OpenSSL 0.9.4 merge

12 files changed, 789 insertions, 1657 deletions

diff --git a/src/lib/libcrypto/pem/Makefile.ssl b/src/lib/libcrypto/pem/Makefile.ssl
index fc04a88fd9..b4e7524ea2 100644
--- a/src/lib/libcrypto/pem/Makefile.ssl
+++ b/src/lib/libcrypto/pem/Makefile.ssl
@@ -7,30 +7,28 @@ TOP=	../..
 CC=     cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEDEPEND=     $(TOP)/util/domd $(TOP)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=pem
-ERRC=pem_err
 GENERAL=Makefile
 TEST=
 APPS=
 
-CTX_SIZE= ctx_size
-
 LIB=$(TOP)/libcrypto.a
-LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c $(ERRC).c
+LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
 
-LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o $(ERRC).o
+LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= pem.h
+EXHEADER= pem.h pem2.h
 HEADER= $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -38,36 +36,27 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
         (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
 
-all:    pem.h lib
-
-pem.h: $(CTX_SIZE)
-        ./$(CTX_SIZE) <pem.org >pem.new
-        if [ -f pem.h ]; then mv -f pem.h pem.old; fi
-        mv -f pem.new pem.h
-
-$(CTX_SIZE): $(CTX_SIZE).o
-        $(CC) $(CFLAGS) -o $(CTX_SIZE) $(CTX_SIZE).o
+all:    lib
 
 lib:    $(LIBOBJ)
         $(AR) $(LIB) $(LIBOBJ)
-        sh $(TOP)/util/ranlib.sh $(LIB)
+        $(RANLIB) $(LIB)
         @touch lib
 
 files:
-        perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
-links:
-        /bin/rm -f Makefile
-        $(TOP)/util/point.sh Makefile.ssl Makefile ;
-        $(TOP)/util/mklink.sh ../../include $(EXHEADER)
-        $(TOP)/util/mklink.sh ../../test $(TEST)
-        $(TOP)/util/mklink.sh ../../apps $(APPS)
+links: $(EXHEADER)
+        @$(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
         @for i in $(EXHEADER) ; \
         do  \
-        (cp $$i $(INSTALLTOP)/include/$$i; \
-        chmod 644 $(INSTALLTOP)/include/$$i ); \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
         done;
 
 tags:
@@ -79,18 +68,121 @@ lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-        $(MAKEDEPEND) $(INCLUDES) $(CTX_SIZE).c $(LIBSRC)
+        $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
 
 dclean:
-        perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
         mv -f Makefile.new $(MAKEFILE)
 
 clean:
-        /bin/rm -f $(CTX_SIZE) *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # SPECIAL CASE .org
-        perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-        perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pem_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_all.o: ../cryptlib.h
+pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pem_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+pem_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_info.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_info.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_info.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../cryptlib.h
+pem_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_lib.o: ../cryptlib.h
+pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_seal.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_seal.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_seal.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_seal.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_seal.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_seal.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_sign.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_sign.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+pem_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
diff --git a/src/lib/libcrypto/pem/ctx_size.c b/src/lib/libcrypto/pem/ctx_size.c
deleted file mode 100644
index 87469bc4af..0000000000
--- a/src/lib/libcrypto/pem/ctx_size.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/pem/ctx_size.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-
-int main(argc,argv)
-int argc;
-char *argv[];
-        {
-        int i,j;
-        char buf[256];
-
-        for (;;)
-                {
-                char *str;
-                buf[0]='\0';
-                fgets(buf,256,stdin);
-                if (buf[0] == '\0') break;
-
-                str="#define EVP_ENCODE_CTX_SIZE ";
-                if (strncmp(buf,str,strlen(str)) == 0)
-                        {
-                        printf("%s %d\n",str,(int)sizeof(EVP_ENCODE_CTX));
-                        continue;
-                        }
-                str="#define EVP_MD_SIZE ";
-                if (strncmp(buf,str,strlen(str)) == 0)
-                        {
-                        printf("%s %d\n",str,(int)sizeof(EVP_MD));
-                        continue;
-                        }
-                str="#define EVP_MD_CTX_SIZE ";
-                if (strncmp(buf,str,strlen(str)) == 0)
-                        {
-                        printf("%s %d\n",str,(int)sizeof(EVP_MD_CTX));
-                        continue;
-                        }
-                str="#define EVP_CIPHER_SIZE ";
-                if (strncmp(buf,str,strlen(str)) == 0)
-                        {
-                        printf("%s %d\n",str,(int)sizeof(EVP_CIPHER));
-                        continue;
-                        }
-                str="#define EVP_CIPHER_CTX_SIZE ";
-                if (strncmp(buf,str,strlen(str)) == 0)
-                        {
-                        printf("%s %d\n",str,(int)sizeof(EVP_CIPHER_CTX));
-                        continue;
-                        }
-
-                str="#define EVP_MAX_MD_SIZE ";
-                if (strncmp(buf,str,strlen(str)) == 0)
-                        {
-                        i=MD2_DIGEST_LENGTH;
-                        j=MD5_DIGEST_LENGTH;
-                        if (j > i) i=j;
-                        j=SHA_DIGEST_LENGTH;
-                        if (j > i) i=j;
-                        printf("%s %d\n",str,i);
-                        continue;
-                        }
-                fputs(buf,stdout);
-                }
-        exit(0);
-        }
diff --git a/src/lib/libcrypto/pem/pem.err b/src/lib/libcrypto/pem/pem.err
deleted file mode 100644
index 0e523abf82..0000000000
--- a/src/lib/libcrypto/pem/pem.err
+++ /dev/null
@@ -1,38 +0,0 @@
-/* Error codes for the PEM functions. */
-
-/* Function codes. */
-#define PEM_F_DEF_CALLBACK                               100
-#define PEM_F_LOAD_IV                                    101
-#define PEM_F_PEM_ASN1_READ                              102
-#define PEM_F_PEM_ASN1_READ_BIO                          103
-#define PEM_F_PEM_ASN1_WRITE                             104
-#define PEM_F_PEM_ASN1_WRITE_BIO                         105
-#define PEM_F_PEM_DO_HEADER                              106
-#define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
-#define PEM_F_PEM_READ                                   108
-#define PEM_F_PEM_READ_BIO                               109
-#define PEM_F_PEM_SEALFINAL                              110
-#define PEM_F_PEM_SEALINIT                               111
-#define PEM_F_PEM_SIGNFINAL                              112
-#define PEM_F_PEM_WRITE                                  113
-#define PEM_F_PEM_WRITE_BIO                              114
-#define PEM_F_PEM_X509_INFO_READ                         115
-#define PEM_F_PEM_X509_INFO_READ_BIO                     116
-#define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
-
-/* Reason codes. */
-#define PEM_R_BAD_BASE64_DECODE                          100
-#define PEM_R_BAD_DECRYPT                                101
-#define PEM_R_BAD_END_LINE                               102
-#define PEM_R_BAD_IV_CHARS                               103
-#define PEM_R_BAD_PASSWORD_READ                          104
-#define PEM_R_NOT_DEK_INFO                               105
-#define PEM_R_NOT_ENCRYPTED                              106
-#define PEM_R_NOT_PROC_TYPE                              107
-#define PEM_R_NO_START_LINE                              108
-#define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
-#define PEM_R_PUBLIC_KEY_NO_RSA                          110
-#define PEM_R_READ_KEY                                   111
-#define PEM_R_SHORT_HEADER                               112
-#define PEM_R_UNSUPPORTED_CIPHER                         113
-#define PEM_R_UNSUPPORTED_ENCRYPTION                     114
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
index 55fbaeffe2..fc333e42c8 100644
--- a/src/lib/libcrypto/pem/pem.h
+++ b/src/lib/libcrypto/pem/pem.h
@@ -1,4 +1,4 @@
-/* crypto/pem/pem.org */
+/* crypto/pem/pem.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,14 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify pem.org since pem.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
 #ifndef HEADER_PEM_H
 #define HEADER_PEM_H
 
@@ -71,8 +63,11 @@
 extern "C" {
 #endif
 
-#include "evp.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem2.h>
+
+#define PEM_BUFSIZE             1024
 
 #define PEM_OBJ_UNDEF           0
 #define PEM_OBJ_X509            1
@@ -111,45 +106,17 @@ extern "C" {
 #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
 #define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
 #define PEM_STRING_X509_CRL     "X509 CRL"
-#define PEM_STRING_EVP_PKEY     "PRIVATE KEY"
+#define PEM_STRING_EVP_PKEY     "ANY PRIVATE KEY"
 #define PEM_STRING_RSA          "RSA PRIVATE KEY"
 #define PEM_STRING_RSA_PUBLIC   "RSA PUBLIC KEY"
 #define PEM_STRING_DSA          "DSA PRIVATE KEY"
 #define PEM_STRING_PKCS7        "PKCS7"
+#define PEM_STRING_PKCS8        "ENCRYPTED PRIVATE KEY"
+#define PEM_STRING_PKCS8INF     "PRIVATE KEY"
 #define PEM_STRING_DHPARAMS     "DH PARAMETERS"
 #define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
 #define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
 
-#ifndef HEADER_ENVELOPE_H
-
-#define EVP_ENCODE_CTX_SIZE  96
-#define EVP_MD_SIZE  60
-#define EVP_MD_CTX_SIZE  152
-#define EVP_CIPHER_SIZE  40
-#define EVP_CIPHER_CTX_SIZE  4212
-#define EVP_MAX_MD_SIZE  20
-
-typedef struct evp_encode_ctx_st
-        {
-        char data[EVP_ENCODE_CTX_SIZE];
-        } EVP_ENCODE_CTX;
-
-typedef struct env_md_ctx_st
-        {
-        char data[EVP_MD_CTX_SIZE];
-        } EVP_MD_CTX;
-
-typedef struct evp_cipher_st
-        {
-        char data[EVP_CIPHER_SIZE];
-        } EVP_CIPHER;
-
-typedef struct evp_cipher_ctx_st
-        {
-        char data[EVP_CIPHER_CTX_SIZE];
-        } EVP_CIPHER_CTX;
-#endif
-
 
 typedef struct PEM_Encode_Seal_st
         {
@@ -217,151 +184,322 @@ typedef struct pem_ctx_st
         unsigned char *data;
         } PEM_CTX;
 
+/* These macros make the PEM_read/PEM_write functions easier to maintain and
+ * write. Now they are all implemented with either:
+ * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
+ */
+
+#ifdef NO_FP_API
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
+
+#else
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
+type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\
+        cb,u)); \
+} \
+
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x) \
+{ \
+return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \
+                                                         NULL,NULL,0,NULL,NULL)); \
+} 
+
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, \
+                  void *u) \
+        { \
+        return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \
+                (char *)x,enc,kstr,klen,cb,u)); \
+        }
+
+#endif
+
+#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\
+                                                        (char **)x,cb,u)); \
+}
+
+#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x) \
+{ \
+return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \
+                                                         NULL,NULL,0,NULL,NULL)); \
+}
+
+#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+        { \
+        return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \
+                (char *)x,enc,kstr,klen,cb,u)); \
+        }
+
+#define IMPLEMENT_PEM_write(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write(name, type, str, asn1)
+
+#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb(name, type, str, asn1)
+
+/* These are the same except they are for the declarations */
+
+#if defined(WIN16) || defined(NO_FP_API)
+
+#define DECLARE_PEM_read_fp(name, type) /**/
+#define DECLARE_PEM_write_fp(name, type) /**/
+#define DECLARE_PEM_write_cb_fp(name, type) /**/
+
+#else
+
+#define DECLARE_PEM_read_fp(name, type) \
+        type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
+
+#define DECLARE_PEM_write_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x);
+
+#define DECLARE_PEM_write_cb_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#endif
+
+#ifdef HEADER_BIO_H
+#define DECLARE_PEM_read_bio(name, type) \
+        type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
+
+#define DECLARE_PEM_write_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x);
+
+#define DECLARE_PEM_write_cb_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#else
+
+#define DECLARE_PEM_read_bio(name, type) /**/
+#define DECLARE_PEM_write_bio(name, type) /**/
+#define DECLARE_PEM_write_cb_bio(name, type) /**/
+
+#endif
+
+#define DECLARE_PEM_write(name, type) \
+        DECLARE_PEM_write_bio(name, type) \
+        DECLARE_PEM_write_fp(name, type) 
+
+#define DECLARE_PEM_write_cb(name, type) \
+        DECLARE_PEM_write_cb_bio(name, type) \
+        DECLARE_PEM_write_cb_fp(name, type) 
+
+#define DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_read_bio(name, type) \
+        DECLARE_PEM_read_fp(name, type)
+
+#define DECLARE_PEM_rw(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write(name, type)
+
+#define DECLARE_PEM_rw_cb(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write_cb(name, type)
+
 #ifdef SSLEAY_MACROS
 
 #define PEM_write_SSL_SESSION(fp,x) \
                 PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-                        PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL)
+                        PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509(fp,x) \
                 PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
-                        (char *)x, NULL,NULL,0,NULL)
+                        (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
                 (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
-                        NULL,NULL,0,NULL)
+                        NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509_CRL(fp,x) \
                 PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
-                        fp,(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) \
+                        fp,(char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
                 PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
-                        (char *)x,enc,kstr,klen,cb)
+                        (char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_RSAPublicKey(fp,x) \
                 PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
-                        PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL)
-#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) \
+                        PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
                 PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
-                        (char *)x,enc,kstr,klen,cb)
-#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb) \
+                        (char *)x,enc,kstr,klen,cb,u)
+#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
                 PEM_ASN1_write((int (*)())i2d_PrivateKey,\
                 (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-                        bp,(char *)x,enc,kstr,klen,cb)
+                        bp,(char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_PKCS7(fp,x) \
                 PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
-                        (char *)x, NULL,NULL,0,NULL)
+                        (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_DHparams(fp,x) \
                 PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
-                        (char *)x,NULL,NULL,0,NULL)
-
-#define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb)
-#define PEM_read_X509(fp,x,cb) (X509 *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb)
-#define PEM_read_X509_REQ(fp,x,cb) (X509_REQ *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb)
-#define PEM_read_X509_CRL(fp,x,cb) (X509_CRL *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb)
-#define PEM_read_RSAPrivateKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb)
-#define PEM_read_RSAPublicKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb)
-#define PEM_read_DSAPrivateKey(fp,x,cb) (DSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb)
-#define PEM_read_PrivateKey(fp,x,cb) (EVP_PKEY *)PEM_ASN1_read( \
-        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb)
-#define PEM_read_PKCS7(fp,x,cb) (PKCS7 *)PEM_ASN1_read( \
-        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb)
-#define PEM_read_DHparams(fp,x,cb) (DH *)PEM_ASN1_read( \
-        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb)
+                        (char *)x,NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+                        PEM_STRING_X509,fp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+
+#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
+#define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
+        (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
+#define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
+        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
+#define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
+        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
+#define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
+#define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
+#define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
+        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
+#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
+        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
+#define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
+        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
+#define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
+        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
+
+#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
+                (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
+        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
+                                                        (char **)x,cb,u)
 
 #define PEM_write_bio_SSL_SESSION(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
-                        PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
+                        PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
-                        (char *)x, NULL,NULL,0,NULL)
+                        (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
                 (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
-                        NULL,NULL,0,NULL)
+                        NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509_CRL(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
-                        bp,(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) \
+                        bp,(char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
                 PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
-                        bp,(char *)x,enc,kstr,klen,cb)
+                        bp,(char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_bio_RSAPublicKey(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
                         PEM_STRING_RSA_PUBLIC,\
-                        bp,(char *)x,NULL,NULL,0,NULL)
-#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) \
+                        bp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
                 PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
-                        bp,(char *)x,enc,kstr,klen,cb)
-#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) \
+                        bp,(char *)x,enc,kstr,klen,cb,u)
+#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
                 PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
                 (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-                        bp,(char *)x,enc,kstr,klen,cb)
+                        bp,(char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_bio_PKCS7(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
-                        (char *)x, NULL,NULL,0,NULL)
+                        (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_DHparams(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
-                        bp,(char *)x,NULL,NULL,0,NULL)
+                        bp,(char *)x,NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_DSAparams(bp,x) \
                 PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
-                        PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL)
-
-#define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb)
-#define PEM_read_bio_X509(bp,x,cb) (X509 *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb)
-#define PEM_read_bio_X509_REQ(bp,x,cb) (X509_REQ *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb)
-#define PEM_read_bio_X509_CRL(bp,x,cb) (X509_CRL *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb)
-#define PEM_read_bio_RSAPrivateKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb)
-#define PEM_read_bio_RSAPublicKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb)
-#define PEM_read_bio_DSAPrivateKey(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb)
-#define PEM_read_bio_PrivateKey(bp,x,cb) (EVP_PKEY *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb)
-
-#define PEM_read_bio_PKCS7(bp,x,cb) (PKCS7 *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb)
-#define PEM_read_bio_DHparams(bp,x,cb) (DH *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb)
-#define PEM_read_bio_DSAparams(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb)
+                        PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+                        PEM_STRING_X509,bp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+
+#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
+#define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
+#define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
+#define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
+#define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
+#define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
+#define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
+#define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
+
+#define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
+#define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
+#define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
+
+#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
+                (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
+                                                        (char **)x,cb,u)
 
 #endif
 
-#ifndef NOPROTO
+#if 1
+/* "userdata": new with OpenSSL 0.9.4 */
+typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
+#else
+/* OpenSSL 0.9.3, 0.9.3a */
+typedef int pem_password_cb(char *buf, int size, int rwflag);
+#endif
+
 int     PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
 int     PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
-                int (*callback)());
+        pem_password_cb *callback,void *u);
 
 #ifdef HEADER_BIO_H
 int     PEM_read_bio(BIO *bp, char **name, char **header,
                 unsigned char **data,long *len);
-int     PEM_write_bio(BIO *bp,char *name,char *hdr,unsigned char *data,
+int     PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
                 long len);
-char *  PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,
-                int (*cb)());
-int     PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
-                EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK * PEM_X509_INFO_read_bio(BIO *bp, STACK *sk, int (*cb)());
+char *  PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x,
+                pem_password_cb *cb, void *u);
+int     PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x,
+                           const EVP_CIPHER *enc,unsigned char *kstr,int klen,
+                           pem_password_cb *cb, void *u);
+STACK_OF(X509_INFO) *   PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
 int     PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
-                unsigned char *kstr, int klen, int (*cb)());
+                unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
 #endif
 
 #ifndef WIN16
 int     PEM_read(FILE *fp, char **name, char **header,
                 unsigned char **data,long *len);
 int     PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
-char *  PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,
-                int (*cb)());
-int     PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
-                EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK * PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
+char *  PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x,
+        pem_password_cb *cb, void *u);
+int     PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x,
+                       const EVP_CIPHER *enc,unsigned char *kstr,int klen,
+                       pem_password_cb *callback, void *u);
+STACK_OF(X509_INFO) *   PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+        pem_password_cb *cb, void *u);
 #endif
 
 int     PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
@@ -380,142 +518,64 @@ int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
 void    ERR_load_PEM_strings(void);
 
 void    PEM_proc_type(char *buf, int type);
-void    PEM_dek_info(char *buf, char *type, int len, char *str);
+void    PEM_dek_info(char *buf, const char *type, int len, char *str);
 
 #ifndef SSLEAY_MACROS
 
-#ifndef WIN16
-X509 *PEM_read_X509(FILE *fp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_X509_REQ(FILE *fp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_X509_CRL(FILE *fp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_RSAPrivateKey(FILE *fp,RSA **x,int (*cb)());
-RSA *PEM_read_RSAPublicKey(FILE *fp,RSA **x,int (*cb)());
-DSA *PEM_read_DSAPrivateKey(FILE *fp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_PrivateKey(FILE *fp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x,int (*cb)());
-DH *PEM_read_DHparams(FILE *fp,DH **x,int (*cb)());
-DSA *PEM_read_DSAparams(FILE *fp,DSA **x,int (*cb)());
-int PEM_write_X509(FILE *fp,X509 *x);
-int PEM_write_X509_REQ(FILE *fp,X509_REQ *x);
-int PEM_write_X509_CRL(FILE *fp,X509_CRL *x);
-int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_RSAPublicKey(FILE *fp,RSA *x);
-int PEM_write_DSAPrivateKey(FILE *fp,DSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_PKCS7(FILE *fp,PKCS7 *x);
-int PEM_write_DHparams(FILE *fp,DH *x);
-int PEM_write_DSAparams(FILE *fp,DSA *x);
+#ifdef VMS
+#include <openssl/vms_idhacks.h>
 #endif
 
-#ifdef HEADER_BIO_H
-X509 *PEM_read_bio_X509(BIO *bp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_bio_X509_REQ(BIO *bp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_bio_X509_CRL(BIO *bp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp,RSA **x,int (*cb)());
-RSA *PEM_read_bio_RSAPublicKey(BIO *bp,RSA **x,int (*cb)());
-DSA *PEM_read_bio_DSAPrivateKey(BIO *bp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_bio_PKCS7(BIO *bp,PKCS7 **x,int (*cb)());
-DH *PEM_read_bio_DHparams(BIO *bp,DH **x,int (*cb)());
-DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x,int (*cb)());
-int PEM_write_bio_X509(BIO *bp,X509 *x);
-int PEM_write_bio_X509_REQ(BIO *bp,X509_REQ *x);
-int PEM_write_bio_X509_CRL(BIO *bp,X509_CRL *x);
-int PEM_write_bio_RSAPrivateKey(BIO *fp,RSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_RSAPublicKey(BIO *fp,RSA *x);
-int PEM_write_bio_DSAPrivateKey(BIO *fp,DSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PKCS7(BIO *bp,PKCS7 *x);
-int PEM_write_bio_DHparams(BIO *bp,DH *x);
-int PEM_write_bio_DSAparams(BIO *bp,DSA *x);
+DECLARE_PEM_rw(X509, X509)
+
+DECLARE_PEM_rw(X509_REQ, X509_REQ)
+
+DECLARE_PEM_rw(X509_CRL, X509_CRL)
+
+DECLARE_PEM_rw(PKCS7, PKCS7)
+
+DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+DECLARE_PEM_rw(PKCS8, X509_SIG)
+
+DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+#ifndef NO_RSA
+
+DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
+
+DECLARE_PEM_rw(RSAPublicKey, RSA)
+
 #endif
 
-#endif /* SSLEAY_MACROS */
+#ifndef NO_DSA
 
+DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
 
-#else
+DECLARE_PEM_rw(DSAparams, DSA)
 
-int     PEM_get_EVP_CIPHER_INFO();
-int     PEM_do_header();
-int     PEM_read_bio();
-int     PEM_write_bio();
-#ifndef WIN16
-int     PEM_read();
-int     PEM_write();
-STACK * PEM_X509_INFO_read();
-char *  PEM_ASN1_read();
-int     PEM_ASN1_write();
 #endif
-STACK * PEM_X509_INFO_read_bio();
-int     PEM_X509_INFO_write_bio();
-char *  PEM_ASN1_read_bio();
-int     PEM_ASN1_write_bio();
-int     PEM_SealInit();
-void    PEM_SealUpdate();
-int     PEM_SealFinal();
-int     PEM_SignFinal();
 
-void    ERR_load_PEM_strings();
+#ifndef NO_DH
 
-void    PEM_proc_type();
-void    PEM_dek_info();
+DECLARE_PEM_rw(DHparams, DH)
 
-#ifndef SSLEAY_MACROS
-#ifndef WIN16
-X509 *PEM_read_X509();
-X509_REQ *PEM_read_X509_REQ();
-X509_CRL *PEM_read_X509_CRL();
-RSA *PEM_read_RSAPrivateKey();
-RSA *PEM_read_RSAPublicKey();
-DSA *PEM_read_DSAPrivateKey();
-EVP_PKEY *PEM_read_PrivateKey();
-PKCS7 *PEM_read_PKCS7();
-DH *PEM_read_DHparams();
-DSA *PEM_read_DSAparams();
-int PEM_write_X509();
-int PEM_write_X509_REQ();
-int PEM_write_X509_CRL();
-int PEM_write_RSAPrivateKey();
-int PEM_write_RSAPublicKey();
-int PEM_write_DSAPrivateKey();
-int PEM_write_PrivateKey();
-int PEM_write_PKCS7();
-int PEM_write_DHparams();
-int PEM_write_DSAparams();
 #endif
 
-X509 *PEM_read_bio_X509();
-X509_REQ *PEM_read_bio_X509_REQ();
-X509_CRL *PEM_read_bio_X509_CRL();
-RSA *PEM_read_bio_RSAPrivateKey();
-RSA *PEM_read_bio_RSAPublicKey();
-DSA *PEM_read_bio_DSAPrivateKey();
-EVP_PKEY *PEM_read_bio_PrivateKey();
-PKCS7 *PEM_read_bio_PKCS7();
-DH *PEM_read_bio_DHparams();
-DSA *PEM_read_bio_DSAparams();
-int PEM_write_bio_X509();
-int PEM_write_bio_X509_REQ();
-int PEM_write_bio_X509_CRL();
-int PEM_write_bio_RSAPrivateKey();
-int PEM_write_bio_RSAPublicKey();
-int PEM_write_bio_DSAPrivateKey();
-int PEM_write_bio_PrivateKey();
-int PEM_write_bio_PKCS7();
-int PEM_write_bio_DHparams();
-int PEM_write_bio_DSAparams();
+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
 
+int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
+                                  char *, int, pem_password_cb *, void *);
+int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
+                              char *kstr,int klen, pem_password_cb *cd, void *u);
 #endif /* SSLEAY_MACROS */
 
-#endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the PEM functions. */
 
 /* Function codes. */
@@ -526,6 +586,7 @@ int PEM_write_bio_DSAparams();
 #define PEM_F_PEM_ASN1_WRITE                             104
 #define PEM_F_PEM_ASN1_WRITE_BIO                         105
 #define PEM_F_PEM_DO_HEADER                              106
+#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY            118
 #define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
 #define PEM_F_PEM_READ                                   108
 #define PEM_F_PEM_READ_BIO                               109
@@ -534,6 +595,7 @@ int PEM_write_bio_DSAparams();
 #define PEM_F_PEM_SIGNFINAL                              112
 #define PEM_F_PEM_WRITE                                  113
 #define PEM_F_PEM_WRITE_BIO                              114
+#define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY              119
 #define PEM_F_PEM_X509_INFO_READ                         115
 #define PEM_F_PEM_X509_INFO_READ_BIO                     116
 #define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
@@ -544,6 +606,7 @@ int PEM_write_bio_DSAparams();
 #define PEM_R_BAD_END_LINE                               102
 #define PEM_R_BAD_IV_CHARS                               103
 #define PEM_R_BAD_PASSWORD_READ                          104
+#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
 #define PEM_R_NOT_DEK_INFO                               105
 #define PEM_R_NOT_ENCRYPTED                              106
 #define PEM_R_NOT_PROC_TYPE                              107
@@ -554,7 +617,7 @@ int PEM_write_bio_DSAparams();
 #define PEM_R_SHORT_HEADER                               112
 #define PEM_R_UNSUPPORTED_CIPHER                         113
 #define PEM_R_UNSUPPORTED_ENCRYPTION                     114
- 
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/src/lib/libcrypto/pem/pem.org b/src/lib/libcrypto/pem/pem.org
deleted file mode 100644
index 38952509dd..0000000000
--- a/src/lib/libcrypto/pem/pem.org
+++ /dev/null
@@ -1,562 +0,0 @@
-/* crypto/pem/pem.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify pem.org since pem.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-#ifndef HEADER_PEM_H
-#define HEADER_PEM_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include "evp.h"
-#include "x509.h"
-
-#define PEM_OBJ_UNDEF           0
-#define PEM_OBJ_X509            1
-#define PEM_OBJ_X509_REQ        2
-#define PEM_OBJ_CRL             3
-#define PEM_OBJ_SSL_SESSION     4
-#define PEM_OBJ_PRIV_KEY        10
-#define PEM_OBJ_PRIV_RSA        11
-#define PEM_OBJ_PRIV_DSA        12
-#define PEM_OBJ_PRIV_DH         13
-#define PEM_OBJ_PUB_RSA         14
-#define PEM_OBJ_PUB_DSA         15
-#define PEM_OBJ_PUB_DH          16
-#define PEM_OBJ_DHPARAMS        17
-#define PEM_OBJ_DSAPARAMS       18
-#define PEM_OBJ_PRIV_RSA_PUBLIC 19
-
-#define PEM_ERROR               30
-#define PEM_DEK_DES_CBC         40
-#define PEM_DEK_IDEA_CBC        45
-#define PEM_DEK_DES_EDE         50
-#define PEM_DEK_DES_ECB         60
-#define PEM_DEK_RSA             70
-#define PEM_DEK_RSA_MD2         80
-#define PEM_DEK_RSA_MD5         90
-
-#define PEM_MD_MD2              NID_md2
-#define PEM_MD_MD5              NID_md5
-#define PEM_MD_SHA              NID_sha
-#define PEM_MD_MD2_RSA          NID_md2WithRSAEncryption
-#define PEM_MD_MD5_RSA          NID_md5WithRSAEncryption
-#define PEM_MD_SHA_RSA          NID_sha1WithRSAEncryption
-
-#define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
-#define PEM_STRING_X509         "CERTIFICATE"
-#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
-#define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
-#define PEM_STRING_X509_CRL     "X509 CRL"
-#define PEM_STRING_EVP_PKEY     "PRIVATE KEY"
-#define PEM_STRING_RSA          "RSA PRIVATE KEY"
-#define PEM_STRING_RSA_PUBLIC   "RSA PUBLIC KEY"
-#define PEM_STRING_DSA          "DSA PRIVATE KEY"
-#define PEM_STRING_PKCS7        "PKCS7"
-#define PEM_STRING_DHPARAMS     "DH PARAMETERS"
-#define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
-#define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
-
-#ifndef HEADER_ENVELOPE_H
-
-#define EVP_ENCODE_CTX_SIZE  92
-#define EVP_MD_SIZE  48
-#define EVP_MD_CTX_SIZE  152
-#define EVP_CIPHER_SIZE  28
-#define EVP_CIPHER_CTX_SIZE  4212
-#define EVP_MAX_MD_SIZE  20
-
-typedef struct evp_encode_ctx_st
-        {
-        char data[EVP_ENCODE_CTX_SIZE];
-        } EVP_ENCODE_CTX;
-
-typedef struct env_md_ctx_st
-        {
-        char data[EVP_MD_CTX_SIZE];
-        } EVP_MD_CTX;
-
-typedef struct evp_cipher_st
-        {
-        char data[EVP_CIPHER_SIZE];
-        } EVP_CIPHER;
-
-typedef struct evp_cipher_ctx_st
-        {
-        char data[EVP_CIPHER_CTX_SIZE];
-        } EVP_CIPHER_CTX;
-#endif
-
-
-typedef struct PEM_Encode_Seal_st
-        {
-        EVP_ENCODE_CTX encode;
-        EVP_MD_CTX md;
-        EVP_CIPHER_CTX cipher;
-        } PEM_ENCODE_SEAL_CTX;
-
-/* enc_type is one off */
-#define PEM_TYPE_ENCRYPTED      10
-#define PEM_TYPE_MIC_ONLY       20
-#define PEM_TYPE_MIC_CLEAR      30
-#define PEM_TYPE_CLEAR          40
-
-typedef struct pem_recip_st
-        {
-        char *name;
-        X509_NAME *dn;
-
-        int cipher;
-        int key_enc;
-        char iv[8];
-        } PEM_USER;
-
-typedef struct pem_ctx_st
-        {
-        int type;               /* what type of object */
-
-        struct  {
-                int version;    
-                int mode;               
-                } proc_type;
-
-        char *domain;
-
-        struct  {
-                int cipher;
-                unsigned char iv[8];
-                } DEK_info;
-                
-        PEM_USER *originator;
-
-        int num_recipient;
-        PEM_USER **recipient;
-
-#ifdef HEADER_STACK_H
-        STACK *x509_chain;      /* certificate chain */
-#else
-        char *x509_chain;       /* certificate chain */
-#endif
-        EVP_MD *md;             /* signature type */
-
-        int md_enc;             /* is the md encrypted or not? */
-        int md_len;             /* length of md_data */
-        char *md_data;          /* message digest, could be pkey encrypted */
-
-        EVP_CIPHER *dec;        /* date encryption cipher */
-        int key_len;            /* key length */
-        unsigned char *key;     /* key */
-        unsigned char iv[8];    /* the iv */
-
-        
-        int  data_enc;          /* is the data encrypted */
-        int data_len;
-        unsigned char *data;
-        } PEM_CTX;
-
-#ifdef SSLEAY_MACROS
-
-#define PEM_write_SSL_SESSION(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-                        PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL)
-#define PEM_write_X509(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
-                        (char *)x, NULL,NULL,0,NULL)
-#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
-                (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
-                        NULL,NULL,0,NULL)
-#define PEM_write_X509_CRL(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
-                        fp,(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) \
-                PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
-                        (char *)x,enc,kstr,klen,cb)
-#define PEM_write_RSAPublicKey(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
-                        PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL)
-#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) \
-                PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
-                        (char *)x,enc,kstr,klen,cb)
-#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb) \
-                PEM_ASN1_write((int (*)())i2d_PrivateKey,\
-                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-                        bp,(char *)x,enc,kstr,klen,cb)
-#define PEM_write_PKCS7(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
-                        (char *)x, NULL,NULL,0,NULL)
-#define PEM_write_DHparams(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
-                        (char *)x,NULL,NULL,0,NULL)
-
-#define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb)
-#define PEM_read_X509(fp,x,cb) (X509 *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb)
-#define PEM_read_X509_REQ(fp,x,cb) (X509_REQ *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb)
-#define PEM_read_X509_CRL(fp,x,cb) (X509_CRL *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb)
-#define PEM_read_RSAPrivateKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb)
-#define PEM_read_RSAPublicKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb)
-#define PEM_read_DSAPrivateKey(fp,x,cb) (DSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb)
-#define PEM_read_PrivateKey(fp,x,cb) (EVP_PKEY *)PEM_ASN1_read( \
-        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb)
-#define PEM_read_PKCS7(fp,x,cb) (PKCS7 *)PEM_ASN1_read( \
-        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb)
-#define PEM_read_DHparams(fp,x,cb) (DH *)PEM_ASN1_read( \
-        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb)
-
-#define PEM_write_bio_SSL_SESSION(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
-                        PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
-#define PEM_write_bio_X509(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
-                        (char *)x, NULL,NULL,0,NULL)
-#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
-                (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
-                        NULL,NULL,0,NULL)
-#define PEM_write_bio_X509_CRL(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
-                        bp,(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) \
-                PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
-                        bp,(char *)x,enc,kstr,klen,cb)
-#define PEM_write_bio_RSAPublicKey(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
-                        PEM_STRING_RSA_PUBLIC,\
-                        bp,(char *)x,NULL,NULL,0,NULL)
-#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) \
-                PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
-                        bp,(char *)x,enc,kstr,klen,cb)
-#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) \
-                PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
-                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-                        bp,(char *)x,enc,kstr,klen,cb)
-#define PEM_write_bio_PKCS7(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
-                        (char *)x, NULL,NULL,0,NULL)
-#define PEM_write_bio_DHparams(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
-                        bp,(char *)x,NULL,NULL,0,NULL)
-#define PEM_write_bio_DSAparams(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
-                        PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL)
-
-#define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb)
-#define PEM_read_bio_X509(bp,x,cb) (X509 *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb)
-#define PEM_read_bio_X509_REQ(bp,x,cb) (X509_REQ *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb)
-#define PEM_read_bio_X509_CRL(bp,x,cb) (X509_CRL *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb)
-#define PEM_read_bio_RSAPrivateKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb)
-#define PEM_read_bio_RSAPublicKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb)
-#define PEM_read_bio_DSAPrivateKey(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb)
-#define PEM_read_bio_PrivateKey(bp,x,cb) (EVP_PKEY *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb)
-
-#define PEM_read_bio_PKCS7(bp,x,cb) (PKCS7 *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb)
-#define PEM_read_bio_DHparams(bp,x,cb) (DH *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb)
-#define PEM_read_bio_DSAparams(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb)
-
-#endif
-
-#ifndef NOPROTO
-int     PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
-int     PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
-                int (*callback)());
-
-#ifdef HEADER_BIO_H
-int     PEM_read_bio(BIO *bp, char **name, char **header,
-                unsigned char **data,long *len);
-int     PEM_write_bio(BIO *bp,char *name,char *hdr,unsigned char *data,
-                long len);
-char *  PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,
-                int (*cb)());
-int     PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
-                EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK * PEM_X509_INFO_read_bio(BIO *bp, STACK *sk, int (*cb)());
-int     PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
-                unsigned char *kstr, int klen, int (*cb)());
-#endif
-
-#ifndef WIN16
-int     PEM_read(FILE *fp, char **name, char **header,
-                unsigned char **data,long *len);
-int     PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
-char *  PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,
-                int (*cb)());
-int     PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
-                EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK * PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
-#endif
-
-int     PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
-                EVP_MD *md_type, unsigned char **ek, int *ekl,
-                unsigned char *iv, EVP_PKEY **pubk, int npubk);
-void    PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
-                unsigned char *in, int inl);
-int     PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,
-                unsigned char *out, int *outl, EVP_PKEY *priv);
-
-void    PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
-void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
-int     PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
-                unsigned int *siglen, EVP_PKEY *pkey);
-
-void    ERR_load_PEM_strings(void);
-
-void    PEM_proc_type(char *buf, int type);
-void    PEM_dek_info(char *buf, char *type, int len, char *str);
-
-#ifndef SSLEAY_MACROS
-
-#ifndef WIN16
-X509 *PEM_read_X509(FILE *fp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_X509_REQ(FILE *fp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_X509_CRL(FILE *fp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_RSAPrivateKey(FILE *fp,RSA **x,int (*cb)());
-RSA *PEM_read_RSAPublicKey(FILE *fp,RSA **x,int (*cb)());
-DSA *PEM_read_DSAPrivateKey(FILE *fp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_PrivateKey(FILE *fp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x,int (*cb)());
-DH *PEM_read_DHparams(FILE *fp,DH **x,int (*cb)());
-DSA *PEM_read_DSAparams(FILE *fp,DSA **x,int (*cb)());
-int PEM_write_X509(FILE *fp,X509 *x);
-int PEM_write_X509_REQ(FILE *fp,X509_REQ *x);
-int PEM_write_X509_CRL(FILE *fp,X509_CRL *x);
-int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_RSAPublicKey(FILE *fp,RSA *x);
-int PEM_write_DSAPrivateKey(FILE *fp,DSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_PKCS7(FILE *fp,PKCS7 *x);
-int PEM_write_DHparams(FILE *fp,DH *x);
-int PEM_write_DSAparams(FILE *fp,DSA *x);
-#endif
-
-#ifdef HEADER_BIO_H
-X509 *PEM_read_bio_X509(BIO *bp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_bio_X509_REQ(BIO *bp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_bio_X509_CRL(BIO *bp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp,RSA **x,int (*cb)());
-RSA *PEM_read_bio_RSAPublicKey(BIO *bp,RSA **x,int (*cb)());
-DSA *PEM_read_bio_DSAPrivateKey(BIO *bp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_bio_PKCS7(BIO *bp,PKCS7 **x,int (*cb)());
-DH *PEM_read_bio_DHparams(BIO *bp,DH **x,int (*cb)());
-DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x,int (*cb)());
-int PEM_write_bio_X509(BIO *bp,X509 *x);
-int PEM_write_bio_X509_REQ(BIO *bp,X509_REQ *x);
-int PEM_write_bio_X509_CRL(BIO *bp,X509_CRL *x);
-int PEM_write_bio_RSAPrivateKey(BIO *fp,RSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_RSAPublicKey(BIO *fp,RSA *x);
-int PEM_write_bio_DSAPrivateKey(BIO *fp,DSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PKCS7(BIO *bp,PKCS7 *x);
-int PEM_write_bio_DHparams(BIO *bp,DH *x);
-int PEM_write_bio_DSAparams(BIO *bp,DSA *x);
-#endif
-
-#endif /* SSLEAY_MACROS */
-
-
-#else
-
-int     PEM_get_EVP_CIPHER_INFO();
-int     PEM_do_header();
-int     PEM_read_bio();
-int     PEM_write_bio();
-#ifndef WIN16
-int     PEM_read();
-int     PEM_write();
-STACK * PEM_X509_INFO_read();
-char *  PEM_ASN1_read();
-int     PEM_ASN1_write();
-#endif
-STACK * PEM_X509_INFO_read_bio();
-int     PEM_X509_INFO_write_bio();
-char *  PEM_ASN1_read_bio();
-int     PEM_ASN1_write_bio();
-int     PEM_SealInit();
-void    PEM_SealUpdate();
-int     PEM_SealFinal();
-int     PEM_SignFinal();
-
-void    ERR_load_PEM_strings();
-
-void    PEM_proc_type();
-void    PEM_dek_info();
-
-#ifndef SSLEAY_MACROS
-#ifndef WIN16
-X509 *PEM_read_X509();
-X509_REQ *PEM_read_X509_REQ();
-X509_CRL *PEM_read_X509_CRL();
-RSA *PEM_read_RSAPrivateKey();
-RSA *PEM_read_RSAPublicKey();
-DSA *PEM_read_DSAPrivateKey();
-EVP_PKEY *PEM_read_PrivateKey();
-PKCS7 *PEM_read_PKCS7();
-DH *PEM_read_DHparams();
-DSA *PEM_read_DSAparams();
-int PEM_write_X509();
-int PEM_write_X509_REQ();
-int PEM_write_X509_CRL();
-int PEM_write_RSAPrivateKey();
-int PEM_write_RSAPublicKey();
-int PEM_write_DSAPrivateKey();
-int PEM_write_PrivateKey();
-int PEM_write_PKCS7();
-int PEM_write_DHparams();
-int PEM_write_DSAparams();
-#endif
-
-X509 *PEM_read_bio_X509();
-X509_REQ *PEM_read_bio_X509_REQ();
-X509_CRL *PEM_read_bio_X509_CRL();
-RSA *PEM_read_bio_RSAPrivateKey();
-RSA *PEM_read_bio_RSAPublicKey();
-DSA *PEM_read_bio_DSAPrivateKey();
-EVP_PKEY *PEM_read_bio_PrivateKey();
-PKCS7 *PEM_read_bio_PKCS7();
-DH *PEM_read_bio_DHparams();
-DSA *PEM_read_bio_DSAparams();
-int PEM_write_bio_X509();
-int PEM_write_bio_X509_REQ();
-int PEM_write_bio_X509_CRL();
-int PEM_write_bio_RSAPrivateKey();
-int PEM_write_bio_RSAPublicKey();
-int PEM_write_bio_DSAPrivateKey();
-int PEM_write_bio_PrivateKey();
-int PEM_write_bio_PKCS7();
-int PEM_write_bio_DHparams();
-int PEM_write_bio_DSAparams();
-
-#endif /* SSLEAY_MACROS */
-
-#endif
-
-/* BEGIN ERROR CODES */
-/* Error codes for the PEM functions. */
-
-/* Function codes. */
-#define PEM_F_DEF_CALLBACK                               100
-#define PEM_F_LOAD_IV                                    101
-#define PEM_F_PEM_ASN1_READ                              102
-#define PEM_F_PEM_ASN1_READ_BIO                          103
-#define PEM_F_PEM_ASN1_WRITE                             104
-#define PEM_F_PEM_ASN1_WRITE_BIO                         105
-#define PEM_F_PEM_DO_HEADER                              106
-#define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
-#define PEM_F_PEM_READ                                   108
-#define PEM_F_PEM_READ_BIO                               109
-#define PEM_F_PEM_SEALFINAL                              110
-#define PEM_F_PEM_SEALINIT                               111
-#define PEM_F_PEM_SIGNFINAL                              112
-#define PEM_F_PEM_WRITE                                  113
-#define PEM_F_PEM_WRITE_BIO                              114
-#define PEM_F_PEM_X509_INFO_READ                         115
-#define PEM_F_PEM_X509_INFO_READ_BIO                     116
-#define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
-
-/* Reason codes. */
-#define PEM_R_BAD_BASE64_DECODE                          100
-#define PEM_R_BAD_DECRYPT                                101
-#define PEM_R_BAD_END_LINE                               102
-#define PEM_R_BAD_IV_CHARS                               103
-#define PEM_R_BAD_PASSWORD_READ                          104
-#define PEM_R_NOT_DEK_INFO                               105
-#define PEM_R_NOT_ENCRYPTED                              106
-#define PEM_R_NOT_PROC_TYPE                              107
-#define PEM_R_NO_START_LINE                              108
-#define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
-#define PEM_R_PUBLIC_KEY_NO_RSA                          110
-#define PEM_R_READ_KEY                                   111
-#define PEM_R_SHORT_HEADER                               112
-#define PEM_R_UNSUPPORTED_CIPHER                         113
-#define PEM_R_UNSUPPORTED_ENCRYPTION                     114
- 
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/src/lib/libcrypto/pem/pem2.h b/src/lib/libcrypto/pem/pem2.h
new file mode 100644
index 0000000000..4a016aacd2
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem2.h
@@ -0,0 +1,60 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * This header only exists to break a circular dependency between pem and err
+ * Ben 30 Jan 1999.
+ */
+
+void ERR_load_PEM_strings(void);
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index d1cda7aabe..bc473f3cff 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -59,430 +59,55 @@
 #include <stdio.h>
 #undef SSLEAY_MACROS
 #include "cryptlib.h"
-#include "bio.h"
-#include "evp.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
 
-#ifndef NO_FP_API
-/* The X509 functions */
-X509 *PEM_read_X509(fp,x,cb)
-FILE *fp;
-X509 **x;
-int (*cb)();
-        {
-        return((X509 *)PEM_ASN1_read((char *(*)())d2i_X509,
-                PEM_STRING_X509,fp,(char **)x,cb));
-        }
-#endif
-
-X509 *PEM_read_bio_X509(bp,x,cb)
-BIO *bp;
-X509 **x;
-int (*cb)();
-        {
-        return((X509 *)PEM_ASN1_read_bio((char *(*)())d2i_X509,
-                PEM_STRING_X509,bp,(char **)x,cb));
-        }
-
-#ifndef NO_FP_API
-int PEM_write_X509(fp,x)
-FILE *fp;
-X509 *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
-#endif
+IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
 
-int PEM_write_bio_X509(bp,x)
-BIO *bp;
-X509 *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
+IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
 
-#ifndef NO_FP_API
-/* The X509_REQ functions */
-X509_REQ *PEM_read_X509_REQ(fp,x,cb)
-FILE *fp;
-X509_REQ **x;
-int (*cb)();
-        {
-        return((X509_REQ *)PEM_ASN1_read((char *(*)())d2i_X509_REQ,
-                PEM_STRING_X509_REQ,fp,(char **)x,cb));
-        }
-#endif
+IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
 
-X509_REQ *PEM_read_bio_X509_REQ(bp,x,cb)
-BIO *bp;
-X509_REQ **x;
-int (*cb)();
-        {
-        return((X509_REQ *)PEM_ASN1_read_bio((char *(*)())d2i_X509_REQ,
-                PEM_STRING_X509_REQ,bp,(char **)x,cb));
-        }
+IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
 
-#ifndef NO_FP_API
-int PEM_write_X509_REQ(fp,x)
-FILE *fp;
-X509_REQ *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
-#endif
+IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
+                                        PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
 
-int PEM_write_bio_X509_REQ(bp,x)
-BIO *bp;
-X509_REQ *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,
-                bp,(char *)x, NULL,NULL,0,NULL));
-        }
-
-#ifndef NO_FP_API
-/* The X509_CRL functions */
-X509_CRL *PEM_read_X509_CRL(fp,x,cb)
-FILE *fp;
-X509_CRL **x;
-int (*cb)();
-        {
-        return((X509_CRL *)PEM_ASN1_read((char *(*)())d2i_X509_CRL,
-                PEM_STRING_X509_CRL,fp,(char **)x,cb));
-        }
-#endif
-
-X509_CRL *PEM_read_bio_X509_CRL(bp,x,cb)
-BIO *bp;
-X509_CRL **x;
-int (*cb)();
-        {
-        return((X509_CRL *)PEM_ASN1_read_bio((char *(*)())d2i_X509_CRL,
-                PEM_STRING_X509_CRL,bp,(char **)x,cb));
-        }
-
-#ifndef NO_FP_API
-int PEM_write_X509_CRL(fp,x)
-FILE *fp;
-X509_CRL *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,fp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
-#endif
-
-int PEM_write_bio_X509_CRL(bp,x)
-BIO *bp;
-X509_CRL *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,
-                bp,(char *)x, NULL,NULL,0,NULL));
-        }
+IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
+IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
+                                                         PKCS8_PRIV_KEY_INFO)
 
 #ifndef NO_RSA
-#ifndef NO_FP_API
-/* The RSAPrivateKey functions */
-RSA *PEM_read_RSAPrivateKey(fp,x,cb)
-FILE *fp;
-RSA **x;
-int (*cb)();
-        {
-        return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPrivateKey,
-                PEM_STRING_RSA,fp,(char **)x,cb));
-        }
-
-RSA *PEM_read_RSAPublicKey(fp,x,cb)
-FILE *fp;
-RSA **x;
-int (*cb)();
-        {
-        return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPublicKey,
-                PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb));
-        }
-#endif
 
-RSA *PEM_read_bio_RSAPrivateKey(bp,x,cb)
-BIO *bp;
-RSA **x;
-int (*cb)();
-        {
-        return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPrivateKey,
-                PEM_STRING_RSA,bp,(char **)x,cb));
-        }
+IMPLEMENT_PEM_rw_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
 
-RSA *PEM_read_bio_RSAPublicKey(bp,x,cb)
-BIO *bp;
-RSA **x;
-int (*cb)();
-        {
-        return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPublicKey,
-                PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb));
-        }
+IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 
-#ifndef NO_FP_API
-int PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb)
-FILE *fp;
-RSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-        {
-        return(PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,
-                (char *)x,enc,kstr,klen,cb));
-        }
-
-int PEM_write_RSAPublicKey(fp,x)
-FILE *fp;
-RSA *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_RSAPublicKey,
-                PEM_STRING_RSA_PUBLIC,fp,
-                (char *)x,NULL,NULL,0,NULL));
-        }
 #endif
 
-int PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb)
-BIO *bp;
-RSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,
-                bp,(char *)x,enc,kstr,klen,cb));
-        }
-
-int PEM_write_bio_RSAPublicKey(bp,x)
-BIO *bp;
-RSA *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey,
-                PEM_STRING_RSA_PUBLIC,
-                bp,(char *)x,NULL,NULL,0,NULL));
-        }
-#endif /* !NO_RSA */
-
 #ifndef NO_DSA
-#ifndef NO_FP_API
-/* The DSAPrivateKey functions */
-DSA *PEM_read_DSAPrivateKey(fp,x,cb)
-FILE *fp;
-DSA **x;
-int (*cb)();
-        {
-        return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAPrivateKey,
-                PEM_STRING_DSA,fp,(char **)x,cb));
-        }
-#endif
-
-DSA *PEM_read_bio_DSAPrivateKey(bp,x,cb)
-BIO *bp;
-DSA **x;
-int (*cb)();
-        {
-        return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAPrivateKey,
-                PEM_STRING_DSA,bp,(char **)x,cb));
-        }
-
-#ifndef NO_FP_API
-int PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb)
-FILE *fp;
-DSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-        {
-        return(PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,
-                (char *)x,enc,kstr,klen,cb));
-        }
-#endif
 
-int PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb)
-BIO *bp;
-DSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,
-                bp,(char *)x,enc,kstr,klen,cb));
-        }
-#endif
-
-#ifndef NO_FP_API
-/* The PrivateKey functions */
-EVP_PKEY *PEM_read_PrivateKey(fp,x,cb)
-FILE *fp;
-EVP_PKEY **x;
-int (*cb)();
-        {
-        return((EVP_PKEY *)PEM_ASN1_read((char *(*)())d2i_PrivateKey,
-                PEM_STRING_EVP_PKEY,fp,(char **)x,cb));
-        }
-#endif
-
-EVP_PKEY *PEM_read_bio_PrivateKey(bp,x,cb)
-BIO *bp;
-EVP_PKEY **x;
-int (*cb)();
-        {
-        return((EVP_PKEY *)PEM_ASN1_read_bio((char *(*)())d2i_PrivateKey,
-                PEM_STRING_EVP_PKEY,bp,(char **)x,cb));
-        }
-
-#ifndef NO_FP_API
-int PEM_write_PrivateKey(fp,x,enc,kstr,klen,cb)
-FILE *fp;
-EVP_PKEY *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-        {
-        return(PEM_ASN1_write((int (*)())i2d_PrivateKey,
-                ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-                fp,(char *)x,enc,kstr,klen,cb));
-        }
-#endif
+IMPLEMENT_PEM_rw_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
 
-int PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb)
-BIO *bp;
-EVP_PKEY *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
-                ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-                bp,(char *)x,enc,kstr,klen,cb));
-        }
+IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
 
-#ifndef NO_FP_API
-/* The PKCS7 functions */
-PKCS7 *PEM_read_PKCS7(fp,x,cb)
-FILE *fp;
-PKCS7 **x;
-int (*cb)();
-        {
-        return((PKCS7 *)PEM_ASN1_read((char *(*)())d2i_PKCS7,
-                PEM_STRING_PKCS7,fp,(char **)x,cb));
-        }
 #endif
 
-PKCS7 *PEM_read_bio_PKCS7(bp,x,cb)
-BIO *bp;
-PKCS7 **x;
-int (*cb)();
-        {
-        return((PKCS7 *)PEM_ASN1_read_bio((char *(*)())d2i_PKCS7,
-                PEM_STRING_PKCS7,bp,(char **)x,cb));
-        }
-
-#ifndef NO_FP_API
-int PEM_write_PKCS7(fp,x)
-FILE *fp;
-PKCS7 *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
-#endif
-
-int PEM_write_bio_PKCS7(bp,x)
-BIO *bp;
-PKCS7 *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
-
 #ifndef NO_DH
-#ifndef NO_FP_API
-/* The DHparams functions */
-DH *PEM_read_DHparams(fp,x,cb)
-FILE *fp;
-DH **x;
-int (*cb)();
-        {
-        return((DH *)PEM_ASN1_read((char *(*)())d2i_DHparams,
-                PEM_STRING_DHPARAMS,fp,(char **)x,cb));
-        }
-#endif
 
-DH *PEM_read_bio_DHparams(bp,x,cb)
-BIO *bp;
-DH **x;
-int (*cb)();
-        {
-        return((DH *)PEM_ASN1_read_bio((char *(*)())d2i_DHparams,
-                PEM_STRING_DHPARAMS,bp,(char **)x,cb));
-        }
+IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 
-#ifndef NO_FP_API
-int PEM_write_DHparams(fp,x)
-FILE *fp;
-DH *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
 #endif
 
-int PEM_write_bio_DHparams(bp,x)
-BIO *bp;
-DH *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,
-                bp,(char *)x, NULL,NULL,0,NULL));
-        }
-#endif
-
-#ifndef NO_DSA
-#ifndef NO_FP_API
-/* The DSAparams functions */
-DSA *PEM_read_DSAparams(fp,x,cb)
-FILE *fp;
-DSA **x;
-int (*cb)();
-        {
-        return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAparams,
-                PEM_STRING_DSAPARAMS,fp,(char **)x,cb));
-        }
-#endif
-
-DSA *PEM_read_bio_DSAparams(bp,x,cb)
-BIO *bp;
-DSA **x;
-int (*cb)();
-        {
-        return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAparams,
-                PEM_STRING_DSAPARAMS,bp,(char **)x,cb));
-        }
-
-#ifndef NO_FP_API
-int PEM_write_DSAparams(fp,x)
-FILE *fp;
-DSA *x;
-        {
-        return(PEM_ASN1_write((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,fp,
-                (char *)x, NULL,NULL,0,NULL));
-        }
-#endif
-
-int PEM_write_bio_DSAparams(bp,x)
-BIO *bp;
-DSA *x;
-        {
-        return(PEM_ASN1_write_bio((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,
-                bp,(char *)x, NULL,NULL,0,NULL));
-        }
-#endif
 
+/* The PrivateKey case is not that straightforward.
+ *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
+ * does not work, RSA and DSA keys have specific strings.
+ * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
+ * appropriate.)
+ */
+IMPLEMENT_PEM_read(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
+IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c
index e17fcdb540..fa70f60998 100644
--- a/src/lib/libcrypto/pem/pem_err.c
+++ b/src/lib/libcrypto/pem/pem_err.c
@@ -1,63 +1,65 @@
-/* lib/pem/pem_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/pem/pem_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -70,6 +72,7 @@ static ERR_STRING_DATA PEM_str_functs[]=
 {ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0),    "PEM_ASN1_write"},
 {ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0),        "PEM_ASN1_write_bio"},
 {ERR_PACK(0,PEM_F_PEM_DO_HEADER,0),     "PEM_do_header"},
+{ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0),   "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
 {ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0),   "PEM_get_EVP_CIPHER_INFO"},
 {ERR_PACK(0,PEM_F_PEM_READ,0),  "PEM_read"},
 {ERR_PACK(0,PEM_F_PEM_READ_BIO,0),      "PEM_read_bio"},
@@ -78,10 +81,11 @@ static ERR_STRING_DATA PEM_str_functs[]=
 {ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0),     "PEM_SignFinal"},
 {ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"},
 {ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0),     "PEM_write_bio"},
+{ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0),     "PEM_write_bio_PKCS8PrivateKey"},
 {ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0),        "PEM_X509_INFO_read"},
 {ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0),    "PEM_X509_INFO_read_bio"},
 {ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0),   "PEM_X509_INFO_write_bio"},
-{0,NULL},
+{0,NULL}
         };
 
 static ERR_STRING_DATA PEM_str_reasons[]=
@@ -91,6 +95,7 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 {PEM_R_BAD_END_LINE                      ,"bad end line"},
 {PEM_R_BAD_IV_CHARS                      ,"bad iv chars"},
 {PEM_R_BAD_PASSWORD_READ                 ,"bad password read"},
+{PEM_R_ERROR_CONVERTING_PRIVATE_KEY      ,"error converting private key"},
 {PEM_R_NOT_DEK_INFO                      ,"not dek info"},
 {PEM_R_NOT_ENCRYPTED                     ,"not encrypted"},
 {PEM_R_NOT_PROC_TYPE                     ,"not proc type"},
@@ -101,17 +106,17 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 {PEM_R_SHORT_HEADER                      ,"short header"},
 {PEM_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
 {PEM_R_UNSUPPORTED_ENCRYPTION            ,"unsupported encryption"},
-{0,NULL},
+{0,NULL}
         };
 
 #endif
 
-void ERR_load_PEM_strings()
+void ERR_load_PEM_strings(void)
         {
         static int init=1;
 
-        if (init);
-                {;
+        if (init)
+                {
                 init=0;
 #ifndef NO_ERR
                 ERR_load_strings(ERR_LIB_PEM,PEM_str_functs);
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 4b69833b62..fec18a4c2e 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -58,20 +58,17 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #ifndef NO_FP_API
-STACK *PEM_X509_INFO_read(fp,sk,cb)
-FILE *fp;
-STACK *sk;
-int (*cb)();
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
         {
         BIO *b;
-        STACK *ret;
+        STACK_OF(X509_INFO) *ret;
 
         if ((b=BIO_new(BIO_s_file())) == NULL)
                 {
@@ -79,29 +76,26 @@ int (*cb)();
                 return(0);
                 }
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_X509_INFO_read_bio(b,sk,cb);
+        ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
         BIO_free(b);
         return(ret);
         }
 #endif
 
-STACK *PEM_X509_INFO_read_bio(bp,sk,cb)
-BIO *bp;
-STACK *sk;
-int (*cb)();
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
         {
         X509_INFO *xi=NULL;
         char *name=NULL,*header=NULL,**pp;
         unsigned char *data=NULL,*p;
         long len,error=0;
         int ok=0;
-        STACK *ret=NULL;
+        STACK_OF(X509_INFO) *ret=NULL;
         unsigned int i,raw;
         char *(*d2i)();
 
         if (sk == NULL)
                 {
-                if ((ret=sk_new_null()) == NULL)
+                if ((ret=sk_X509_INFO_new_null()) == NULL)
                         {
                         PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
                         goto err;
@@ -132,7 +126,7 @@ start:
                         d2i=(char *(*)())d2i_X509;
                         if (xi->x509 != NULL)
                                 {
-                                if (!sk_push(ret,(char *)xi)) goto err;
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
                                 if ((xi=X509_INFO_new()) == NULL) goto err;
                                 goto start;
                                 }
@@ -143,7 +137,7 @@ start:
                         d2i=(char *(*)())d2i_X509_CRL;
                         if (xi->crl != NULL)
                                 {
-                                if (!sk_push(ret,(char *)xi)) goto err;
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
                                 if ((xi=X509_INFO_new()) == NULL) goto err;
                                 goto start;
                                 }
@@ -156,7 +150,7 @@ start:
                         d2i=(char *(*)())d2i_RSAPrivateKey;
                         if (xi->x_pkey != NULL) 
                                 {
-                                if (!sk_push(ret,(char *)xi)) goto err;
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
                                 if ((xi=X509_INFO_new()) == NULL) goto err;
                                 goto start;
                                 }
@@ -180,7 +174,7 @@ start:
                         d2i=(char *(*)())d2i_DSAPrivateKey;
                         if (xi->x_pkey != NULL) 
                                 {
-                                if (!sk_push(ret,(char *)xi)) goto err;
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
                                 if ((xi=X509_INFO_new()) == NULL) goto err;
                                 goto start;
                                 }
@@ -211,7 +205,7 @@ start:
 
                                 if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
                                         goto err;
-                                if (!PEM_do_header(&cipher,data,&len,cb))
+                                if (!PEM_do_header(&cipher,data,&len,cb,u))
                                         goto err;
                                 p=data;
                                 if (d2i(pp,&p,len) == NULL)
@@ -246,7 +240,7 @@ start:
         if ((xi->x509 != NULL) || (xi->crl != NULL) ||
                 (xi->x_pkey != NULL) || (xi->enc_data != NULL))
                 {
-                if (!sk_push(ret,(char *)xi)) goto err;
+                if (!sk_X509_INFO_push(ret,xi)) goto err;
                 xi=NULL;
                 }
         ok=1;
@@ -254,12 +248,12 @@ err:
         if (xi != NULL) X509_INFO_free(xi);
         if (!ok)
                 {
-                for (i=0; ((int)i)<sk_num(ret); i++)
+                for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
                         {
-                        xi=(X509_INFO *)sk_value(ret,i);
+                        xi=sk_X509_INFO_value(ret,i);
                         X509_INFO_free(xi);
                         }
-                if (ret != sk) sk_free(ret);
+                if (ret != sk) sk_X509_INFO_free(ret);
                 ret=NULL;
                 }
                 
@@ -271,19 +265,13 @@ err:
 
 
 /* A TJH addition */
-int PEM_X509_INFO_write_bio(bp,xi,enc,kstr,klen,cb)
-BIO *bp;
-X509_INFO *xi;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
         {
         EVP_CIPHER_CTX ctx;
         int i,ret=0;
         unsigned char *data=NULL;
-        char *objstr=NULL;
-#define PEM_BUFSIZE     1024
+        const char *objstr=NULL;
         char buf[PEM_BUFSIZE];
         unsigned char *iv=NULL;
         
@@ -340,7 +328,7 @@ int (*cb)();
                         /* normal optionally encrypted stuff */
                         if (PEM_write_bio_RSAPrivateKey(bp,
                                 xi->x_pkey->dec_pkey->pkey.rsa,
-                                enc,kstr,klen,cb)<=0)
+                                enc,kstr,klen,cb,u)<=0)
                                 goto err;
 #endif
                         }
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 7a2c0ad83b..90f02011ba 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -58,36 +58,25 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "objects.h"
-#include "evp.h"
-#include "rand.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
 #ifndef NO_DES
-#include "des.h"
+#include <openssl/des.h>
 #endif
 
-char *PEM_version="PEM part of SSLeay 0.9.0b 29-Jun-1998";
+const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
 
 #define MIN_LENGTH      4
 
-/* PEMerr(PEM_F_PEM_WRITE_BIO,ERR_R_MALLOC_FAILURE);
- * PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
- */
-
-#ifndef NOPROTO
-static int def_callback(char *buf, int num, int w);
+static int def_callback(char *buf, int num, int w, void *userdata);
 static int load_iv(unsigned char **fromp,unsigned char *to, int num);
-#else
-static int def_callback();
-static int load_iv();
-#endif
 
-static int def_callback(buf, num, w)
-char *buf;
-int num;
-int w;
+static int def_callback(char *buf, int num, int w, void *userdata)
         {
 #ifdef NO_FP_API
         /* We should not ever call the default callback routine from
@@ -96,7 +85,7 @@ int w;
         return(-1);
 #else
         int i,j;
-        char *prompt;
+        const char *prompt;
 
         prompt=EVP_get_pw_prompt();
         if (prompt == NULL)
@@ -123,11 +112,9 @@ int w;
 #endif
         }
 
-void PEM_proc_type(buf, type)
-char *buf;
-int type;
+void PEM_proc_type(char *buf, int type)
         {
-        char *str;
+        const char *str;
 
         if (type == PEM_TYPE_ENCRYPTED)
                 str="ENCRYPTED";
@@ -143,11 +130,7 @@ int type;
         strcat(buf,"\n");
         }
 
-void PEM_dek_info(buf, type, len, str)
-char *buf;
-char *type;
-int len;
-char *str;
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
         {
         static unsigned char map[17]="0123456789ABCDEF";
         long i;
@@ -167,12 +150,8 @@ char *str;
         }
 
 #ifndef NO_FP_API
-char *PEM_ASN1_read(d2i,name,fp, x, cb)
-char *(*d2i)();
-char *name;
-FILE *fp;
-char **x;
-int (*cb)();
+char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x,
+             pem_password_cb *cb, void *u)
         {
         BIO *b;
         char *ret;
@@ -183,18 +162,14 @@ int (*cb)();
                 return(0);
                 }
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb);
+        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
         BIO_free(b);
         return(ret);
         }
 #endif
 
-char *PEM_ASN1_read_bio(d2i,name,bp, x, cb)
-char *(*d2i)();
-char *name;
-BIO *bp;
-char **x;
-int (*cb)();
+char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
+             pem_password_cb *cb, void *u)
         {
         EVP_CIPHER_INFO cipher;
         char *nm=NULL,*header=NULL;
@@ -210,10 +185,14 @@ int (*cb)();
                          (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
                         ((strcmp(nm,PEM_STRING_DSA) == 0) &&
                          (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+                        ((strcmp(nm,PEM_STRING_PKCS8) == 0) &&
+                         (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+                        ((strcmp(nm,PEM_STRING_PKCS8INF) == 0) &&
+                         (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
                         ((strcmp(nm,PEM_STRING_X509_OLD) == 0) &&
                          (strcmp(name,PEM_STRING_X509) == 0)) ||
                         ((strcmp(nm,PEM_STRING_X509_REQ_OLD) == 0) &&
-                         (strcmp(name,PEM_STRING_X509_REQ) == 0))
+                         (strcmp(name,PEM_STRING_X509_REQ) == 0)) 
                         )
                         break;
                 Free(nm);
@@ -221,17 +200,41 @@ int (*cb)();
                 Free(data);
                 }
         if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
-        if (!PEM_do_header(&cipher,data,&len,cb)) goto err;
+        if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
         p=data;
-        if (strcmp(name,PEM_STRING_EVP_PKEY) == 0)
-                {
+        if (strcmp(name,PEM_STRING_EVP_PKEY) == 0) {
                 if (strcmp(nm,PEM_STRING_RSA) == 0)
                         ret=d2i(EVP_PKEY_RSA,x,&p,len);
                 else if (strcmp(nm,PEM_STRING_DSA) == 0)
                         ret=d2i(EVP_PKEY_DSA,x,&p,len);
+                else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
+                        PKCS8_PRIV_KEY_INFO *p8inf;
+                        p8inf=d2i_PKCS8_PRIV_KEY_INFO(
+                                        (PKCS8_PRIV_KEY_INFO **) x, &p, len);
+                        ret = (char *)EVP_PKCS82PKEY(p8inf);
+                        PKCS8_PRIV_KEY_INFO_free(p8inf);
+                } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
+                        PKCS8_PRIV_KEY_INFO *p8inf;
+                        X509_SIG *p8;
+                        int klen;
+                        char psbuf[PEM_BUFSIZE];
+                        p8 = d2i_X509_SIG((X509_SIG **)x, &p, len);
+                        if(!p8) goto p8err;
+                        if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
+                        else klen=def_callback(psbuf,PEM_BUFSIZE,0,u);
+                        if (klen <= 0) {
+                                PEMerr(PEM_F_PEM_ASN1_READ_BIO,
+                                                PEM_R_BAD_PASSWORD_READ);
+                                goto err;
+                        }
+                        p8inf = M_PKCS8_decrypt(p8, psbuf, klen);
+                        X509_SIG_free(p8);
+                        if(!p8inf) goto p8err;
+                        ret = (char *)EVP_PKCS82PKEY(p8inf);
+                        PKCS8_PRIV_KEY_INFO_free(p8inf);
                 }
-        else    
-                ret=d2i(x,&p,len);
+        } else  ret=d2i(x,&p,len);
+p8err:
         if (ret == NULL)
                 PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
 err:
@@ -242,15 +245,9 @@ err:
         }
 
 #ifndef NO_FP_API
-int PEM_ASN1_write(i2d,name,fp, x, enc, kstr, klen, callback)
-int (*i2d)();
-char *name;
-FILE *fp;
-char *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*callback)();
+int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x,
+             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+             pem_password_cb *callback, void *u)
         {
         BIO *b;
         int ret;
@@ -261,27 +258,20 @@ int (*callback)();
                 return(0);
                 }
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback);
+        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
         BIO_free(b);
         return(ret);
         }
 #endif
 
-int PEM_ASN1_write_bio(i2d,name,bp, x, enc, kstr, klen, callback)
-int (*i2d)();
-char *name;
-BIO *bp;
-char *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*callback)();
+int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
+             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+             pem_password_cb *callback, void *u)
         {
         EVP_CIPHER_CTX ctx;
         int dsize=0,i,j,ret=0;
         unsigned char *p,*data=NULL;
-        char *objstr=NULL;
-#define PEM_BUFSIZE     1024
+        const char *objstr=NULL;
         char buf[PEM_BUFSIZE];
         unsigned char key[EVP_MAX_KEY_LENGTH];
         unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -317,14 +307,18 @@ int (*callback)();
                 if (kstr == NULL)
                         {
                         if (callback == NULL)
-                                klen=def_callback(buf,PEM_BUFSIZE,1);
+                                klen=def_callback(buf,PEM_BUFSIZE,1,u);
                         else
-                                klen=(*callback)(buf,PEM_BUFSIZE,1);
+                                klen=(*callback)(buf,PEM_BUFSIZE,1,u);
                         if (klen <= 0)
                                 {
                                 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
                                 goto err;
                                 }
+#ifdef CHARSET_EBCDIC
+                        /* Convert the pass phrase from EBCDIC */
+                        ebcdic2ascii(buf, buf, klen);
+#endif
                         kstr=(unsigned char *)buf;
                         }
                 RAND_seed(data,i);/* put in the RSA key. */
@@ -363,11 +357,8 @@ err:
         return(ret);
         }
 
-int PEM_do_header(cipher, data, plen, callback)
-EVP_CIPHER_INFO *cipher;
-unsigned char *data;
-long *plen;
-int (*callback)();
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
+             pem_password_cb *callback,void *u)
         {
         int i,j,o,klen;
         long len;
@@ -379,14 +370,19 @@ int (*callback)();
 
         if (cipher->cipher == NULL) return(1);
         if (callback == NULL)
-                klen=def_callback(buf,PEM_BUFSIZE,0);
+                klen=def_callback(buf,PEM_BUFSIZE,0,u);
         else
-                klen=callback(buf,PEM_BUFSIZE,0);
+                klen=callback(buf,PEM_BUFSIZE,0,u);
         if (klen <= 0)
                 {
                 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
                 return(0);
                 }
+#ifdef CHARSET_EBCDIC
+        /* Convert the pass phrase from EBCDIC */
+        ebcdic2ascii(buf, buf, klen);
+#endif
+
         EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
                 (unsigned char *)buf,klen,1,key,NULL);
 
@@ -407,12 +403,10 @@ int (*callback)();
         return(1);
         }
 
-int PEM_get_EVP_CIPHER_INFO(header,cipher)
-char *header;
-EVP_CIPHER_INFO *cipher;
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
         {
         int o;
-        EVP_CIPHER *enc=NULL;
+        const EVP_CIPHER *enc=NULL;
         char *p,c;
 
         cipher->cipher=NULL;
@@ -438,9 +432,15 @@ EVP_CIPHER_INFO *cipher;
         for (;;)
                 {
                 c= *header;
+#ifndef CHARSET_EBCDIC
                 if (!(  ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
                         ((c >= '0') && (c <= '9'))))
                         break;
+#else
+                if (!(  isupper(c) || (c == '-') ||
+                        isdigit(c)))
+                        break;
+#endif
                 header++;
                 }
         *header='\0';
@@ -459,9 +459,7 @@ EVP_CIPHER_INFO *cipher;
         return(1);
         }
 
-static int load_iv(fromp,to,num)
-unsigned char **fromp,*to;
-int num;
+static int load_iv(unsigned char **fromp, unsigned char *to, int num)
         {
         int v,i;
         unsigned char *from;
@@ -491,12 +489,8 @@ int num;
         }
 
 #ifndef NO_FP_API
-int PEM_write(fp, name, header, data,len)
-FILE *fp;
-char *name;
-char *header;
-unsigned char *data;
-long len;
+int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
+             long len)
         {
         BIO *b;
         int ret;
@@ -513,12 +507,8 @@ long len;
         }
 #endif
 
-int PEM_write_bio(bp, name, header, data,len)
-BIO *bp;
-char *name;
-char *header;
-unsigned char *data;
-long len;
+int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
+             long len)
         {
         int nlen,n,i,j,outl;
         unsigned char *buf;
@@ -573,12 +563,8 @@ err:
         }
 
 #ifndef NO_FP_API
-int PEM_read(fp, name, header, data,len)
-FILE *fp;
-char **name;
-char **header;
-unsigned char **data;
-long *len;
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
+             long *len)
         {
         BIO *b;
         int ret;
@@ -595,12 +581,8 @@ long *len;
         }
 #endif
 
-int PEM_read_bio(bp, name, header, data, len)
-BIO *bp;
-char **name;
-char **header;
-unsigned char **data;
-long *len;
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+             long *len)
         {
         EVP_ENCODE_CTX ctx;
         int end=0,i,k,bl=0,hl=0,nohead=0;
@@ -643,7 +625,7 @@ long *len;
                                 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
                                 goto err;
                                 }
-                        strncpy(nameB->data,&(buf[11]),(unsigned int)i-6);
+                        memcpy(nameB->data,&(buf[11]),i-6);
                         nameB->data[i-6]='\0';
                         break;
                         }
@@ -668,7 +650,7 @@ long *len;
                         nohead=1;
                         break;
                         }
-                strncpy(&(headerB->data[hl]),buf,(unsigned int)i);
+                memcpy(&(headerB->data[hl]),buf,i);
                 headerB->data[hl+i]='\0';
                 hl+=i;
                 }
@@ -696,7 +678,7 @@ long *len;
                                 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
                                 goto err;
                                 }
-                        strncpy(&(dataB->data[bl]),buf,(unsigned int)i);
+                        memcpy(&(dataB->data[bl]),buf,i);
                         dataB->data[bl+i]='\0';
                         bl+=i;
                         if (end)
@@ -721,7 +703,7 @@ long *len;
                 }
         i=strlen(nameB->data);
         if (    (strncmp(buf,"-----END ",9) != 0) ||
-                (strncmp(nameB->data,&(buf[9]),(unsigned int)i) != 0) ||
+                (strncmp(nameB->data,&(buf[9]),i) != 0) ||
                 (strncmp(&(buf[9+i]),"-----\n",6) != 0))
                 {
                 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
@@ -760,3 +742,62 @@ err:
         BUF_MEM_free(dataB);
         return(0);
         }
+
+/* This function writes a private key in PKCS#8 format: it is a "drop in"
+ * replacement for PEM_write_bio_PrivateKey(). As usual if 'enc' is NULL then
+ * it uses the unencrypted private key form. It uses PKCS#5 v2.0 password based
+ * encryption algorithms.
+ */
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+        X509_SIG *p8;
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        char buf[PEM_BUFSIZE];
+        int ret;
+        if(!(p8inf = EVP_PKEY2PKCS8(x))) {
+                PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+                                        PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+                return 0;
+        }
+        if(enc) {
+                if(!kstr) {
+                        if(!cb) klen = def_callback(buf, PEM_BUFSIZE, 1, u);
+                        else klen = cb(buf, PEM_BUFSIZE, 1, u);
+                        if(klen <= 0) {
+                                PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+                                                                PEM_R_READ_KEY);
+                                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                                return 0;
+                        }
+                                
+                        kstr = buf;
+                }
+                p8 = PKCS8_encrypt(-1, enc, kstr, klen, NULL, 0, 0, p8inf);
+                if(kstr == buf) memset(buf, 0, klen);
+                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                ret = PEM_write_bio_PKCS8(bp, p8);
+                X509_SIG_free(p8);
+                return ret;
+        } else {
+                ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                return ret;
+        }
+}
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              char *kstr, int klen, pem_password_cb *cb, void *u)
+{
+        BIO *bp;
+        int ret;
+        if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+                PEMerr(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,ERR_R_BUF_LIB);
+                return(0);
+        }
+        ret = PEM_write_bio_PKCS8PrivateKey(bp, x, enc, kstr, klen, cb, u);
+        BIO_free(bp);
+        return ret;
+}
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index b4b36df453..23f95beb1e 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -56,23 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "rand.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
-int PEM_SealInit(ctx,type,md_type,ek,ekl,iv,pubk,npubk)
-PEM_ENCODE_SEAL_CTX *ctx;
-EVP_CIPHER *type;
-EVP_MD *md_type;
-unsigned char **ek;
-int *ekl;
-unsigned char *iv;
-EVP_PKEY **pubk;
-int npubk;
+int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
+             unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
+             int npubk)
         {
         unsigned char key[EVP_MAX_KEY_LENGTH];
         int ret= -1;
@@ -118,12 +113,8 @@ err:
         return(ret);
         }
 
-void PEM_SealUpdate(ctx,out,outl,in,inl)
-PEM_ENCODE_SEAL_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
+             unsigned char *in, int inl)
         {
         unsigned char buffer[1600];
         int i,j;
@@ -146,13 +137,8 @@ int inl;
                 }
         }
 
-int PEM_SealFinal(ctx,sig,sigl,out,outl,priv)
-PEM_ENCODE_SEAL_CTX *ctx;
-unsigned char *sig;
-int *sigl;
-unsigned char *out;
-int *outl;
-EVP_PKEY *priv;
+int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
+             unsigned char *out, int *outl, EVP_PKEY *priv)
         {
         unsigned char *s=NULL;
         int ret=0,j;
@@ -189,3 +175,4 @@ err:
         if (s != NULL) Free(s);
         return(ret);
         }
+#endif
diff --git a/src/lib/libcrypto/pem/pem_sign.c b/src/lib/libcrypto/pem/pem_sign.c
index d56f9f9e14..aabafb702d 100644
--- a/src/lib/libcrypto/pem/pem_sign.c
+++ b/src/lib/libcrypto/pem/pem_sign.c
@@ -58,32 +58,25 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
-void PEM_SignInit(ctx,type)
-EVP_MD_CTX *ctx;
-EVP_MD *type;
+void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
         {
         EVP_DigestInit(ctx,type);
         }
 
-void PEM_SignUpdate(ctx,data,count)
-EVP_MD_CTX *ctx;
-unsigned char *data;
-unsigned int count;
+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
+             unsigned int count)
         {
         EVP_DigestUpdate(ctx,data,count);
         }
 
-int PEM_SignFinal(ctx,sigret,siglen,pkey)
-EVP_MD_CTX *ctx;
-unsigned char *sigret;
-unsigned int *siglen;
-EVP_PKEY *pkey;
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
+             EVP_PKEY *pkey)
         {
         unsigned char *m;
         int i,ret=0;