93,13 @@ static ERR_STRING_DATA BN_str_reasons[]=
 	{
 {BN_R_ARG2_LT_ARG3                       ,"arg2 lt arg3"},
 {BN_R_BAD_RECIPROCAL                     ,"bad reciprocal"},
+{BN_R_BIGNUM_TOO_LONG                    ,"bignum too long"},
 {BN_R_CALLED_WITH_EVEN_MODULUS           ,"called with even modulus"},
 {BN_R_DIV_BY_ZERO                        ,"div by zero"},
 {BN_R_ENCODING_ERROR                     ,"encoding error"},
 {BN_R_EXPAND_ON_STATIC_BIGNUM_DATA       ,"expand on static bignum data"},
 {BN_R_INVALID_LENGTH                     ,"invalid length"},
+{BN_R_INVALID_RANGE                      ,"invalid range"},
 {BN_R_NOT_INITIALIZED                    ,"not initialized"},
 {BN_R_NO_INVERSE                         ,"no inverse"},
 {BN_R_TOO_MANY_TEMPORARY_VARIABLES       ,"too many temporary variables"},
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -117,8 +117,7 @@
 #define TABLE_SIZE	32

 /* slow but works */
-int BN_mod_mul(BIGNUM *ret, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-	BN_CTX *ctx)
+int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
 	{
 	BIGNUM *t;
 	int r=0;
@@ -142,7 +141,7 @@ err:


 /* this one works - simple but works */
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)
 	{
 	int i,bits,ret=0;
 	BIGNUM *v,*rr;
@@ -177,7 +176,7 @@ err:
 	}


-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	       BN_CTX *ctx)
 	{
 	int ret;
@@ -326,13 +325,13 @@ err:
 	}


-int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
 		    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
 	{
 	int i,j,bits,ret=0,wstart,wend,window,wvalue;
 	int start=1,ts=0;
 	BIGNUM *d,*r;
-	const BIGNUM *aa;
+	BIGNUM *aa;
 	BIGNUM val[TABLE_SIZE];
 	BN_MONT_CTX *mont=NULL;

@@ -591,9 +590,8 @@ err:


 /* The old fallback, simple version :-) */
-int BN_mod_exp_simple(BIGNUM *r,
-	const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
-	BN_CTX *ctx)
+int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
+	     BN_CTX *ctx)
 	{
 	int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0;
 	int start=1;
--- a/crypto/bn/bn_exp2.c
+++ b/crypto/bn/bn_exp2.c
@@ -115,14 +115,13 @@

 #define TABLE_SIZE	32

-int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
-	const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
-	BN_CTX *ctx, BN_MONT_CTX *in_mont)
+int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
+	     BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
 	{
 	int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
 	int r_is_one=1,ts1=0,ts2=0;
 	BIGNUM *d,*r;
-	const BIGNUM *a_mod_m;
+	BIGNUM *a_mod_m;
 	BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE];
 	BN_MONT_CTX *mont=NULL;

--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -144,8 +144,7 @@ err:
 	}

 /* solves ax == 1 (mod n) */
-BIGNUM *BN_mod_inverse(BIGNUM *in,
-	const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
 	{
 	BIGNUM *A,*B,*X,*Y,*M,*D,*R=NULL;
 	BIGNUM *T,*ret=NULL;
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -62,6 +62,7 @@
 #endif

 #include <assert.h>
+#include <limits.h>
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
@@ -304,35 +305,48 @@ BIGNUM *BN_new(void)
 	return(ret);
 	}

-/* This is used both by bn_expand2() and bn_dup_expand() */
-/* The caller MUST check that words > b->dmax before calling this */
-static BN_ULONG *internal_bn_expand(const BIGNUM *b, int words)
+/* This is an internal function that should not be used in applications.
+ * It ensures that 'b' has enough room for a 'words' word number number.
+ * It is mostly used by the various BIGNUM routines. If there is an error,
+ * NULL is returned. If not, 'b' is returned. */
+
+BIGNUM *bn_expand2(BIGNUM *b, int words)
 	{
-	BN_ULONG *A,*a = NULL;
+	BN_ULONG *A,*a;
 	const BN_ULONG *B;
 	int i;

-	bn_check_top(b);	
-	if (BN_get_flags(b,BN_FLG_STATIC_DATA))
+	bn_check_top(b);
+
+	if (words > b->dmax)
 		{
-		BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
-		return(NULL);
-		}
-	a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
-	if (A == NULL)
-		{
-		BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
+		if (words > (INT_MAX/(4*BN_BITS2)))
+			{
+			BNerr(BN_F_BN_EXPAND2,BN_R_BIGNUM_TOO_LONG);
+			return NULL;
+			}
+			
+		bn_check_top(b);	
+		if (BN_get_flags(b,BN_FLG_STATIC_DATA))
+			{
+			BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+			return(NULL);
+			}
+		a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
+		if (A == NULL)
+			{
+			BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
 #if 1
-	B=b->d;
-	/* Check if the previous number needs to be copied */
-	if (B != NULL)
-		{
+		B=b->d;
+		/* Check if the previous number needs to be copied */
+		if (B != NULL)
+			{
 #if 0
-		/* This lot is an unrolled loop to copy b->top 
-		 * BN_ULONGs from B to A
-		 */
+			/* This lot is an unrolled loop to copy b->top 
+			 * BN_ULONGs from B to A
+			 */
 /*
 * I have nothing against unrolling but it's usually done for
 * several reasons, namely:
@@ -356,170 +370,107 @@ static BN_ULONG *internal_bn_expand(const BIGNUM *b, int words)
 *
 *					<appro@fy.chalmers.se>
 */
-		for (i=b->top&(~7); i>0; i-=8)
-			{
-			A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
-			A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
-			A+=8;
-			B+=8;
-			}
-		switch (b->top&7)
-			{
-		case 7:
-			A[6]=B[6];
-		case 6:
-			A[5]=B[5];
-		case 5:
-			A[4]=B[4];
-		case 4:
-			A[3]=B[3];
-		case 3:
-			A[2]=B[2];
-		case 2:
-			A[1]=B[1];
-		case 1:
-			A[0]=B[0];
-		case 0:
-			/* I need the 'case 0' entry for utrix cc.
-			 * If the optimizer is turned on, it does the
-			 * switch table by doing
-			 * a=top&7
-			 * a--;
-			 * goto jump_table[a];
-			 * If top is 0, this makes us jump to 0xffffffc 
-			 * which is rather bad :-(.
-			 * eric 23-Apr-1998
-			 */
-			;
-			}
+			for (i=b->top&(~7); i>0; i-=8)
+				{
+				A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
+				A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
+				A+=8;
+				B+=8;
+				}
+			switch (b->top&7)
+				{
+			case 7:
+				A[6]=B[6];
+			case 6:
+				A[5]=B[5];
+			case 5:
+				A[4]=B[4];
+			case 4:
+				A[3]=B[3];
+			case 3:
+				A[2]=B[2];
+			case 2:
+				A[1]=B[1];
+			case 1:
+				A[0]=B[0];
+			case 0:
+				/* I need the 'case 0' entry for utrix cc.
+				 * If the optimizer is turned on, it does the
+				 * switch table by doing
+				 * a=top&7
+				 * a--;
+				 * goto jump_table[a];
+				 * If top is 0, this makes us jump to 0xffffffc 
+				 * which is rather bad :-(.
+				 * eric 23-Apr-1998
+				 */
+				;
+				}
 #else
-		for (i=b->top>>2; i>0; i--,A+=4,B+=4)
-			{
-			/*
-			 * The fact that the loop is unrolled
-			 * 4-wise is a tribute to Intel. It's
-			 * the one that doesn't have enough
-			 * registers to accomodate more data.
-			 * I'd unroll it 8-wise otherwise:-)
-			 *
-			 *		<appro@fy.chalmers.se>
-			 */
-			BN_ULONG a0,a1,a2,a3;
-			a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
-			A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
-			}
-		switch (b->top&3)
-			{
-		case 3:	A[2]=B[2];
-		case 2:	A[1]=B[1];
-		case 1:	A[0]=B[0];
-		case 0:	; /* ultrix cc workaround, see above */
-			}
+			for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+				{
+				/*
+				 * The fact that the loop is unrolled
+				 * 4-wise is a tribute to Intel. It's
+				 * the one that doesn't have enough
+				 * registers to accomodate more data.
+				 * I'd unroll it 8-wise otherwise:-)
+				 *
+				 *		<appro@fy.chalmers.se>
+				 */
+				BN_ULONG a0,a1,a2,a3;
+				a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+				A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+				}
+			switch (b->top&3)
+				{
+				case 3:	A[2]=B[2];
+				case 2:	A[1]=B[1];
+				case 1:	A[0]=B[0];
+				case 0:	; /* ultrix cc workaround, see above */
+				}
 #endif
-		}
+			OPENSSL_free(b->d);
+			}

-	/* Now need to zero any data between b->top and b->max */
+		b->d=a;
+		b->dmax=words;

-	A= &(a[b->top]);
-	for (i=(words - b->top)>>3; i>0; i--,A+=8)
-		{
-		A[0]=0; A[1]=0; A[2]=0; A[3]=0;
-		A[4]=0; A[5]=0; A[6]=0; A[7]=0;
-		}
-	for (i=(words - b->top)&7; i>0; i--,A++)
-		A[0]=0;
+		/* Now need to zero any data between b->top and b->max */
+
+		A= &(b->d[b->top]);
+		for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
+			{
+			A[0]=0; A[1]=0; A[2]=0; A[3]=0;
+			A[4]=0; A[5]=0; A[6]=0; A[7]=0;
+			}
+		for (i=(b->dmax - b->top)&7; i>0; i--,A++)
+			A[0]=0;
 #else
-	memset(A,0,sizeof(BN_ULONG)*(words+1));
-	memcpy(A,b->d,sizeof(b->d[0])*b->top);
+			memset(A,0,sizeof(BN_ULONG)*(words+1));
+			memcpy(A,b->d,sizeof(b->d[0])*b->top);
+			b->d=a;
+			b->max=words;
 #endif
 		
-	return(a);
-	}
+/*		memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */
+/*	{ int i; for (i=b->max; i<words+1; i++) p[i]=i;} */

-/* This is an internal function that can be used instead of bn_expand2()
- * when there is a need to copy BIGNUMs instead of only expanding the
- * data part, while still expanding them.
- * Especially useful when needing to expand BIGNUMs that are declared
- * 'const' and should therefore not be changed.
- * The reason to use this instead of a BN_dup() followed by a bn_expand2()
- * is memory allocation overhead.  A BN_dup() followed by a bn_expand2()
- * will allocate new memory for the BIGNUM data twice, and free it once,
- * while bn_dup_expand() makes sure allocation is made only once.
- */
-
-BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
-	{
-	BIGNUM *r = NULL;
-
-	if (words > b->dmax)
-		{
-		BN_ULONG *a = internal_bn_expand(b, words);
-
-		if (a)
-			{
-			r = BN_new();
-			if (r)
-				{
-				r->top = b->top;
-				r->dmax = words;
-				r->neg = b->neg;
-				r->d = a;
-				}
-			else
-				{
-				/* r == NULL, BN_new failure */
-				OPENSSL_free(a);
-				}
-			}
-		/* If a == NULL, there was an error in allocation in
-		   internal_bn_expand(), and NULL should be returned */
 		}
-	else
-		{
-		r = BN_dup(b);
-		}
-
-	return r;
-	}
-
-/* This is an internal function that should not be used in applications.
- * It ensures that 'b' has enough room for a 'words' word number number.
- * It is mostly used by the various BIGNUM routines. If there is an error,
- * NULL is returned. If not, 'b' is returned. */
-
-BIGNUM *bn_expand2(BIGNUM *b, int words)
-	{
-	if (words > b->dmax)
-		{
-		BN_ULONG *a = internal_bn_expand(b, words);
-
-		if (a)
-			{
-			OPENSSL_free(b->d);
-			b->d=a;
-			b->dmax=words;
-			}
-		else
-			b = NULL;
-		}
-	return b;
+	return(b);
 	}

 BIGNUM *BN_dup(const BIGNUM *a)
 	{
-	BIGNUM *r, *t;
+	BIGNUM *r;

 	if (a == NULL) return NULL;

 	bn_check_top(a);

-	t = BN_new();
-	if (t == NULL) return(NULL);
-	r = BN_copy(t, a);
-	/* now  r == t || r == NULL */
-	if (r == NULL)
-		BN_free(t);
-	return r;
+	r=BN_new();
+	if (r == NULL) return(NULL);
+	return((BIGNUM *)BN_copy(r,a));
 	}

 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
@@ -569,7 +520,7 @@ void BN_clear(BIGNUM *a)
 	a->neg=0;
 	}

-BN_ULONG BN_get_word(const BIGNUM *a)
+BN_ULONG BN_get_word(BIGNUM *a)
 	{
 	int i,n;
 	BN_ULONG ret=0;
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -69,7 +69,7 @@

 #define MONT_WORD /* use the faster word-based algorithm */

-int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
 			  BN_MONT_CTX *mont, BN_CTX *ctx)
 	{
 	BIGNUM *tmp,*tmp2;
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -608,7 +608,7 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
 	}
 #endif /* BN_RECURSION */

-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 	{
 	int top,al,bl;
 	BIGNUM *rr;
@@ -620,7 +620,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 	BIGNUM *t;
 	int j,k;
 #endif
-	BIGNUM *free_a = NULL, *free_b = NULL;

 #ifdef BN_COUNT
 	printf("BN_mul %d * %d\n",a->top,b->top);
@@ -678,21 +677,17 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 		{
 		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
 			{
-			BIGNUM *tmp_bn = free_b;
-			b = free_b = bn_dup_expand(b,al);
-			free_b->d[bl]=0;
+			bn_wexpand(b,al);
+			b->d[bl]=0;
 			bl++;
 			i--;
-			if (tmp_bn) BN_free(tmp_bn);
 			}
 		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
 			{
-			BIGNUM *tmp_bn = free_a;
-			a = free_a = bn_dup_expand(a,bl);
-			free_a->d[al]=0;
+			bn_wexpand(a,bl);
+			a->d[al]=0;
 			al++;
 			i++;
-			if (tmp_bn) BN_free(tmp_bn);
 			}
 		if (i == 0)
 			{
@@ -710,17 +705,14 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 				}
 			else
 				{
-				BIGNUM *tmp_a = free_a,*tmp_b = free_b;
-				a = free_a = bn_dup_expand(a,k);
-				b = free_b = bn_dup_expand(b,k);
-				if (tmp_a) BN_free(tmp_a);
-				if (tmp_b) BN_free(tmp_b);
+				bn_wexpand(a,k);
+				bn_wexpand(b,k);
 				bn_wexpand(t,k*4);
 				bn_wexpand(rr,k*4);
-				for (i=free_a->top; i<k; i++)
-					free_a->d[i]=0;
-				for (i=free_b->top; i<k; i++)
-					free_b->d[i]=0;
+				for (i=a->top; i<k; i++)
+					a->d[i]=0;
+				for (i=b->top; i<k; i++)
+					b->d[i]=0;
 				bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
 				}
 			rr->top=top;
@@ -739,8 +731,6 @@ end:
 	if (r != rr) BN_copy(r,rr);
 	ret=1;
 err:
-	if (free_a) BN_free(free_a);
-	if (free_b) BN_free(free_b);
 	BN_CTX_end(ctx);
 	return(ret);
 	}
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -125,13 +125,12 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
 	const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
 static int probable_prime(BIGNUM *rnd, int bits);
 static int probable_prime_dh(BIGNUM *rnd, int bits,
-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
 static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);

-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
-	const BIGNUM *add, const BIGNUM *rem,
-	void (*callback)(int,int,void *), void *cb_arg)
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, BIGNUM *add,
+	     BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg)
 	{
 	BIGNUM *rnd=NULL;
 	BIGNUM t;
@@ -377,8 +376,8 @@ again:
 	return(1);
 	}

-static int probable_prime_dh(BIGNUM *rnd, int bits,
-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
+static int probable_prime_dh(BIGNUM *rnd, int bits, BIGNUM *add, BIGNUM *rem,
+	     BN_CTX *ctx)
 	{
 	int i,ret=0;
 	BIGNUM *t1;
@@ -414,8 +413,8 @@ err:
 	return(ret);
 	}

-static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
-	const BIGNUM *rem, BN_CTX *ctx)
+static int probable_prime_dh_safe(BIGNUM *p, int bits, BIGNUM *padd,
+	     BIGNUM *rem, BN_CTX *ctx)
 	{
 	int i,ret=0;
 	BIGNUM *t1,*qadd,*q;
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -76,7 +76,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)

 	bytes=(bits+7)/8;
 	bit=(bits-1)%8;
-	mask=0xff<<bit;
+	mask=0xff<<(bit+1);

 	buf=(unsigned char *)OPENSSL_malloc(bytes);
 	if (buf == NULL)
@@ -100,25 +100,48 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 			goto err;
 		}

-	if (top)
+#if 1
+	if (pseudorand == 2)
 		{
-		if (bit == 0)
+		/* generate patterns that are more likely to trigger BN
+		   library bugs */
+		int i;
+		unsigned char c;
+
+		for (i = 0; i < bytes; i++)
 			{
-			buf[0]=1;
-			buf[1]|=0x80;
+			RAND_pseudo_bytes(&c, 1);
+			if (c >= 128 && i > 0)
+				buf[i] = buf[i-1];
+			else if (c < 42)
+				buf[i] = 0;
+			else if (c < 84)
+				buf[i] = 255;
+			}
+		}
+#endif
+
+	if (top != -1)
+		{
+		if (top)
+			{
+			if (bit == 0)
+				{
+				buf[0]=1;
+				buf[1]|=0x80;
+				}
+			else
+				{
+				buf[0]|=(3<<(bit-1));
+				}
 			}
 		else
 			{
-			buf[0]|=(3<<(bit-1));
-			buf[0]&= ~(mask<<1);
+			buf[0]|=(1<<bit);
 			}
 		}
-	else
-		{
-		buf[0]|=(1<<bit);
-		buf[0]&= ~(mask<<1);
-		}
-	if (bottom) /* set bottom bits to whatever odd is */
+	buf[0] &= ~mask;
+	if (bottom) /* set bottom bit if requested */
 		buf[bytes-1]|=1;
 	if (!BN_bin2bn(buf,bytes,rnd)) goto err;
 	ret=1;
@@ -140,3 +163,61 @@ int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
 	{
 	return bnrand(1, rnd, bits, top, bottom);
 	}
+
+#if 1
+int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+	{
+	return bnrand(2, rnd, bits, top, bottom);
+	}
+#endif
+
+/* random number r:  0 <= r < range */
+int	BN_rand_range(BIGNUM *r, BIGNUM *range)
+	{
+	int n;
+
+	if (range->neg || BN_is_zero(range))
+		{
+		BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+		return 0;
+		}
+
+	n = BN_num_bits(range); /* n > 0 */
+
+	if (n == 1)
+		{
+		if (!BN_zero(r)) return 0;
+		}
+	else if (BN_is_bit_set(range, n - 2))
+		{
+		do
+			{
+			/* range = 11..._2, so each iteration succeeds with probability >= .75 */
+			if (!BN_rand(r, n, -1, 0)) return 0;
+			}
+		while (BN_cmp(r, range) >= 0);
+		}
+	else
+		{
+		/* range = 10..._2,
+		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
+		do
+			{
+			if (!BN_rand(r, n + 1, -1, 0)) return 0;
+			/* If  r < 3*range,  use  r := r MOD range
+			 * (which is either  r, r - range,  or  r - 2*range).
+			 * Otherwise, iterate once more.
+			 * Since  3*range = 11..._2, each iteration succeeds with
+			 * probability >= .75. */
+			if (BN_cmp(r ,range) >= 0)
+				{
+				if (!BN_sub(r, r, range)) return 0;
+				if (BN_cmp(r, range) >= 0)
+					if (!BN_sub(r, r, range)) return 0;
+				}
+			}
+		while (BN_cmp(r, range) >= 0);
+		}
+
+	return 1;
+	}
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -100,12 +100,11 @@ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
 	return(1);
 	}

-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
-	BN_RECP_CTX *recp, BN_CTX *ctx)
+int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_RECP_CTX *recp,
+	     BN_CTX *ctx)
 	{
 	int ret=0;
 	BIGNUM *a;
-	const BIGNUM *ca;

 	BN_CTX_start(ctx);
 	if ((a = BN_CTX_get(ctx)) == NULL) goto err;
@@ -115,20 +114,19 @@ int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
 			{ if (!BN_sqr(a,x,ctx)) goto err; }
 		else
 			{ if (!BN_mul(a,x,y,ctx)) goto err; }
-		ca = a;
 		}
 	else
-		ca=x; /* Just do the mod */
+		a=x; /* Just do the mod */

-	BN_div_recp(NULL,r,ca,recp,ctx);
+	BN_div_recp(NULL,r,a,recp,ctx);
 	ret=1;
 err:
 	BN_CTX_end(ctx);
 	return(ret);
 	}

-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
-	BN_RECP_CTX *recp, BN_CTX *ctx)
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp,
+	     BN_CTX *ctx)
 	{
 	int i,j,ret=0;
 	BIGNUM *a,*b,*d,*r;
@@ -203,7 +201,7 @@ err:
 * We actually calculate with an extra word of precision, so
 * we can do faster division if the remainder is not required.
 */
-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
+int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx)
 	{
 	int ret= -1;
 	BIGNUM t;
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"

-int BN_lshift1(BIGNUM *r, const BIGNUM *a)
+int BN_lshift1(BIGNUM *r, BIGNUM *a)
 	{
 	register BN_ULONG *ap,*rp,t,c;
 	int i;
@@ -92,7 +92,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
 	return(1);
 	}

-int BN_rshift1(BIGNUM *r, const BIGNUM *a)
+int BN_rshift1(BIGNUM *r, BIGNUM *a)
 	{
 	BN_ULONG *ap,*rp,t,c;
 	int i;
@@ -153,7 +153,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
 	return(1);
 	}

-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
+int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
 	{
 	int i,j,nw,lb,rb;
 	BN_ULONG *t,*f;
@@ -172,6 +172,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
 		r->neg=a->neg;
 		if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
 		}
+	else
+		{
+		if (n == 0)
+			return 1; /* or the copying loop will go berserk */
+		}

 	f= &(a->d[nw]);
 	t=r->d;
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
@@ -62,11 +62,11 @@

 /* r must not be a */
 /* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
-int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx)
 	{
 	int max,al;
 	int ret = 0;
-	BIGNUM *tmp,*rr,*free_a = NULL;
+	BIGNUM *tmp,*rr;

 #ifdef BN_COUNT
 printf("BN_sqr %d * %d\n",a->top,a->top);
@@ -124,10 +124,8 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
 			k=j+j;
 			if (al == j)
 				{
-				BIGNUM *tmp_bn = free_a;
-				if ((a = free_a = bn_dup_expand(a,k*2)) == NULL) goto err;
+				if (bn_wexpand(a,k*2) == NULL) goto err;
 				if (bn_wexpand(tmp,k*2) == NULL) goto err;
-				if (tmp_bn) BN_free(tmp_bn);
 				bn_sqr_recursive(rr->d,a->d,al,tmp->d);
 				}
 			else
@@ -147,7 +145,6 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
 	if (rr != r) BN_copy(r,rr);
 	ret = 1;
 err:
-	if (free_a) BN_free(free_a);
 	BN_CTX_end(ctx);
 	return(ret);
 	}
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -107,11 +107,9 @@ static const char rnd_seed[] = "string to make the random number generator think
 static void message(BIO *out, char *m)
 	{
 	fprintf(stderr, "test %s\n", m);
-#if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */
 	BIO_puts(out, "print \"test ");
 	BIO_puts(out, m);
 	BIO_puts(out, "\\n\"\n");
-#endif
 	}

 int main(int argc, char *argv[])
@@ -122,9 +120,7 @@ int main(int argc, char *argv[])

 	results = 0;

-	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
-	                                       * even check its return value
-	                                       * (which we should) */
+	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */

 	argc--;
 	argv++;
@@ -253,10 +249,10 @@ int test_add(BIO *bp)
 	BN_init(&b);
 	BN_init(&c);

-	BN_rand(&a,512,0,0);
+	BN_bntest_rand(&a,512,0,0);
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(&b,450+i,0,0);
+		BN_bntest_rand(&b,450+i,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -305,14 +301,14 @@ int test_sub(BIO *bp)
 		{
 		if (i < num1)
 			{
-			BN_rand(&a,512,0,0);
+			BN_bntest_rand(&a,512,0,0);
 			BN_copy(&b,&a);
 			if (BN_set_bit(&a,i)==0) return(0);
 			BN_add_word(&b,i);
 			}
 		else
 			{
-			BN_rand(&b,400+i-num1,0,0);
+			BN_bntest_rand(&b,400+i-num1,0,0);
 			a.neg=rand_neg();
 			b.neg=rand_neg();
 			}
@@ -362,13 +358,13 @@ int test_div(BIO *bp, BN_CTX *ctx)
 		{
 		if (i < num1)
 			{
-			BN_rand(&a,400,0,0);
+			BN_bntest_rand(&a,400,0,0);
 			BN_copy(&b,&a);
 			BN_lshift(&a,&a,i);
 			BN_add_word(&a,i);
 			}
 		else
-			BN_rand(&b,50+3*(i-num1),0,0);
+			BN_bntest_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -432,13 +428,13 @@ int test_div_recp(BIO *bp, BN_CTX *ctx)
 		{
 		if (i < num1)
 			{
-			BN_rand(&a,400,0,0);
+			BN_bntest_rand(&a,400,0,0);
 			BN_copy(&b,&a);
 			BN_lshift(&a,&a,i);
 			BN_add_word(&a,i);
 			}
 		else
-			BN_rand(&b,50+3*(i-num1),0,0);
+			BN_bntest_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		BN_RECP_CTX_set(&recp,&b,ctx);
@@ -509,11 +505,11 @@ int test_mul(BIO *bp)
 		{
 		if (i <= num1)
 			{
-			BN_rand(&a,100,0,0);
-			BN_rand(&b,100,0,0);
+			BN_bntest_rand(&a,100,0,0);
+			BN_bntest_rand(&b,100,0,0);
 			}
 		else
-			BN_rand(&b,i-num1,0,0);
+			BN_bntest_rand(&b,i-num1,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		if (bp == NULL)
@@ -562,7 +558,7 @@ int test_sqr(BIO *bp, BN_CTX *ctx)

 	for (i=0; i<num0; i++)
 		{
-		BN_rand(&a,40+i*10,0,0);
+		BN_bntest_rand(&a,40+i*10,0,0);
 		a.neg=rand_neg();
 		if (bp == NULL)
 			for (j=0; j<100; j++)
@@ -613,15 +609,15 @@ int test_mont(BIO *bp, BN_CTX *ctx)

 	mont=BN_MONT_CTX_new();

-	BN_rand(&a,100,0,0); /**/
-	BN_rand(&b,100,0,0); /**/
+	BN_bntest_rand(&a,100,0,0); /**/
+	BN_bntest_rand(&b,100,0,0); /**/
 	for (i=0; i<num2; i++)
 		{
 		int bits = (200*(i+1))/num2;

 		if (bits == 0)
 			continue;
-		BN_rand(&n,bits,0,1);
+		BN_bntest_rand(&n,bits,0,1);
 		BN_MONT_CTX_set(mont,&n,ctx);

 		BN_to_montgomery(&A,&a,mont,ctx);
@@ -683,10 +679,10 @@ int test_mod(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();

-	BN_rand(a,1024,0,0); /**/
+	BN_bntest_rand(a,1024,0,0); /**/
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(b,450+i*10,0,0); /**/
+		BN_bntest_rand(b,450+i*10,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
 		if (bp == NULL)
@@ -732,11 +728,11 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();

-	BN_rand(c,1024,0,0); /**/
+	BN_bntest_rand(c,1024,0,0); /**/
 	for (i=0; i<num0; i++)
 		{
-		BN_rand(a,475+i*10,0,0); /**/
-		BN_rand(b,425+i*11,0,0); /**/
+		BN_bntest_rand(a,475+i*10,0,0); /**/
+		BN_bntest_rand(b,425+i*11,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
 	/*	if (bp == NULL)
@@ -772,7 +768,6 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 		if(!BN_is_zero(b))
 		    {
 		    fprintf(stderr,"Modulo multiply test failed!\n");
-		    ERR_print_errors_fp(stderr);
 		    return 0;
 		    }
 		}
@@ -795,11 +790,11 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();

-	BN_rand(c,30,0,1); /* must be odd for montgomery */
+	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
 	for (i=0; i<num2; i++)
 		{
-		BN_rand(a,20+i*5,0,0); /**/
-		BN_rand(b,2+i,0,0); /**/
+		BN_bntest_rand(a,20+i*5,0,0); /**/
+		BN_bntest_rand(b,2+i,0,0); /**/

 		if (!BN_mod_exp(d,a,b,c,ctx))
 			return(00);
@@ -849,8 +844,8 @@ int test_exp(BIO *bp, BN_CTX *ctx)

 	for (i=0; i<num2; i++)
 		{
-		BN_rand(a,20+i*5,0,0); /**/
-		BN_rand(b,2+i,0,0); /**/
+		BN_bntest_rand(a,20+i*5,0,0); /**/
+		BN_bntest_rand(b,2+i,0,0); /**/

 		if (!BN_exp(d,a,b,ctx))
 			return(00);
@@ -900,7 +895,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
 	else
 	    {
 	    a=BN_new();
-	    BN_rand(a,200,0,0); /**/
+	    BN_bntest_rand(a,200,0,0); /**/
 	    a->neg=rand_neg();
 	    }
 	for (i=0; i<num0; i++)
@@ -952,7 +947,7 @@ int test_lshift1(BIO *bp)
 	b=BN_new();
 	c=BN_new();

-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
@@ -996,7 +991,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx)
 	e=BN_new();
 	BN_one(c);

-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
@@ -1039,7 +1034,7 @@ int test_rshift1(BIO *bp)
 	b=BN_new();
 	c=BN_new();

-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -90,11 +90,10 @@ struct conf_method_st
 	int (MS_FAR *init)(CONF *conf);
 	int (MS_FAR *destroy)(CONF *conf);
 	int (MS_FAR *destroy_data)(CONF *conf);
-	int (MS_FAR *load_bio)(CONF *conf, BIO *bp, long *eline);
+	int (MS_FAR *load)(CONF *conf, BIO *bp, long *eline);
 	int (MS_FAR *dump)(CONF *conf, BIO *bp);
 	int (MS_FAR *is_number)(CONF *conf, char c);
 	int (MS_FAR *to_int)(CONF *conf, char c);
-	int (MS_FAR *load)(CONF *conf, const char *name, long *eline);
 	};

 int CONF_set_default_method(CONF_METHOD *meth);
@@ -137,17 +136,10 @@ int NCONF_load_fp(CONF *conf, FILE *fp,long *eline);
 int NCONF_load_bio(CONF *conf, BIO *bp,long *eline);
 STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section);
 char *NCONF_get_string(CONF *conf,char *group,char *name);
-int NCONF_get_number_e(CONF *conf,char *group,char *name,long *result);
+long NCONF_get_number(CONF *conf,char *group,char *name);
 int NCONF_dump_fp(CONF *conf, FILE *out);
 int NCONF_dump_bio(CONF *conf, BIO *out);

-#if 0 /* The following function has no error checking,
-	 and should therefore be avoided */
-long NCONF_get_number(CONF *conf,char *group,char *name);
-#else
-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r);
-#endif
-

 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -164,12 +156,9 @@ long NCONF_get_number(CONF *conf,char *group,char *name);
 #define CONF_F_NCONF_DUMP_BIO				 105
 #define CONF_F_NCONF_DUMP_FP				 106
 #define CONF_F_NCONF_GET_NUMBER				 107
-#define CONF_F_NCONF_GET_NUMBER_E			 112
 #define CONF_F_NCONF_GET_SECTION			 108
 #define CONF_F_NCONF_GET_STRING				 109
-#define CONF_F_NCONF_LOAD				 113
 #define CONF_F_NCONF_LOAD_BIO				 110
-#define CONF_F_NCONF_LOAD_FP				 114
 #define CONF_F_NCONF_NEW				 111
 #define CONF_F_STR_COPY					 101

@@ -180,7 +169,6 @@ long NCONF_get_number(CONF *conf,char *group,char *name);
 #define CONF_R_NO_CONF					 105
 #define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE		 106
 #define CONF_R_NO_SECTION				 107
-#define CONF_R_NO_VALUE					 108
 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
 #define CONF_R_VARIABLE_HAS_NO_VALUE			 104

--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -153,9 +153,6 @@ char *_CONF_get_string(CONF *conf, char *section, char *name)
 		return(Getenv(name));
 	}

-#if 0 /* There's no way to provide error checking with this function, so
-	 force implementors of the higher levels to get a string and read
-	 the number themselves. */
 long _CONF_get_number(CONF *conf, char *section, char *name)
 	{
 	char *str;
@@ -172,7 +169,6 @@ long _CONF_get_number(CONF *conf, char *section, char *name)
 		str++;
 		}
 	}
-#endif

 int _CONF_new_data(CONF *conf)
 	{
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -81,8 +81,7 @@ static int def_init_default(CONF *conf);
 static int def_init_WIN32(CONF *conf);
 static int def_destroy(CONF *conf);
 static int def_destroy_data(CONF *conf);
-static int def_load(CONF *conf, const char *name, long *eline);
-static int def_load_bio(CONF *conf, BIO *bp, long *eline);
+static int def_load(CONF *conf, BIO *bp, long *eline);
 static int def_dump(CONF *conf, BIO *bp);
 static int def_is_number(CONF *conf, char c);
 static int def_to_int(CONF *conf, char c);
@@ -95,11 +94,10 @@ static CONF_METHOD default_method = {
 	def_init_default,
 	def_destroy,
 	def_destroy_data,
-	def_load_bio,
+	def_load,
 	def_dump,
 	def_is_number,
-	def_to_int,
-	def_load
+	def_to_int
 	};

 static CONF_METHOD WIN32_method = {
@@ -108,11 +106,10 @@ static CONF_METHOD WIN32_method = {
 	def_init_WIN32,
 	def_destroy,
 	def_destroy_data,
-	def_load_bio,
+	def_load,
 	def_dump,
 	def_is_number,
-	def_to_int,
-	def_load
+	def_to_int
 	};

 CONF_METHOD *NCONF_default()
@@ -180,29 +177,7 @@ static int def_destroy_data(CONF *conf)
 	return 1;
 	}

-static int def_load(CONF *conf, const char *name, long *line)
-	{
-	int ret;
-	BIO *in=NULL;
-
-#ifdef VMS
-	in=BIO_new_file(name, "r");
-#else
-	in=BIO_new_file(name, "rb");
-#endif
-	if (in == NULL)
-		{
-		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
-		return 0;
-		}
-
-	ret = def_load_bio(conf, in, line);
-	BIO_free(in);
-
-	return ret;
-	}
-
-static int def_load_bio(CONF *conf, BIO *in, long *line)
+static int def_load(CONF *conf, BIO *in, long *line)
 	{
 #define BUFSIZE	512
 	char btmp[16];
--- a/crypto/conf/conf_err.c
+++ b/crypto/conf/conf_err.c
@@ -73,12 +73,9 @@ static ERR_STRING_DATA CONF_str_functs[]=
 {ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0),	"NCONF_dump_bio"},
 {ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0),	"NCONF_dump_fp"},
 {ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0),	"NCONF_get_number"},
-{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0),	"NCONF_get_number_e"},
 {ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0),	"NCONF_get_section"},
 {ERR_PACK(0,CONF_F_NCONF_GET_STRING,0),	"NCONF_get_string"},
-{ERR_PACK(0,CONF_F_NCONF_LOAD,0),	"NCONF_load"},
 {ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0),	"NCONF_load_bio"},
-{ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0),	"NCONF_load_fp"},
 {ERR_PACK(0,CONF_F_NCONF_NEW,0),	"NCONF_new"},
 {ERR_PACK(0,CONF_F_STR_COPY,0),	"STR_COPY"},
 {0,NULL}
@@ -92,7 +89,6 @@ static ERR_STRING_DATA CONF_str_reasons[]=
 {CONF_R_NO_CONF                          ,"no conf"},
 {CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE  ,"no conf or environment variable"},
 {CONF_R_NO_SECTION                       ,"no section"},
-{CONF_R_NO_VALUE                         ,"no value"},
 {CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
 {CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
 {0,NULL}
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -131,46 +131,59 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)

 STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
 	{
-	CONF ctmp;
+	if (conf == NULL)
+		{
+		return NULL;
+		}
+	else
+		{
+		CONF ctmp;

-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
+		if (default_CONF_method == NULL)
+			default_CONF_method = NCONF_default();

-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
-	return NCONF_get_section(&ctmp, section);
+		default_CONF_method->init(&ctmp);
+		ctmp.data = conf;
+		return NCONF_get_section(&ctmp, section);
+		}
 	}

 char *CONF_get_string(LHASH *conf,char *group,char *name)
 	{
-	CONF ctmp;
+	if (conf == NULL)
+		{
+		return NCONF_get_string(NULL, group, name);
+		}
+	else
+		{
+		CONF ctmp;

-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
+		if (default_CONF_method == NULL)
+			default_CONF_method = NCONF_default();

-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
-	return NCONF_get_string(&ctmp, group, name);
+		default_CONF_method->init(&ctmp);
+		ctmp.data = conf;
+		return NCONF_get_string(&ctmp, group, name);
+		}
 	}

 long CONF_get_number(LHASH *conf,char *group,char *name)
 	{
-	CONF ctmp;
-	int status;
-	long result = 0;
-
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
-
-	default_CONF_method->init(&ctmp);
-	ctmp.data = conf;
-	status = NCONF_get_number_e(&ctmp, group, name, &result);
-	if (status == 0)
+	if (conf == NULL)
 		{
-		/* This function does not believe in errors... */
-		ERR_get_error();
+		return NCONF_get_number(NULL, group, name);
+		}
+	else
+		{
+		CONF ctmp;
+
+		if (default_CONF_method == NULL)
+			default_CONF_method = NCONF_default();
+
+		default_CONF_method->init(&ctmp);
+		ctmp.data = conf;
+		return NCONF_get_number(&ctmp, group, name);
 		}
-	return result;
 	}

 void CONF_free(LHASH *conf)
@@ -252,13 +265,24 @@ void NCONF_free_data(CONF *conf)

 int NCONF_load(CONF *conf, const char *file, long *eline)
 	{
-	if (conf == NULL)
+	int ret;
+	BIO *in=NULL;
+
+#ifdef VMS
+	in=BIO_new_file(file, "r");
+#else
+	in=BIO_new_file(file, "rb");
+#endif
+	if (in == NULL)
 		{
-		CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF);
+		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
 		return 0;
 		}

-	return conf->meth->load(conf, file, eline);
+	ret = NCONF_load_bio(conf, in, eline);
+	BIO_free(in);
+
+	return ret;
 	}

 #ifndef NO_FP_API
@@ -268,7 +292,7 @@ int NCONF_load_fp(CONF *conf, FILE *fp,long *eline)
 	int ret;
 	if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE)))
 		{
-		CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB);
+		CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
 		return 0;
 		}
 	ret = NCONF_load_bio(conf, btmp, eline);
@@ -285,7 +309,7 @@ int NCONF_load_bio(CONF *conf, BIO *bp,long *eline)
 		return 0;
 		}

-	return conf->meth->load_bio(conf, bp, eline);
+	return conf->meth->load(conf, bp, eline);
 	}

 STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section)
@@ -319,33 +343,25 @@ char *NCONF_get_string(CONF *conf,char *group,char *name)
                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
 		return NULL;
 		}
-	CONFerr(CONF_F_NCONF_GET_STRING,
-		CONF_R_NO_VALUE);
 	return NULL;
 	}

-int NCONF_get_number_e(CONF *conf,char *group,char *name,long *result)
+long NCONF_get_number(CONF *conf,char *group,char *name)
 	{
-	char *str;
-
-	if (result == NULL)
+#if 0 /* As with _CONF_get_string(), we rely on the possibility of finding
+         an environment variable with a suitable name.  Unfortunately, there's
+         no way with the current API to see if we found one or not...
+         The meaning of this is that if a number is not found anywhere, it
+         will always default to 0. */
+	if (conf == NULL)
 		{
-		CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER);
+		CONFerr(CONF_F_NCONF_GET_NUMBER,
+                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
 		return 0;
 		}
-
-	str = NCONF_get_string(conf,group,name);
-
-	if (str == NULL)
-		return 0;
-
-	for (;conf->meth->is_number(conf, *str);)
-		{
-		*result = (*result)*10 + conf->meth->to_int(conf, *str);
-		str++;
-		}
-
-	return 1;
+#endif
+	
+	return _CONF_get_number(conf, group, name);
 	}

 #ifndef NO_FP_API
@@ -374,19 +390,3 @@ int NCONF_dump_bio(CONF *conf, BIO *out)
 	return conf->meth->dump(conf, out);
 	}

-/* This function should be avoided */
-#undef NCONF_get_number
-long NCONF_get_number(CONF *conf,char *group,char *name)
-	{
-	int status;
-	long ret=0;
-
-	status = NCONF_get_number_e(conf, group, name, &ret);
-	if (status == 0)
-		{
-		/* This function does not believe in errors... */
-		ERR_get_error();
-		}
-	return ret;
-	}
-
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -88,7 +88,7 @@ $! Define The Different Encryption Types.
 $!
 $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
 		  "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
-		  "BN,RSA,DSA,DH,DSO,ENGINE,RIJNDAEL,"+ -
+		  "BN,RSA,DSA,DH,DSO,ENGINE,"+ -
 		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
 		  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
 		  "CONF,TXT_DB,PKCS7,PKCS12,COMP"
@@ -174,7 +174,7 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err"
+$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
@@ -208,7 +208,6 @@ $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
 	"dso_openssl,dso_win32,dso_vms"
 $ LIB_ENGINE = "engine_err,engine_lib,engine_list,engine_openssl,"+ -
 	"hw_atalla,hw_cswift,hw_ncipher"
-$ LIB_RIJNDAEL = "rijndael-alg-fst"
 $ LIB_BUFFER = "buffer,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
 	"bss_mem,bss_null,bss_fd,"+ -
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -278,10 +278,12 @@ int CRYPTO_is_mem_check_on(void);
 const char *SSLeay_version(int type);
 unsigned long SSLeay(void);

+int OPENSSL_issetugid(void);
+
 int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp,
 	     CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx);
+void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad,int idx);
 int CRYPTO_dup_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, CRYPTO_EX_DATA *to,
 	     CRYPTO_EX_DATA *from);
 void CRYPTO_free_ex_data(STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth, void *obj, CRYPTO_EX_DATA *ad);
--- a/crypto/des/asm/des-586.pl
+++ b/crypto/des/asm/des-586.pl
@@ -20,11 +20,11 @@ $L="edi";
 $R="esi";

 &external_label("des_SPtrans");
-&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt1",1);
 &des_encrypt("des_encrypt2",0);
 &des_encrypt3("des_encrypt3",1);
 &des_encrypt3("des_decrypt3",0);
-&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ncbc_encrypt","des_encrypt1","des_encrypt1",0,4,5,3,5,-1);
 &cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);

 &asm_finish();
--- a/crypto/des/asm/des686.pl
+++ b/crypto/des/asm/des686.pl
@@ -46,7 +46,7 @@ EOF
 $L="edi";
 $R="esi";

-&des_encrypt("des_encrypt",1);
+&des_encrypt("des_encrypt1",1);
 &des_encrypt("des_encrypt2",0);

 &des_encrypt3("des_encrypt3",1);
--- a/crypto/des/asm/readme
+++ b/crypto/des/asm/readme
@@ -8,7 +8,7 @@ assembler for the inner DES routines in libdes :-).

 The file to implement in assembler is des_enc.c.  Replace the following
 4 functions
-des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
 des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
 des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
 des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
--- a/crypto/des/cbc_cksm.c
+++ b/crypto/des/cbc_cksm.c
@@ -82,7 +82,7 @@ DES_LONG des_cbc_cksum(const unsigned char *in, des_cblock *output,
 			
 		tin0^=tout0; tin[0]=tin0;
 		tin1^=tout1; tin[1]=tin1;
-		des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+		des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
 		/* fix 15/10/91 eay - thanks to keithr@sco.COM */
 		tout0=tin[0];
 		tout1=tin[1];
--- a/crypto/des/cfb64enc.c
+++ b/crypto/des/cfb64enc.c
@@ -82,7 +82,7 @@ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 				{
 				c2l(iv,v0); ti[0]=v0;
 				c2l(iv,v1); ti[1]=v1;
-				des_encrypt(ti,schedule,DES_ENCRYPT);
+				des_encrypt1(ti,schedule,DES_ENCRYPT);
 				iv = &(*ivec)[0];
 				v0=ti[0]; l2c(v0,iv);
 				v0=ti[1]; l2c(v0,iv);
@@ -102,7 +102,7 @@ void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 				{
 				c2l(iv,v0); ti[0]=v0;
 				c2l(iv,v1); ti[1]=v1;
-				des_encrypt(ti,schedule,DES_ENCRYPT);
+				des_encrypt1(ti,schedule,DES_ENCRYPT);
 				iv = &(*ivec)[0];
 				v0=ti[0]; l2c(v0,iv);
 				v0=ti[1]; l2c(v0,iv);
--- a/crypto/des/cfb_enc.c
+++ b/crypto/des/cfb_enc.c
@@ -100,7 +100,7 @@ void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
 			l-=n;
 			ti[0]=v0;
 			ti[1]=v1;
-			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
 			c2ln(in,d0,d1,n);
 			in+=n;
 			d0=(d0^ti[0])&mask0;
@@ -132,7 +132,7 @@ void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
 			l-=n;
 			ti[0]=v0;
 			ti[1]=v1;
-			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
 			c2ln(in,d0,d1,n);
 			in+=n;
 			/* 30-08-94 - eay - changed because l>>32 and
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -147,14 +147,14 @@ void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
 	Data is a pointer to 2 unsigned long's and ks is the
 	des_key_schedule to use.  enc, is non zero specifies encryption,
 	zero if decryption. */
-void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt1(DES_LONG *data,des_key_schedule ks, int enc);

-/* 	This functions is the same as des_encrypt() except that the DES
+/* 	This functions is the same as des_encrypt1() except that the DES
 	initial permutation (IP) and final permutation (FP) have been left
-	out.  As for des_encrypt(), you should not use this function.
+	out.  As for des_encrypt1(), you should not use this function.
 	It is used by the routines in the library that implement triple DES.
 	IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
-	as des_encrypt() des_encrypt() des_encrypt() except faster :-). */
+	as des_encrypt1() des_encrypt1() des_encrypt1() except faster :-). */
 void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);

 void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@@ -58,7 +58,7 @@

 #include "des_locl.h"

-void des_encrypt(DES_LONG *data, des_key_schedule ks, int enc)
+void des_encrypt1(DES_LONG *data, des_key_schedule ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
--- a/crypto/des/des_opts.c
+++ b/crypto/des/des_opts.c
@@ -118,7 +118,7 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#define des_encrypt  des_encrypt_u4_cisc_idx
+#define des_encrypt1 des_encrypt_u4_cisc_idx
 #define des_encrypt2 des_encrypt2_u4_cisc_idx
 #define des_encrypt3 des_encrypt3_u4_cisc_idx
 #define des_decrypt3 des_decrypt3_u4_cisc_idx
@@ -130,11 +130,11 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_cisc_idx
+#define des_encrypt1 des_encrypt_u16_cisc_idx
 #define des_encrypt2 des_encrypt2_u16_cisc_idx
 #define des_encrypt3 des_encrypt3_u16_cisc_idx
 #define des_decrypt3 des_decrypt3_u16_cisc_idx
@@ -146,11 +146,11 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc1_idx
+#define des_encrypt1 des_encrypt_u4_risc1_idx
 #define des_encrypt2 des_encrypt2_u4_risc1_idx
 #define des_encrypt3 des_encrypt3_u4_risc1_idx
 #define des_decrypt3 des_decrypt3_u4_risc1_idx
@@ -166,11 +166,11 @@ extern void exit();
 #define DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc2_idx
+#define des_encrypt1 des_encrypt_u4_risc2_idx
 #define des_encrypt2 des_encrypt2_u4_risc2_idx
 #define des_encrypt3 des_encrypt3_u4_risc2_idx
 #define des_decrypt3 des_decrypt3_u4_risc2_idx
@@ -182,11 +182,11 @@ extern void exit();
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc1_idx
+#define des_encrypt1 des_encrypt_u16_risc1_idx
 #define des_encrypt2 des_encrypt2_u16_risc1_idx
 #define des_encrypt3 des_encrypt3_u16_risc1_idx
 #define des_decrypt3 des_decrypt3_u16_risc1_idx
@@ -198,11 +198,11 @@ extern void exit();
 #define DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc2_idx
+#define des_encrypt1 des_encrypt_u16_risc2_idx
 #define des_encrypt2 des_encrypt2_u16_risc2_idx
 #define des_encrypt3 des_encrypt3_u16_risc2_idx
 #define des_decrypt3 des_decrypt3_u16_risc2_idx
@@ -218,11 +218,11 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_cisc_ptr
+#define des_encrypt1 des_encrypt_u4_cisc_ptr
 #define des_encrypt2 des_encrypt2_u4_cisc_ptr
 #define des_encrypt3 des_encrypt3_u4_cisc_ptr
 #define des_decrypt3 des_decrypt3_u4_cisc_ptr
@@ -234,11 +234,11 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_cisc_ptr
+#define des_encrypt1 des_encrypt_u16_cisc_ptr
 #define des_encrypt2 des_encrypt2_u16_cisc_ptr
 #define des_encrypt3 des_encrypt3_u16_cisc_ptr
 #define des_decrypt3 des_decrypt3_u16_cisc_ptr
@@ -250,11 +250,11 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc1_ptr
+#define des_encrypt1 des_encrypt_u4_risc1_ptr
 #define des_encrypt2 des_encrypt2_u4_risc1_ptr
 #define des_encrypt3 des_encrypt3_u4_risc1_ptr
 #define des_decrypt3 des_decrypt3_u4_risc1_ptr
@@ -270,11 +270,11 @@ extern void exit();
 #define DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc2_ptr
+#define des_encrypt1 des_encrypt_u4_risc2_ptr
 #define des_encrypt2 des_encrypt2_u4_risc2_ptr
 #define des_encrypt3 des_encrypt3_u4_risc2_ptr
 #define des_decrypt3 des_decrypt3_u4_risc2_ptr
@@ -286,11 +286,11 @@ extern void exit();
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc1_ptr
+#define des_encrypt1 des_encrypt_u16_risc1_ptr
 #define des_encrypt2 des_encrypt2_u16_risc1_ptr
 #define des_encrypt3 des_encrypt3_u16_risc1_ptr
 #define des_decrypt3 des_decrypt3_u16_risc1_ptr
@@ -302,11 +302,11 @@ extern void exit();
 #define DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
+#undef des_encrypt1
 #undef des_encrypt2
 #undef des_encrypt3
 #undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc2_ptr
+#define des_encrypt1 des_encrypt_u16_risc2_ptr
 #define des_encrypt2 des_encrypt2_u16_risc2_ptr
 #define des_encrypt3 des_encrypt3_u16_risc2_ptr
 #define des_decrypt3 des_decrypt3_u16_risc2_ptr
@@ -453,7 +453,7 @@ int main(int argc, char **argv)
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+			des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d < 3.0);
 	ca=count;
--- a/crypto/des/dess.cpp
+++ b/crypto/des/dess.cpp
@@ -45,19 +45,19 @@ void main(int argc,char *argv[])
 		{
 		for (i=0; i<1000; i++) /**/
 			{
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			GetTSC(s1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			GetTSC(e1);
 			GetTSC(s2);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			GetTSC(e2);
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			}

 		printf("des %d %d (%d)\n",
--- a/crypto/des/ecb_enc.c
+++ b/crypto/des/ecb_enc.c
@@ -114,7 +114,7 @@ void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,

 	c2l(in,l); ll[0]=l;
 	c2l(in,l); ll[1]=l;
-	des_encrypt(ll,ks,enc);
+	des_encrypt1(ll,ks,enc);
 	l=ll[0]; l2c(l,out);
 	l=ll[1]; l2c(l,out);
 	l=ll[0]=ll[1]=0;
--- a/crypto/des/ede_cbcm_enc.c
+++ b/crypto/des/ede_cbcm_enc.c
@@ -95,7 +95,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
 	    {
 	    tin[0]=m0;
 	    tin[1]=m1;
-	    des_encrypt(tin,ks3,1);
+	    des_encrypt1(tin,ks3,1);
 	    m0=tin[0];
 	    m1=tin[1];

@@ -113,13 +113,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,

 	    tin[0]=tin0;
 	    tin[1]=tin1;
-	    des_encrypt(tin,ks1,1);
+	    des_encrypt1(tin,ks1,1);
 	    tin[0]^=m0;
 	    tin[1]^=m1;
-	    des_encrypt(tin,ks2,0);
+	    des_encrypt1(tin,ks2,0);
 	    tin[0]^=m0;
 	    tin[1]^=m1;
-	    des_encrypt(tin,ks1,1);
+	    des_encrypt1(tin,ks1,1);
 	    tout0=tin[0];
 	    tout1=tin[1];

@@ -146,7 +146,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
 	    {
 	    tin[0]=m0;
 	    tin[1]=m1;
-	    des_encrypt(tin,ks3,1);
+	    des_encrypt1(tin,ks3,1);
 	    m0=tin[0];
 	    m1=tin[1];

@@ -158,13 +158,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,

 	    tin[0]=tin0;
 	    tin[1]=tin1;
-	    des_encrypt(tin,ks1,0);
+	    des_encrypt1(tin,ks1,0);
 	    tin[0]^=m0;
 	    tin[1]^=m1;
-	    des_encrypt(tin,ks2,1);
+	    des_encrypt1(tin,ks2,1);
 	    tin[0]^=m0;
 	    tin[1]^=m1;
-	    des_encrypt(tin,ks1,0);
+	    des_encrypt1(tin,ks1,0);
 	    tout0=tin[0];
 	    tout1=tin[1];

--- a/crypto/des/ncbc_enc.c
+++ b/crypto/des/ncbc_enc.c
@@ -89,7 +89,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			c2l(in,tin1);
 			tin0^=tout0; tin[0]=tin0;
 			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
@@ -98,7 +98,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			c2ln(in,tin0,tin1,l+8);
 			tin0^=tout0; tin[0]=tin0;
 			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
@@ -116,7 +116,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			{
 			c2l(in,tin0); tin[0]=tin0;
 			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2c(tout0,out);
@@ -128,7 +128,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			{
 			c2l(in,tin0); tin[0]=tin0;
 			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2cn(tout0,tout1,out,l+8);
--- a/crypto/des/ofb64enc.c
+++ b/crypto/des/ofb64enc.c
@@ -87,7 +87,7 @@ void des_ofb64_encrypt(register const unsigned char *in,
 		{
 		if (n == 0)
 			{
-			des_encrypt(ti,schedule,DES_ENCRYPT);
+			des_encrypt1(ti,schedule,DES_ENCRYPT);
 			dp=d;
 			t=ti[0]; l2c(t,dp);
 			t=ti[1]; l2c(t,dp);
--- a/crypto/des/ofb_enc.c
+++ b/crypto/des/ofb_enc.c
@@ -101,7 +101,7 @@ void des_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
 		{
 		ti[0]=v0;
 		ti[1]=v1;
-		des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+		des_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
 		vv0=ti[0];
 		vv1=ti[1];
 		c2ln(in,d0,d1,n);
--- a/crypto/des/pcbc_enc.c
+++ b/crypto/des/pcbc_enc.c
@@ -85,7 +85,7 @@ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
 				c2ln(in,sin0,sin1,length);
 			tin[0]=sin0^xor0;
 			tin[1]=sin1^xor1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
 			tout0=tin[0];
 			tout1=tin[1];
 			xor0=sin0^tout0;
@@ -103,7 +103,7 @@ void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
 			c2l(in,sin1);
 			tin[0]=sin0;
 			tin[1]=sin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			if (length >= 8)
--- a/crypto/des/speed.c
+++ b/crypto/des/speed.c
@@ -204,7 +204,7 @@ int main(int argc, char **argv)
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+			des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d < 3.0);
 	ca=count;
@@ -241,7 +241,7 @@ int main(int argc, char **argv)
 		{
 		DES_LONG data[2];

-		des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+		des_encrypt1(data,&(sch[0]),DES_ENCRYPT);
 		}
 	d=Time_F(STOP);
 	printf("%ld des_encrypt's in %.2f second\n",count,d);
--- a/crypto/des/xcbc_enc.c
+++ b/crypto/des/xcbc_enc.c
@@ -138,7 +138,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
 			c2l(in,tin1);
 			tin0^=tout0^inW0; tin[0]=tin0;
 			tin1^=tout1^inW1; tin[1]=tin1;
-			des_encrypt(tin,schedule,DES_ENCRYPT);
+			des_encrypt1(tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]^outW0; l2c(tout0,out);
 			tout1=tin[1]^outW1; l2c(tout1,out);
 			}
@@ -147,7 +147,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
 			c2ln(in,tin0,tin1,l+8);
 			tin0^=tout0^inW0; tin[0]=tin0;
 			tin1^=tout1^inW1; tin[1]=tin1;
-			des_encrypt(tin,schedule,DES_ENCRYPT);
+			des_encrypt1(tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]^outW0; l2c(tout0,out);
 			tout1=tin[1]^outW1; l2c(tout1,out);
 			}
@@ -163,7 +163,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
 			{
 			c2l(in,tin0); tin[0]=tin0^outW0;
 			c2l(in,tin1); tin[1]=tin1^outW1;
-			des_encrypt(tin,schedule,DES_DECRYPT);
+			des_encrypt1(tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0^inW0;
 			tout1=tin[1]^xor1^inW1;
 			l2c(tout0,out);
@@ -175,7 +175,7 @@ void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
 			{
 			c2l(in,tin0); tin[0]=tin0^outW0;
 			c2l(in,tin1); tin[1]=tin1^outW1;
-			des_encrypt(tin,schedule,DES_DECRYPT);
+			des_encrypt1(tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0^inW0;
 			tout1=tin[1]^xor1^inW1;
 			l2cn(tout0,tout1,out,l+8);
--- a/crypto/dh/Makefile.ssl
+++ b/crypto/dh/Makefile.ssl
@@ -115,8 +115,7 @@ dh_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dh_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 dh_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-dh_key.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dh_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dh_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
@@ -134,8 +133,7 @@ dh_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
 dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 dh_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/rijndael-alg-fst.h
-dh_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+dh_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -100,7 +100,6 @@ DH_METHOD *DH_OpenSSL(void)
 static int generate_key(DH *dh)
 	{
 	int ok=0;
-	unsigned int i;
 	BN_CTX ctx;
 	BN_MONT_CTX *mont;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
@@ -109,15 +108,11 @@ static int generate_key(DH *dh)

 	if (dh->priv_key == NULL)
 		{
-		i=dh->length;
-		if (i == 0)
-			{
-			/* Make the number p-1 bits long */
-			i=BN_num_bits(dh->p)-1;
-			}
 		priv_key=BN_new();
 		if (priv_key == NULL) goto err;
-		if (!BN_rand(priv_key,i,0,0)) goto err;
+		do
+			if (!BN_rand_range(priv_key, dh->p)) goto err;
+		while (BN_is_zero(priv_key));
 		}
 	else
 		priv_key=dh->priv_key;
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -168,13 +168,13 @@ DH *DH_new_method(ENGINE *engine)
 	ret->method_mont_p=NULL;
 	ret->references = 1;
 	ret->flags=meth->flags;
+	CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
 	if ((meth->init != NULL) && !meth->init(ret))
 		{
+		CRYPTO_free_ex_data(dh_meth,ret,&ret->ex_data);
 		OPENSSL_free(ret);
 		ret=NULL;
 		}
-	else
-		CRYPTO_new_ex_data(dh_meth,ret,&ret->ex_data);
 	return(ret);
 	}

@@ -196,12 +196,12 @@ void DH_free(DH *r)
 	}
 #endif

-	CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
-
 	meth = ENGINE_get_DH(r->engine);
 	if(meth->finish) meth->finish(r);
 	ENGINE_finish(r->engine);

+	CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
+
 	if (r->p != NULL) BN_clear_free(r->p);
 	if (r->g != NULL) BN_clear_free(r->g);
 	if (r->q != NULL) BN_clear_free(r->q);
--- a/Show More
+++ b/Show More