merge with openssl-0.9.7-stable-SNAP-20020911,

new minor for libcrypto (_X509_REQ_print_ex)
tested by miod@, pb@

153 files changed, 2465 insertions, 1211 deletions

diff --git a/src/lib/libcrypto/Makefile.ssl b/src/lib/libcrypto/Makefile.ssl
index 2489b614c6..db8baf385e 100644
--- a/src/lib/libcrypto/Makefile.ssl
+++ b/src/lib/libcrypto/Makefile.ssl
@@ -98,7 +98,7 @@ lib:	$(LIBOBJ)
 
 shared:
         if [ -n "$(SHARED_LIBS)" ]; then \
-                (cd ..; make $(SHARED_LIB)); \
+                (cd ..; $(MAKE) $(SHARED_LIB)); \
         fi
 
 libs:
diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c
index ed0bdfbde1..e0265f69d2 100644
--- a/src/lib/libcrypto/asn1/a_bitstr.c
+++ b/src/lib/libcrypto/asn1/a_bitstr.c
@@ -120,6 +120,12 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
         unsigned char *p,*s;
         int i;
 
+        if (len < 1)
+                {
+                i=ASN1_R_STRING_TOO_SHORT;
+                goto err;
+                }
+
         if ((a == NULL) || ((*a) == NULL))
                 {
                 if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
index 8dab29dca1..7ddb7662f1 100644
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -544,7 +544,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
 {
         ASN1_STRING stmp, *str = &stmp;
         int mbflag, type, ret;
-        if(!*out || !in) return -1;
+        if(!in) return -1;
         type = in->type;
         if((type < 0) || (type > 30)) return -1;
         mbflag = tag2nbyte[type];
@@ -553,6 +553,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
         stmp.data = NULL;
         ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
         if(ret < 0) return ret;
-        if(out) *out = stmp.data;
+        *out = stmp.data;
         return stmp.length;
 }
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c
index 848c29a2dd..739f272ecf 100644
--- a/src/lib/libcrypto/asn1/t_req.c
+++ b/src/lib/libcrypto/asn1/t_req.c
@@ -82,7 +82,7 @@ int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
         }
 #endif
 
-int X509_REQ_print(BIO *bp, X509_REQ *x)
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
         {
         unsigned long l;
         int i;
@@ -92,143 +92,185 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
         STACK_OF(X509_ATTRIBUTE) *sk;
         STACK_OF(X509_EXTENSION) *exts;
         char str[128];
+        char mlch = ' ';
+        int nmindent = 0;
+
+        if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+                mlch = '\n';
+                nmindent = 12;
+        }
+
+        if(nmflags == X509_FLAG_COMPAT)
+                nmindent = 16;
+
 
         ri=x->req_info;
-        sprintf(str,"Certificate Request:\n");
-        if (BIO_puts(bp,str) <= 0) goto err;
-        sprintf(str,"%4sData:\n","");
-        if (BIO_puts(bp,str) <= 0) goto err;
-
-        neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
-        l=0;
-        for (i=0; i<ri->version->length; i++)
-                { l<<=8; l+=ri->version->data[i]; }
-        sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
-        if (BIO_puts(bp,str) <= 0) goto err;
-        sprintf(str,"%8sSubject: ","");
-        if (BIO_puts(bp,str) <= 0) goto err;
-
-        X509_NAME_print(bp,ri->subject,16);
-        sprintf(str,"\n%8sSubject Public Key Info:\n","");
-        if (BIO_puts(bp,str) <= 0) goto err;
-        i=OBJ_obj2nid(ri->pubkey->algor->algorithm);
-        sprintf(str,"%12sPublic Key Algorithm: %s\n","",
-                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-        if (BIO_puts(bp,str) <= 0) goto err;
-
-        pkey=X509_REQ_get_pubkey(x);
-#ifndef OPENSSL_NO_RSA
-        if (pkey != NULL && pkey->type == EVP_PKEY_RSA)
+        if(!(cflag & X509_FLAG_NO_HEADER))
                 {
-                BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-                        BN_num_bits(pkey->pkey.rsa->n));
-                RSA_print(bp,pkey->pkey.rsa,16);
+                if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
+                if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
                 }
-        else 
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey != NULL && pkey->type == EVP_PKEY_DSA)
+        if(!(cflag & X509_FLAG_NO_VERSION))
                 {
-                BIO_printf(bp,"%12sDSA Public Key:\n","");
-                DSA_print(bp,pkey->pkey.dsa,16);
+                neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+                l=0;
+                for (i=0; i<ri->version->length; i++)
+                        { l<<=8; l+=ri->version->data[i]; }
+                sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
+                if (BIO_puts(bp,str) <= 0) goto err;
                 }
-        else
-#endif
-                BIO_printf(bp,"%12sUnknown Public Key:\n","");
+        if(!(cflag & X509_FLAG_NO_SUBJECT))
+                {
+                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_PUBKEY))
+                {
+                if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+                        goto err;
+                if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+                        goto err;
+                if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
+                        goto err;
+                if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
 
-        if (pkey != NULL)
-            EVP_PKEY_free(pkey);
+                pkey=X509_REQ_get_pubkey(x);
+                if (pkey == NULL)
+                        {
+                        BIO_printf(bp,"%12sUnable to load Public Key\n","");
+                        ERR_print_errors(bp);
+                        }
+                else
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+                        BN_num_bits(pkey->pkey.rsa->n));
+                        RSA_print(bp,pkey->pkey.rsa,16);
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                        {
+                        BIO_printf(bp,"%12sDSA Public Key:\n","");
+                        DSA_print(bp,pkey->pkey.dsa,16);
+                        }
+                else
+#endif
+                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
 
-        /* may not be */
-        sprintf(str,"%8sAttributes:\n","");
-        if (BIO_puts(bp,str) <= 0) goto err;
+                EVP_PKEY_free(pkey);
+                }
 
-        sk=x->req_info->attributes;
-        if (sk_X509_ATTRIBUTE_num(sk) == 0)
+        if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
                 {
-                sprintf(str,"%12sa0:00\n","");
+                /* may not be */
+                sprintf(str,"%8sAttributes:\n","");
                 if (BIO_puts(bp,str) <= 0) goto err;
-                }
-        else
-                {
-                for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+
+                sk=x->req_info->attributes;
+                if (sk_X509_ATTRIBUTE_num(sk) == 0)
                         {
-                        ASN1_TYPE *at;
-                        X509_ATTRIBUTE *a;
-                        ASN1_BIT_STRING *bs=NULL;
-                        ASN1_TYPE *t;
-                        int j,type=0,count=1,ii=0;
-
-                        a=sk_X509_ATTRIBUTE_value(sk,i);
-                        if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
-                                                                continue;
-                        sprintf(str,"%12s","");
+                        sprintf(str,"%12sa0:00\n","");
                         if (BIO_puts(bp,str) <= 0) goto err;
-                        if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
+                        }
+                else
                         {
-                        if (a->single)
+                        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
                                 {
-                                t=a->value.single;
-                                type=t->type;
-                                bs=t->value.bit_string;
-                                }
-                        else
+                                ASN1_TYPE *at;
+                                X509_ATTRIBUTE *a;
+                                ASN1_BIT_STRING *bs=NULL;
+                                ASN1_TYPE *t;
+                                int j,type=0,count=1,ii=0;
+
+                                a=sk_X509_ATTRIBUTE_value(sk,i);
+                                if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+                                                                        continue;
+                                sprintf(str,"%12s","");
+                                if (BIO_puts(bp,str) <= 0) goto err;
+                                if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
                                 {
-                                ii=0;
-                                count=sk_ASN1_TYPE_num(a->value.set);
+                                if (a->single)
+                                        {
+                                        t=a->value.single;
+                                        type=t->type;
+                                        bs=t->value.bit_string;
+                                        }
+                                else
+                                        {
+                                        ii=0;
+                                        count=sk_ASN1_TYPE_num(a->value.set);
 get_next:
-                                at=sk_ASN1_TYPE_value(a->value.set,ii);
-                                type=at->type;
-                                bs=at->value.asn1_string;
+                                        at=sk_ASN1_TYPE_value(a->value.set,ii);
+                                        type=at->type;
+                                        bs=at->value.asn1_string;
+                                        }
+                                }
+                                for (j=25-j; j>0; j--)
+                                        if (BIO_write(bp," ",1) != 1) goto err;
+                                if (BIO_puts(bp,":") <= 0) goto err;
+                                if (    (type == V_ASN1_PRINTABLESTRING) ||
+                                        (type == V_ASN1_T61STRING) ||
+                                        (type == V_ASN1_IA5STRING))
+                                        {
+                                        if (BIO_write(bp,(char *)bs->data,bs->length)
+                                                != bs->length)
+                                                goto err;
+                                        BIO_puts(bp,"\n");
+                                        }
+                                else
+                                        {
+                                        BIO_puts(bp,"unable to print attribute\n");
+                                        }
+                                if (++ii < count) goto get_next;
                                 }
                         }
-                        for (j=25-j; j>0; j--)
-                                if (BIO_write(bp," ",1) != 1) goto err;
-                        if (BIO_puts(bp,":") <= 0) goto err;
-                        if (    (type == V_ASN1_PRINTABLESTRING) ||
-                                (type == V_ASN1_T61STRING) ||
-                                (type == V_ASN1_IA5STRING))
+                }
+        if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
+                {
+                exts = X509_REQ_get_extensions(x);
+                if(exts)
+                        {
+                        BIO_printf(bp,"%8sRequested Extensions:\n","");
+                        for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
                                 {
-                                if (BIO_write(bp,(char *)bs->data,bs->length)
-                                        != bs->length)
+                                ASN1_OBJECT *obj;
+                                X509_EXTENSION *ex;
+                                int j;
+                                ex=sk_X509_EXTENSION_value(exts, i);
+                                if (BIO_printf(bp,"%12s","") <= 0) goto err;
+                                obj=X509_EXTENSION_get_object(ex);
+                                i2a_ASN1_OBJECT(bp,obj);
+                                j=X509_EXTENSION_get_critical(ex);
+                                if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
                                         goto err;
-                                BIO_puts(bp,"\n");
-                                }
-                        else
-                                {
-                                BIO_puts(bp,"unable to print attribute\n");
+                                if(!X509V3_EXT_print(bp, ex, 0, 16))
+                                        {
+                                        BIO_printf(bp, "%16s", "");
+                                        M_ASN1_OCTET_STRING_print(bp,ex->value);
+                                        }
+                                if (BIO_write(bp,"\n",1) <= 0) goto err;
                                 }
-                        if (++ii < count) goto get_next;
+                        sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
                         }
                 }
 
-        exts = X509_REQ_get_extensions(x);
-        if(exts) {
-                BIO_printf(bp,"%8sRequested Extensions:\n","");
-                for (i=0; i<sk_X509_EXTENSION_num(exts); i++) {
-                        ASN1_OBJECT *obj;
-                        X509_EXTENSION *ex;
-                        int j;
-                        ex=sk_X509_EXTENSION_value(exts, i);
-                        if (BIO_printf(bp,"%12s","") <= 0) goto err;
-                        obj=X509_EXTENSION_get_object(ex);
-                        i2a_ASN1_OBJECT(bp,obj);
-                        j=X509_EXTENSION_get_critical(ex);
-                        if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
-                                goto err;
-                        if(!X509V3_EXT_print(bp, ex, 0, 16)) {
-                                BIO_printf(bp, "%16s", "");
-                                M_ASN1_OCTET_STRING_print(bp,ex->value);
-                        }
-                        if (BIO_write(bp,"\n",1) <= 0) goto err;
+        if(!(cflag & X509_FLAG_NO_SIGDUMP))
+                {
+                if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
                 }
-                sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-        }
-
-        if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
 
         return(1);
 err:
         X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
         return(0);
         }
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+        {
+        return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+        }
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index 0fc1f421e2..f87c08793a 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -913,10 +913,10 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i
                         ctx->ptag = ptag;
                         ctx->hdrlen = p - q;
                         ctx->valid = 1;
-                        /* If definite length, length + header can't exceed total
-                         * amount of data available.
+                        /* If definite length, and no error, length +
+                         * header can't exceed total amount of data available. 
                          */
-                        if(!(i & 1) && ((plen + ctx->hdrlen) > len)) {
+                        if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
                                 ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
                                 asn1_tlc_clear(ctx);
                                 return 0;
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c
index 3ce1290772..80c9cb69db 100644
--- a/src/lib/libcrypto/bio/b_print.c
+++ b/src/lib/libcrypto/bio/b_print.c
@@ -109,7 +109,7 @@
  * o ...                                       (for OpenSSL)
  */
 
-#if HAVE_LONG_DOUBLE
+#ifdef HAVE_LONG_DOUBLE
 #define LDOUBLE long double
 #else
 #define LDOUBLE double
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index 1eaf879553..b40682f831 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -430,7 +430,7 @@ int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
 int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
         BN_MONT_CTX *mont, BN_CTX *ctx);
 void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
 BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
 
 BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com
index 4847a69a71..dfcff11860 100644
--- a/src/lib/libcrypto/crypto-lib.com
+++ b/src/lib/libcrypto/crypto-lib.com
@@ -231,7 +231,7 @@ $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
         "rand_vms"
 $ LIB_ERR = "err,err_all,err_prn"
 $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
-$ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ -
+$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
         "e_des,e_bf,e_idea,e_des3,"+ -
         "e_rc4,e_aes,names,"+ -
         "e_xcbc_d,e_rc2,e_cast,e_rc5"
@@ -265,14 +265,14 @@ $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
         "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
         "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ -
         "v3_ocsp,v3_akeya"
-$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall"
+$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
 $ LIB_TXT_DB = "txt_db"
 $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
         "pk7_mime"
 $ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
         "p12_init,p12_key,p12_kiss,p12_mutl,"+ -
         "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
-$ LIB_COMP = "comp_lib,"+ -
+$ LIB_COMP = "comp_lib,comp_err,"+ -
         "c_rle,c_zlib"
 $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
         "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err"
@@ -1325,7 +1325,7 @@ $   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
 $!
 $!  Show user the result
 $!
-$   WRITE SYS$OUTPUT "Main C Compiling Command: ",CC
+$   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
 $!
 $!  Else The User Entered An Invalid Arguement.
 $!
@@ -1356,7 +1356,7 @@ $ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE
 $!
 $!  Show user the result
 $!
-$   WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
+$   WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
 $!
 $! Time to check the contents, and to make sure we get the correct library.
 $!
diff --git a/src/lib/libcrypto/des/Makefile.ssl b/src/lib/libcrypto/des/Makefile.ssl
index ee5849d8fa..826ffcc58c 100644
--- a/src/lib/libcrypto/des/Makefile.ssl
+++ b/src/lib/libcrypto/des/Makefile.ssl
@@ -207,7 +207,8 @@ ecb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h ecb_enc.c spr.h
+ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
+ecb_enc.o: spr.h
 ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
diff --git a/src/lib/libcrypto/des/des_ver.h b/src/lib/libcrypto/des/des_ver.h
index 0fa94d5368..ec9cc736e3 100644
--- a/src/lib/libcrypto/des/des_ver.h
+++ b/src/lib/libcrypto/des/des_ver.h
@@ -63,5 +63,5 @@
 # define OPENSSL_EXTERN OPENSSL_EXPORT
 #endif
 
-OPENSSL_EXTERN char *DES_version;       /* SSLeay version string */
-OPENSSL_EXTERN char *libdes_version;    /* old libdes version string */
+OPENSSL_EXTERN const char *DES_version; /* SSLeay version string */
+OPENSSL_EXTERN const char *libdes_version;      /* old libdes version string */
diff --git a/src/lib/libcrypto/des/ecb_enc.c b/src/lib/libcrypto/des/ecb_enc.c
index 4650f2fa0f..1b70f68806 100644
--- a/src/lib/libcrypto/des/ecb_enc.c
+++ b/src/lib/libcrypto/des/ecb_enc.c
@@ -57,6 +57,7 @@
  */
 
 #include "des_locl.h"
+#include "des_ver.h"
 #include "spr.h"
 #include <openssl/opensslv.h>
 
diff --git a/src/lib/libcrypto/des/set_key.c b/src/lib/libcrypto/des/set_key.c
index 683916e71b..143008ed9c 100644
--- a/src/lib/libcrypto/des/set_key.c
+++ b/src/lib/libcrypto/des/set_key.c
@@ -342,7 +342,7 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
         register DES_LONG *k;
         register int i;
 
-#if OPENBSD_DEV_CRYPTO
+#ifdef OPENBSD_DEV_CRYPTO
         memcpy(schedule->key,key,sizeof schedule->key);
         schedule->session=NULL;
 #endif
diff --git a/src/lib/libcrypto/doc/DH_set_method.pod b/src/lib/libcrypto/doc/DH_set_method.pod
index d990bf8786..73261fc467 100644
--- a/src/lib/libcrypto/doc/DH_set_method.pod
+++ b/src/lib/libcrypto/doc/DH_set_method.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-DH_set_default_openssl_method, DH_get_default_openssl_method,
+DH_set_default_method, DH_get_default_method,
 DH_set_method, DH_new_method, DH_OpenSSL - select DH method
 
 =head1 SYNOPSIS
@@ -10,45 +10,47 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method
  #include <openssl/dh.h>
  #include <openssl/engine.h>
 
- void DH_set_default_openssl_method(DH_METHOD *meth);
+ void DH_set_default_method(const DH_METHOD *meth);
 
- DH_METHOD *DH_get_default_openssl_method(void);
+ const DH_METHOD *DH_get_default_method(void);
 
- int DH_set_method(DH *dh, ENGINE *engine);
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
 
  DH *DH_new_method(ENGINE *engine);
 
- DH_METHOD *DH_OpenSSL(void);
+ const DH_METHOD *DH_OpenSSL(void);
 
 =head1 DESCRIPTION
 
 A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
 operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-
-Initially, the default is to use the OpenSSL internal implementation.
-DH_OpenSSL() returns a pointer to that method.
-
-DH_set_default_openssl_method() makes B<meth> the default method for all DH
-structures created later. B<NB:> This is true only whilst the default engine
-for Diffie-Hellman operations remains as "openssl". ENGINEs provide an
-encapsulation for implementations of one or more algorithms, and all the DH
-functions mentioned here operate within the scope of the default
-"openssl" engine.
-
-DH_get_default_openssl_method() returns a pointer to the current default
-method for the "openssl" engine.
-
-DH_set_method() selects B<engine> as the engine that will be responsible for
-all operations using the structure B<dh>. If this function completes successfully,
-then the B<dh> structure will have its own functional reference of B<engine>, so
-the caller should remember to free their own reference to B<engine> when they are
-finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by
-ENGINE_get_DH() or ENGINE_set_DH().
-
-DH_new_method() allocates and initializes a DH structure so that
-B<engine> will be used for the DH operations. If B<engine> is NULL,
-the default engine for Diffie-Hellman opertaions is used.
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DH API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DH_METHOD is the OpenSSL internal implementation, as
+returned by DH_OpenSSL().
+
+DH_set_default_method() makes B<meth> the default method for all DH
+structures created later. B<NB>: This is true only whilst no ENGINE has been set
+as a default for DH, so this function is no longer recommended.
+
+DH_get_default_method() returns a pointer to the current default DH_METHOD.
+However, the meaningfulness of this result is dependant on whether the ENGINE
+API is being used, so this function is no longer recommended.
+
+DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
+This will replace the DH_METHOD used by the DH key and if the previous method
+was supplied by an ENGINE, the handle to that ENGINE will be released during the
+change. It is possible to have DH keys that only work with certain DH_METHOD
+implementations (eg. from an ENGINE module that supports embedded
+hardware-protected keys), and in such cases attempting to change the DH_METHOD
+for the key can have unexpected results.
+
+DH_new_method() allocates and initializes a DH structure so that B<engine> will
+be used for the DH operations. If B<engine> is NULL, the default ENGINE for DH
+operations is used, and if no default ENGINE is set, the DH_METHOD controlled by
+DH_set_default_method() is used.
 
 =head1 THE DH_METHOD STRUCTURE
 
@@ -82,17 +84,28 @@ the default engine for Diffie-Hellman opertaions is used.
 
 =head1 RETURN VALUES
 
-DH_OpenSSL() and DH_get_default_openssl_method() return pointers to the
-respective B<DH_METHOD>s.
+DH_OpenSSL() and DH_get_default_method() return pointers to the respective
+B<DH_METHOD>s.
+
+DH_set_default_method() returns no value.
+
+DH_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dh> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
 
-DH_set_default_openssl_method() returns no value.
+DH_new_method() returns NULL and sets an error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+returns a pointer to the newly allocated structure.
 
-DH_set_method() returns non-zero if the ENGINE associated with B<dh>
-was successfully changed to B<engine>.
+=head1 NOTES
 
-DH_new_method() returns NULL and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails.
-Otherwise it returns a pointer to the newly allocated structure.
+As of version 0.9.7, DH_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DH functionality using an ENGINE API function,
+that will override any DH defaults set using the DH API (ie.
+DH_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DH and other cryptographic
+algorithms.
 
 =head1 SEE ALSO
 
@@ -103,9 +116,14 @@ L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
 DH_set_default_method(), DH_get_default_method(), DH_set_method(),
 DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
 
-DH_set_default_openssl_method() and DH_get_default_openssl_method()
-replaced DH_set_default_method() and DH_get_default_method() respectively,
-and DH_set_method() and DH_new_method() were altered to use B<ENGINE>s
-rather than B<DH_METHOD>s during development of OpenSSL 0.9.6.
+DH_set_default_openssl_method() and DH_get_default_openssl_method() replaced
+DH_set_default_method() and DH_get_default_method() respectively, and
+DH_set_method() and DH_new_method() were altered to use B<ENGINE>s rather than
+B<DH_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DH API without
+requiring changing these function prototypes.
 
 =cut
diff --git a/src/lib/libcrypto/doc/DSA_dup_DH.pod b/src/lib/libcrypto/doc/DSA_dup_DH.pod
index 695f99a13b..7f6f0d1115 100644
--- a/src/lib/libcrypto/doc/DSA_dup_DH.pod
+++ b/src/lib/libcrypto/doc/DSA_dup_DH.pod
@@ -8,7 +8,7 @@ DSA_dup_DH - create a DH structure out of DSA structure
 
  #include <openssl/dsa.h>
 
- DH * DSA_dup_DH(DSA *r);
+ DH * DSA_dup_DH(const DSA *r);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libcrypto/doc/DSA_new.pod b/src/lib/libcrypto/doc/DSA_new.pod
index 301af912dd..48e9b82a09 100644
--- a/src/lib/libcrypto/doc/DSA_new.pod
+++ b/src/lib/libcrypto/doc/DSA_new.pod
@@ -14,7 +14,8 @@ DSA_new, DSA_free - allocate and free DSA objects
 
 =head1 DESCRIPTION
 
-DSA_new() allocates and initializes a B<DSA> structure.
+DSA_new() allocates and initializes a B<DSA> structure. It is equivalent to
+calling DSA_new_method(NULL).
 
 DSA_free() frees the B<DSA> structure and its components. The values are
 erased before the memory is returned to the system.
diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod
index 36a1052d27..bc3cfb1f0a 100644
--- a/src/lib/libcrypto/doc/DSA_set_method.pod
+++ b/src/lib/libcrypto/doc/DSA_set_method.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-DSA_set_default_openssl_method, DSA_get_default_openssl_method,
+DSA_set_default_method, DSA_get_default_method,
 DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
 
 =head1 SYNOPSIS
@@ -10,11 +10,11 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
  #include <openssl/dsa.h>
  #include <openssl/engine.h>
 
- void DSA_set_default_openssl_method(DSA_METHOD *meth);
+ void DSA_set_default_method(const DSA_METHOD *meth);
 
- DSA_METHOD *DSA_get_default_openssl_method(void);
+ const DSA_METHOD *DSA_get_default_method(void);
 
- int DSA_set_method(DSA *dsa, ENGINE *engine);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
 
  DSA *DSA_new_method(ENGINE *engine);
 
@@ -24,26 +24,35 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
 
 A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
 operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-
-Initially, the default is to use the OpenSSL internal implementation.
-DSA_OpenSSL() returns a pointer to that method.
-
-DSA_set_default_openssl_method() makes B<meth> the default method for
-all DSA structures created later. B<NB:> This is true only whilst the
-default engine for DSA operations remains as "openssl". ENGINEs
-provide an encapsulation for implementations of one or more algorithms at a
-time, and all the DSA functions mentioned here operate within the scope
-of the default "openssl" engine.
-
-DSA_get_default_openssl_method() returns a pointer to the current default
-method for the "openssl" engine.
-
-DSA_set_method() selects B<engine> for all operations using the structure B<dsa>.
-
-DSA_new_method() allocates and initializes a DSA structure so that
-B<engine> will be used for the DSA operations. If B<engine> is NULL,
-the default engine for DSA operations is used.
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DSA API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DSA_METHOD is the OpenSSL internal implementation,
+as returned by DSA_OpenSSL().
+
+DSA_set_default_method() makes B<meth> the default method for all DSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for DSA, so this function is no longer recommended.
+
+DSA_get_default_method() returns a pointer to the current default
+DSA_METHOD. However, the meaningfulness of this result is dependant on
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
+
+DSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have DSA keys that only
+work with certain DSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the DSA_METHOD for the key can have unexpected
+results.
+
+DSA_new_method() allocates and initializes a DSA structure so that B<engine>
+will be used for the DSA operations. If B<engine> is NULL, the default engine
+for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
+controlled by DSA_set_default_method() is used.
 
 =head1 THE DSA_METHOD STRUCTURE
 
@@ -89,18 +98,29 @@ struct
 
 =head1 RETURN VALUES
 
-DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the
-respective B<DSA_METHOD>s.
+DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
+B<DSA_METHOD>s.
 
-DSA_set_default_openssl_method() returns no value.
+DSA_set_default_method() returns no value.
 
-DSA_set_method() returns non-zero if the ENGINE associated with B<dsa>
-was successfully changed to B<engine>.
+DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dsa> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
 
 DSA_new_method() returns NULL and sets an error code that can be
 obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
 fails. Otherwise it returns a pointer to the newly allocated structure.
 
+=head1 NOTES
+
+As of version 0.9.7, DSA_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DSA functionality using an ENGINE API function,
+that will override any DSA defaults set using the DSA API (ie.
+DSA_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DSA and other cryptographic
+algorithms.
+
 =head1 SEE ALSO
 
 L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
@@ -110,9 +130,14 @@ L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
 DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
 DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
 
-DSA_set_default_openssl_method() and DSA_get_default_openssl_method()
-replaced DSA_set_default_method() and DSA_get_default_method() respectively,
-and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s
-rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6.
+DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced
+DSA_set_default_method() and DSA_get_default_method() respectively, and
+DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than
+B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DSA API without
+requiring changing these function prototypes.
 
 =cut
diff --git a/src/lib/libcrypto/doc/DSA_size.pod b/src/lib/libcrypto/doc/DSA_size.pod
index 23b6320a4d..ba4f650361 100644
--- a/src/lib/libcrypto/doc/DSA_size.pod
+++ b/src/lib/libcrypto/doc/DSA_size.pod
@@ -8,7 +8,7 @@ DSA_size - get DSA signature size
 
  #include <openssl/dsa.h>
 
- int DSA_size(DSA *dsa);
+ int DSA_size(const DSA *dsa);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod
index 0451eb648a..25ef07f7c7 100644
--- a/src/lib/libcrypto/doc/EVP_SealInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SealInit.pod
@@ -73,4 +73,6 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>
 
 =head1 HISTORY
 
+EVP_SealFinal() did not return a value before OpenSSL 0.9.7.
+
 =cut
diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
index 464eba416d..c9bb6d9f27 100644
--- a/src/lib/libcrypto/doc/RAND_set_rand_method.pod
+++ b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
@@ -8,22 +8,30 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
 
  #include <openssl/rand.h>
 
- void RAND_set_rand_method(RAND_METHOD *meth);
+ void RAND_set_rand_method(const RAND_METHOD *meth);
 
- RAND_METHOD *RAND_get_rand_method(void);
+ const RAND_METHOD *RAND_get_rand_method(void);
 
  RAND_METHOD *RAND_SSLeay(void);
 
 =head1 DESCRIPTION
 
-A B<RAND_METHOD> specifies the functions that OpenSSL uses for random
-number generation. By modifying the method, alternative
-implementations such as hardware RNGs may be used.  Initially, the
-default is to use the OpenSSL internal implementation. RAND_SSLeay()
-returns a pointer to that method.
+A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
+generation. By modifying the method, alternative implementations such as
+hardware RNGs may be used. IMPORTANT: See the NOTES section for important
+information about how these RAND API functions are affected by the use of
+B<ENGINE> API calls.
 
-RAND_set_rand_method() sets the RAND method to B<meth>.
-RAND_get_rand_method() returns a pointer to the current method.
+Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
+returned by RAND_SSLeay().
+
+RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
+true only whilst no ENGINE has been set as a default for RAND, so this function
+is no longer recommended.
+
+RAND_get_default_method() returns a pointer to the current RAND_METHOD.
+However, the meaningfulness of this result is dependant on whether the ENGINE
+API is being used, so this function is no longer recommended.
 
 =head1 THE RAND_METHOD STRUCTURE
 
@@ -47,13 +55,29 @@ Each component may be NULL if the function is not implemented.
 RAND_set_rand_method() returns no value. RAND_get_rand_method() and
 RAND_SSLeay() return pointers to the respective methods.
 
+=head1 NOTES
+
+As of version 0.9.7, RAND_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for RAND functionality using an ENGINE API function,
+that will override any RAND defaults set using the RAND API (ie.
+RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in RAND and other cryptographic
+algorithms.
+
 =head1 SEE ALSO
 
-L<rand(3)|rand(3)>
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
 
 =head1 HISTORY
 
 RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
 available in all versions of OpenSSL.
 
+In the engine version of version 0.9.6, RAND_set_rand_method() was altered to
+take an ENGINE pointer as its argument. As of version 0.9.7, that has been
+reverted as the ENGINE API transparently overrides RAND defaults if used,
+otherwise RAND API functions work as before. RAND_set_rand_engine() was also
+introduced in version 0.9.7.
+
 =cut
diff --git a/src/lib/libcrypto/doc/RSA_new.pod b/src/lib/libcrypto/doc/RSA_new.pod
index 299047f31f..3d15b92824 100644
--- a/src/lib/libcrypto/doc/RSA_new.pod
+++ b/src/lib/libcrypto/doc/RSA_new.pod
@@ -14,7 +14,8 @@ RSA_new, RSA_free - allocate and free RSA objects
 
 =head1 DESCRIPTION
 
-RSA_new() allocates and initializes an B<RSA> structure.
+RSA_new() allocates and initializes an B<RSA> structure. It is equivalent to
+calling RSA_new_method(NULL).
 
 RSA_free() frees the B<RSA> structure and its components. The key is
 erased before the memory is returned to the system.
@@ -30,7 +31,8 @@ RSA_free() returns no value.
 =head1 SEE ALSO
 
 L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_generate_key(3)|RSA_generate_key(3)>
+L<RSA_generate_key(3)|RSA_generate_key(3)>,
+L<RSA_new_method(3)|RSA_new_method(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libcrypto/doc/RSA_set_method.pod b/src/lib/libcrypto/doc/RSA_set_method.pod
index 14917dd35f..0687c2242a 100644
--- a/src/lib/libcrypto/doc/RSA_set_method.pod
+++ b/src/lib/libcrypto/doc/RSA_set_method.pod
@@ -11,52 +11,64 @@ RSA_null_method, RSA_flags, RSA_new_method - select RSA method
  #include <openssl/rsa.h>
  #include <openssl/engine.h>
 
- void RSA_set_default_openssl_method(RSA_METHOD *meth);
+ void RSA_set_default_method(const RSA_METHOD *meth);
 
- RSA_METHOD *RSA_get_default_openssl_method(void);
+ RSA_METHOD *RSA_get_default_method(void);
 
- int RSA_set_method(RSA *rsa, ENGINE *engine);
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
 
- RSA_METHOD *RSA_get_method(RSA *rsa);
+ RSA_METHOD *RSA_get_method(const RSA *rsa);
 
  RSA_METHOD *RSA_PKCS1_SSLeay(void);
 
  RSA_METHOD *RSA_null_method(void);
 
- int RSA_flags(RSA *rsa);
+ int RSA_flags(const RSA *rsa);
 
  RSA *RSA_new_method(ENGINE *engine);
 
 =head1 DESCRIPTION
 
 An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
-operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-
-Initially, the default is to use the OpenSSL internal implementation.
-RSA_PKCS1_SSLeay() returns a pointer to that method.
-
-RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA>
-structures created later. B<NB:> This is true only whilst the default engine
-for RSA operations remains as "openssl". ENGINEs provide an
-encapsulation for implementations of one or more algorithms at a time, and all
-the RSA functions mentioned here operate within the scope of the default
-"openssl" engine.
-
-RSA_get_default_openssl_method() returns a pointer to the current default
-method for the "openssl" engine.
-
-RSA_set_method() selects B<engine> for all operations using the key
-B<rsa>.
-
-RSA_get_method() returns a pointer to the RSA_METHOD from the currently
-selected ENGINE for B<rsa>.
-
-RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
+operations. By modifying the method, alternative implementations such as
+hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these RSA API functions are affected by the
+use of B<ENGINE> API calls.
+
+Initially, the default RSA_METHOD is the OpenSSL internal implementation,
+as returned by RSA_PKCS1_SSLeay().
+
+RSA_set_default_method() makes B<meth> the default method for all RSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for RSA, so this function is no longer recommended.
+
+RSA_get_default_method() returns a pointer to the current default
+RSA_METHOD. However, the meaningfulness of this result is dependant on
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
+
+RSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have RSA keys that only
+work with certain RSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the RSA_METHOD for the key can have unexpected
+results.
+
+RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>.
+This method may or may not be supplied by an ENGINE implementation, but if
+it is, the return value can only be guaranteed to be valid as long as the
+RSA key itself is valid and does not have its implementation changed by
+RSA_set_method().
+
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current
+RSA_METHOD. See the BUGS section.
 
 RSA_new_method() allocates and initializes an RSA structure so that
-B<engine> will be used for the RSA operations. If B<engine> is NULL,
-the default engine for RSA operations is used.
+B<engine> will be used for the RSA operations. If B<engine> is NULL, the
+default ENGINE for RSA operations is used, and if no default ENGINE is set,
+the RSA_METHOD controlled by RSA_set_default_method() is used.
 
 =head1 THE RSA_METHOD STRUCTURE
 
@@ -121,22 +133,45 @@ the default engine for RSA operations is used.
 
 =head1 RETURN VALUES
 
-RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_openssl_method()
+RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_method()
 and RSA_get_method() return pointers to the respective RSA_METHODs.
 
-RSA_set_default_openssl_method() returns no value.
+RSA_set_default_method() returns no value.
 
-RSA_set_method() selects B<engine> as the engine that will be responsible for
-all operations using the structure B<rsa>. If this function completes successfully,
-then the B<rsa> structure will have its own functional reference of B<engine>, so
-the caller should remember to free their own reference to B<engine> when they are
-finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by
-ENGINE_get_RSA() or ENGINE_set_RSA().
+RSA_set_method() returns a pointer to the old RSA_METHOD implementation
+that was replaced. However, this return value should probably be ignored
+because if it was supplied by an ENGINE, the pointer could be invalidated
+at any time if the ENGINE is unloaded (in fact it could be unloaded as a
+result of the RSA_set_method() function releasing its handle to the
+ENGINE). For this reason, the return type may be replaced with a B<void>
+declaration in a future release.
 
-RSA_new_method() returns NULL and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
+RSA_new_method() returns NULL and sets an error code that can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
 it returns a pointer to the newly allocated structure.
 
+=head1 NOTES
+
+As of version 0.9.7, RSA_METHOD implementations are grouped together with
+other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B<ENGINE>
+modules. If a default ENGINE is specified for RSA functionality using an
+ENGINE API function, that will override any RSA defaults set using the RSA
+API (ie.  RSA_set_default_method()). For this reason, the ENGINE API is the
+recommended way to control default implementations for use in RSA and other
+cryptographic algorithms.
+
+=head1 BUGS
+
+The behaviour of RSA_flags() is a mis-feature that is left as-is for now
+to avoid creating compatibility problems. RSA functionality, such as the
+encryption functions, are controlled by the B<flags> value in the RSA key
+itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key
+(which is what this function returns). If the flags element of an RSA key
+is changed, the changes will be honoured by RSA functionality but will not
+be reflected in the return value of the RSA_flags() function - in effect
+RSA_flags() behaves more like an RSA_default_flags() function (which does
+not currently exist).
+
 =head1 SEE ALSO
 
 L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)>
@@ -149,8 +184,14 @@ well as the rsa_sign and rsa_verify components of RSA_METHOD were
 added in OpenSSL 0.9.4.
 
 RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
-replaced RSA_set_default_method() and RSA_get_default_method() respectively,
-and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s
-rather than B<RSA_METHOD>s during development of OpenSSL 0.9.6.
+replaced RSA_set_default_method() and RSA_get_default_method()
+respectively, and RSA_set_method() and RSA_new_method() were altered to use
+B<ENGINE>s rather than B<RSA_METHOD>s during development of the engine
+version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE
+API was restructured so that this change was reversed, and behaviour of the
+other functions resembled more closely the previous behaviour. The
+behaviour of defaults in the ENGINE API now transparently overrides the
+behaviour of defaults in the RSA API without requiring changing these
+function prototypes.
 
 =cut
diff --git a/src/lib/libcrypto/doc/RSA_size.pod b/src/lib/libcrypto/doc/RSA_size.pod
index b36b4d58d5..5b7f835f95 100644
--- a/src/lib/libcrypto/doc/RSA_size.pod
+++ b/src/lib/libcrypto/doc/RSA_size.pod
@@ -8,7 +8,7 @@ RSA_size - get RSA modulus size
 
  #include <openssl/rsa.h>
 
- int RSA_size(RSA *rsa);
+ int RSA_size(const RSA *rsa);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libcrypto/doc/dh.pod b/src/lib/libcrypto/doc/dh.pod
index b4be4be405..c3ccd06207 100644
--- a/src/lib/libcrypto/doc/dh.pod
+++ b/src/lib/libcrypto/doc/dh.pod
@@ -12,20 +12,20 @@ dh - Diffie-Hellman key agreement
  DH *   DH_new(void);
  void   DH_free(DH *dh);
 
- int    DH_size(DH *dh);
+ int    DH_size(const DH *dh);
 
  DH *   DH_generate_parameters(int prime_len, int generator,
                 void (*callback)(int, int, void *), void *cb_arg);
- int    DH_check(DH *dh, int *codes);
+ int    DH_check(const DH *dh, int *codes);
 
  int    DH_generate_key(DH *dh);
  int    DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
 
- void DH_set_default_openssl_method(DH_METHOD *meth);
- DH_METHOD *DH_get_default_openssl_method(void);
- int DH_set_method(DH *dh, ENGINE *engine);
+ void DH_set_default_method(const DH_METHOD *meth);
+ const DH_METHOD *DH_get_default_method(void);
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
  DH *DH_new_method(ENGINE *engine);
- DH_METHOD *DH_OpenSSL(void);
+ const DH_METHOD *DH_OpenSSL(void);
 
  int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
              int (*dup_func)(), void (*free_func)());
@@ -33,10 +33,10 @@ dh - Diffie-Hellman key agreement
  char *DH_get_ex_data(DH *d, int idx);
 
  DH *   d2i_DHparams(DH **a, unsigned char **pp, long length);
- int    i2d_DHparams(DH *a, unsigned char **pp);
+ int    i2d_DHparams(const DH *a, unsigned char **pp);
 
- int    DHparams_print_fp(FILE *fp, DH *x);
- int    DHparams_print(BIO *bp, DH *x);
+ int    DHparams_print_fp(FILE *fp, const DH *x);
+ int    DHparams_print(BIO *bp, const DH *x);
 
 =head1 DESCRIPTION
 
@@ -57,11 +57,20 @@ The B<DH> structure consists of several BIGNUM components.
         };
  DH
 
+Note that DH keys may use non-standard B<DH_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DH
+structure elements directly and instead use API functions to query or
+modify keys.
+
 =head1 SEE ALSO
 
 L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<DH_set_method(3)|DH_set_method(3)>,
-L<DH_new(3)|DH_new(3)>, L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>,
+L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
+L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
 L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
 L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
 L<RSA_print(3)|RSA_print(3)> 
diff --git a/src/lib/libcrypto/doc/dsa.pod b/src/lib/libcrypto/doc/dsa.pod
index 573500204b..ae2e5d81f9 100644
--- a/src/lib/libcrypto/doc/dsa.pod
+++ b/src/lib/libcrypto/doc/dsa.pod
@@ -12,13 +12,13 @@ dsa - Digital Signature Algorithm
  DSA *  DSA_new(void);
  void   DSA_free(DSA *dsa);
 
- int    DSA_size(DSA *dsa);
+ int    DSA_size(const DSA *dsa);
 
  DSA *  DSA_generate_parameters(int bits, unsigned char *seed,
                 int seed_len, int *counter_ret, unsigned long *h_ret,
                 void (*callback)(int, int, void *), void *cb_arg);
 
- DH *   DSA_dup_DH(DSA *r);
+ DH *   DSA_dup_DH(const DSA *r);
 
  int    DSA_generate_key(DSA *dsa);
 
@@ -27,13 +27,13 @@ dsa - Digital Signature Algorithm
  int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
                 BIGNUM **rp);
  int    DSA_verify(int dummy, const unsigned char *dgst, int len,
-                unsigned char *sigbuf, int siglen, DSA *dsa);
+                const unsigned char *sigbuf, int siglen, DSA *dsa);
 
- void DSA_set_default_openssl_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_openssl_method(void);
- int DSA_set_method(DSA *dsa, ENGINE *engine);
+ void DSA_set_default_method(const DSA_METHOD *meth);
+ const DSA_METHOD *DSA_get_default_method(void);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
  DSA *DSA_new_method(ENGINE *engine);
- DSA_METHOD *DSA_OpenSSL(void);
+ const DSA_METHOD *DSA_OpenSSL(void);
 
  int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
              int (*dup_func)(), void (*free_func)());
@@ -42,7 +42,7 @@ dsa - Digital Signature Algorithm
 
  DSA_SIG *DSA_SIG_new(void);
  void   DSA_SIG_free(DSA_SIG *a);
- int    i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp);
+ int    i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
  DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
 
  DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
@@ -52,14 +52,14 @@ dsa - Digital Signature Algorithm
  DSA *  d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
  DSA *  d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
  DSA *  d2i_DSAparams(DSA **a, unsigned char **pp, long length);
- int    i2d_DSAPublicKey(DSA *a, unsigned char **pp);
- int    i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
- int    i2d_DSAparams(DSA *a,unsigned char **pp);
+ int    i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+ int    i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+ int    i2d_DSAparams(const DSA *a,unsigned char **pp);
 
- int    DSAparams_print(BIO *bp, DSA *x);
- int    DSAparams_print_fp(FILE *fp, DSA *x);
- int    DSA_print(BIO *bp, DSA *x, int off);
- int    DSA_print_fp(FILE *bp, DSA *x, int off);
+ int    DSAparams_print(BIO *bp, const DSA *x);
+ int    DSAparams_print_fp(FILE *fp, const DSA *x);
+ int    DSA_print(BIO *bp, const DSA *x, int off);
+ int    DSA_print_fp(FILE *bp, const DSA *x, int off);
 
 =head1 DESCRIPTION
 
@@ -85,6 +85,14 @@ The B<DSA> structure consists of several BIGNUM components.
 
 In public keys, B<priv_key> is NULL.
 
+Note that DSA keys may use non-standard B<DSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DSA
+structure elements directly and instead use API functions to query or
+modify keys.
+
 =head1 CONFORMING TO
 
 US Federal Information Processing Standard FIPS 186 (Digital Signature
diff --git a/src/lib/libcrypto/doc/evp.pod b/src/lib/libcrypto/doc/evp.pod
index edf47dbde6..b3ca14314f 100644
--- a/src/lib/libcrypto/doc/evp.pod
+++ b/src/lib/libcrypto/doc/evp.pod
@@ -24,6 +24,13 @@ functions.  The B<EVP_Digest>I<...> functions provide message digests.
 
 Algorithms are loaded with OpenSSL_add_all_algorithms(3).
 
+All the symmetric algorithms (ciphers) and digests can be replaced by ENGINE
+modules providing alternative implementations. If ENGINE implementations of
+ciphers or digests are registered as defaults, then the various EVP functions
+will automatically use those implementations automatically in preference to
+built in software implementations. For more information, consult the engine(3)
+man page.
+
 =head1 SEE ALSO
 
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
@@ -32,6 +39,7 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
 L<EVP_SealInit(3)|EVP_SealInit(3)>,
 L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>
+L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
+L<engine(3)|engine(3)>
 
 =cut
diff --git a/src/lib/libcrypto/doc/rsa.pod b/src/lib/libcrypto/doc/rsa.pod
index 2b93a12b65..45ac53ffc1 100644
--- a/src/lib/libcrypto/doc/rsa.pod
+++ b/src/lib/libcrypto/doc/rsa.pod
@@ -16,13 +16,17 @@ rsa - RSA public key cryptosystem
     unsigned char *to, RSA *rsa, int padding);
  int RSA_private_decrypt(int flen, unsigned char *from,
     unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa,int padding);
+ int RSA_public_decrypt(int flen, unsigned char *from, 
+    unsigned char *to, RSA *rsa,int padding);
 
  int RSA_sign(int type, unsigned char *m, unsigned int m_len,
     unsigned char *sigret, unsigned int *siglen, RSA *rsa);
  int RSA_verify(int type, unsigned char *m, unsigned int m_len,
     unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 
- int RSA_size(RSA *rsa);
+ int RSA_size(const RSA *rsa);
 
  RSA *RSA_generate_key(int num, unsigned long e,
     void (*callback)(int,int,void *), void *cb_arg);
@@ -32,13 +36,13 @@ rsa - RSA public key cryptosystem
  int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
  void RSA_blinding_off(RSA *rsa);
 
- void RSA_set_default_openssl_method(RSA_METHOD *meth);
- RSA_METHOD *RSA_get_default_openssl_method(void);
- int RSA_set_method(RSA *rsa, ENGINE *engine);
- RSA_METHOD *RSA_get_method(RSA *rsa);
+ void RSA_set_default_method(const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_default_method(void);
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_method(const RSA *rsa);
  RSA_METHOD *RSA_PKCS1_SSLeay(void);
  RSA_METHOD *RSA_null_method(void);
- int RSA_flags(RSA *rsa);
+ int RSA_flags(const RSA *rsa);
  RSA *RSA_new_method(ENGINE *engine);
 
  int RSA_print(BIO *bp, RSA *x, int offset);
@@ -49,11 +53,6 @@ rsa - RSA public key cryptosystem
  int RSA_set_ex_data(RSA *r,int idx,char *arg);
  char *RSA_get_ex_data(RSA *r, int idx);
 
- int RSA_private_encrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa,int padding);
- int RSA_public_decrypt(int flen, unsigned char *from, 
-    unsigned char *to, RSA *rsa,int padding);
-
  int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
     unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
     RSA *rsa);
@@ -90,6 +89,14 @@ B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
 keys, but the RSA operations are much faster when these values are
 available.
 
+Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using RSA
+structure elements directly and instead use API functions to query or
+modify keys.
+
 =head1 CONFORMING TO
 
 SSL, PKCS #1 v2.0
@@ -101,7 +108,7 @@ RSA was covered by a US patent which expired in September 2000.
 =head1 SEE ALSO
 
 L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
-L<rand(3)|rand(3)>, L<RSA_new(3)|RSA_new(3)>,
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>,
 L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
 L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
 L<RSA_generate_key(3)|RSA_generate_key(3)>,
diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c
index f404b1a3b8..6d41b9ed2a 100644
--- a/src/lib/libcrypto/engine/hw_4758_cca.c
+++ b/src/lib/libcrypto/engine/hw_4758_cca.c
@@ -953,7 +953,7 @@ static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
 #ifdef ENGINE_DYNAMIC_SUPPORT 
 static int bind_fn(ENGINE *e, const char *id)
         {
-        if(id && (strcmp(id, engine_cswift_id) != 0))
+        if(id && (strcmp(id, engine_4758_cca_id) != 0))
                 return 0;
         if(!bind_helper(e))
                 return 0;
diff --git a/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c b/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c
index f946389b8a..b8aab545db 100644
--- a/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c
+++ b/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c
@@ -408,7 +408,7 @@ static int do_digest(int ses,unsigned char *md,const void *data,int len)
     cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
     cryp.len=len;
     cryp.src=(caddr_t)data;
-    cryp.dst=(caddr_t)data; // FIXME!!!
+    cryp.dst=(caddr_t)data; /* FIXME!!! */
     cryp.mac=(caddr_t)md;
 
     if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
@@ -420,7 +420,7 @@ static int do_digest(int ses,unsigned char *md,const void *data,int len)
             dcopy=OPENSSL_malloc(len);
             memcpy(dcopy,data,len);
             cryp.src=dcopy;
-            cryp.dst=cryp.src; // FIXME!!!
+            cryp.dst=cryp.src; /* FIXME!!! */
 
             if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
                 {
@@ -437,7 +437,7 @@ static int do_digest(int ses,unsigned char *md,const void *data,int len)
             return 0;
             }
         }
-    //    printf("done\n");
+    /*    printf("done\n"); */
 
     return 1;
     }
@@ -483,7 +483,7 @@ static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
     const MD_DATA *from_md=from->md_data;
     MD_DATA *to_md=to->md_data;
 
-    // How do we copy sessions?
+    /* How do we copy sessions? */
     assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
 
     to_md->data=OPENSSL_malloc(from_md->len);
@@ -530,7 +530,7 @@ static const EVP_MD md5_md=
     NID_md5,
     NID_md5WithRSAEncryption,
     MD5_DIGEST_LENGTH,
-    EVP_MD_FLAG_ONESHOT,        // XXX: set according to device info...
+    EVP_MD_FLAG_ONESHOT,        /* XXX: set according to device info... */
     dev_crypto_md5_init,
     dev_crypto_md5_update,
     dev_crypto_md5_final,
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
index 63397f868c..ed8401ec16 100644
--- a/src/lib/libcrypto/engine/hw_ubsec.c
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -93,7 +93,7 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
 static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 #ifndef OPENSSL_NO_DSA
-#if NOT_USED
+#ifdef NOT_USED
 static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
                 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
@@ -113,7 +113,7 @@ static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh)
 static int ubsec_dh_generate_key(DH *dh);
 #endif
 
-#if NOT_USED
+#ifdef NOT_USED
 static int ubsec_rand_bytes(unsigned char *buf, int num);
 static int ubsec_rand_status(void);
 #endif
@@ -663,7 +663,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 }
 
 #ifndef OPENSSL_NO_DSA
-#if NOT_USED
+#ifdef NOT_USED
 static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
                 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
                 BN_CTX *ctx, BN_MONT_CTX *in_mont)
@@ -987,7 +987,7 @@ err:
         }
 #endif
 
-#if NOT_USED
+#ifdef NOT_USED
 static int ubsec_rand_bytes(unsigned char * buf,
                             int num)
         {
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index 7b088b4848..4d81a3bf4c 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -124,17 +124,17 @@ const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
 BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
                   iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
 
-#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, \
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
                              iv_len, cbits, flags, init_key, cleanup, \
                              set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, block_size, \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, 1, \
                   key_len, iv_len, flags, init_key, cleanup, set_asn1, \
                   get_asn1, ctrl)
 
-#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, \
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
                              iv_len, cbits, flags, init_key, cleanup, \
                              set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, block_size, \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
                   key_len, iv_len, flags, init_key, cleanup, set_asn1, \
                   get_asn1, ctrl)
 
@@ -149,9 +149,9 @@ BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
                           init_key, cleanup, set_asn1, get_asn1, ctrl) \
 BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
                      init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
                      flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
                      flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
 BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
                      init_key, cleanup, set_asn1, get_asn1, ctrl)
diff --git a/src/lib/libcrypto/krb5/Makefile.ssl b/src/lib/libcrypto/krb5/Makefile.ssl
index caf111be8d..7ad0cbb0bc 100644
--- a/src/lib/libcrypto/krb5/Makefile.ssl
+++ b/src/lib/libcrypto/krb5/Makefile.ssl
@@ -45,13 +45,13 @@ lib:	$(LIBOBJ)
         @touch lib
 
 files:
-        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
-        $(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-        $(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-        $(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
         @for i in $(EXHEADER) ; \
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c
index effec714e8..a7826908e6 100644
--- a/src/lib/libcrypto/mem.c
+++ b/src/lib/libcrypto/mem.c
@@ -303,6 +303,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
         {
         void *ret = NULL;
 
+        if (str == NULL)
+                return CRYPTO_malloc(num, file, line);
+
         if (realloc_debug_func != NULL)
                 realloc_debug_func(str, NULL, num, file, line, 0);
         ret = realloc_ex_func(str,num,file,line);
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
index 02c3719f04..ce779dc1b5 100644
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -425,7 +425,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
         a2d_ASN1_OBJECT(p,i,s,-1);
         
         p=buf;
-        op=d2i_ASN1_OBJECT(NULL,&p,i);
+        op=d2i_ASN1_OBJECT(NULL,&p,j);
         OPENSSL_free(buf);
         return op;
         }
diff --git a/src/lib/libcrypto/ocsp/Makefile.ssl b/src/lib/libcrypto/ocsp/Makefile.ssl
index 44eacbbb13..2be98179ae 100644
--- a/src/lib/libcrypto/ocsp/Makefile.ssl
+++ b/src/lib/libcrypto/ocsp/Makefile.ssl
@@ -47,13 +47,13 @@ lib:	$(LIBOBJ)
         @touch lib
 
 files:
-        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
-        $(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-        $(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-        $(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
         @for i in $(EXHEADER) ; \
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 18b751a91a..a8db6ffbf5 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -366,8 +366,11 @@ err:
         memset(iv,0,sizeof(iv));
         memset((char *)&ctx,0,sizeof(ctx));
         memset(buf,0,PEM_BUFSIZE);
-        memset(data,0,(unsigned int)dsize);
-        OPENSSL_free(data);
+        if (data != NULL)
+                {
+                memset(data,0,(unsigned int)dsize);
+                OPENSSL_free(data);
+                }
         return(ret);
         }
 
diff --git a/src/lib/libcrypto/pkcs12/p12_asn.c b/src/lib/libcrypto/pkcs12/p12_asn.c
index c327bdba03..a3739fee1a 100644
--- a/src/lib/libcrypto/pkcs12/p12_asn.c
+++ b/src/lib/libcrypto/pkcs12/p12_asn.c
@@ -83,8 +83,8 @@ ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0)
 
 ASN1_ADB(PKCS12_BAGS) = {
         ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
-        ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
-        ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
+        ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
 } ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
 
 ASN1_SEQUENCE(PKCS12_BAGS) = {
@@ -98,7 +98,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_
 
 ASN1_ADB(PKCS12_SAFEBAG) = {
         ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
-        ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, X509_SIG, 0)),
+        ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
         ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
         ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
         ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index c00ed6833a..985b07245c 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -74,6 +74,13 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
                 if (nid == NID_pkcs7_signed)
                         {
                         ret=p7->detached=(int)larg;
+                        if (ret && PKCS7_type_is_data(p7->d.sign->contents))
+                                        {
+                                        ASN1_OCTET_STRING *os;
+                                        os=p7->d.sign->contents->d.data;
+                                        ASN1_OCTET_STRING_free(os);
+                                        p7->d.sign->contents->d.data = NULL;
+                                        }
                         }
                 else
                         {
diff --git a/src/lib/libcrypto/ripemd/rmdtest.c b/src/lib/libcrypto/ripemd/rmdtest.c
index 19e9741db2..be1fb8b1f6 100644
--- a/src/lib/libcrypto/ripemd/rmdtest.c
+++ b/src/lib/libcrypto/ripemd/rmdtest.c
@@ -59,7 +59,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include <openssl/ripemd.h>
 
 #ifdef OPENSSL_NO_RIPEMD
 int main(int argc, char *argv[])
@@ -68,6 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
+#include <openssl/ripemd.h>
 #include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index 512185e257..7e5728495f 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -2792,3 +2792,4 @@ ASN1_UNIVERSALSTRING_it                 3234	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
 ASN1_UNIVERSALSTRING_it                 3234    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 d2i_ASN1_UNIVERSALSTRING                3235    EXIST::FUNCTION:
 EVP_des_ede3_ecb                        3236    EXIST::FUNCTION:DES
+X509_REQ_print_ex                       3237    EXIST::FUNCTION:BIO
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index c75aa0c717..7095440d36 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -331,6 +331,7 @@ DECLARE_STACK_OF(X509_TRUST)
 #define X509_FLAG_NO_EXTENSIONS         (1L << 8)
 #define X509_FLAG_NO_SIGDUMP            (1L << 9)
 #define X509_FLAG_NO_AUX                (1L << 10)
+#define X509_FLAG_NO_ATTRIBUTES         (1L << 11)
 
 /* Flags specific to X509_NAME_print_ex() */    
 
@@ -1015,6 +1016,7 @@ int		X509_print(BIO *bp,X509 *x);
 int             X509_ocspid_print(BIO *bp,X509 *x);
 int             X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 int             X509_CRL_print(BIO *bp,X509_CRL *x);
+int             X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
 int             X509_REQ_print(BIO *bp,X509_REQ *req);
 #endif
 
diff --git a/src/lib/libssl/crypto/shlib_version b/src/lib/libssl/crypto/shlib_version
index 5b844bbf42..b39addfcc6 100644
--- a/src/lib/libssl/crypto/shlib_version
+++ b/src/lib/libssl/crypto/shlib_version
@@ -1,2 +1,2 @@
 major=7
-minor=0
+minor=1
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
index 5da519e7e4..432a17b66c 100644
--- a/src/lib/libssl/doc/openssl.txt
+++ b/src/lib/libssl/doc/openssl.txt
@@ -344,7 +344,7 @@ the extension.
 
 Examples:
 
-subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
+subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
 subjectAltName=email:my@other.address,RID:1.2.3.4
 
 Issuer Alternative Name.
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 27df7a5a64..9ce5373b51 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -545,7 +545,11 @@ static int ssl3_client_hello(SSL *s)
                 *(p++)=i;
                 if (i != 0)
                         {
-                        die(i <= sizeof s->session->session_id);
+                        if (i > sizeof s->session->session_id)
+                                {
+                                SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
                         memcpy(p,s->session->session_id,i);
                         p+=i;
                         }
@@ -1597,7 +1601,11 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                 SSL_MAX_MASTER_KEY_LENGTH);
                         EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
                         outl += padl;
-                        die(outl <= sizeof epms);
+                        if (outl > sizeof epms)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
                         EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
                         /*  KerberosWrapper.EncryptedPreMasterSecret    */
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index dfffed7165..2e1b0eb892 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -966,7 +966,11 @@ static int ssl3_send_server_hello(SSL *s)
                         s->session->session_id_length=0;
 
                 sl=s->session->session_id_length;
-                die(sl <= sizeof s->session->session_id);
+                if (sl > sizeof s->session->session_id)
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+                        return -1;
+                        }
                 *(p++)=sl;
                 memcpy(p,s->session->session_id,sl);
                 p+=sl;
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index 5c80970b52..03b697cd7e 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,7 +2,13 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.6e and 0.9.7  [XX xxx 2002]
+ Changes between 0.9.6h and 0.9.7  [XX xxx 2002]
+
+  *) Make -nameopt work fully for req and add -reqopt switch.
+     [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
+
+  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+     [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
 
   *) Make sure tests can be performed even if the corresponding algorithms
      have been removed entirely.  This was also the last step to make
@@ -1667,6 +1673,37 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
+ Changes between 0.9.6g and 0.9.6h  [xx XXX xxxx]
+
+  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+     the cached sessions are flushed, as the remove_cb() might use ex_data
+     contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+     (see [openssl.org #212]).
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+     length, instead of the encoding length to d2i_ASN1_OBJECT.
+     [Steve Henson]
+
+ Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
+
+  *) [In 0.9.6g-engine release:]
+     Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
+     [Lynn Gazis <lgazis@rainbow.com>]
+
+ Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
+
+  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+     and get fix the header length calculation.
+     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
+        Alon Kantor <alonk@checkpoint.com> (and others),
+        Steve Henson]
+
+  *) Use proper error handling instead of 'assertions' in buffer
+     overflow checks added in 0.9.6e.  This prevents DoS (the
+     assertions could call abort()).
+     [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
+  
  Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
 
   *) Add various sanity checks to asn1_get_length() to reject
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
index 74bd8877e5..292ca877c6 100644
--- a/src/lib/libssl/src/Configure
+++ b/src/lib/libssl/src/Configure
@@ -120,7 +120,7 @@ my $alpha_asm="::::::::";
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
 
-#config-string  $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib
+#config-string  $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
 
 my %table=(
 # File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -387,8 +387,8 @@ my %table=(
 "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
 "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
-"linux-s390",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
-"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-s390",   "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-s390x",  "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",   "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -438,6 +438,7 @@ my %table=(
 "aix-gcc",  "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
 "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
 "aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64",
 
 #
 # Cray T90 and similar (SDSC)
@@ -586,6 +587,7 @@ my $idx_shared_cflag = $idx++;
 my $idx_shared_ldflag = $idx++;
 my $idx_shared_extension = $idx++;
 my $idx_ranlib = $idx++;
+my $idx_arflags = $idx++;
 
 my $prefix="";
 my $openssldir="";
@@ -940,6 +942,7 @@ my $shared_cflag = $fields[$idx_shared_cflag];
 my $shared_ldflag = $fields[$idx_shared_ldflag];
 my $shared_extension = $fields[$idx_shared_extension];
 my $ranlib = $fields[$idx_ranlib];
+my $arflags = $fields[$idx_arflags];
 
 $cflags="$flags$cflags" if ($flags ne "");
 
@@ -1067,7 +1070,7 @@ if ($zlib)
         {
         $cflags = "-DZLIB $cflags";
         $cflags = "-DZLIB_SHARED $cflags" if $zlib == 2;
-        $lflags = "$lflags -lz" if $zlib == 2;
+        $lflags = "$lflags -lz" if $zlib == 1;
         }
 
 # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
@@ -1208,6 +1211,7 @@ while (<IN>)
         s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
         s/^PROCESSOR=.*/PROCESSOR= $processor/;
         s/^RANLIB=.*/RANLIB= $ranlib/;
+        s/^ARFLAGS=.*/ARFLAGS= $arflags/;
         s/^PERL=.*/PERL= $perl/;
         s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
         s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
@@ -1254,6 +1258,7 @@ print "SHA1_OBJ_ASM  =$sha1_obj\n";
 print "RMD160_OBJ_ASM=$rmd160_obj\n";
 print "PROCESSOR     =$processor\n";
 print "RANLIB        =$ranlib\n";
+print "ARFLAGS       =$arflags\n";
 print "PERL          =$perl\n";
 print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
         if $withargs{"krb5-include"} ne "";
@@ -1561,7 +1566,7 @@ sub print_table_entry
         my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
         my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
         my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
-        my $shared_ldflag,my $shared_extension,my $ranlib)=
+        my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=
         split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
                         
         print <<EOF
@@ -1589,6 +1594,7 @@ sub print_table_entry
 \$shared_ldflag = $shared_ldflag
 \$shared_extension = $shared_extension
 \$ranlib       = $ranlib
+\$arflags      = $arflags
 EOF
         }
 
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ
index ee03d97676..28027fdcac 100644
--- a/src/lib/libssl/src/FAQ
+++ b/src/lib/libssl/src/FAQ
@@ -36,6 +36,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the linker complain about undefined symbols?
 * Why does the OpenSSL test fail with "bc: command not found"?
 * Why does the OpenSSL test fail with "bc: 1 no implemented"?
+* Why does the OpenSSL test fail with "bc: stack empty"?
 * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 * Why does the OpenSSL compilation fail on Win32 with VC++?
@@ -64,7 +65,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6e was released on July 30, 2002.
+OpenSSL 0.9.6g was released on August 9, 2002.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -402,6 +403,17 @@ and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
 for download instructions) can be safely used, for example.
 
 
+* Why does the OpenSSL test fail with "bc: stack empty"?
+
+On some DG/ux versions, bc seems to have a too small stack for calculations
+that the OpenSSL bntest throws at it.  This gets triggered when you run the
+test suite (using "make test").  The message returned is "bc: stack empty".
+
+The best way to deal with this is to find another implementation of bc
+and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+for download instructions) can be safely used, for example.
+
+
 * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
 
 On some Alpha installations running Tru64 Unix and Compaq C, the compilation
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org
index 8808dd7922..d7af0815f3 100644
--- a/src/lib/libssl/src/Makefile.org
+++ b/src/lib/libssl/src/Makefile.org
@@ -59,7 +59,8 @@ DEPFLAG=
 PEX_LIBS= 
 EX_LIBS= 
 EXE_EXT= 
-AR=ar r
+ARFLAGS=
+AR=ar $(ARFLAGS) r
 RANLIB= ranlib
 PERL= perl
 TAR= tar
@@ -251,7 +252,8 @@ link-shared:
                 for i in $(SHLIBDIRS); do \
                         prev=lib$$i$(SHLIB_EXT); \
                         for j in $${tmp:-x}; do \
-                                ( set -x; ln -f -s $$prev lib$$i$$j ); \
+                                ( set -x; \
+                                rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
                                 prev=lib$$i$$j; \
                         done; \
                 done; \
@@ -273,9 +275,7 @@ do_gnu-shared:
         done
 
 DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
-        collect2=`gcc -print-prog-name=collect2 2>&1` && \
-        [ -n "$$collect2" ] && \
-        my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
+        my_ld=`gcc -print-prog-name=ld 2>&1` && \
         [ -n "$$my_ld" ] && \
         $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
 
@@ -731,7 +731,8 @@ install: all install_docs
                 done; \
                 (       here="`pwd`"; \
                         cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-                        make -f $$here/Makefile link-shared ); \
+                        set $(MAKE); \
+                        $$1 -f $$here/Makefile link-shared ); \
         fi
 
 install_docs:
@@ -740,22 +741,23 @@ install_docs:
                 $(INSTALL_PREFIX)$(MANDIR)/man3 \
                 $(INSTALL_PREFIX)$(MANDIR)/man5 \
                 $(INSTALL_PREFIX)$(MANDIR)/man7
-        @for i in doc/apps/*.pod; do \
+        @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+        for i in doc/apps/*.pod; do \
                 fn=`basename $$i .pod`; \
                 if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
                 echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
                 (cd `$(PERL) util/dirname.pl $$i`; \
-                sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+                sh -c "$$pod2man \
                         --section=$$sec --center=OpenSSL \
                         --release=$(VERSION) `basename $$i`") \
                         >  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
-        done
-        @for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+        done; \
+        for i in doc/crypto/*.pod doc/ssl/*.pod; do \
                 fn=`basename $$i .pod`; \
                 if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
                 echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
                 (cd `$(PERL) util/dirname.pl $$i`; \
-                sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+                sh -c "$$pod2man \
                         --section=$$sec --center=OpenSSL \
                         --release=$(VERSION) `basename $$i`") \
                         >  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS
index 9531ba9c6e..418b3b0505 100644
--- a/src/lib/libssl/src/NEWS
+++ b/src/lib/libssl/src/NEWS
@@ -40,6 +40,14 @@
       o SSL/TLS: add callback to retrieve SSL/TLS messages.
       o SSL/TLS: support AES cipher suites (RFC3268).
 
+  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
+
+      o Important building fixes on Unix.
+
+  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
+
+      o Various important bugfixes.
+
   Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
 
       o Important security related bugfixes.
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
index 5394a17e3e..4228e145f9 100644
--- a/src/lib/libssl/src/README
+++ b/src/lib/libssl/src/README
@@ -154,7 +154,7 @@
     - Stack Traceback (if the application dumps core)
 
  Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/rt2.html) by mail to:
+ (http://www.openssl.org/support/rt2.html) by mail to:
 
     openssl-bugs@openssl.org
 
diff --git a/src/lib/libssl/src/STATUS b/src/lib/libssl/src/STATUS
index 0b752ecc08..fb61c932ee 100644
--- a/src/lib/libssl/src/STATUS
+++ b/src/lib/libssl/src/STATUS
@@ -1,11 +1,16 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/06/07 03:45:33 $
+  ______________                           $Date: 2002/09/14 11:18:02 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.8:  Under development...
-    o  OpenSSL 0.9.7-beta1:  Released on June 1st, 2002
+    o  OpenSSL 0.9.7-beta3: Released on July 30th, 2002
+    o  OpenSSL 0.9.7-beta2: Released on June 16th, 2002
+    o  OpenSSL 0.9.7-beta1: Released on June  1st, 2002
+    o  OpenSSL 0.9.6g: Released on August     9th, 2002
+    o  OpenSSL 0.9.6f: Released on August     8th, 2002
+    o  OpenSSL 0.9.6e: Released on July      30th, 2002
     o  OpenSSL 0.9.6d: Released on May        9th, 2002
     o  OpenSSL 0.9.6c: Released on December  21st, 2001
     o  OpenSSL 0.9.6b: Released on July       9th, 2001
diff --git a/src/lib/libssl/src/TABLE b/src/lib/libssl/src/TABLE
index 954c0fc553..3989ac7ebf 100644
--- a/src/lib/libssl/src/TABLE
+++ b/src/lib/libssl/src/TABLE
@@ -23,6 +23,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** BC-32
 $cc           = bcc32
@@ -47,6 +48,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** BS2000-OSD
 $cc           = c89
@@ -71,6 +73,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** Cygwin
 $cc           = gcc
@@ -95,6 +98,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .dll
 $ranlib       = 
+$arflags      = 
 
 *** Cygwin-pre1.3
 $cc           = gcc
@@ -119,6 +123,32 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
+
+*** DJGPP
+$cc           = gcc
+$cflags       = -I/dev/env/DJDIR/watt32/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = MSDOS
+$lflags       = -L/dev/env/DJDIR/watt32/lib -lwatt
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
 
 *** FreeBSD
 $cc           = gcc
@@ -143,6 +173,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** FreeBSD-alpha
 $cc           = gcc
@@ -167,6 +198,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** FreeBSD-elf
 $cc           = gcc
@@ -191,6 +223,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** MPE/iX-gcc
 $cc           = gcc
@@ -215,6 +248,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** Mingw32
 $cc           = gcc
@@ -239,6 +273,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** NetBSD-m68
 $cc           = gcc
@@ -263,6 +298,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** NetBSD-sparc
 $cc           = gcc
@@ -287,6 +323,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** NetBSD-x86
 $cc           = gcc
@@ -311,6 +348,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OS2-EMX
 $cc           = gcc
@@ -335,6 +373,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** OS390-Unix
 $cc           = c89.sh
@@ -359,6 +398,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** OpenBSD
 $cc           = gcc
@@ -383,6 +423,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenBSD-alpha
 $cc           = gcc
@@ -407,6 +448,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenBSD-hppa
 $cc           = gcc
@@ -431,6 +473,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenBSD-i386
 $cc           = gcc
@@ -455,6 +498,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenBSD-m68k
 $cc           = gcc
@@ -479,6 +523,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenBSD-m88k
 $cc           = gcc
@@ -503,6 +548,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenBSD-mips
 $cc           = gcc
@@ -527,6 +573,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenBSD-powerpc
 $cc           = gcc
@@ -551,6 +598,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenBSD-sparc
 $cc           = gcc
@@ -575,6 +623,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenBSD-sparc64
 $cc           = gcc
@@ -599,6 +648,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenBSD-vax
 $cc           = gcc
@@ -623,6 +673,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenUNIX-8
 $cc           = cc
@@ -647,6 +698,7 @@ $shared_cflag = -Kpic
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenUNIX-8-gcc
 $cc           = gcc
@@ -671,6 +723,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenUNIX-8-pentium
 $cc           = cc
@@ -695,6 +748,7 @@ $shared_cflag = -Kpic
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** OpenUNIX-8-pentium_pro
 $cc           = cc
@@ -719,6 +773,7 @@ $shared_cflag = -Kpic
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** ReliantUNIX
 $cc           = cc
@@ -743,6 +798,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** SINIX
 $cc           = cc
@@ -767,6 +823,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** SINIX-N
 $cc           = /usr/ucb/cc
@@ -791,6 +848,32 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
+
+*** UWIN
+$cc           = cc
+$cflags       = -DTERMIOS -DL_ENDIAN -O -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = UWIN
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
 
 *** VC-MSDOS
 $cc           = cl
@@ -815,6 +898,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** VC-NT
 $cc           = cl
@@ -839,6 +923,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** VC-W31-16
 $cc           = cl
@@ -863,6 +948,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** VC-W31-32
 $cc           = cl
@@ -887,6 +973,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** VC-WIN16
 $cc           = cl
@@ -911,6 +998,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** VC-WIN32
 $cc           = cl
@@ -935,6 +1023,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** aix-cc
 $cc           = cc
@@ -959,6 +1048,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** aix-gcc
 $cc           = gcc
@@ -983,6 +1073,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** aix43-cc
 $cc           = cc
@@ -1007,6 +1098,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** aix43-gcc
 $cc           = gcc
@@ -1031,6 +1123,32 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
+
+*** aix64-cc
+$cc           = cc
+$cflags       = -O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = -X 64
 
 *** alpha-cc
 $cc           = cc
@@ -1055,6 +1173,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .so
 $ranlib       = 
+$arflags      = 
 
 *** alpha-cc-rpath
 $cc           = cc
@@ -1079,6 +1198,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .so
 $ranlib       = 
+$arflags      = 
 
 *** alpha-gcc
 $cc           = gcc
@@ -1103,6 +1223,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .so
 $ranlib       = 
+$arflags      = 
 
 *** alpha164-cc
 $cc           = cc
@@ -1127,6 +1248,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .so
 $ranlib       = 
+$arflags      = 
 
 *** alphaold-cc
 $cc           = cc
@@ -1151,6 +1273,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .so
 $ranlib       = 
+$arflags      = 
 
 *** bsdi-elf-gcc
 $cc           = gcc
@@ -1175,6 +1298,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** bsdi-gcc
 $cc           = gcc
@@ -1199,6 +1323,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** cc
 $cc           = cc
@@ -1223,6 +1348,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** cray-j90
 $cc           = cc
@@ -1247,6 +1373,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** cray-t3e
 $cc           = cc
@@ -1271,12 +1398,13 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** darwin-i386-cc
 $cc           = cc
-$cflags       = -O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN
+$cflags       = -O3 -fomit-frame-pointer -fno-common -DB_ENDIAN
 $unistd       = 
-$thread_cflag = (unknown)
+$thread_cflag = -D_REENTRANT
 $sys_id       = MACOSX
 $lflags       = 
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
@@ -1295,12 +1423,13 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
 $ranlib       = 
+$arflags      = 
 
 *** darwin-ppc-cc
 $cc           = cc
-$cflags       = -O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN
+$cflags       = -O3 -fomit-frame-pointer -fno-common -DB_ENDIAN
 $unistd       = 
-$thread_cflag = (unknown)
+$thread_cflag = -D_REENTRANT
 $sys_id       = MACOSX
 $lflags       = 
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
@@ -1319,10 +1448,11 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
 $ranlib       = 
+$arflags      = 
 
 *** debug
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -1343,6 +1473,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-ben
 $cc           = gcc
@@ -1367,6 +1498,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-ben-debug
 $cc           = gcc
@@ -1391,6 +1523,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-ben-openbsd
 $cc           = gcc
@@ -1415,6 +1548,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-ben-openbsd-debug
 $cc           = gcc
@@ -1439,6 +1573,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-ben-strict
 $cc           = gcc
@@ -1463,6 +1598,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-bodo
 $cc           = gcc
@@ -1487,10 +1623,11 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-levitte-linux-elf
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wtraditional -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1511,10 +1648,11 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** debug-levitte-linux-noasm
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wtraditional -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1535,6 +1673,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** debug-linux-elf
 $cc           = gcc
@@ -1559,6 +1698,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** debug-linux-elf-noefence
 $cc           = gcc
@@ -1583,6 +1723,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-linux-pentium
 $cc           = gcc
@@ -1607,6 +1748,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-linux-ppro
 $cc           = gcc
@@ -1631,6 +1773,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-rse
 $cc           = cc
@@ -1655,6 +1798,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-solaris-sparcv8-cc
 $cc           = cc
@@ -1679,6 +1823,7 @@ $shared_cflag = -KPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** debug-solaris-sparcv8-gcc
 $cc           = gcc
@@ -1703,6 +1848,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** debug-solaris-sparcv9-cc
 $cc           = cc
@@ -1727,6 +1873,7 @@ $shared_cflag = -KPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** debug-solaris-sparcv9-gcc
 $cc           = gcc
@@ -1751,6 +1898,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** debug-steve
 $cc           = gcc
@@ -1775,6 +1923,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-steve-linux-pseudo64
 $cc           = gcc
@@ -1799,6 +1948,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** debug-ulf
 $cc           = gcc
@@ -1823,6 +1973,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** dgux-R3-gcc
 $cc           = gcc
@@ -1847,6 +1998,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** dgux-R4-gcc
 $cc           = gcc
@@ -1871,6 +2023,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** dgux-R4-x86-gcc
 $cc           = gcc
@@ -1895,6 +2048,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** dist
 $cc           = cc
@@ -1919,6 +2073,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** gcc
 $cc           = gcc
@@ -1943,6 +2098,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** hpux-brokencc
 $cc           = cc
@@ -1967,6 +2123,7 @@ $shared_cflag = +Z
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux-brokengcc
 $cc           = gcc
@@ -1991,6 +2148,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux-cc
 $cc           = cc
@@ -2015,6 +2173,7 @@ $shared_cflag = +Z
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux-gcc
 $cc           = gcc
@@ -2039,6 +2198,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux-ia64-cc
 $cc           = cc
@@ -2063,6 +2223,7 @@ $shared_cflag = +Z
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux-m68k-gcc
 $cc           = gcc
@@ -2087,6 +2248,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** hpux-parisc-cc
 $cc           = cc
@@ -2111,6 +2273,7 @@ $shared_cflag = +Z
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux-parisc-cc-o4
 $cc           = cc
@@ -2135,6 +2298,7 @@ $shared_cflag = +Z
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux-parisc-gcc
 $cc           = gcc
@@ -2159,6 +2323,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux-parisc1_1-cc
 $cc           = cc
@@ -2183,6 +2348,7 @@ $shared_cflag = +Z
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux-parisc2-cc
 $cc           = cc
@@ -2207,6 +2373,7 @@ $shared_cflag = +Z
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux10-brokencc
 $cc           = cc
@@ -2231,6 +2398,7 @@ $shared_cflag = +Z
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux10-brokengcc
 $cc           = gcc
@@ -2255,6 +2423,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux10-cc
 $cc           = cc
@@ -2279,6 +2448,7 @@ $shared_cflag = +Z
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux10-gcc
 $cc           = gcc
@@ -2303,6 +2473,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux64-ia64-cc
 $cc           = cc
@@ -2327,6 +2498,7 @@ $shared_cflag = +Z
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hpux64-parisc-cc
 $cc           = cc
@@ -2351,6 +2523,32 @@ $shared_cflag = +Z
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
+
+*** hpux64-parisc-gcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux64-shared
+$shared_cflag = -fpic
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
 
 *** hpux64-parisc2-cc
 $cc           = cc
@@ -2375,6 +2573,7 @@ $shared_cflag = +Z
 $shared_ldflag = 
 $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** hurd-x86
 $cc           = gcc
@@ -2399,6 +2598,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** irix-cc
 $cc           = cc
@@ -2423,6 +2623,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** irix-gcc
 $cc           = gcc
@@ -2447,6 +2648,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** irix-mips3-cc
 $cc           = cc
@@ -2471,6 +2673,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** irix-mips3-gcc
 $cc           = gcc
@@ -2495,6 +2698,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** irix64-mips4-cc
 $cc           = cc
@@ -2519,6 +2723,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** irix64-mips4-gcc
 $cc           = gcc
@@ -2543,6 +2748,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-alpha+bwx-ccc
 $cc           = ccc
@@ -2567,6 +2773,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** linux-alpha+bwx-gcc
 $cc           = gcc
@@ -2591,6 +2798,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-alpha-ccc
 $cc           = ccc
@@ -2615,6 +2823,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** linux-alpha-gcc
 $cc           = gcc
@@ -2639,6 +2848,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-aout
 $cc           = gcc
@@ -2663,6 +2873,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** linux-elf
 $cc           = gcc
@@ -2687,6 +2898,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-elf-arm
 $cc           = gcc
@@ -2711,6 +2923,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-ia64
 $cc           = gcc
@@ -2735,6 +2948,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-k6
 $cc           = gcc
@@ -2759,6 +2973,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-m68k
 $cc           = gcc
@@ -2783,6 +2998,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** linux-mips
 $cc           = gcc
@@ -2807,6 +3023,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** linux-mipsel
 $cc           = gcc
@@ -2831,6 +3048,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** linux-parisc
 $cc           = gcc
@@ -2855,6 +3073,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** linux-pentium
 $cc           = gcc
@@ -2879,6 +3098,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-ppc
 $cc           = gcc
@@ -2903,6 +3123,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-ppro
 $cc           = gcc
@@ -2927,14 +3148,15 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-s390
 $cc           = gcc
-$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$cflags       = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
-$lflags       = 
+$lflags       = -ldl
 $bn_ops       = BN_LLONG
 $bn_obj       = 
 $des_obj      = 
@@ -2945,12 +3167,13 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
 $shared_ldflag = 
-$shared_extension = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-s390x
 $cc           = gcc
@@ -2958,7 +3181,7 @@ $cflags       = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
-$lflags       = 
+$lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG
 $bn_obj       = 
 $des_obj      = 
@@ -2969,12 +3192,13 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
+$dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-sparcv7
 $cc           = gcc
@@ -2999,6 +3223,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** linux-sparcv8
 $cc           = gcc
@@ -3023,6 +3248,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** linux-sparcv9
 $cc           = gcc
@@ -3047,6 +3273,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** ncr-scde
 $cc           = cc
@@ -3071,6 +3298,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** newsos4-gcc
 $cc           = gcc
@@ -3095,6 +3323,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** nextstep
 $cc           = cc
@@ -3119,6 +3348,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** nextstep3.3
 $cc           = cc
@@ -3143,6 +3373,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** purify
 $cc           = purify gcc
@@ -3167,6 +3398,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** qnx4
 $cc           = cc
@@ -3191,6 +3423,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** qnx6
 $cc           = cc
@@ -3215,6 +3448,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** rhapsody-ppc-cc
 $cc           = cc
@@ -3239,6 +3473,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** sco3-gcc
 $cc           = gcc
@@ -3263,6 +3498,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** sco5-cc
 $cc           = cc
@@ -3287,6 +3523,7 @@ $shared_cflag = -Kpic
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** sco5-cc-pentium
 $cc           = cc
@@ -3311,6 +3548,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** sco5-gcc
 $cc           = gcc
@@ -3335,6 +3573,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** solaris-sparc-sc3
 $cc           = cc
@@ -3359,6 +3598,7 @@ $shared_cflag = -KPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** solaris-sparcv7-cc
 $cc           = cc
@@ -3383,6 +3623,7 @@ $shared_cflag = -KPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** solaris-sparcv7-gcc
 $cc           = gcc
@@ -3407,6 +3648,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** solaris-sparcv8-cc
 $cc           = cc
@@ -3431,6 +3673,7 @@ $shared_cflag = -KPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** solaris-sparcv8-gcc
 $cc           = gcc
@@ -3455,6 +3698,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** solaris-sparcv9-cc
 $cc           = cc
@@ -3479,6 +3723,7 @@ $shared_cflag = -KPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** solaris-sparcv9-gcc
 $cc           = gcc
@@ -3503,6 +3748,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** solaris-sparcv9-gcc27
 $cc           = gcc
@@ -3527,6 +3773,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** solaris-x86-cc
 $cc           = cc
@@ -3551,6 +3798,7 @@ $shared_cflag = -KPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** solaris-x86-gcc
 $cc           = gcc
@@ -3575,6 +3823,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** solaris64-sparcv9-cc
 $cc           = cc
@@ -3599,6 +3848,7 @@ $shared_cflag = -KPIC
 $shared_ldflag = -xarch=v9
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = /usr/ccs/bin/ar rs
+$arflags      = 
 
 *** solaris64-sparcv9-gcc
 $cc           = gcc
@@ -3620,9 +3870,10 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = 
+$shared_ldflag = -m64
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** solaris64-sparcv9-gcc31
 $cc           = gcc
@@ -3644,9 +3895,10 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -fPIC
-$shared_ldflag = 
+$shared_ldflag = -m64
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** sunos-gcc
 $cc           = gcc
@@ -3671,6 +3923,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** ultrix-cc
 $cc           = cc
@@ -3695,6 +3948,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** ultrix-gcc
 $cc           = gcc
@@ -3719,14 +3973,15 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** unixware-2.0
 $cc           = cc
-$cflags       = -DFILIO_H
+$cflags       = -DFILIO_H -DNO_STRINGS_H
 $unistd       = 
 $thread_cflag = -Kthread
 $sys_id       = 
-$lflags       = -lsocket -lnsl -lx
+$lflags       = -lsocket -lnsl -lresolv -lx
 $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = 
 $des_obj      = 
@@ -3743,14 +3998,15 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** unixware-2.0-pentium
 $cc           = cc
-$cflags       = -DFILIO_H -Kpentium
+$cflags       = -DFILIO_H -DNO_STRINGS_H -Kpentium
 $unistd       = 
 $thread_cflag = -Kthread
 $sys_id       = 
-$lflags       = -lsocket -lnsl -lx
+$lflags       = -lsocket -lnsl -lresolv -lx
 $bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
 $bn_obj       = 
 $des_obj      = 
@@ -3767,6 +4023,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** unixware-2.1
 $cc           = cc
@@ -3774,7 +4031,7 @@ $cflags       = -O -DFILIO_H
 $unistd       = 
 $thread_cflag = -Kthread
 $sys_id       = 
-$lflags       = -lsocket -lnsl -lx
+$lflags       = -lsocket -lnsl -lresolv -lx
 $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = 
 $des_obj      = 
@@ -3791,6 +4048,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** unixware-2.1-p6
 $cc           = cc
@@ -3798,7 +4056,7 @@ $cflags       = -O -DFILIO_H -Kp6
 $unistd       = 
 $thread_cflag = -Kthread
 $sys_id       = 
-$lflags       = -lsocket -lnsl -lx
+$lflags       = -lsocket -lnsl -lresolv -lx
 $bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
 $bn_obj       = 
 $des_obj      = 
@@ -3815,6 +4073,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** unixware-2.1-pentium
 $cc           = cc
@@ -3822,7 +4081,7 @@ $cflags       = -O -DFILIO_H -Kpentium
 $unistd       = 
 $thread_cflag = -Kthread
 $sys_id       = 
-$lflags       = -lsocket -lnsl -lx
+$lflags       = -lsocket -lnsl -lresolv -lx
 $bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
 $bn_obj       = 
 $des_obj      = 
@@ -3839,6 +4098,7 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
 
 *** unixware-7
 $cc           = cc
@@ -3863,6 +4123,7 @@ $shared_cflag = -Kpic
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** unixware-7-gcc
 $cc           = gcc
@@ -3887,6 +4148,7 @@ $shared_cflag = -fPIC
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** unixware-7-pentium
 $cc           = cc
@@ -3911,6 +4173,7 @@ $shared_cflag = -Kpic
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** unixware-7-pentium_pro
 $cc           = cc
@@ -3935,6 +4198,7 @@ $shared_cflag = -Kpic
 $shared_ldflag = 
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
+$arflags      = 
 
 *** vxworks-ppc405
 $cc           = ccppc
@@ -3959,3 +4223,4 @@ $shared_cflag =
 $shared_ldflag = 
 $shared_extension = 
 $ranlib       = 
+$arflags      = 
diff --git a/src/lib/libssl/src/apps/Makefile.ssl b/src/lib/libssl/src/apps/Makefile.ssl
index c92009e82f..bb66ebbd60 100644
--- a/src/lib/libssl/src/apps/Makefile.ssl
+++ b/src/lib/libssl/src/apps/Makefile.ssl
@@ -157,612 +157,867 @@ progs.h: progs.pl
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+app_rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+app_rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-app_rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-app_rand.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-app_rand.o: ../include/openssl/err.h ../include/openssl/evp.h
-app_rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+app_rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
+app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+app_rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+app_rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
 app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-app_rand.o: ../include/openssl/ui.h ../include/openssl/x509.h
-app_rand.o: ../include/openssl/x509_vfy.h app_rand.c apps.h
-apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+app_rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c
+app_rand.o: apps.h
+apps.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+apps.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-apps.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-apps.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-apps.o: ../include/openssl/err.h ../include/openssl/evp.h
-apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+apps.o: ../include/openssl/cast.h ../include/openssl/conf.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/des.h
+apps.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+apps.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+apps.o: ../include/openssl/engine.h ../include/openssl/err.h
+apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
+apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+apps.o: ../include/openssl/md4.h ../include/openssl/md5.h
+apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-apps.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+apps.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-apps.o: ../include/openssl/x509v3.h apps.c apps.h
-asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+apps.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
+asn1pars.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+asn1pars.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-asn1pars.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
-asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+asn1pars.o: ../include/openssl/cast.h ../include/openssl/conf.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+asn1pars.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/engine.h ../include/openssl/err.h
+asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h
+asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h
+asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
 asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-asn1pars.o: ../include/openssl/ui.h ../include/openssl/x509.h
-asn1pars.o: ../include/openssl/x509_vfy.h apps.h asn1pars.c
-ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+asn1pars.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: asn1pars.c
+ca.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ca.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ca.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ca.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-ca.o: ../include/openssl/err.h ../include/openssl/evp.h
-ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ca.o: ../include/openssl/cast.h ../include/openssl/conf.h
+ca.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ca.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ca.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/engine.h ../include/openssl/err.h
+ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ca.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ca.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ca.o: ../include/openssl/x509v3.h apps.h ca.c
-ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ca.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c
+ciphers.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ciphers.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ciphers.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-ciphers.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
-ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ciphers.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ciphers.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+ciphers.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-ciphers.o: ciphers.c
-crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ciphers.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c
+crl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+crl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-crl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-crl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-crl.o: ../include/openssl/err.h ../include/openssl/evp.h
-crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+crl.o: ../include/openssl/cast.h ../include/openssl/conf.h
+crl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+crl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl.o: ../include/openssl/engine.h ../include/openssl/err.h
+crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+crl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 crl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
 crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-crl.o: ../include/openssl/ui.h ../include/openssl/x509.h
-crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
-crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+crl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h crl.c
+crl2p7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+crl2p7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-crl2p7.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
-crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+crl2p7.o: ../include/openssl/cast.h ../include/openssl/conf.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl2p7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/engine.h ../include/openssl/err.h
+crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h
+crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h
+crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
 crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-crl2p7.o: ../include/openssl/ui.h ../include/openssl/x509.h
-crl2p7.o: ../include/openssl/x509_vfy.h apps.h crl2p7.c
-dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+crl2p7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl2p7.o: crl2p7.c
+dgst.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dgst.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-dgst.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
-dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dgst.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dgst.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/engine.h ../include/openssl/err.h
+dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
 dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dgst.o: ../include/openssl/ui.h ../include/openssl/x509.h
-dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c
-dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+dgst.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c
+dh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-dh.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-dh.o: ../include/openssl/err.h ../include/openssl/evp.h
-dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dh.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/engine.h ../include/openssl/err.h
+dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
 dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dh.o: ../include/openssl/ui.h ../include/openssl/x509.h
-dh.o: ../include/openssl/x509_vfy.h apps.h dh.c
-dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+dh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c
+dsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-dsa.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
 dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
-dsa.o: ../include/openssl/x509_vfy.h apps.h dsa.c
-dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+dsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c
+dsaparam.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dsaparam.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dsaparam.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsaparam.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
+dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
+dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
 dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
-dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c
-enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+dsaparam.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+dsaparam.o: dsaparam.c
+enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-enc.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+enc.o: ../include/openssl/cast.h ../include/openssl/conf.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/engine.h ../include/openssl/err.h
+enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
 enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-enc.o: ../include/openssl/ui.h ../include/openssl/x509.h
-enc.o: ../include/openssl/x509_vfy.h apps.h enc.c
-engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c
+engine.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+engine.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
-engine.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-engine.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-engine.o: ../include/openssl/engine.h ../include/openssl/err.h
-engine.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+engine.o: ../include/openssl/cast.h ../include/openssl/comp.h
+engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+engine.o: ../include/openssl/des.h ../include/openssl/des_old.h
+engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+engine.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+engine.o: ../include/openssl/err.h ../include/openssl/evp.h
+engine.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+engine.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+engine.o: ../include/openssl/md4.h ../include/openssl/md5.h
+engine.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 engine.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+engine.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+engine.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 engine.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-engine.o: engine.c
-errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+engine.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+engine.o: ../include/openssl/x509_vfy.h apps.h engine.c
+errstr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+errstr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
-errstr.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-errstr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
-errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+errstr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+errstr.o: ../include/openssl/des.h ../include/openssl/des_old.h
+errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+errstr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-errstr.o: errstr.c
-gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+errstr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c
+gendh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+gendh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-gendh.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+gendh.o: ../include/openssl/cast.h ../include/openssl/conf.h
+gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
 gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
-gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c
-gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+gendh.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c
+gendsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+gendsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-gendsa.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+gendsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
 gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
-gendsa.o: ../include/openssl/x509_vfy.h apps.h gendsa.c
-genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+gendsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendsa.o: gendsa.c
+genrsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+genrsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-genrsa.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+genrsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+genrsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
 genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
-genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c
-nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+genrsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+genrsa.o: genrsa.c
+nseq.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+nseq.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-nseq.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
-nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+nseq.o: ../include/openssl/cast.h ../include/openssl/conf.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/engine.h ../include/openssl/err.h
+nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h
+nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h
+nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
 nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-nseq.o: ../include/openssl/ui.h ../include/openssl/x509.h
-nseq.o: ../include/openssl/x509_vfy.h apps.h nseq.c
-ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+nseq.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c
+ocsp.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ocsp.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ocsp.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-ocsp.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
-ocsp.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ocsp.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ocsp.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ocsp.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ocsp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+ocsp.o: ../include/openssl/err.h ../include/openssl/evp.h
+ocsp.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ocsp.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ocsp.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ocsp.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ocsp.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ocsp.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ocsp.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ocsp.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-ocsp.o: ../include/openssl/ui.h ../include/openssl/x509.h
-ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
-openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ocsp.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
+openssl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+openssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
-openssl.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
-openssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+openssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+openssl.o: ../include/openssl/des.h ../include/openssl/des_old.h
+openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
+openssl.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-openssl.o: openssl.c progs.h s_apps.h
-passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+openssl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h
+passwd.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+passwd.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-passwd.o: ../include/openssl/des.h ../include/openssl/des_old.h
-passwd.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-passwd.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
-passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-passwd.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-passwd.o: ../include/openssl/x509_vfy.h apps.h passwd.c
-pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+passwd.o: ../include/openssl/cast.h ../include/openssl/conf.h
+passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+passwd.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+passwd.o: ../include/openssl/engine.h ../include/openssl/err.h
+passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h
+passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h
+passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+passwd.o: passwd.c
+pkcs12.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs12.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+pkcs12.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs12.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-pkcs12.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+pkcs12.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-pkcs12.o: pkcs12.c
-pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs12.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c
+pkcs7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+pkcs7.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
 pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-pkcs7.o: ../include/openssl/ui.h ../include/openssl/x509.h
-pkcs7.o: ../include/openssl/x509_vfy.h apps.h pkcs7.c
-pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs7.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c
+pkcs8.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs8.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+pkcs8.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs8.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs8.o: ../include/openssl/engine.h ../include/openssl/err.h
+pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
+pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
+pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-pkcs8.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+pkcs8.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
 pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs8.c
-rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs8.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c
+rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-rand.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-rand.o: ../include/openssl/err.h ../include/openssl/evp.h
-rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rand.o: ../include/openssl/engine.h ../include/openssl/err.h
+rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
 rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rand.o: ../include/openssl/ui.h ../include/openssl/x509.h
-rand.o: ../include/openssl/x509_vfy.h apps.h rand.c
-req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c
+req.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+req.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-req.o: ../include/openssl/err.h ../include/openssl/evp.h
-req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+req.o: ../include/openssl/cast.h ../include/openssl/conf.h
+req.o: ../include/openssl/crypto.h ../include/openssl/des.h
+req.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+req.o: ../include/openssl/engine.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/md4.h ../include/openssl/md5.h
+req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 req.o: ../include/openssl/sha.h ../include/openssl/stack.h
 req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-req.o: ../include/openssl/ui.h ../include/openssl/x509.h
-req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
-rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+req.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+req.o: ../include/openssl/x509v3.h apps.h req.c
+rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-rsa.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+rsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
 rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
-rsa.o: ../include/openssl/x509_vfy.h apps.h rsa.c
-rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+rsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c
+rsautl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rsautl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rsautl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-rsautl.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+rsautl.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rsautl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsautl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsautl.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+rsautl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rsautl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
 rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rsautl.o: ../include/openssl/ui.h ../include/openssl/x509.h
-rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c
-s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+rsautl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+rsautl.o: rsautl.c
+s_cb.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_cb.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_cb.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_cb.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_cb.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_cb.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_cb.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_cb.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_cb.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
-s_cb.o: s_cb.c
-s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s_cb.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c
+s_client.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_client.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_client.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_client.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_client.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_client.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_client.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_client.o: s_apps.h s_client.c
-s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s_client.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c
+s_server.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_server.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_server.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_server.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_server.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_server.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_server.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_server.o: s_apps.h s_server.c
-s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s_server.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c
+s_socket.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_socket.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_socket.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_socket.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s_socket.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_socket.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_socket.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_socket.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_socket.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_socket.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_socket.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_socket.o: s_apps.h s_socket.c
-s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s_socket.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c
+s_time.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_time.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_time.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_time.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_time.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_time.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_time.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_time.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_time.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_time.o: s_apps.h s_time.c
-sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s_time.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c
+sess_id.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+sess_id.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
-sess_id.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-sess_id.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
-sess_id.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+sess_id.o: ../include/openssl/cast.h ../include/openssl/comp.h
+sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+sess_id.o: ../include/openssl/des.h ../include/openssl/des_old.h
+sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+sess_id.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+sess_id.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
 sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-sess_id.o: sess_id.c
-smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+sess_id.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c
+smime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+smime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-smime.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-smime.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-smime.o: ../include/openssl/err.h ../include/openssl/evp.h
-smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+smime.o: ../include/openssl/cast.h ../include/openssl/conf.h
+smime.o: ../include/openssl/crypto.h ../include/openssl/des.h
+smime.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+smime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+smime.o: ../include/openssl/engine.h ../include/openssl/err.h
+smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
+smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
+smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 smime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
 smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-smime.o: ../include/openssl/ui.h ../include/openssl/x509.h
-smime.o: ../include/openssl/x509_vfy.h apps.h smime.c
+smime.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c
 speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -786,71 +1041,97 @@ speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h
-spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+spkac.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+spkac.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-spkac.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-spkac.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
-spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+spkac.o: ../include/openssl/cast.h ../include/openssl/conf.h
+spkac.o: ../include/openssl/crypto.h ../include/openssl/des.h
+spkac.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+spkac.o: ../include/openssl/engine.h ../include/openssl/err.h
+spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
+spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
 spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-spkac.o: ../include/openssl/ui.h ../include/openssl/x509.h
-spkac.o: ../include/openssl/x509_vfy.h apps.h spkac.c
-verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+spkac.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c
+verify.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+verify.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-verify.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-verify.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-verify.o: ../include/openssl/err.h ../include/openssl/evp.h
-verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+verify.o: ../include/openssl/cast.h ../include/openssl/conf.h
+verify.o: ../include/openssl/crypto.h ../include/openssl/des.h
+verify.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+verify.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/engine.h ../include/openssl/err.h
+verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
+verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 verify.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
 verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-verify.o: ../include/openssl/ui.h ../include/openssl/x509.h
-verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
-verify.o: verify.c
-version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+verify.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify.o: ../include/openssl/x509v3.h apps.h verify.c
+version.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+version.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+version.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+version.o: ../include/openssl/cast.h ../include/openssl/conf.h
 version.o: ../include/openssl/crypto.h ../include/openssl/des.h
 version.o: ../include/openssl/des_old.h ../include/openssl/dh.h
 version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
 version.o: ../include/openssl/engine.h ../include/openssl/err.h
 version.o: ../include/openssl/evp.h ../include/openssl/idea.h
 version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-version.o: ../include/openssl/rand.h ../include/openssl/rc4.h
+version.o: ../include/openssl/md4.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 version.o: ../include/openssl/sha.h ../include/openssl/stack.h
 version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
 version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
 version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
 version.o: version.c
-x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+x509.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+x509.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-x509.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-x509.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-x509.o: ../include/openssl/err.h ../include/openssl/evp.h
-x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+x509.o: ../include/openssl/cast.h ../include/openssl/conf.h
+x509.o: ../include/openssl/crypto.h ../include/openssl/des.h
+x509.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+x509.o: ../include/openssl/engine.h ../include/openssl/err.h
+x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
+x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
 x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 x509.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
 x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
 x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-x509.o: ../include/openssl/ui.h ../include/openssl/x509.h
-x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
+x509.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h x509.c
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index a302119d7f..1a24b1c596 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -798,7 +798,7 @@ end:
         return(x);
         }
 
-EVP_PKEY *load_key(BIO *err, const char *file, int format,
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
         const char *pass, ENGINE *e, const char *key_descrip)
         {
         BIO *key=NULL;
@@ -808,7 +808,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format,
         cb_data.password = pass;
         cb_data.prompt_info = file;
 
-        if (file == NULL)
+        if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
                 {
                 BIO_printf(err,"no keyfile specified\n");
                 goto end;
@@ -828,12 +828,19 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format,
                 ERR_print_errors(err);
                 goto end;
                 }
-        if (BIO_read_filename(key,file) <= 0)
+        if (file == NULL && maybe_stdin)
                 {
-                BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
-                ERR_print_errors(err);
-                goto end;
+                setvbuf(stdin, NULL, _IONBF, 0);
+                BIO_set_fp(key,stdin,BIO_NOCLOSE);
                 }
+        else
+                if (BIO_read_filename(key,file) <= 0)
+                        {
+                        BIO_printf(err, "Error opening %s %s\n",
+                                key_descrip, file);
+                        ERR_print_errors(err);
+                        goto end;
+                        }
         if (format == FORMAT_ASN1)
                 {
                 pkey=d2i_PrivateKey_bio(key, NULL);
@@ -867,7 +874,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format,
         return(pkey);
         }
 
-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
         const char *pass, ENGINE *e, const char *key_descrip)
         {
         BIO *key=NULL;
@@ -877,7 +884,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
         cb_data.password = pass;
         cb_data.prompt_info = file;
 
-        if (file == NULL)
+        if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
                 {
                 BIO_printf(err,"no keyfile specified\n");
                 goto end;
@@ -897,11 +904,18 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
                 ERR_print_errors(err);
                 goto end;
                 }
-        if (BIO_read_filename(key,file) <= 0)
+        if (file == NULL && maybe_stdin)
                 {
-                BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
-                ERR_print_errors(err);
-                goto end;
+                setvbuf(stdin, NULL, _IONBF, 0);
+                BIO_set_fp(key,stdin,BIO_NOCLOSE);
+                }
+        else
+                if (BIO_read_filename(key,file) <= 0)
+                        {
+                        BIO_printf(err, "Error opening %s %s\n",
+                                key_descrip, file);
+                        ERR_print_errors(err);
+                        goto end;
                 }
         if (format == FORMAT_ASN1)
                 {
@@ -1074,6 +1088,7 @@ int set_cert_ex(unsigned long *flags, const char *arg)
                 { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
                 { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
                 { "no_aux", X509_FLAG_NO_AUX, 0},
+                { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
                 { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
                 { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
                 { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h
index a88902ac13..32a79605ee 100644
--- a/src/lib/libssl/src/apps/apps.h
+++ b/src/lib/libssl/src/apps/apps.h
@@ -233,9 +233,9 @@ int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
 int add_oid_section(BIO *err, CONF *conf);
 X509 *load_cert(BIO *err, const char *file, int format,
         const char *pass, ENGINE *e, const char *cert_descrip);
-EVP_PKEY *load_key(BIO *err, const char *file, int format,
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
         const char *pass, ENGINE *e, const char *key_descrip);
-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format,
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
         const char *pass, ENGINE *e, const char *key_descrip);
 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
         const char *pass, ENGINE *e, const char *cert_descrip);
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 322956de57..492b64f04f 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -699,7 +699,7 @@ bad:
                         goto err;
                         }
                 }
-        pkey = load_key(bio_err, keyfile, keyform, key, e, 
+        pkey = load_key(bio_err, keyfile, keyform, 0, key, e, 
                 "CA private key");
         if (key) memset(key,0,strlen(key));
         if (pkey == NULL)
@@ -2089,9 +2089,8 @@ again2:
                         }
                 }
 
-        row[DB_name]=X509_NAME_oneline(dn_subject,NULL,0);
         row[DB_serial]=BN_bn2hex(serial);
-        if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+        if (row[DB_serial] == NULL)
                 {
                 BIO_printf(bio_err,"Memory allocation failure\n");
                 goto err;
@@ -2304,10 +2303,10 @@ again2:
 
         /* row[DB_serial] done already */
         row[DB_file]=(char *)OPENSSL_malloc(8);
-        /* row[DB_name] done already */
+        row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
 
         if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
-                (row[DB_file] == NULL))
+                (row[DB_file] == NULL) || (row[DB_name] == NULL))
                 {
                 BIO_printf(bio_err,"Memory allocation failure\n");
                 goto err;
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index e21c3d83ac..32e40c1f53 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -277,10 +277,10 @@ int MAIN(int argc, char **argv)
         if(keyfile)
                 {
                 if (want_pub)
-                        sigkey = load_pubkey(bio_err, keyfile, keyform, NULL,
+                        sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
                                 e, "key file");
                 else
-                        sigkey = load_key(bio_err, keyfile, keyform, NULL,
+                        sigkey = load_key(bio_err, keyfile, keyform, 0, NULL,
                                 e, "key file");
                 if (!sigkey)
                         {
diff --git a/src/lib/libssl/src/apps/makeapps.com b/src/lib/libssl/src/apps/makeapps.com
index 2e666368b7..148246facc 100644
--- a/src/lib/libssl/src/apps/makeapps.com
+++ b/src/lib/libssl/src/apps/makeapps.com
@@ -1086,7 +1086,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $!
 $! Show user the result
 $!
-$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
 $!
 $! Special Threads For OpenVMS v7.1 Or Later
 $!
diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c
index 49a156a1cf..59b97a634b 100644
--- a/src/lib/libssl/src/apps/ocsp.c
+++ b/src/lib/libssl/src/apps/ocsp.c
@@ -613,11 +613,11 @@ int MAIN(int argc, char **argv)
                         NULL, e, "CA certificate");
                 if (rcertfile)
                         {
-                        rother = load_certs(bio_err, sign_certfile, FORMAT_PEM,
+                        rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
                                 NULL, e, "responder other certificates");
-                        if (!sign_other) goto end;
+                        if (!rother) goto end;
                         }
-                rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, NULL, NULL,
+                rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
                         "responder private key");
                 if (!rkey)
                         goto end;
@@ -663,7 +663,7 @@ int MAIN(int argc, char **argv)
                                 NULL, e, "signer certificates");
                         if (!sign_other) goto end;
                         }
-                key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL,
+                key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
                         "signer private key");
                 if (!key)
                         goto end;
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c
index e345cf1489..1697f6157f 100644
--- a/src/lib/libssl/src/apps/pkcs12.c
+++ b/src/lib/libssl/src/apps/pkcs12.c
@@ -427,7 +427,7 @@ int MAIN(int argc, char **argv)
         CRYPTO_push_info("process -export_cert");
         CRYPTO_push_info("reading private key");
 #endif
-        key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM,
+        key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1,
                 passin, e, "private key");
         if (!key) {
                 goto export_end;
@@ -508,9 +508,10 @@ int MAIN(int argc, char **argv)
                     /* Exclude verified certificate */
                     for (i = 1; i < sk_X509_num (chain2) ; i++) 
                         sk_X509_push(certs, sk_X509_value (chain2, i));
-                }
-                sk_X509_free(chain2);
-                if (vret) {
+                    /* Free first certificate */
+                    X509_free(sk_X509_value(chain2, 0));
+                    sk_X509_free(chain2);
+                } else {
                         BIO_printf (bio_err, "Error %s getting chain.\n",
                                         X509_verify_cert_error_string(vret));
                         goto export_end;
@@ -537,8 +538,6 @@ int MAIN(int argc, char **argv)
         }
         sk_X509_pop_free(certs, X509_free);
         certs = NULL;
-        /* ucert is part of certs so it is already freed */
-        ucert = NULL;
 
 #ifdef CRYPTO_MDEBUG
         CRYPTO_pop_info();
@@ -627,7 +626,6 @@ int MAIN(int argc, char **argv)
         if (certs) sk_X509_pop_free(certs, X509_free);
         if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
         if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-        if (ucert) X509_free(ucert);
 
 #ifdef CRYPTO_MDEBUG
         CRYPTO_pop_info();
diff --git a/src/lib/libssl/src/apps/pkcs8.c b/src/lib/libssl/src/apps/pkcs8.c
index ba91caee6b..912e32006b 100644
--- a/src/lib/libssl/src/apps/pkcs8.c
+++ b/src/lib/libssl/src/apps/pkcs8.c
@@ -222,7 +222,8 @@ int MAIN(int argc, char **argv)
         if (topk8)
                 {
                 BIO_free(in); /* Not needed in this section */
-                pkey = load_key(bio_err, infile, informat, passin, e, "key");
+                pkey = load_key(bio_err, infile, informat, 1,
+                        passin, e, "key");
                 if (!pkey) {
                         return (1);
                 }
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index 5631a3839b..a3c1e0b4c4 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -151,7 +151,7 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_DSA
         DSA *dsa_params=NULL;
 #endif
-        unsigned long nmflag = 0;
+        unsigned long nmflag = 0, reqflag = 0;
         int ex=1,x509=0,days=30;
         X509 *x509ss=NULL;
         X509_REQ *req=NULL;
@@ -356,6 +356,11 @@ int MAIN(int argc, char **argv)
                         if (--argc < 1) goto bad;
                         if (!set_name_ex(&nmflag, *(++argv))) goto bad;
                         }
+                else if (strcmp(*argv,"-reqopt") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
+                        }
                 else if (strcmp(*argv,"-subject") == 0)
                         subject=1;
                 else if (strcmp(*argv,"-text") == 0)
@@ -448,7 +453,8 @@ bad:
                 BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
                 BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
                 BIO_printf(bio_err," -utf8          input characters are UTF8 (default ASCII)\n");
-                BIO_printf(bio_err," -nameopt arg    - various certificate name options\n");
+                BIO_printf(bio_err," -nameopt arg   - various certificate name options\n");
+                BIO_printf(bio_err," -reqopt arg    - various request text options\n\n");
                 goto end;
                 }
 
@@ -622,7 +628,7 @@ bad:
 
         if (keyfile != NULL)
                 {
-                pkey = load_key(bio_err, keyfile, keyform, passin, e,
+                pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
                         "Private Key");
                 if (!pkey)
                         {
@@ -981,9 +987,9 @@ loop:
         if (text)
                 {
                 if (x509)
-                        X509_print(out,x509ss);
+                        X509_print_ex(out, x509ss, nmflag, reqflag);
                 else    
-                        X509_REQ_print(out,req);
+                        X509_REQ_print_ex(out, req, nmflag, reqflag);
                 }
 
         if(subject) 
diff --git a/src/lib/libssl/src/apps/rsa.c b/src/lib/libssl/src/apps/rsa.c
index 60a3381527..4e19bc16fb 100644
--- a/src/lib/libssl/src/apps/rsa.c
+++ b/src/lib/libssl/src/apps/rsa.c
@@ -238,12 +238,12 @@ bad:
                 if (pubin)
                         pkey = load_pubkey(bio_err, infile,
                                 (informat == FORMAT_NETSCAPE && sgckey ?
-                                        FORMAT_IISSGC : informat),
+                                        FORMAT_IISSGC : informat), 1,
                                 passin, e, "Public Key");
                 else
                         pkey = load_key(bio_err, infile,
                                 (informat == FORMAT_NETSCAPE && sgckey ?
-                                        FORMAT_IISSGC : informat),
+                                        FORMAT_IISSGC : informat), 1,
                                 passin, e, "Private Key");
 
                 if (pkey != NULL)
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c
index 9b02e6782e..36957e5b84 100644
--- a/src/lib/libssl/src/apps/rsautl.c
+++ b/src/lib/libssl/src/apps/rsautl.c
@@ -169,12 +169,12 @@ int MAIN(int argc, char **argv)
         
         switch(key_type) {
                 case KEY_PRIVKEY:
-                pkey = load_key(bio_err, keyfile, keyform,
+                pkey = load_key(bio_err, keyfile, keyform, 0,
                         NULL, e, "Private Key");
                 break;
 
                 case KEY_PUBKEY:
-                pkey = load_pubkey(bio_err, keyfile, keyform,
+                pkey = load_pubkey(bio_err, keyfile, keyform, 0,
                         NULL, e, "Public Key");
                 break;
 
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 497abf44ef..b03231f3ba 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -320,10 +320,10 @@ static char **local_argv;
 static int ebcdic_new(BIO *bi);
 static int ebcdic_free(BIO *a);
 static int ebcdic_read(BIO *b, char *out, int outl);
-static int ebcdic_write(BIO *b, char *in, int inl);
-static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
 static int ebcdic_gets(BIO *bp, char *buf, int size);
-static int ebcdic_puts(BIO *bp, char *str);
+static int ebcdic_puts(BIO *bp, const char *str);
 
 #define BIO_TYPE_EBCDIC_FILTER  (18|0x0200)
 static BIO_METHOD methods_ebcdic=
@@ -388,7 +388,7 @@ static int ebcdic_read(BIO *b, char *out, int outl)
         return(ret);
 }
 
-static int ebcdic_write(BIO *b, char *in, int inl)
+static int ebcdic_write(BIO *b, const char *in, int inl)
 {
         EBCDIC_OUTBUFF *wbuf;
         int ret=0;
@@ -421,7 +421,7 @@ static int ebcdic_write(BIO *b, char *in, int inl)
         return(ret);
 }
 
-static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
         long ret;
 
@@ -440,7 +440,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
 
 static int ebcdic_gets(BIO *bp, char *buf, int size)
 {
-        int i, ret;
+        int i, ret=0;
         if (bp->next_bio == NULL) return(0);
 /*      return(BIO_gets(bp->next_bio,buf,size));*/
         for (i=0; i<size-1; ++i)
@@ -459,7 +459,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size)
         return (ret < 0 && i == 0) ? ret : i;
 }
 
-static int ebcdic_puts(BIO *bp, char *str)
+static int ebcdic_puts(BIO *bp, const char *str)
 {
         if (bp->next_bio == NULL) return(0);
         return ebcdic_write(bp, str, strlen(str));
diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c
index 90fe026f56..ef0e477464 100644
--- a/src/lib/libssl/src/apps/smime.c
+++ b/src/lib/libssl/src/apps/smime.c
@@ -428,7 +428,7 @@ int MAIN(int argc, char **argv)
         } else keyfile = NULL;
 
         if(keyfile) {
-                key = load_key(bio_err, keyfile, keyform, passin, e,
+                key = load_key(bio_err, keyfile, keyform, 0, passin, e,
                                "signing key file");
                 if (!key) {
                         goto end;
diff --git a/src/lib/libssl/src/apps/spkac.c b/src/lib/libssl/src/apps/spkac.c
index 049a37963c..4ce53e36c9 100644
--- a/src/lib/libssl/src/apps/spkac.c
+++ b/src/lib/libssl/src/apps/spkac.c
@@ -186,7 +186,7 @@ bad:
         if(keyfile) {
                 pkey = load_key(bio_err,
                                 strcmp(keyfile, "-") ? keyfile : NULL,
-                                FORMAT_PEM, passin, e, "private key");
+                                FORMAT_PEM, 1, passin, e, "private key");
                 if(!pkey) {
                         goto end;
                 }
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index a797da0ffa..5a41c389ee 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -861,8 +861,8 @@ bad:
                                 if (Upkey == NULL)
                                         {
                                         Upkey=load_key(bio_err,
-                                                keyfile,keyformat, passin, e,
-                                                "Private key");
+                                                keyfile, keyformat, 0,
+                                                passin, e, "Private key");
                                         if (Upkey == NULL) goto end;
                                         }
 #ifndef OPENSSL_NO_DSA
@@ -880,8 +880,9 @@ bad:
                                 if (CAkeyfile != NULL)
                                         {
                                         CApkey=load_key(bio_err,
-                                                CAkeyfile,CAkeyformat, passin,
-                                                e, "CA Private Key");
+                                                CAkeyfile, CAkeyformat,
+                                                0, passin, e,
+                                                "CA Private Key");
                                         if (CApkey == NULL) goto end;
                                         }
 #ifndef OPENSSL_NO_DSA
@@ -908,8 +909,8 @@ bad:
                                 else
                                         {
                                         pk=load_key(bio_err,
-                                                keyfile,FORMAT_PEM, passin, e,
-                                                "request key");
+                                                keyfile, FORMAT_PEM, 0,
+                                                passin, e, "request key");
                                         if (pk == NULL) goto end;
                                         }
 
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config
index 972cdb70a3..3e9af7680a 100644
--- a/src/lib/libssl/src/config
+++ b/src/lib/libssl/src/config
@@ -393,6 +393,9 @@ exit 0
 GCCVER=`(gcc -dumpversion) 2>/dev/null`
 if [ "$GCCVER" != "" ]; then
   CC=gcc
+  # then strip off whatever prefix egcs prepends the number with...
+  # Hopefully, this will work for any future prefixes as well.
+  GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
   # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
   # does give us what we want though, so we use that.  We just just the
   # major and minor version numbers.
diff --git a/src/lib/libssl/src/crypto/Makefile.ssl b/src/lib/libssl/src/crypto/Makefile.ssl
index 2489b614c6..db8baf385e 100644
--- a/src/lib/libssl/src/crypto/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/Makefile.ssl
@@ -98,7 +98,7 @@ lib:	$(LIBOBJ)
 
 shared:
         if [ -n "$(SHARED_LIBS)" ]; then \
-                (cd ..; make $(SHARED_LIB)); \
+                (cd ..; $(MAKE) $(SHARED_LIB)); \
         fi
 
 libs:
diff --git a/src/lib/libssl/src/crypto/asn1/a_bitstr.c b/src/lib/libssl/src/crypto/asn1/a_bitstr.c
index ed0bdfbde1..e0265f69d2 100644
--- a/src/lib/libssl/src/crypto/asn1/a_bitstr.c
+++ b/src/lib/libssl/src/crypto/asn1/a_bitstr.c
@@ -120,6 +120,12 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
         unsigned char *p,*s;
         int i;
 
+        if (len < 1)
+                {
+                i=ASN1_R_STRING_TOO_SHORT;
+                goto err;
+                }
+
         if ((a == NULL) || ((*a) == NULL))
                 {
                 if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
diff --git a/src/lib/libssl/src/crypto/asn1/a_strex.c b/src/lib/libssl/src/crypto/asn1/a_strex.c
index 8dab29dca1..7ddb7662f1 100644
--- a/src/lib/libssl/src/crypto/asn1/a_strex.c
+++ b/src/lib/libssl/src/crypto/asn1/a_strex.c
@@ -544,7 +544,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
 {
         ASN1_STRING stmp, *str = &stmp;
         int mbflag, type, ret;
-        if(!*out || !in) return -1;
+        if(!in) return -1;
         type = in->type;
         if((type < 0) || (type > 30)) return -1;
         mbflag = tag2nbyte[type];
@@ -553,6 +553,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
         stmp.data = NULL;
         ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
         if(ret < 0) return ret;
-        if(out) *out = stmp.data;
+        *out = stmp.data;
         return stmp.length;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/t_req.c b/src/lib/libssl/src/crypto/asn1/t_req.c
index 848c29a2dd..739f272ecf 100644
--- a/src/lib/libssl/src/crypto/asn1/t_req.c
+++ b/src/lib/libssl/src/crypto/asn1/t_req.c
@@ -82,7 +82,7 @@ int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
         }
 #endif
 
-int X509_REQ_print(BIO *bp, X509_REQ *x)
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
         {
         unsigned long l;
         int i;
@@ -92,143 +92,185 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
         STACK_OF(X509_ATTRIBUTE) *sk;
         STACK_OF(X509_EXTENSION) *exts;
         char str[128];
+        char mlch = ' ';
+        int nmindent = 0;
+
+        if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+                mlch = '\n';
+                nmindent = 12;
+        }
+
+        if(nmflags == X509_FLAG_COMPAT)
+                nmindent = 16;
+
 
         ri=x->req_info;
-        sprintf(str,"Certificate Request:\n");
-        if (BIO_puts(bp,str) <= 0) goto err;
-        sprintf(str,"%4sData:\n","");
-        if (BIO_puts(bp,str) <= 0) goto err;
-
-        neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
-        l=0;
-        for (i=0; i<ri->version->length; i++)
-                { l<<=8; l+=ri->version->data[i]; }
-        sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
-        if (BIO_puts(bp,str) <= 0) goto err;
-        sprintf(str,"%8sSubject: ","");
-        if (BIO_puts(bp,str) <= 0) goto err;
-
-        X509_NAME_print(bp,ri->subject,16);
-        sprintf(str,"\n%8sSubject Public Key Info:\n","");
-        if (BIO_puts(bp,str) <= 0) goto err;
-        i=OBJ_obj2nid(ri->pubkey->algor->algorithm);
-        sprintf(str,"%12sPublic Key Algorithm: %s\n","",
-                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-        if (BIO_puts(bp,str) <= 0) goto err;
-
-        pkey=X509_REQ_get_pubkey(x);
-#ifndef OPENSSL_NO_RSA
-        if (pkey != NULL && pkey->type == EVP_PKEY_RSA)
+        if(!(cflag & X509_FLAG_NO_HEADER))
                 {
-                BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-                        BN_num_bits(pkey->pkey.rsa->n));
-                RSA_print(bp,pkey->pkey.rsa,16);
+                if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
+                if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
                 }
-        else 
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey != NULL && pkey->type == EVP_PKEY_DSA)
+        if(!(cflag & X509_FLAG_NO_VERSION))
                 {
-                BIO_printf(bp,"%12sDSA Public Key:\n","");
-                DSA_print(bp,pkey->pkey.dsa,16);
+                neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+                l=0;
+                for (i=0; i<ri->version->length; i++)
+                        { l<<=8; l+=ri->version->data[i]; }
+                sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
+                if (BIO_puts(bp,str) <= 0) goto err;
                 }
-        else
-#endif
-                BIO_printf(bp,"%12sUnknown Public Key:\n","");
+        if(!(cflag & X509_FLAG_NO_SUBJECT))
+                {
+                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_PUBKEY))
+                {
+                if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+                        goto err;
+                if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+                        goto err;
+                if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
+                        goto err;
+                if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
 
-        if (pkey != NULL)
-            EVP_PKEY_free(pkey);
+                pkey=X509_REQ_get_pubkey(x);
+                if (pkey == NULL)
+                        {
+                        BIO_printf(bp,"%12sUnable to load Public Key\n","");
+                        ERR_print_errors(bp);
+                        }
+                else
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+                        BN_num_bits(pkey->pkey.rsa->n));
+                        RSA_print(bp,pkey->pkey.rsa,16);
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                        {
+                        BIO_printf(bp,"%12sDSA Public Key:\n","");
+                        DSA_print(bp,pkey->pkey.dsa,16);
+                        }
+                else
+#endif
+                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
 
-        /* may not be */
-        sprintf(str,"%8sAttributes:\n","");
-        if (BIO_puts(bp,str) <= 0) goto err;
+                EVP_PKEY_free(pkey);
+                }
 
-        sk=x->req_info->attributes;
-        if (sk_X509_ATTRIBUTE_num(sk) == 0)
+        if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
                 {
-                sprintf(str,"%12sa0:00\n","");
+                /* may not be */
+                sprintf(str,"%8sAttributes:\n","");
                 if (BIO_puts(bp,str) <= 0) goto err;
-                }
-        else
-                {
-                for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+
+                sk=x->req_info->attributes;
+                if (sk_X509_ATTRIBUTE_num(sk) == 0)
                         {
-                        ASN1_TYPE *at;
-                        X509_ATTRIBUTE *a;
-                        ASN1_BIT_STRING *bs=NULL;
-                        ASN1_TYPE *t;
-                        int j,type=0,count=1,ii=0;
-
-                        a=sk_X509_ATTRIBUTE_value(sk,i);
-                        if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
-                                                                continue;
-                        sprintf(str,"%12s","");
+                        sprintf(str,"%12sa0:00\n","");
                         if (BIO_puts(bp,str) <= 0) goto err;
-                        if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
+                        }
+                else
                         {
-                        if (a->single)
+                        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
                                 {
-                                t=a->value.single;
-                                type=t->type;
-                                bs=t->value.bit_string;
-                                }
-                        else
+                                ASN1_TYPE *at;
+                                X509_ATTRIBUTE *a;
+                                ASN1_BIT_STRING *bs=NULL;
+                                ASN1_TYPE *t;
+                                int j,type=0,count=1,ii=0;
+
+                                a=sk_X509_ATTRIBUTE_value(sk,i);
+                                if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+                                                                        continue;
+                                sprintf(str,"%12s","");
+                                if (BIO_puts(bp,str) <= 0) goto err;
+                                if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
                                 {
-                                ii=0;
-                                count=sk_ASN1_TYPE_num(a->value.set);
+                                if (a->single)
+                                        {
+                                        t=a->value.single;
+                                        type=t->type;
+                                        bs=t->value.bit_string;
+                                        }
+                                else
+                                        {
+                                        ii=0;
+                                        count=sk_ASN1_TYPE_num(a->value.set);
 get_next:
-                                at=sk_ASN1_TYPE_value(a->value.set,ii);
-                                type=at->type;
-                                bs=at->value.asn1_string;
+                                        at=sk_ASN1_TYPE_value(a->value.set,ii);
+                                        type=at->type;
+                                        bs=at->value.asn1_string;
+                                        }
+                                }
+                                for (j=25-j; j>0; j--)
+                                        if (BIO_write(bp," ",1) != 1) goto err;
+                                if (BIO_puts(bp,":") <= 0) goto err;
+                                if (    (type == V_ASN1_PRINTABLESTRING) ||
+                                        (type == V_ASN1_T61STRING) ||
+                                        (type == V_ASN1_IA5STRING))
+                                        {
+                                        if (BIO_write(bp,(char *)bs->data,bs->length)
+                                                != bs->length)
+                                                goto err;
+                                        BIO_puts(bp,"\n");
+                                        }
+                                else
+                                        {
+                                        BIO_puts(bp,"unable to print attribute\n");
+                                        }
+                                if (++ii < count) goto get_next;
                                 }
                         }
-                        for (j=25-j; j>0; j--)
-                                if (BIO_write(bp," ",1) != 1) goto err;
-                        if (BIO_puts(bp,":") <= 0) goto err;
-                        if (    (type == V_ASN1_PRINTABLESTRING) ||
-                                (type == V_ASN1_T61STRING) ||
-                                (type == V_ASN1_IA5STRING))
+                }
+        if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
+                {
+                exts = X509_REQ_get_extensions(x);
+                if(exts)
+                        {
+                        BIO_printf(bp,"%8sRequested Extensions:\n","");
+                        for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
                                 {
-                                if (BIO_write(bp,(char *)bs->data,bs->length)
-                                        != bs->length)
+                                ASN1_OBJECT *obj;
+                                X509_EXTENSION *ex;
+                                int j;
+                                ex=sk_X509_EXTENSION_value(exts, i);
+                                if (BIO_printf(bp,"%12s","") <= 0) goto err;
+                                obj=X509_EXTENSION_get_object(ex);
+                                i2a_ASN1_OBJECT(bp,obj);
+                                j=X509_EXTENSION_get_critical(ex);
+                                if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
                                         goto err;
-                                BIO_puts(bp,"\n");
-                                }
-                        else
-                                {
-                                BIO_puts(bp,"unable to print attribute\n");
+                                if(!X509V3_EXT_print(bp, ex, 0, 16))
+                                        {
+                                        BIO_printf(bp, "%16s", "");
+                                        M_ASN1_OCTET_STRING_print(bp,ex->value);
+                                        }
+                                if (BIO_write(bp,"\n",1) <= 0) goto err;
                                 }
-                        if (++ii < count) goto get_next;
+                        sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
                         }
                 }
 
-        exts = X509_REQ_get_extensions(x);
-        if(exts) {
-                BIO_printf(bp,"%8sRequested Extensions:\n","");
-                for (i=0; i<sk_X509_EXTENSION_num(exts); i++) {
-                        ASN1_OBJECT *obj;
-                        X509_EXTENSION *ex;
-                        int j;
-                        ex=sk_X509_EXTENSION_value(exts, i);
-                        if (BIO_printf(bp,"%12s","") <= 0) goto err;
-                        obj=X509_EXTENSION_get_object(ex);
-                        i2a_ASN1_OBJECT(bp,obj);
-                        j=X509_EXTENSION_get_critical(ex);
-                        if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
-                                goto err;
-                        if(!X509V3_EXT_print(bp, ex, 0, 16)) {
-                                BIO_printf(bp, "%16s", "");
-                                M_ASN1_OCTET_STRING_print(bp,ex->value);
-                        }
-                        if (BIO_write(bp,"\n",1) <= 0) goto err;
+        if(!(cflag & X509_FLAG_NO_SIGDUMP))
+                {
+                if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
                 }
-                sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-        }
-
-        if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
 
         return(1);
 err:
         X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
         return(0);
         }
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+        {
+        return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+        }
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index 0fc1f421e2..f87c08793a 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -913,10 +913,10 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i
                         ctx->ptag = ptag;
                         ctx->hdrlen = p - q;
                         ctx->valid = 1;
-                        /* If definite length, length + header can't exceed total
-                         * amount of data available.
+                        /* If definite length, and no error, length +
+                         * header can't exceed total amount of data available. 
                          */
-                        if(!(i & 1) && ((plen + ctx->hdrlen) > len)) {
+                        if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
                                 ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
                                 asn1_tlc_clear(ctx);
                                 return 0;
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c
index 3ce1290772..80c9cb69db 100644
--- a/src/lib/libssl/src/crypto/bio/b_print.c
+++ b/src/lib/libssl/src/crypto/bio/b_print.c
@@ -109,7 +109,7 @@
  * o ...                                       (for OpenSSL)
  */
 
-#if HAVE_LONG_DOUBLE
+#ifdef HAVE_LONG_DOUBLE
 #define LDOUBLE long double
 #else
 #define LDOUBLE double
diff --git a/src/lib/libssl/src/crypto/bn/bn.h b/src/lib/libssl/src/crypto/bn/bn.h
index 1eaf879553..b40682f831 100644
--- a/src/lib/libssl/src/crypto/bn/bn.h
+++ b/src/lib/libssl/src/crypto/bn/bn.h
@@ -430,7 +430,7 @@ int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
 int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
         BN_MONT_CTX *mont, BN_CTX *ctx);
 void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
 BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
 
 BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
diff --git a/src/lib/libssl/src/crypto/crypto-lib.com b/src/lib/libssl/src/crypto/crypto-lib.com
index 4847a69a71..dfcff11860 100644
--- a/src/lib/libssl/src/crypto/crypto-lib.com
+++ b/src/lib/libssl/src/crypto/crypto-lib.com
@@ -231,7 +231,7 @@ $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
         "rand_vms"
 $ LIB_ERR = "err,err_all,err_prn"
 $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
-$ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ -
+$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
         "e_des,e_bf,e_idea,e_des3,"+ -
         "e_rc4,e_aes,names,"+ -
         "e_xcbc_d,e_rc2,e_cast,e_rc5"
@@ -265,14 +265,14 @@ $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
         "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
         "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ -
         "v3_ocsp,v3_akeya"
-$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall"
+$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
 $ LIB_TXT_DB = "txt_db"
 $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
         "pk7_mime"
 $ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
         "p12_init,p12_key,p12_kiss,p12_mutl,"+ -
         "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
-$ LIB_COMP = "comp_lib,"+ -
+$ LIB_COMP = "comp_lib,comp_err,"+ -
         "c_rle,c_zlib"
 $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
         "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err"
@@ -1325,7 +1325,7 @@ $   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
 $!
 $!  Show user the result
 $!
-$   WRITE SYS$OUTPUT "Main C Compiling Command: ",CC
+$   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
 $!
 $!  Else The User Entered An Invalid Arguement.
 $!
@@ -1356,7 +1356,7 @@ $ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE
 $!
 $!  Show user the result
 $!
-$   WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
+$   WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
 $!
 $! Time to check the contents, and to make sure we get the correct library.
 $!
diff --git a/src/lib/libssl/src/crypto/des/Makefile.ssl b/src/lib/libssl/src/crypto/des/Makefile.ssl
index ee5849d8fa..826ffcc58c 100644
--- a/src/lib/libssl/src/crypto/des/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/des/Makefile.ssl
@@ -207,7 +207,8 @@ ecb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h ecb_enc.c spr.h
+ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
+ecb_enc.o: spr.h
 ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
diff --git a/src/lib/libssl/src/crypto/des/des_ver.h b/src/lib/libssl/src/crypto/des/des_ver.h
index 0fa94d5368..ec9cc736e3 100644
--- a/src/lib/libssl/src/crypto/des/des_ver.h
+++ b/src/lib/libssl/src/crypto/des/des_ver.h
@@ -63,5 +63,5 @@
 # define OPENSSL_EXTERN OPENSSL_EXPORT
 #endif
 
-OPENSSL_EXTERN char *DES_version;       /* SSLeay version string */
-OPENSSL_EXTERN char *libdes_version;    /* old libdes version string */
+OPENSSL_EXTERN const char *DES_version; /* SSLeay version string */
+OPENSSL_EXTERN const char *libdes_version;      /* old libdes version string */
diff --git a/src/lib/libssl/src/crypto/des/ecb_enc.c b/src/lib/libssl/src/crypto/des/ecb_enc.c
index 4650f2fa0f..1b70f68806 100644
--- a/src/lib/libssl/src/crypto/des/ecb_enc.c
+++ b/src/lib/libssl/src/crypto/des/ecb_enc.c
@@ -57,6 +57,7 @@
  */
 
 #include "des_locl.h"
+#include "des_ver.h"
 #include "spr.h"
 #include <openssl/opensslv.h>
 
diff --git a/src/lib/libssl/src/crypto/des/set_key.c b/src/lib/libssl/src/crypto/des/set_key.c
index 683916e71b..143008ed9c 100644
--- a/src/lib/libssl/src/crypto/des/set_key.c
+++ b/src/lib/libssl/src/crypto/des/set_key.c
@@ -342,7 +342,7 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
         register DES_LONG *k;
         register int i;
 
-#if OPENBSD_DEV_CRYPTO
+#ifdef OPENBSD_DEV_CRYPTO
         memcpy(schedule->key,key,sizeof schedule->key);
         schedule->session=NULL;
 #endif
diff --git a/src/lib/libssl/src/crypto/engine/hw_4758_cca.c b/src/lib/libssl/src/crypto/engine/hw_4758_cca.c
index f404b1a3b8..6d41b9ed2a 100644
--- a/src/lib/libssl/src/crypto/engine/hw_4758_cca.c
+++ b/src/lib/libssl/src/crypto/engine/hw_4758_cca.c
@@ -953,7 +953,7 @@ static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
 #ifdef ENGINE_DYNAMIC_SUPPORT 
 static int bind_fn(ENGINE *e, const char *id)
         {
-        if(id && (strcmp(id, engine_cswift_id) != 0))
+        if(id && (strcmp(id, engine_4758_cca_id) != 0))
                 return 0;
         if(!bind_helper(e))
                 return 0;
diff --git a/src/lib/libssl/src/crypto/engine/hw_openbsd_dev_crypto.c b/src/lib/libssl/src/crypto/engine/hw_openbsd_dev_crypto.c
index f946389b8a..b8aab545db 100644
--- a/src/lib/libssl/src/crypto/engine/hw_openbsd_dev_crypto.c
+++ b/src/lib/libssl/src/crypto/engine/hw_openbsd_dev_crypto.c
@@ -408,7 +408,7 @@ static int do_digest(int ses,unsigned char *md,const void *data,int len)
     cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
     cryp.len=len;
     cryp.src=(caddr_t)data;
-    cryp.dst=(caddr_t)data; // FIXME!!!
+    cryp.dst=(caddr_t)data; /* FIXME!!! */
     cryp.mac=(caddr_t)md;
 
     if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
@@ -420,7 +420,7 @@ static int do_digest(int ses,unsigned char *md,const void *data,int len)
             dcopy=OPENSSL_malloc(len);
             memcpy(dcopy,data,len);
             cryp.src=dcopy;
-            cryp.dst=cryp.src; // FIXME!!!
+            cryp.dst=cryp.src; /* FIXME!!! */
 
             if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
                 {
@@ -437,7 +437,7 @@ static int do_digest(int ses,unsigned char *md,const void *data,int len)
             return 0;
             }
         }
-    //    printf("done\n");
+    /*    printf("done\n"); */
 
     return 1;
     }
@@ -483,7 +483,7 @@ static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
     const MD_DATA *from_md=from->md_data;
     MD_DATA *to_md=to->md_data;
 
-    // How do we copy sessions?
+    /* How do we copy sessions? */
     assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
 
     to_md->data=OPENSSL_malloc(from_md->len);
@@ -530,7 +530,7 @@ static const EVP_MD md5_md=
     NID_md5,
     NID_md5WithRSAEncryption,
     MD5_DIGEST_LENGTH,
-    EVP_MD_FLAG_ONESHOT,        // XXX: set according to device info...
+    EVP_MD_FLAG_ONESHOT,        /* XXX: set according to device info... */
     dev_crypto_md5_init,
     dev_crypto_md5_update,
     dev_crypto_md5_final,
diff --git a/src/lib/libssl/src/crypto/engine/hw_ubsec.c b/src/lib/libssl/src/crypto/engine/hw_ubsec.c
index 63397f868c..ed8401ec16 100644
--- a/src/lib/libssl/src/crypto/engine/hw_ubsec.c
+++ b/src/lib/libssl/src/crypto/engine/hw_ubsec.c
@@ -93,7 +93,7 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
 static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 #ifndef OPENSSL_NO_DSA
-#if NOT_USED
+#ifdef NOT_USED
 static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
                 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
@@ -113,7 +113,7 @@ static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh)
 static int ubsec_dh_generate_key(DH *dh);
 #endif
 
-#if NOT_USED
+#ifdef NOT_USED
 static int ubsec_rand_bytes(unsigned char *buf, int num);
 static int ubsec_rand_status(void);
 #endif
@@ -663,7 +663,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 }
 
 #ifndef OPENSSL_NO_DSA
-#if NOT_USED
+#ifdef NOT_USED
 static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
                 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
                 BN_CTX *ctx, BN_MONT_CTX *in_mont)
@@ -987,7 +987,7 @@ err:
         }
 #endif
 
-#if NOT_USED
+#ifdef NOT_USED
 static int ubsec_rand_bytes(unsigned char * buf,
                             int num)
         {
diff --git a/src/lib/libssl/src/crypto/evp/evp_locl.h b/src/lib/libssl/src/crypto/evp/evp_locl.h
index 7b088b4848..4d81a3bf4c 100644
--- a/src/lib/libssl/src/crypto/evp/evp_locl.h
+++ b/src/lib/libssl/src/crypto/evp/evp_locl.h
@@ -124,17 +124,17 @@ const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
 BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
                   iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
 
-#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, \
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
                              iv_len, cbits, flags, init_key, cleanup, \
                              set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, block_size, \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, 1, \
                   key_len, iv_len, flags, init_key, cleanup, set_asn1, \
                   get_asn1, ctrl)
 
-#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, \
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
                              iv_len, cbits, flags, init_key, cleanup, \
                              set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, block_size, \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
                   key_len, iv_len, flags, init_key, cleanup, set_asn1, \
                   get_asn1, ctrl)
 
@@ -149,9 +149,9 @@ BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
                           init_key, cleanup, set_asn1, get_asn1, ctrl) \
 BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
                      init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
                      flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
                      flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
 BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
                      init_key, cleanup, set_asn1, get_asn1, ctrl)
diff --git a/src/lib/libssl/src/crypto/krb5/Makefile.ssl b/src/lib/libssl/src/crypto/krb5/Makefile.ssl
index caf111be8d..7ad0cbb0bc 100644
--- a/src/lib/libssl/src/crypto/krb5/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/krb5/Makefile.ssl
@@ -45,13 +45,13 @@ lib:	$(LIBOBJ)
         @touch lib
 
 files:
-        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
-        $(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-        $(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-        $(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
         @for i in $(EXHEADER) ; \
diff --git a/src/lib/libssl/src/crypto/mem.c b/src/lib/libssl/src/crypto/mem.c
index effec714e8..a7826908e6 100644
--- a/src/lib/libssl/src/crypto/mem.c
+++ b/src/lib/libssl/src/crypto/mem.c
@@ -303,6 +303,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
         {
         void *ret = NULL;
 
+        if (str == NULL)
+                return CRYPTO_malloc(num, file, line);
+
         if (realloc_debug_func != NULL)
                 realloc_debug_func(str, NULL, num, file, line, 0);
         ret = realloc_ex_func(str,num,file,line);
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c
index 02c3719f04..ce779dc1b5 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.c
@@ -425,7 +425,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
         a2d_ASN1_OBJECT(p,i,s,-1);
         
         p=buf;
-        op=d2i_ASN1_OBJECT(NULL,&p,i);
+        op=d2i_ASN1_OBJECT(NULL,&p,j);
         OPENSSL_free(buf);
         return op;
         }
diff --git a/src/lib/libssl/src/crypto/ocsp/Makefile.ssl b/src/lib/libssl/src/crypto/ocsp/Makefile.ssl
index 44eacbbb13..2be98179ae 100644
--- a/src/lib/libssl/src/crypto/ocsp/Makefile.ssl
+++ b/src/lib/libssl/src/crypto/ocsp/Makefile.ssl
@@ -47,13 +47,13 @@ lib:	$(LIBOBJ)
         @touch lib
 
 files:
-        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
-        $(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-        $(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-        $(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
         @for i in $(EXHEADER) ; \
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c
index 18b751a91a..a8db6ffbf5 100644
--- a/src/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/src/lib/libssl/src/crypto/pem/pem_lib.c
@@ -366,8 +366,11 @@ err:
         memset(iv,0,sizeof(iv));
         memset((char *)&ctx,0,sizeof(ctx));
         memset(buf,0,PEM_BUFSIZE);
-        memset(data,0,(unsigned int)dsize);
-        OPENSSL_free(data);
+        if (data != NULL)
+                {
+                memset(data,0,(unsigned int)dsize);
+                OPENSSL_free(data);
+                }
         return(ret);
         }
 
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_asn.c b/src/lib/libssl/src/crypto/pkcs12/p12_asn.c
index c327bdba03..a3739fee1a 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_asn.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_asn.c
@@ -83,8 +83,8 @@ ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0)
 
 ASN1_ADB(PKCS12_BAGS) = {
         ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
-        ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
-        ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
+        ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
 } ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
 
 ASN1_SEQUENCE(PKCS12_BAGS) = {
@@ -98,7 +98,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_
 
 ASN1_ADB(PKCS12_SAFEBAG) = {
         ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
-        ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, X509_SIG, 0)),
+        ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
         ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
         ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
         ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
index c00ed6833a..985b07245c 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
@@ -74,6 +74,13 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
                 if (nid == NID_pkcs7_signed)
                         {
                         ret=p7->detached=(int)larg;
+                        if (ret && PKCS7_type_is_data(p7->d.sign->contents))
+                                        {
+                                        ASN1_OCTET_STRING *os;
+                                        os=p7->d.sign->contents->d.data;
+                                        ASN1_OCTET_STRING_free(os);
+                                        p7->d.sign->contents->d.data = NULL;
+                                        }
                         }
                 else
                         {
diff --git a/src/lib/libssl/src/crypto/ripemd/rmdtest.c b/src/lib/libssl/src/crypto/ripemd/rmdtest.c
index 19e9741db2..be1fb8b1f6 100644
--- a/src/lib/libssl/src/crypto/ripemd/rmdtest.c
+++ b/src/lib/libssl/src/crypto/ripemd/rmdtest.c
@@ -59,7 +59,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include <openssl/ripemd.h>
 
 #ifdef OPENSSL_NO_RIPEMD
 int main(int argc, char *argv[])
@@ -68,6 +67,7 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
+#include <openssl/ripemd.h>
 #include <openssl/evp.h>
 
 #ifdef CHARSET_EBCDIC
diff --git a/src/lib/libssl/src/crypto/x509/x509.h b/src/lib/libssl/src/crypto/x509/x509.h
index c75aa0c717..7095440d36 100644
--- a/src/lib/libssl/src/crypto/x509/x509.h
+++ b/src/lib/libssl/src/crypto/x509/x509.h
@@ -331,6 +331,7 @@ DECLARE_STACK_OF(X509_TRUST)
 #define X509_FLAG_NO_EXTENSIONS         (1L << 8)
 #define X509_FLAG_NO_SIGDUMP            (1L << 9)
 #define X509_FLAG_NO_AUX                (1L << 10)
+#define X509_FLAG_NO_ATTRIBUTES         (1L << 11)
 
 /* Flags specific to X509_NAME_print_ex() */    
 
@@ -1015,6 +1016,7 @@ int		X509_print(BIO *bp,X509 *x);
 int             X509_ocspid_print(BIO *bp,X509 *x);
 int             X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 int             X509_CRL_print(BIO *bp,X509_CRL *x);
+int             X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
 int             X509_REQ_print(BIO *bp,X509_REQ *req);
 #endif
 
diff --git a/src/lib/libssl/src/doc/crypto/DH_set_method.pod b/src/lib/libssl/src/doc/crypto/DH_set_method.pod
index d990bf8786..73261fc467 100644
--- a/src/lib/libssl/src/doc/crypto/DH_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/DH_set_method.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-DH_set_default_openssl_method, DH_get_default_openssl_method,
+DH_set_default_method, DH_get_default_method,
 DH_set_method, DH_new_method, DH_OpenSSL - select DH method
 
 =head1 SYNOPSIS
@@ -10,45 +10,47 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method
  #include <openssl/dh.h>
  #include <openssl/engine.h>
 
- void DH_set_default_openssl_method(DH_METHOD *meth);
+ void DH_set_default_method(const DH_METHOD *meth);
 
- DH_METHOD *DH_get_default_openssl_method(void);
+ const DH_METHOD *DH_get_default_method(void);
 
- int DH_set_method(DH *dh, ENGINE *engine);
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
 
  DH *DH_new_method(ENGINE *engine);
 
- DH_METHOD *DH_OpenSSL(void);
+ const DH_METHOD *DH_OpenSSL(void);
 
 =head1 DESCRIPTION
 
 A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
 operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-
-Initially, the default is to use the OpenSSL internal implementation.
-DH_OpenSSL() returns a pointer to that method.
-
-DH_set_default_openssl_method() makes B<meth> the default method for all DH
-structures created later. B<NB:> This is true only whilst the default engine
-for Diffie-Hellman operations remains as "openssl". ENGINEs provide an
-encapsulation for implementations of one or more algorithms, and all the DH
-functions mentioned here operate within the scope of the default
-"openssl" engine.
-
-DH_get_default_openssl_method() returns a pointer to the current default
-method for the "openssl" engine.
-
-DH_set_method() selects B<engine> as the engine that will be responsible for
-all operations using the structure B<dh>. If this function completes successfully,
-then the B<dh> structure will have its own functional reference of B<engine>, so
-the caller should remember to free their own reference to B<engine> when they are
-finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by
-ENGINE_get_DH() or ENGINE_set_DH().
-
-DH_new_method() allocates and initializes a DH structure so that
-B<engine> will be used for the DH operations. If B<engine> is NULL,
-the default engine for Diffie-Hellman opertaions is used.
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DH API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DH_METHOD is the OpenSSL internal implementation, as
+returned by DH_OpenSSL().
+
+DH_set_default_method() makes B<meth> the default method for all DH
+structures created later. B<NB>: This is true only whilst no ENGINE has been set
+as a default for DH, so this function is no longer recommended.
+
+DH_get_default_method() returns a pointer to the current default DH_METHOD.
+However, the meaningfulness of this result is dependant on whether the ENGINE
+API is being used, so this function is no longer recommended.
+
+DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
+This will replace the DH_METHOD used by the DH key and if the previous method
+was supplied by an ENGINE, the handle to that ENGINE will be released during the
+change. It is possible to have DH keys that only work with certain DH_METHOD
+implementations (eg. from an ENGINE module that supports embedded
+hardware-protected keys), and in such cases attempting to change the DH_METHOD
+for the key can have unexpected results.
+
+DH_new_method() allocates and initializes a DH structure so that B<engine> will
+be used for the DH operations. If B<engine> is NULL, the default ENGINE for DH
+operations is used, and if no default ENGINE is set, the DH_METHOD controlled by
+DH_set_default_method() is used.
 
 =head1 THE DH_METHOD STRUCTURE
 
@@ -82,17 +84,28 @@ the default engine for Diffie-Hellman opertaions is used.
 
 =head1 RETURN VALUES
 
-DH_OpenSSL() and DH_get_default_openssl_method() return pointers to the
-respective B<DH_METHOD>s.
+DH_OpenSSL() and DH_get_default_method() return pointers to the respective
+B<DH_METHOD>s.
+
+DH_set_default_method() returns no value.
+
+DH_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dh> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
 
-DH_set_default_openssl_method() returns no value.
+DH_new_method() returns NULL and sets an error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+returns a pointer to the newly allocated structure.
 
-DH_set_method() returns non-zero if the ENGINE associated with B<dh>
-was successfully changed to B<engine>.
+=head1 NOTES
 
-DH_new_method() returns NULL and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails.
-Otherwise it returns a pointer to the newly allocated structure.
+As of version 0.9.7, DH_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DH functionality using an ENGINE API function,
+that will override any DH defaults set using the DH API (ie.
+DH_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DH and other cryptographic
+algorithms.
 
 =head1 SEE ALSO
 
@@ -103,9 +116,14 @@ L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
 DH_set_default_method(), DH_get_default_method(), DH_set_method(),
 DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
 
-DH_set_default_openssl_method() and DH_get_default_openssl_method()
-replaced DH_set_default_method() and DH_get_default_method() respectively,
-and DH_set_method() and DH_new_method() were altered to use B<ENGINE>s
-rather than B<DH_METHOD>s during development of OpenSSL 0.9.6.
+DH_set_default_openssl_method() and DH_get_default_openssl_method() replaced
+DH_set_default_method() and DH_get_default_method() respectively, and
+DH_set_method() and DH_new_method() were altered to use B<ENGINE>s rather than
+B<DH_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DH API without
+requiring changing these function prototypes.
 
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod b/src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod
index 695f99a13b..7f6f0d1115 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod
@@ -8,7 +8,7 @@ DSA_dup_DH - create a DH structure out of DSA structure
 
  #include <openssl/dsa.h>
 
- DH * DSA_dup_DH(DSA *r);
+ DH * DSA_dup_DH(const DSA *r);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libssl/src/doc/crypto/DSA_new.pod b/src/lib/libssl/src/doc/crypto/DSA_new.pod
index 301af912dd..48e9b82a09 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_new.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_new.pod
@@ -14,7 +14,8 @@ DSA_new, DSA_free - allocate and free DSA objects
 
 =head1 DESCRIPTION
 
-DSA_new() allocates and initializes a B<DSA> structure.
+DSA_new() allocates and initializes a B<DSA> structure. It is equivalent to
+calling DSA_new_method(NULL).
 
 DSA_free() frees the B<DSA> structure and its components. The values are
 erased before the memory is returned to the system.
diff --git a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
index 36a1052d27..bc3cfb1f0a 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-DSA_set_default_openssl_method, DSA_get_default_openssl_method,
+DSA_set_default_method, DSA_get_default_method,
 DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
 
 =head1 SYNOPSIS
@@ -10,11 +10,11 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
  #include <openssl/dsa.h>
  #include <openssl/engine.h>
 
- void DSA_set_default_openssl_method(DSA_METHOD *meth);
+ void DSA_set_default_method(const DSA_METHOD *meth);
 
- DSA_METHOD *DSA_get_default_openssl_method(void);
+ const DSA_METHOD *DSA_get_default_method(void);
 
- int DSA_set_method(DSA *dsa, ENGINE *engine);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
 
  DSA *DSA_new_method(ENGINE *engine);
 
@@ -24,26 +24,35 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
 
 A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
 operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-
-Initially, the default is to use the OpenSSL internal implementation.
-DSA_OpenSSL() returns a pointer to that method.
-
-DSA_set_default_openssl_method() makes B<meth> the default method for
-all DSA structures created later. B<NB:> This is true only whilst the
-default engine for DSA operations remains as "openssl". ENGINEs
-provide an encapsulation for implementations of one or more algorithms at a
-time, and all the DSA functions mentioned here operate within the scope
-of the default "openssl" engine.
-
-DSA_get_default_openssl_method() returns a pointer to the current default
-method for the "openssl" engine.
-
-DSA_set_method() selects B<engine> for all operations using the structure B<dsa>.
-
-DSA_new_method() allocates and initializes a DSA structure so that
-B<engine> will be used for the DSA operations. If B<engine> is NULL,
-the default engine for DSA operations is used.
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DSA API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DSA_METHOD is the OpenSSL internal implementation,
+as returned by DSA_OpenSSL().
+
+DSA_set_default_method() makes B<meth> the default method for all DSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for DSA, so this function is no longer recommended.
+
+DSA_get_default_method() returns a pointer to the current default
+DSA_METHOD. However, the meaningfulness of this result is dependant on
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
+
+DSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have DSA keys that only
+work with certain DSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the DSA_METHOD for the key can have unexpected
+results.
+
+DSA_new_method() allocates and initializes a DSA structure so that B<engine>
+will be used for the DSA operations. If B<engine> is NULL, the default engine
+for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
+controlled by DSA_set_default_method() is used.
 
 =head1 THE DSA_METHOD STRUCTURE
 
@@ -89,18 +98,29 @@ struct
 
 =head1 RETURN VALUES
 
-DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the
-respective B<DSA_METHOD>s.
+DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
+B<DSA_METHOD>s.
 
-DSA_set_default_openssl_method() returns no value.
+DSA_set_default_method() returns no value.
 
-DSA_set_method() returns non-zero if the ENGINE associated with B<dsa>
-was successfully changed to B<engine>.
+DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dsa> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
 
 DSA_new_method() returns NULL and sets an error code that can be
 obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
 fails. Otherwise it returns a pointer to the newly allocated structure.
 
+=head1 NOTES
+
+As of version 0.9.7, DSA_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DSA functionality using an ENGINE API function,
+that will override any DSA defaults set using the DSA API (ie.
+DSA_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DSA and other cryptographic
+algorithms.
+
 =head1 SEE ALSO
 
 L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
@@ -110,9 +130,14 @@ L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
 DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
 DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
 
-DSA_set_default_openssl_method() and DSA_get_default_openssl_method()
-replaced DSA_set_default_method() and DSA_get_default_method() respectively,
-and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s
-rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6.
+DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced
+DSA_set_default_method() and DSA_get_default_method() respectively, and
+DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than
+B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DSA API without
+requiring changing these function prototypes.
 
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/DSA_size.pod b/src/lib/libssl/src/doc/crypto/DSA_size.pod
index 23b6320a4d..ba4f650361 100644
--- a/src/lib/libssl/src/doc/crypto/DSA_size.pod
+++ b/src/lib/libssl/src/doc/crypto/DSA_size.pod
@@ -8,7 +8,7 @@ DSA_size - get DSA signature size
 
  #include <openssl/dsa.h>
 
- int DSA_size(DSA *dsa);
+ int DSA_size(const DSA *dsa);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
index 0451eb648a..25ef07f7c7 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod
@@ -73,4 +73,6 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>
 
 =head1 HISTORY
 
+EVP_SealFinal() did not return a value before OpenSSL 0.9.7.
+
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
index 464eba416d..c9bb6d9f27 100644
--- a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
+++ b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod
@@ -8,22 +8,30 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
 
  #include <openssl/rand.h>
 
- void RAND_set_rand_method(RAND_METHOD *meth);
+ void RAND_set_rand_method(const RAND_METHOD *meth);
 
- RAND_METHOD *RAND_get_rand_method(void);
+ const RAND_METHOD *RAND_get_rand_method(void);
 
  RAND_METHOD *RAND_SSLeay(void);
 
 =head1 DESCRIPTION
 
-A B<RAND_METHOD> specifies the functions that OpenSSL uses for random
-number generation. By modifying the method, alternative
-implementations such as hardware RNGs may be used.  Initially, the
-default is to use the OpenSSL internal implementation. RAND_SSLeay()
-returns a pointer to that method.
+A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
+generation. By modifying the method, alternative implementations such as
+hardware RNGs may be used. IMPORTANT: See the NOTES section for important
+information about how these RAND API functions are affected by the use of
+B<ENGINE> API calls.
 
-RAND_set_rand_method() sets the RAND method to B<meth>.
-RAND_get_rand_method() returns a pointer to the current method.
+Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
+returned by RAND_SSLeay().
+
+RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
+true only whilst no ENGINE has been set as a default for RAND, so this function
+is no longer recommended.
+
+RAND_get_default_method() returns a pointer to the current RAND_METHOD.
+However, the meaningfulness of this result is dependant on whether the ENGINE
+API is being used, so this function is no longer recommended.
 
 =head1 THE RAND_METHOD STRUCTURE
 
@@ -47,13 +55,29 @@ Each component may be NULL if the function is not implemented.
 RAND_set_rand_method() returns no value. RAND_get_rand_method() and
 RAND_SSLeay() return pointers to the respective methods.
 
+=head1 NOTES
+
+As of version 0.9.7, RAND_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for RAND functionality using an ENGINE API function,
+that will override any RAND defaults set using the RAND API (ie.
+RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in RAND and other cryptographic
+algorithms.
+
 =head1 SEE ALSO
 
-L<rand(3)|rand(3)>
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
 
 =head1 HISTORY
 
 RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
 available in all versions of OpenSSL.
 
+In the engine version of version 0.9.6, RAND_set_rand_method() was altered to
+take an ENGINE pointer as its argument. As of version 0.9.7, that has been
+reverted as the ENGINE API transparently overrides RAND defaults if used,
+otherwise RAND API functions work as before. RAND_set_rand_engine() was also
+introduced in version 0.9.7.
+
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/RSA_new.pod b/src/lib/libssl/src/doc/crypto/RSA_new.pod
index 299047f31f..3d15b92824 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_new.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_new.pod
@@ -14,7 +14,8 @@ RSA_new, RSA_free - allocate and free RSA objects
 
 =head1 DESCRIPTION
 
-RSA_new() allocates and initializes an B<RSA> structure.
+RSA_new() allocates and initializes an B<RSA> structure. It is equivalent to
+calling RSA_new_method(NULL).
 
 RSA_free() frees the B<RSA> structure and its components. The key is
 erased before the memory is returned to the system.
@@ -30,7 +31,8 @@ RSA_free() returns no value.
 =head1 SEE ALSO
 
 L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_generate_key(3)|RSA_generate_key(3)>
+L<RSA_generate_key(3)|RSA_generate_key(3)>,
+L<RSA_new_method(3)|RSA_new_method(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
index 14917dd35f..0687c2242a 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod
@@ -11,52 +11,64 @@ RSA_null_method, RSA_flags, RSA_new_method - select RSA method
  #include <openssl/rsa.h>
  #include <openssl/engine.h>
 
- void RSA_set_default_openssl_method(RSA_METHOD *meth);
+ void RSA_set_default_method(const RSA_METHOD *meth);
 
- RSA_METHOD *RSA_get_default_openssl_method(void);
+ RSA_METHOD *RSA_get_default_method(void);
 
- int RSA_set_method(RSA *rsa, ENGINE *engine);
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
 
- RSA_METHOD *RSA_get_method(RSA *rsa);
+ RSA_METHOD *RSA_get_method(const RSA *rsa);
 
  RSA_METHOD *RSA_PKCS1_SSLeay(void);
 
  RSA_METHOD *RSA_null_method(void);
 
- int RSA_flags(RSA *rsa);
+ int RSA_flags(const RSA *rsa);
 
  RSA *RSA_new_method(ENGINE *engine);
 
 =head1 DESCRIPTION
 
 An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
-operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-
-Initially, the default is to use the OpenSSL internal implementation.
-RSA_PKCS1_SSLeay() returns a pointer to that method.
-
-RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA>
-structures created later. B<NB:> This is true only whilst the default engine
-for RSA operations remains as "openssl". ENGINEs provide an
-encapsulation for implementations of one or more algorithms at a time, and all
-the RSA functions mentioned here operate within the scope of the default
-"openssl" engine.
-
-RSA_get_default_openssl_method() returns a pointer to the current default
-method for the "openssl" engine.
-
-RSA_set_method() selects B<engine> for all operations using the key
-B<rsa>.
-
-RSA_get_method() returns a pointer to the RSA_METHOD from the currently
-selected ENGINE for B<rsa>.
-
-RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
+operations. By modifying the method, alternative implementations such as
+hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these RSA API functions are affected by the
+use of B<ENGINE> API calls.
+
+Initially, the default RSA_METHOD is the OpenSSL internal implementation,
+as returned by RSA_PKCS1_SSLeay().
+
+RSA_set_default_method() makes B<meth> the default method for all RSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for RSA, so this function is no longer recommended.
+
+RSA_get_default_method() returns a pointer to the current default
+RSA_METHOD. However, the meaningfulness of this result is dependant on
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
+
+RSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have RSA keys that only
+work with certain RSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the RSA_METHOD for the key can have unexpected
+results.
+
+RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>.
+This method may or may not be supplied by an ENGINE implementation, but if
+it is, the return value can only be guaranteed to be valid as long as the
+RSA key itself is valid and does not have its implementation changed by
+RSA_set_method().
+
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current
+RSA_METHOD. See the BUGS section.
 
 RSA_new_method() allocates and initializes an RSA structure so that
-B<engine> will be used for the RSA operations. If B<engine> is NULL,
-the default engine for RSA operations is used.
+B<engine> will be used for the RSA operations. If B<engine> is NULL, the
+default ENGINE for RSA operations is used, and if no default ENGINE is set,
+the RSA_METHOD controlled by RSA_set_default_method() is used.
 
 =head1 THE RSA_METHOD STRUCTURE
 
@@ -121,22 +133,45 @@ the default engine for RSA operations is used.
 
 =head1 RETURN VALUES
 
-RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_openssl_method()
+RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_method()
 and RSA_get_method() return pointers to the respective RSA_METHODs.
 
-RSA_set_default_openssl_method() returns no value.
+RSA_set_default_method() returns no value.
 
-RSA_set_method() selects B<engine> as the engine that will be responsible for
-all operations using the structure B<rsa>. If this function completes successfully,
-then the B<rsa> structure will have its own functional reference of B<engine>, so
-the caller should remember to free their own reference to B<engine> when they are
-finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by
-ENGINE_get_RSA() or ENGINE_set_RSA().
+RSA_set_method() returns a pointer to the old RSA_METHOD implementation
+that was replaced. However, this return value should probably be ignored
+because if it was supplied by an ENGINE, the pointer could be invalidated
+at any time if the ENGINE is unloaded (in fact it could be unloaded as a
+result of the RSA_set_method() function releasing its handle to the
+ENGINE). For this reason, the return type may be replaced with a B<void>
+declaration in a future release.
 
-RSA_new_method() returns NULL and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
+RSA_new_method() returns NULL and sets an error code that can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
 it returns a pointer to the newly allocated structure.
 
+=head1 NOTES
+
+As of version 0.9.7, RSA_METHOD implementations are grouped together with
+other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B<ENGINE>
+modules. If a default ENGINE is specified for RSA functionality using an
+ENGINE API function, that will override any RSA defaults set using the RSA
+API (ie.  RSA_set_default_method()). For this reason, the ENGINE API is the
+recommended way to control default implementations for use in RSA and other
+cryptographic algorithms.
+
+=head1 BUGS
+
+The behaviour of RSA_flags() is a mis-feature that is left as-is for now
+to avoid creating compatibility problems. RSA functionality, such as the
+encryption functions, are controlled by the B<flags> value in the RSA key
+itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key
+(which is what this function returns). If the flags element of an RSA key
+is changed, the changes will be honoured by RSA functionality but will not
+be reflected in the return value of the RSA_flags() function - in effect
+RSA_flags() behaves more like an RSA_default_flags() function (which does
+not currently exist).
+
 =head1 SEE ALSO
 
 L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)>
@@ -149,8 +184,14 @@ well as the rsa_sign and rsa_verify components of RSA_METHOD were
 added in OpenSSL 0.9.4.
 
 RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
-replaced RSA_set_default_method() and RSA_get_default_method() respectively,
-and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s
-rather than B<RSA_METHOD>s during development of OpenSSL 0.9.6.
+replaced RSA_set_default_method() and RSA_get_default_method()
+respectively, and RSA_set_method() and RSA_new_method() were altered to use
+B<ENGINE>s rather than B<RSA_METHOD>s during development of the engine
+version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE
+API was restructured so that this change was reversed, and behaviour of the
+other functions resembled more closely the previous behaviour. The
+behaviour of defaults in the ENGINE API now transparently overrides the
+behaviour of defaults in the RSA API without requiring changing these
+function prototypes.
 
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/RSA_size.pod b/src/lib/libssl/src/doc/crypto/RSA_size.pod
index b36b4d58d5..5b7f835f95 100644
--- a/src/lib/libssl/src/doc/crypto/RSA_size.pod
+++ b/src/lib/libssl/src/doc/crypto/RSA_size.pod
@@ -8,7 +8,7 @@ RSA_size - get RSA modulus size
 
  #include <openssl/rsa.h>
 
- int RSA_size(RSA *rsa);
+ int RSA_size(const RSA *rsa);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libssl/src/doc/crypto/dh.pod b/src/lib/libssl/src/doc/crypto/dh.pod
index b4be4be405..c3ccd06207 100644
--- a/src/lib/libssl/src/doc/crypto/dh.pod
+++ b/src/lib/libssl/src/doc/crypto/dh.pod
@@ -12,20 +12,20 @@ dh - Diffie-Hellman key agreement
  DH *   DH_new(void);
  void   DH_free(DH *dh);
 
- int    DH_size(DH *dh);
+ int    DH_size(const DH *dh);
 
  DH *   DH_generate_parameters(int prime_len, int generator,
                 void (*callback)(int, int, void *), void *cb_arg);
- int    DH_check(DH *dh, int *codes);
+ int    DH_check(const DH *dh, int *codes);
 
  int    DH_generate_key(DH *dh);
  int    DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
 
- void DH_set_default_openssl_method(DH_METHOD *meth);
- DH_METHOD *DH_get_default_openssl_method(void);
- int DH_set_method(DH *dh, ENGINE *engine);
+ void DH_set_default_method(const DH_METHOD *meth);
+ const DH_METHOD *DH_get_default_method(void);
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
  DH *DH_new_method(ENGINE *engine);
- DH_METHOD *DH_OpenSSL(void);
+ const DH_METHOD *DH_OpenSSL(void);
 
  int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
              int (*dup_func)(), void (*free_func)());
@@ -33,10 +33,10 @@ dh - Diffie-Hellman key agreement
  char *DH_get_ex_data(DH *d, int idx);
 
  DH *   d2i_DHparams(DH **a, unsigned char **pp, long length);
- int    i2d_DHparams(DH *a, unsigned char **pp);
+ int    i2d_DHparams(const DH *a, unsigned char **pp);
 
- int    DHparams_print_fp(FILE *fp, DH *x);
- int    DHparams_print(BIO *bp, DH *x);
+ int    DHparams_print_fp(FILE *fp, const DH *x);
+ int    DHparams_print(BIO *bp, const DH *x);
 
 =head1 DESCRIPTION
 
@@ -57,11 +57,20 @@ The B<DH> structure consists of several BIGNUM components.
         };
  DH
 
+Note that DH keys may use non-standard B<DH_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DH
+structure elements directly and instead use API functions to query or
+modify keys.
+
 =head1 SEE ALSO
 
 L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<DH_set_method(3)|DH_set_method(3)>,
-L<DH_new(3)|DH_new(3)>, L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>,
+L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
+L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
 L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
 L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
 L<RSA_print(3)|RSA_print(3)> 
diff --git a/src/lib/libssl/src/doc/crypto/dsa.pod b/src/lib/libssl/src/doc/crypto/dsa.pod
index 573500204b..ae2e5d81f9 100644
--- a/src/lib/libssl/src/doc/crypto/dsa.pod
+++ b/src/lib/libssl/src/doc/crypto/dsa.pod
@@ -12,13 +12,13 @@ dsa - Digital Signature Algorithm
  DSA *  DSA_new(void);
  void   DSA_free(DSA *dsa);
 
- int    DSA_size(DSA *dsa);
+ int    DSA_size(const DSA *dsa);
 
  DSA *  DSA_generate_parameters(int bits, unsigned char *seed,
                 int seed_len, int *counter_ret, unsigned long *h_ret,
                 void (*callback)(int, int, void *), void *cb_arg);
 
- DH *   DSA_dup_DH(DSA *r);
+ DH *   DSA_dup_DH(const DSA *r);
 
  int    DSA_generate_key(DSA *dsa);
 
@@ -27,13 +27,13 @@ dsa - Digital Signature Algorithm
  int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
                 BIGNUM **rp);
  int    DSA_verify(int dummy, const unsigned char *dgst, int len,
-                unsigned char *sigbuf, int siglen, DSA *dsa);
+                const unsigned char *sigbuf, int siglen, DSA *dsa);
 
- void DSA_set_default_openssl_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_openssl_method(void);
- int DSA_set_method(DSA *dsa, ENGINE *engine);
+ void DSA_set_default_method(const DSA_METHOD *meth);
+ const DSA_METHOD *DSA_get_default_method(void);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
  DSA *DSA_new_method(ENGINE *engine);
- DSA_METHOD *DSA_OpenSSL(void);
+ const DSA_METHOD *DSA_OpenSSL(void);
 
  int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
              int (*dup_func)(), void (*free_func)());
@@ -42,7 +42,7 @@ dsa - Digital Signature Algorithm
 
  DSA_SIG *DSA_SIG_new(void);
  void   DSA_SIG_free(DSA_SIG *a);
- int    i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp);
+ int    i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
  DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
 
  DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
@@ -52,14 +52,14 @@ dsa - Digital Signature Algorithm
  DSA *  d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
  DSA *  d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
  DSA *  d2i_DSAparams(DSA **a, unsigned char **pp, long length);
- int    i2d_DSAPublicKey(DSA *a, unsigned char **pp);
- int    i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
- int    i2d_DSAparams(DSA *a,unsigned char **pp);
+ int    i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+ int    i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+ int    i2d_DSAparams(const DSA *a,unsigned char **pp);
 
- int    DSAparams_print(BIO *bp, DSA *x);
- int    DSAparams_print_fp(FILE *fp, DSA *x);
- int    DSA_print(BIO *bp, DSA *x, int off);
- int    DSA_print_fp(FILE *bp, DSA *x, int off);
+ int    DSAparams_print(BIO *bp, const DSA *x);
+ int    DSAparams_print_fp(FILE *fp, const DSA *x);
+ int    DSA_print(BIO *bp, const DSA *x, int off);
+ int    DSA_print_fp(FILE *bp, const DSA *x, int off);
 
 =head1 DESCRIPTION
 
@@ -85,6 +85,14 @@ The B<DSA> structure consists of several BIGNUM components.
 
 In public keys, B<priv_key> is NULL.
 
+Note that DSA keys may use non-standard B<DSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DSA
+structure elements directly and instead use API functions to query or
+modify keys.
+
 =head1 CONFORMING TO
 
 US Federal Information Processing Standard FIPS 186 (Digital Signature
diff --git a/src/lib/libssl/src/doc/crypto/evp.pod b/src/lib/libssl/src/doc/crypto/evp.pod
index edf47dbde6..b3ca14314f 100644
--- a/src/lib/libssl/src/doc/crypto/evp.pod
+++ b/src/lib/libssl/src/doc/crypto/evp.pod
@@ -24,6 +24,13 @@ functions.  The B<EVP_Digest>I<...> functions provide message digests.
 
 Algorithms are loaded with OpenSSL_add_all_algorithms(3).
 
+All the symmetric algorithms (ciphers) and digests can be replaced by ENGINE
+modules providing alternative implementations. If ENGINE implementations of
+ciphers or digests are registered as defaults, then the various EVP functions
+will automatically use those implementations automatically in preference to
+built in software implementations. For more information, consult the engine(3)
+man page.
+
 =head1 SEE ALSO
 
 L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
@@ -32,6 +39,7 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
 L<EVP_SealInit(3)|EVP_SealInit(3)>,
 L<EVP_SignInit(3)|EVP_SignInit(3)>,
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>
+L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
+L<engine(3)|engine(3)>
 
 =cut
diff --git a/src/lib/libssl/src/doc/crypto/rand.pod b/src/lib/libssl/src/doc/crypto/rand.pod
index 96901f109e..1c068c85b3 100644
--- a/src/lib/libssl/src/doc/crypto/rand.pod
+++ b/src/lib/libssl/src/doc/crypto/rand.pod
@@ -8,13 +8,14 @@ rand - pseudo-random number generator
 
  #include <openssl/rand.h>
 
+ int  RAND_set_rand_engine(ENGINE *engine);
+
  int  RAND_bytes(unsigned char *buf, int num);
  int  RAND_pseudo_bytes(unsigned char *buf, int num);
 
  void RAND_seed(const void *buf, int num);
  void RAND_add(const void *buf, int num, int entropy);
  int  RAND_status(void);
- void RAND_screen(void);
 
  int  RAND_load_file(const char *file, long max_bytes);
  int  RAND_write_file(const char *file);
@@ -22,14 +23,31 @@ rand - pseudo-random number generator
 
  int  RAND_egd(const char *path);
 
- void RAND_set_rand_method(RAND_METHOD *meth);
- RAND_METHOD *RAND_get_rand_method(void);
+ void RAND_set_rand_method(const RAND_METHOD *meth);
+ const RAND_METHOD *RAND_get_rand_method(void);
  RAND_METHOD *RAND_SSLeay(void);
 
  void RAND_cleanup(void);
 
+ /* For Win32 only */
+ void RAND_screen(void);
+ int RAND_event(UINT, WPARAM, LPARAM);
+
 =head1 DESCRIPTION
 
+Since the introduction of the ENGINE API, the recommended way of controlling
+default implementations is by using the ENGINE API functions. The default
+B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
+RAND_get_rand_method(), is only used if no ENGINE has been set as the default
+"rand" implementation. Hence, these two functions are no longer the recommened
+way to control defaults.
+
+If an alternative B<RAND_METHOD> implementation is being used (either set
+directly or as provided by an ENGINE module), then it is entirely responsible
+for the generation and management of a cryptographically secure PRNG stream. The
+mechanisms described below relate solely to the software PRNG implementation
+built in to OpenSSL and used by default.
+
 These functions implement a cryptographically secure pseudo-random
 number generator (PRNG). It is used by other library functions for
 example to generate random keys, and applications can use it when they
diff --git a/src/lib/libssl/src/doc/crypto/rsa.pod b/src/lib/libssl/src/doc/crypto/rsa.pod
index 2b93a12b65..45ac53ffc1 100644
--- a/src/lib/libssl/src/doc/crypto/rsa.pod
+++ b/src/lib/libssl/src/doc/crypto/rsa.pod
@@ -16,13 +16,17 @@ rsa - RSA public key cryptosystem
     unsigned char *to, RSA *rsa, int padding);
  int RSA_private_decrypt(int flen, unsigned char *from,
     unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa,int padding);
+ int RSA_public_decrypt(int flen, unsigned char *from, 
+    unsigned char *to, RSA *rsa,int padding);
 
  int RSA_sign(int type, unsigned char *m, unsigned int m_len,
     unsigned char *sigret, unsigned int *siglen, RSA *rsa);
  int RSA_verify(int type, unsigned char *m, unsigned int m_len,
     unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 
- int RSA_size(RSA *rsa);
+ int RSA_size(const RSA *rsa);
 
  RSA *RSA_generate_key(int num, unsigned long e,
     void (*callback)(int,int,void *), void *cb_arg);
@@ -32,13 +36,13 @@ rsa - RSA public key cryptosystem
  int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
  void RSA_blinding_off(RSA *rsa);
 
- void RSA_set_default_openssl_method(RSA_METHOD *meth);
- RSA_METHOD *RSA_get_default_openssl_method(void);
- int RSA_set_method(RSA *rsa, ENGINE *engine);
- RSA_METHOD *RSA_get_method(RSA *rsa);
+ void RSA_set_default_method(const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_default_method(void);
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_method(const RSA *rsa);
  RSA_METHOD *RSA_PKCS1_SSLeay(void);
  RSA_METHOD *RSA_null_method(void);
- int RSA_flags(RSA *rsa);
+ int RSA_flags(const RSA *rsa);
  RSA *RSA_new_method(ENGINE *engine);
 
  int RSA_print(BIO *bp, RSA *x, int offset);
@@ -49,11 +53,6 @@ rsa - RSA public key cryptosystem
  int RSA_set_ex_data(RSA *r,int idx,char *arg);
  char *RSA_get_ex_data(RSA *r, int idx);
 
- int RSA_private_encrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa,int padding);
- int RSA_public_decrypt(int flen, unsigned char *from, 
-    unsigned char *to, RSA *rsa,int padding);
-
  int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
     unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
     RSA *rsa);
@@ -90,6 +89,14 @@ B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
 keys, but the RSA operations are much faster when these values are
 available.
 
+Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using RSA
+structure elements directly and instead use API functions to query or
+modify keys.
+
 =head1 CONFORMING TO
 
 SSL, PKCS #1 v2.0
@@ -101,7 +108,7 @@ RSA was covered by a US patent which expired in September 2000.
 =head1 SEE ALSO
 
 L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
-L<rand(3)|rand(3)>, L<RSA_new(3)|RSA_new(3)>,
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>,
 L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
 L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
 L<RSA_generate_key(3)|RSA_generate_key(3)>,
diff --git a/src/lib/libssl/src/doc/openssl.txt b/src/lib/libssl/src/doc/openssl.txt
index 5da519e7e4..432a17b66c 100644
--- a/src/lib/libssl/src/doc/openssl.txt
+++ b/src/lib/libssl/src/doc/openssl.txt
@@ -344,7 +344,7 @@ the extension.
 
 Examples:
 
-subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
+subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
 subjectAltName=email:my@other.address,RID:1.2.3.4
 
 Issuer Alternative Name.
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod
index a423932d0a..0015e6ea79 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod
@@ -69,6 +69,8 @@ The B<SSL> object that received or sent the message.
 The user-defined argument optionally defined by
 SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().
 
+=back
+
 =head1 NOTES
 
 Protocol messages are passed to the callback function after decryption
diff --git a/src/lib/libssl/src/ssl/Makefile.ssl b/src/lib/libssl/src/ssl/Makefile.ssl
index 3f6288696c..23fcab1a3a 100644
--- a/src/lib/libssl/src/ssl/Makefile.ssl
+++ b/src/lib/libssl/src/ssl/Makefile.ssl
@@ -65,7 +65,7 @@ lib:	$(LIBOBJ)
 
 shared:
         if [ -n "$(SHARED_LIBS)" ]; then \
-                (cd ..; make $(SHARED_LIB)); \
+                (cd ..; $(MAKE) $(SHARED_LIB)); \
         fi
 
 files:
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index a5beeb732e..b4ee0bfc31 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -535,7 +535,12 @@ static int get_server_hello(SSL *s)
                 }
                 
         s->s2->conn_id_length=s->s2->tmp.conn_id_length;
-        die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+        if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+                {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
+                return -1;
+                }
         memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
         return(1);
         }
@@ -637,7 +642,12 @@ static int client_master_key(SSL *s)
                 /* make key_arg data */
                 i=EVP_CIPHER_iv_length(c);
                 sess->key_arg_length=i;
-                die(i <= SSL_MAX_KEY_ARG_LENGTH);
+                if (i > SSL_MAX_KEY_ARG_LENGTH)
+                        {
+                        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                        SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+                        return -1;
+                        }
                 if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
 
                 /* make a master key */
@@ -645,7 +655,12 @@ static int client_master_key(SSL *s)
                 sess->master_key_length=i;
                 if (i > 0)
                         {
-                        die(i <= sizeof sess->master_key);
+                        if (i > sizeof sess->master_key)
+                                {
+                                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                                SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+                                return -1;
+                                }
                         if (RAND_bytes(sess->master_key,i) <= 0)
                                 {
                                 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -689,7 +704,12 @@ static int client_master_key(SSL *s)
                 d+=enc;
                 karg=sess->key_arg_length;      
                 s2n(karg,p); /* key arg size */
-                die(karg <= sizeof sess->key_arg);
+                if (karg > sizeof sess->key_arg)
+                        {
+                        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                        SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+                        return -1;
+                        }
                 memcpy(d,sess->key_arg,(unsigned int)karg);
                 d+=karg;
 
@@ -710,7 +730,11 @@ static int client_finished(SSL *s)
                 {
                 p=(unsigned char *)s->init_buf->data;
                 *(p++)=SSL2_MT_CLIENT_FINISHED;
-                die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+                if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+                        {
+                        SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
+                        return -1;
+                        }
                 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
 
                 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -983,10 +1007,9 @@ static int get_server_finished(SSL *s)
                 {
                 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
                         {
-                        die(s->session->session_id_length
-                            <= sizeof s->session->session_id);
-                        if (memcmp(buf,s->session->session_id,
-                                (unsigned int)s->session->session_id_length) != 0)
+                        if ((s->session->session_id_length > sizeof s->session->session_id)
+                            || (0 != memcmp(buf, s->session->session_id,
+                                            (unsigned int)s->session->session_id_length)))
                                 {
                                 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
                                 SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
diff --git a/src/lib/libssl/src/ssl/s2_enc.c b/src/lib/libssl/src/ssl/s2_enc.c
index a28e747d2d..690252e3d3 100644
--- a/src/lib/libssl/src/ssl/s2_enc.c
+++ b/src/lib/libssl/src/ssl/s2_enc.c
@@ -96,7 +96,8 @@ int ssl2_enc_init(SSL *s, int client)
         num=c->key_len;
         s->s2->key_material_length=num*2;
 
-        ssl2_generate_key_material(s);
+        if (ssl2_generate_key_material(s) <= 0)
+                return 0;
 
         EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
                 s->session->key_arg);
diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c
index 247f4603a6..df2ea875de 100644
--- a/src/lib/libssl/src/ssl/s2_lib.c
+++ b/src/lib/libssl/src/ssl/s2_lib.c
@@ -63,7 +63,6 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
-#include "ssl_locl.h"
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -418,12 +417,15 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
         return(3);
         }
 
-void ssl2_generate_key_material(SSL *s)
+int ssl2_generate_key_material(SSL *s)
         {
         unsigned int i;
         EVP_MD_CTX ctx;
         unsigned char *km;
         unsigned char c='0';
+        const EVP_MD *md5;
+
+        md5 = EVP_md5();
 
 #ifdef CHARSET_EBCDIC
         c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
@@ -431,23 +433,35 @@ void ssl2_generate_key_material(SSL *s)
 #endif
         EVP_MD_CTX_init(&ctx);
         km=s->s2->key_material;
-        die(s->s2->key_material_length <= sizeof s->s2->key_material);
-        for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
+
+        if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
+                {
+                SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+                return 0;
+                }
+
+        for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
                 {
-                EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
+                if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material)
+                        {
+                        /* EVP_DigestFinal_ex() below would write beyond buffer */
+                        SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+                        return 0;
+                        }
+
+                EVP_DigestInit_ex(&ctx, md5, NULL);
 
-                die(s->session->master_key_length >= 0
-                    && s->session->master_key_length
-                    < sizeof s->session->master_key);
                 EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
                 EVP_DigestUpdate(&ctx,&c,1);
                 c++;
                 EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
                 EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
                 EVP_DigestFinal_ex(&ctx,km,NULL);
-                km+=MD5_DIGEST_LENGTH;
+                km += EVP_MD_size(md5);
                 }
+
         EVP_MD_CTX_cleanup(&ctx);
+        return 1;
         }
 
 void ssl2_return_error(SSL *s, int err)
@@ -472,10 +486,14 @@ void ssl2_write_error(SSL *s)
         buf[2]=(s->error_code)&0xff;
 
 /*      state=s->rwstate;*/
-        error=s->error;
+
+        error=s->error; /* number of bytes left to write */
         s->error=0;
-        die(error >= 0 && error <= 3);
+        if (error < 0 || error > sizeof buf) /* can't happen */
+                return;
+  
         i=ssl2_write(s,&(buf[3-error]),error);
+
 /*      if (i == error) s->rwstate=state; */
 
         if (i < 0)
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
index a83605a1b7..f79c9a1651 100644
--- a/src/lib/libssl/src/ssl/s2_srvr.c
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -116,7 +116,6 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include "ssl_locl.h"
 
 static SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
@@ -399,8 +398,7 @@ static int get_client_master_key(SSL *s)
                                 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
                                 }
                         else
-                                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-                                        SSL_R_PEER_ERROR);
+                                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
                         return(-1);
                         }
 
@@ -408,8 +406,7 @@ static int get_client_master_key(SSL *s)
                 if (cp == NULL)
                         {
                         ssl2_return_error(s,SSL2_PE_NO_CIPHER);
-                        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-                                SSL_R_NO_CIPHER_MATCH);
+                        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
                         return(-1);
                         }
                 s->session->cipher= cp;
@@ -420,8 +417,8 @@ static int get_client_master_key(SSL *s)
                 n2s(p,i); s->session->key_arg_length=i;
                 if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
                         {
-                        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-                                   SSL_R_KEY_ARG_TOO_LONG);
+                        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
                         return -1;
                         }
                 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
@@ -429,11 +426,17 @@ static int get_client_master_key(SSL *s)
 
         /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
         p=(unsigned char *)s->init_buf->data;
-        die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
+        if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+                {
+                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+                return -1;
+                }
         keya=s->session->key_arg_length;
         len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
         if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
                 {
+                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
                 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
                 return -1;
                 }
@@ -512,7 +515,13 @@ static int get_client_master_key(SSL *s)
 #endif
 
         if (is_export) i+=s->s2->tmp.clear;
-        die(i <= SSL_MAX_MASTER_KEY_LENGTH);
+
+        if (i > SSL_MAX_MASTER_KEY_LENGTH)
+                {
+                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+                return -1;
+                }
         s->session->master_key_length=i;
         memcpy(s->session->master_key,p,(unsigned int)i);
         return(1);
@@ -563,6 +572,7 @@ static int get_client_hello(SSL *s)
                 if (    (i < SSL2_MIN_CHALLENGE_LENGTH) ||
                         (i > SSL2_MAX_CHALLENGE_LENGTH))
                         {
+                        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
                         SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
                         return(-1);
                         }
@@ -574,6 +584,7 @@ static int get_client_hello(SSL *s)
         len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
         if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
                 {
+                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
                 SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
                 return -1;
                 }
@@ -679,7 +690,12 @@ static int get_client_hello(SSL *s)
         p+=s->s2->tmp.session_id_length;
 
         /* challenge */
-        die(s->s2->challenge_length <= sizeof s->s2->challenge);
+        if (s->s2->challenge_length > sizeof s->s2->challenge)
+                {
+                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                return -1;
+                }
         memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
         return(1);
 mem_err:
@@ -836,7 +852,12 @@ static int get_client_finished(SSL *s)
                 }
 
         /* SSL2_ST_GET_CLIENT_FINISHED_B */
-        die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+        if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+                {
+                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
+                return -1;
+                }
         len = 1 + (unsigned long)s->s2->conn_id_length;
         n = (int)len - s->init_num;
         i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -864,7 +885,11 @@ static int server_verify(SSL *s)
                 {
                 p=(unsigned char *)s->init_buf->data;
                 *(p++)=SSL2_MT_SERVER_VERIFY;
-                die(s->s2->challenge_length <= sizeof s->s2->challenge);
+                if (s->s2->challenge_length > sizeof s->s2->challenge)
+                        {
+                        SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
+                        return -1;
+                        }
                 memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
                 /* p+=s->s2->challenge_length; */
 
@@ -884,10 +909,12 @@ static int server_finish(SSL *s)
                 p=(unsigned char *)s->init_buf->data;
                 *(p++)=SSL2_MT_SERVER_FINISHED;
 
-                die(s->session->session_id_length
-                    <= sizeof s->session->session_id);
-                memcpy(p,s->session->session_id,
-                        (unsigned int)s->session->session_id_length);
+                if (s->session->session_id_length > sizeof s->session->session_id)
+                        {
+                        SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
+                        return -1;
+                        }
+                memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
                 /* p+=s->session->session_id_length; */
 
                 s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
@@ -1004,7 +1031,7 @@ static int request_certificate(SSL *s)
         len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
         if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
                 {
-                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+                SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
                 goto end;
                 }
         j = (int)len - s->init_num;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 27df7a5a64..9ce5373b51 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -545,7 +545,11 @@ static int ssl3_client_hello(SSL *s)
                 *(p++)=i;
                 if (i != 0)
                         {
-                        die(i <= sizeof s->session->session_id);
+                        if (i > sizeof s->session->session_id)
+                                {
+                                SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
                         memcpy(p,s->session->session_id,i);
                         p+=i;
                         }
@@ -1597,7 +1601,11 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                 SSL_MAX_MASTER_KEY_LENGTH);
                         EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
                         outl += padl;
-                        die(outl <= sizeof epms);
+                        if (outl > sizeof epms)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
                         EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
                         /*  KerberosWrapper.EncryptedPreMasterSecret    */
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index dfffed7165..2e1b0eb892 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -966,7 +966,11 @@ static int ssl3_send_server_hello(SSL *s)
                         s->session->session_id_length=0;
 
                 sl=s->session->session_id_length;
-                die(sl <= sizeof s->session->session_id);
+                if (sl > sizeof s->session->session_id)
+                        {
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+                        return -1;
+                        }
                 *(p++)=sl;
                 memcpy(p,s->session->session_id,sl);
                 p+=sl;
diff --git a/src/lib/libssl/src/ssl/ssl-lib.com b/src/lib/libssl/src/ssl/ssl-lib.com
index 1f1921e162..d6829a8d64 100644
--- a/src/lib/libssl/src/ssl/ssl-lib.com
+++ b/src/lib/libssl/src/ssl/ssl-lib.com
@@ -1067,7 +1067,7 @@ $   ENDIF
 $!
 $!  Show user the result
 $!
-$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
 $!
 $!  Else The User Entered An Invalid Arguement.
 $!
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index d9949e8eb2..e9d1e896d7 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1462,6 +1462,7 @@ void ERR_load_SSL_strings(void);
 
 /* Function codes. */
 #define SSL_F_CLIENT_CERTIFICATE                         100
+#define SSL_F_CLIENT_FINISHED                            238
 #define SSL_F_CLIENT_HELLO                               101
 #define SSL_F_CLIENT_MASTER_KEY                          102
 #define SSL_F_D2I_SSL_SESSION                            103
@@ -1475,7 +1476,9 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_I2D_SSL_SESSION                            111
 #define SSL_F_READ_N                                     112
 #define SSL_F_REQUEST_CERTIFICATE                        113
+#define SSL_F_SERVER_FINISH                              239
 #define SSL_F_SERVER_HELLO                               114
+#define SSL_F_SERVER_VERIFY                              240
 #define SSL_F_SSL23_ACCEPT                               115
 #define SSL_F_SSL23_CLIENT_HELLO                         116
 #define SSL_F_SSL23_CONNECT                              117
@@ -1487,6 +1490,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL2_ACCEPT                                122
 #define SSL_F_SSL2_CONNECT                               123
 #define SSL_F_SSL2_ENC_INIT                              124
+#define SSL_F_SSL2_GENERATE_KEY_MATERIAL                 241
 #define SSL_F_SSL2_PEEK                                  234
 #define SSL_F_SSL2_READ                                  125
 #define SSL_F_SSL2_READ_INTERNAL                         236
@@ -1523,6 +1527,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
 #define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
 #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
+#define SSL_F_SSL3_SEND_SERVER_HELLO                     242
 #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
 #define SSL_F_SSL3_SETUP_BUFFERS                         156
 #define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
@@ -1747,6 +1752,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_SHORT_READ                                 219
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
+#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                1114
 #define SSL_R_SSL3_SESSION_ID_TOO_LONG                   1113
 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index c550747947..23bfe44e21 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -57,8 +57,8 @@
  */
 
 #include <stdio.h>
-#include "ssl_locl.h"
 #include <stdlib.h>
+#include "ssl_locl.h"
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
@@ -293,10 +293,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
                 i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
 
         if (os.length > i)
-                os.length=i;
+                os.length = i;
+        if (os.length > sizeof ret->session_id) /* can't happen */
+                os.length = sizeof ret->session_id;
 
         ret->session_id_length=os.length;
-        die(os.length <= sizeof ret->session_id);
         memcpy(ret->session_id,os.data,os.length);
 
         M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index 0cad32c855..7067a745f3 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -67,6 +67,7 @@
 static ERR_STRING_DATA SSL_str_functs[]=
         {
 {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0),        "CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0),   "CLIENT_FINISHED"},
 {ERR_PACK(0,SSL_F_CLIENT_HELLO,0),      "CLIENT_HELLO"},
 {ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
 {ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0),   "d2i_SSL_SESSION"},
@@ -80,7 +81,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0),   "i2d_SSL_SESSION"},
 {ERR_PACK(0,SSL_F_READ_N,0),    "READ_N"},
 {ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0),       "REQUEST_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SERVER_FINISH,0),     "SERVER_FINISH"},
 {ERR_PACK(0,SSL_F_SERVER_HELLO,0),      "SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SERVER_VERIFY,0),     "SERVER_VERIFY"},
 {ERR_PACK(0,SSL_F_SSL23_ACCEPT,0),      "SSL23_ACCEPT"},
 {ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0),        "SSL23_CLIENT_HELLO"},
 {ERR_PACK(0,SSL_F_SSL23_CONNECT,0),     "SSL23_CONNECT"},
@@ -92,6 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0),       "SSL2_ACCEPT"},
 {ERR_PACK(0,SSL_F_SSL2_CONNECT,0),      "SSL2_CONNECT"},
 {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0),     "SSL2_ENC_INIT"},
+{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0),        "SSL2_GENERATE_KEY_MATERIAL"},
 {ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
 {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
 {ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0),        "SSL2_READ_INTERNAL"},
@@ -128,6 +132,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0),     "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0),   "SSL3_SEND_CLIENT_VERIFY"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0),      "SSL3_SEND_SERVER_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0),    "SSL3_SEND_SERVER_HELLO"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0),     "SSL3_SEND_SERVER_KEY_EXCHANGE"},
 {ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0),        "SSL3_SETUP_BUFFERS"},
 {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0),      "SSL3_SETUP_KEY_BLOCK"},
@@ -355,6 +360,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_SHORT_READ                        ,"short read"},
 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
 {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
+{SSL_R_SSL2_CONNECTION_ID_TOO_LONG       ,"ssl2 connection id too long"},
 {SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
 {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
 {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 4a87a146e3..4bc4ce5b3a 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a)
                 abort(); /* ok */
                 }
 #endif
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
 
+        /*
+         * Free internal session cache. However: the remove_cb() may reference
+         * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+         * after the sessions were flushed.
+         * As the ex_data handling routines might also touch the session cache,
+         * the most secure solution seems to be: empty (flush) the cache, then
+         * free ex_data, then finally free the cache.
+         * (See ticket [openssl.org #212].)
+         */
         if (a->sessions != NULL)
-                {
                 SSL_CTX_flush_sessions(a,0);
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+
+        if (a->sessions != NULL)
                 lh_free(a->sessions);
-                }
+
         if (a->cert_store != NULL)
                 X509_STORE_free(a->cert_store);
         if (a->cipher_list != NULL)
@@ -2289,10 +2300,3 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
 
 IMPLEMENT_STACK_OF(SSL_CIPHER)
 IMPLEMENT_STACK_OF(SSL_COMP)
-
-void OpenSSLDie(const char *file,int line,const char *assertion)
-    {
-    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
-            file,line,assertion);
-    abort();
-    }
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 4c77e27acc..dd6c7a7323 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -510,7 +510,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 
 int ssl2_enc_init(SSL *s, int client);
-void ssl2_generate_key_material(SSL *s);
+int ssl2_generate_key_material(SSL *s);
 void ssl2_enc(SSL *s,int send_data);
 void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
 SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
@@ -616,8 +616,5 @@ int ssl_ok(SSL *s);
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
 
-/* die if we have to */
-void OpenSSLDie(const char *file,int line,const char *assertion);
-#define die(e)  ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
 
 #endif
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index a0c3100b29..664f8c2230 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -250,7 +250,12 @@ int ssl_get_new_session(SSL *s, int session)
                 ss->session_id_length=0;
                 }
 
-        die(s->sid_ctx_length <= sizeof ss->sid_ctx);
+        if (s->sid_ctx_length > sizeof ss->sid_ctx)
+                {
+                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+                SSL_SESSION_free(ss);
+                return 0;
+                }
         memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
         ss->sid_ctx_length=s->sid_ctx_length;
         s->session=ss;
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 1afdfa7750..4f6379e160 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -400,12 +400,22 @@ int main(int argc, char *argv[])
                         debug=1;
                 else if (strcmp(*argv,"-reuse") == 0)
                         reuse=1;
-#ifndef OPENSSL_NO_DH
                 else if (strcmp(*argv,"-dhe1024") == 0)
+                        {
+#ifndef OPENSSL_NO_DH
                         dhe1024=1;
+#else
+                        fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n";
+#endif
+                        }
                 else if (strcmp(*argv,"-dhe1024dsa") == 0)
+                        {
+#ifndef OPENSSL_NO_DH
                         dhe1024dsa=1;
+#else
+                        fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n";
 #endif
+                        }
                 else if (strcmp(*argv,"-no_dhe") == 0)
                         no_dhe=1;
                 else if (strcmp(*argv,"-ssl2") == 0)
diff --git a/src/lib/libssl/src/test/Makefile.ssl b/src/lib/libssl/src/test/Makefile.ssl
index c1408021ba..f489332a65 100644
--- a/src/lib/libssl/src/test/Makefile.ssl
+++ b/src/lib/libssl/src/test/Makefile.ssl
@@ -224,7 +224,7 @@ test_ec:
 test_verify:
         @echo "The following command should have some OK's and some failures"
         @echo "There are definitly a few expired certificates"
-        ../apps/openssl verify -CApath ../certs ../certs/*.pem
+        -../apps/openssl verify -CApath ../certs ../certs/*.pem
 
 test_dh:
         @echo "Generate a set of DH parameters"
diff --git a/src/lib/libssl/src/test/maketests.com b/src/lib/libssl/src/test/maketests.com
index b3bf8bb837..91e859deab 100644
--- a/src/lib/libssl/src/test/maketests.com
+++ b/src/lib/libssl/src/test/maketests.com
@@ -887,7 +887,7 @@ $   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $!
 $!  Show user the result
 $!
-$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
 $!
 $!  Else The User Entered An Invalid Arguement.
 $!
diff --git a/src/lib/libssl/src/test/tcrl.com b/src/lib/libssl/src/test/tcrl.com
index 2e6ab2814d..86bf9735aa 100644
--- a/src/lib/libssl/src/test/tcrl.com
+++ b/src/lib/libssl/src/test/tcrl.com
@@ -13,7 +13,9 @@ $	write sys$output "testing CRL conversions"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/test/testenc.com b/src/lib/libssl/src/test/testenc.com
index 3b66f2e0d0..c24fa388c0 100644
--- a/src/lib/libssl/src/test/testenc.com
+++ b/src/lib/libssl/src/test/testenc.com
@@ -9,7 +9,9 @@ $	test := p.txt
 $       cmd := mcr 'exe_dir'openssl
 $
 $       if f$search(test) .nes. "" then delete 'test';*
-$       copy 'testsrc' 'test'
+$       convert/fdl=sys$input: 'testsrc' 'test'
+RECORD
+        FORMAT STREAM_LF
 $
 $       if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;*
 $       if f$search(test+"-clear") .nes. "" then delete 'test'-clear;*
diff --git a/src/lib/libssl/src/test/tpkcs7.com b/src/lib/libssl/src/test/tpkcs7.com
index 9e345937c6..047834fba4 100644
--- a/src/lib/libssl/src/test/tpkcs7.com
+++ b/src/lib/libssl/src/test/tpkcs7.com
@@ -13,7 +13,9 @@ $	write sys$output "testing PKCS7 conversions"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/test/tpkcs7d.com b/src/lib/libssl/src/test/tpkcs7d.com
index 7d4f8794a4..193bb72137 100644
--- a/src/lib/libssl/src/test/tpkcs7d.com
+++ b/src/lib/libssl/src/test/tpkcs7d.com
@@ -13,7 +13,9 @@ $	write sys$output "testing PKCS7 conversions (2)"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/test/treq.com b/src/lib/libssl/src/test/treq.com
index 22c22c3aa9..5524e485ba 100644
--- a/src/lib/libssl/src/test/treq.com
+++ b/src/lib/libssl/src/test/treq.com
@@ -13,7 +13,9 @@ $	write sys$output "testing req conversions"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/test/trsa.com b/src/lib/libssl/src/test/trsa.com
index 6b6c318e2b..6dbe59ef64 100644
--- a/src/lib/libssl/src/test/trsa.com
+++ b/src/lib/libssl/src/test/trsa.com
@@ -24,7 +24,9 @@ $	write sys$output "testing RSA conversions"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/test/tsid.com b/src/lib/libssl/src/test/tsid.com
index bde23f9bb9..abd1d4d737 100644
--- a/src/lib/libssl/src/test/tsid.com
+++ b/src/lib/libssl/src/test/tsid.com
@@ -13,7 +13,9 @@ $	write sys$output "testing session-id conversions"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/test/tx509.com b/src/lib/libssl/src/test/tx509.com
index 985969c566..7b2592f773 100644
--- a/src/lib/libssl/src/test/tx509.com
+++ b/src/lib/libssl/src/test/tx509.com
@@ -13,7 +13,9 @@ $	write sys$output "testing X509 conversions"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num
index 512185e257..7e5728495f 100644
--- a/src/lib/libssl/src/util/libeay.num
+++ b/src/lib/libssl/src/util/libeay.num
@@ -2792,3 +2792,4 @@ ASN1_UNIVERSALSTRING_it                 3234	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
 ASN1_UNIVERSALSTRING_it                 3234    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 d2i_ASN1_UNIVERSALSTRING                3235    EXIST::FUNCTION:
 EVP_des_ede3_ecb                        3236    EXIST::FUNCTION:DES
+X509_REQ_print_ex                       3237    EXIST::FUNCTION:BIO
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index d9949e8eb2..e9d1e896d7 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1462,6 +1462,7 @@ void ERR_load_SSL_strings(void);
 
 /* Function codes. */
 #define SSL_F_CLIENT_CERTIFICATE                         100
+#define SSL_F_CLIENT_FINISHED                            238
 #define SSL_F_CLIENT_HELLO                               101
 #define SSL_F_CLIENT_MASTER_KEY                          102
 #define SSL_F_D2I_SSL_SESSION                            103
@@ -1475,7 +1476,9 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_I2D_SSL_SESSION                            111
 #define SSL_F_READ_N                                     112
 #define SSL_F_REQUEST_CERTIFICATE                        113
+#define SSL_F_SERVER_FINISH                              239
 #define SSL_F_SERVER_HELLO                               114
+#define SSL_F_SERVER_VERIFY                              240
 #define SSL_F_SSL23_ACCEPT                               115
 #define SSL_F_SSL23_CLIENT_HELLO                         116
 #define SSL_F_SSL23_CONNECT                              117
@@ -1487,6 +1490,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL2_ACCEPT                                122
 #define SSL_F_SSL2_CONNECT                               123
 #define SSL_F_SSL2_ENC_INIT                              124
+#define SSL_F_SSL2_GENERATE_KEY_MATERIAL                 241
 #define SSL_F_SSL2_PEEK                                  234
 #define SSL_F_SSL2_READ                                  125
 #define SSL_F_SSL2_READ_INTERNAL                         236
@@ -1523,6 +1527,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
 #define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
 #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
+#define SSL_F_SSL3_SEND_SERVER_HELLO                     242
 #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
 #define SSL_F_SSL3_SETUP_BUFFERS                         156
 #define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
@@ -1747,6 +1752,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_SHORT_READ                                 219
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
+#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                1114
 #define SSL_R_SSL3_SESSION_ID_TOO_LONG                   1113
 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index c550747947..23bfe44e21 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -57,8 +57,8 @@
  */
 
 #include <stdio.h>
-#include "ssl_locl.h"
 #include <stdlib.h>
+#include "ssl_locl.h"
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
@@ -293,10 +293,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
                 i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
 
         if (os.length > i)
-                os.length=i;
+                os.length = i;
+        if (os.length > sizeof ret->session_id) /* can't happen */
+                os.length = sizeof ret->session_id;
 
         ret->session_id_length=os.length;
-        die(os.length <= sizeof ret->session_id);
         memcpy(ret->session_id,os.data,os.length);
 
         M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 0cad32c855..7067a745f3 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -67,6 +67,7 @@
 static ERR_STRING_DATA SSL_str_functs[]=
         {
 {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0),        "CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0),   "CLIENT_FINISHED"},
 {ERR_PACK(0,SSL_F_CLIENT_HELLO,0),      "CLIENT_HELLO"},
 {ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
 {ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0),   "d2i_SSL_SESSION"},
@@ -80,7 +81,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0),   "i2d_SSL_SESSION"},
 {ERR_PACK(0,SSL_F_READ_N,0),    "READ_N"},
 {ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0),       "REQUEST_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SERVER_FINISH,0),     "SERVER_FINISH"},
 {ERR_PACK(0,SSL_F_SERVER_HELLO,0),      "SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SERVER_VERIFY,0),     "SERVER_VERIFY"},
 {ERR_PACK(0,SSL_F_SSL23_ACCEPT,0),      "SSL23_ACCEPT"},
 {ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0),        "SSL23_CLIENT_HELLO"},
 {ERR_PACK(0,SSL_F_SSL23_CONNECT,0),     "SSL23_CONNECT"},
@@ -92,6 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0),       "SSL2_ACCEPT"},
 {ERR_PACK(0,SSL_F_SSL2_CONNECT,0),      "SSL2_CONNECT"},
 {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0),     "SSL2_ENC_INIT"},
+{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0),        "SSL2_GENERATE_KEY_MATERIAL"},
 {ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
 {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
 {ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0),        "SSL2_READ_INTERNAL"},
@@ -128,6 +132,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0),     "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0),   "SSL3_SEND_CLIENT_VERIFY"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0),      "SSL3_SEND_SERVER_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0),    "SSL3_SEND_SERVER_HELLO"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0),     "SSL3_SEND_SERVER_KEY_EXCHANGE"},
 {ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0),        "SSL3_SETUP_BUFFERS"},
 {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0),      "SSL3_SETUP_KEY_BLOCK"},
@@ -355,6 +360,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_SHORT_READ                        ,"short read"},
 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
 {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
+{SSL_R_SSL2_CONNECTION_ID_TOO_LONG       ,"ssl2 connection id too long"},
 {SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
 {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
 {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 4a87a146e3..4bc4ce5b3a 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a)
                 abort(); /* ok */
                 }
 #endif
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
 
+        /*
+         * Free internal session cache. However: the remove_cb() may reference
+         * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+         * after the sessions were flushed.
+         * As the ex_data handling routines might also touch the session cache,
+         * the most secure solution seems to be: empty (flush) the cache, then
+         * free ex_data, then finally free the cache.
+         * (See ticket [openssl.org #212].)
+         */
         if (a->sessions != NULL)
-                {
                 SSL_CTX_flush_sessions(a,0);
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+
+        if (a->sessions != NULL)
                 lh_free(a->sessions);
-                }
+
         if (a->cert_store != NULL)
                 X509_STORE_free(a->cert_store);
         if (a->cipher_list != NULL)
@@ -2289,10 +2300,3 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
 
 IMPLEMENT_STACK_OF(SSL_CIPHER)
 IMPLEMENT_STACK_OF(SSL_COMP)
-
-void OpenSSLDie(const char *file,int line,const char *assertion)
-    {
-    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
-            file,line,assertion);
-    abort();
-    }
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 4c77e27acc..dd6c7a7323 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -510,7 +510,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 
 int ssl2_enc_init(SSL *s, int client);
-void ssl2_generate_key_material(SSL *s);
+int ssl2_generate_key_material(SSL *s);
 void ssl2_enc(SSL *s,int send_data);
 void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
 SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
@@ -616,8 +616,5 @@ int ssl_ok(SSL *s);
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
 
-/* die if we have to */
-void OpenSSLDie(const char *file,int line,const char *assertion);
-#define die(e)  ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
 
 #endif
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index a0c3100b29..664f8c2230 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -250,7 +250,12 @@ int ssl_get_new_session(SSL *s, int session)
                 ss->session_id_length=0;
                 }
 
-        die(s->sid_ctx_length <= sizeof ss->sid_ctx);
+        if (s->sid_ctx_length > sizeof ss->sid_ctx)
+                {
+                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+                SSL_SESSION_free(ss);
+                return 0;
+                }
         memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
         ss->sid_ctx_length=s->sid_ctx_length;
         s->session=ss;
diff --git a/src/lib/libssl/test/Makefile.ssl b/src/lib/libssl/test/Makefile.ssl
index c1408021ba..f489332a65 100644
--- a/src/lib/libssl/test/Makefile.ssl
+++ b/src/lib/libssl/test/Makefile.ssl
@@ -224,7 +224,7 @@ test_ec:
 test_verify:
         @echo "The following command should have some OK's and some failures"
         @echo "There are definitly a few expired certificates"
-        ../apps/openssl verify -CApath ../certs ../certs/*.pem
+        -../apps/openssl verify -CApath ../certs ../certs/*.pem
 
 test_dh:
         @echo "Generate a set of DH parameters"
diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com
index b3bf8bb837..91e859deab 100644
--- a/src/lib/libssl/test/maketests.com
+++ b/src/lib/libssl/test/maketests.com
@@ -887,7 +887,7 @@ $   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $!
 $!  Show user the result
 $!
-$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
 $!
 $!  Else The User Entered An Invalid Arguement.
 $!
diff --git a/src/lib/libssl/test/tcrl.com b/src/lib/libssl/test/tcrl.com
index 2e6ab2814d..86bf9735aa 100644
--- a/src/lib/libssl/test/tcrl.com
+++ b/src/lib/libssl/test/tcrl.com
@@ -13,7 +13,9 @@ $	write sys$output "testing CRL conversions"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/test/testenc.com b/src/lib/libssl/test/testenc.com
index 3b66f2e0d0..c24fa388c0 100644
--- a/src/lib/libssl/test/testenc.com
+++ b/src/lib/libssl/test/testenc.com
@@ -9,7 +9,9 @@ $	test := p.txt
 $       cmd := mcr 'exe_dir'openssl
 $
 $       if f$search(test) .nes. "" then delete 'test';*
-$       copy 'testsrc' 'test'
+$       convert/fdl=sys$input: 'testsrc' 'test'
+RECORD
+        FORMAT STREAM_LF
 $
 $       if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;*
 $       if f$search(test+"-clear") .nes. "" then delete 'test'-clear;*
diff --git a/src/lib/libssl/test/tpkcs7.com b/src/lib/libssl/test/tpkcs7.com
index 9e345937c6..047834fba4 100644
--- a/src/lib/libssl/test/tpkcs7.com
+++ b/src/lib/libssl/test/tpkcs7.com
@@ -13,7 +13,9 @@ $	write sys$output "testing PKCS7 conversions"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/test/tpkcs7d.com b/src/lib/libssl/test/tpkcs7d.com
index 7d4f8794a4..193bb72137 100644
--- a/src/lib/libssl/test/tpkcs7d.com
+++ b/src/lib/libssl/test/tpkcs7d.com
@@ -13,7 +13,9 @@ $	write sys$output "testing PKCS7 conversions (2)"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/test/treq.com b/src/lib/libssl/test/treq.com
index 22c22c3aa9..5524e485ba 100644
--- a/src/lib/libssl/test/treq.com
+++ b/src/lib/libssl/test/treq.com
@@ -13,7 +13,9 @@ $	write sys$output "testing req conversions"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/test/trsa.com b/src/lib/libssl/test/trsa.com
index 6b6c318e2b..6dbe59ef64 100644
--- a/src/lib/libssl/test/trsa.com
+++ b/src/lib/libssl/test/trsa.com
@@ -24,7 +24,9 @@ $	write sys$output "testing RSA conversions"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/test/tsid.com b/src/lib/libssl/test/tsid.com
index bde23f9bb9..abd1d4d737 100644
--- a/src/lib/libssl/test/tsid.com
+++ b/src/lib/libssl/test/tsid.com
@@ -13,7 +13,9 @@ $	write sys$output "testing session-id conversions"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d
diff --git a/src/lib/libssl/test/tx509.com b/src/lib/libssl/test/tx509.com
index 985969c566..7b2592f773 100644
--- a/src/lib/libssl/test/tx509.com
+++ b/src/lib/libssl/test/tx509.com
@@ -13,7 +13,9 @@ $	write sys$output "testing X509 conversions"
 $       if f$search("fff.*") .nes "" then delete fff.*;*
 $       if f$search("ff.*") .nes "" then delete ff.*;*
 $       if f$search("f.*") .nes "" then delete f.*;*
-$       copy 't' fff.p
+$       convert/fdl=sys$input: 't' fff.p
+RECORD
+        FORMAT STREAM_LF
 $
 $       write sys$output "p -> d"
 $       'cmd' -in fff.p -inform p -outform d -out f.d